Venture capital fund Andreessen Horowitz, also known as A16z, has published a Solidity library that can be used for anonymous voting on Ethereum. Named “Cicada”, the library prevents the choice of an individual voter is known before the end of the voting. When combined with zero-knowledge group membership systems such as Semaphore, it can also make a voter’s identity permanently unknown, according to a May 24 blog post by Michael Zhu, an engineer at A16z.
Excited to announce Cicada: a new building block for private on-chain voting. https://t.co/hxE4KL4Se6
— moodle zoup (@moodlezoup) May 24, 2023
We are pleased to announce Cicada: a new concept of private on-chain voting.
Cicada is based on time-lock puzzles, a type of cryptography that allows users to encrypt secret values that can only be decrypted after a certain period of time has elapsed, according to Zhu.
These puzzles have been around since 1996. But before 2019, they would have required users to reveal their secret values after the time period had elapsed. In voting systems, this could have caused problems with users submitting votes and then getting disconnected, preventing all votes from being counted.
In 2019, cryptographers Giulio Malavolta and Aravind Thyagarajan they proposed the concept of “homomorphic” time lock puzzles. This allowed the puzzles to be added together to produce a final puzzle that was much easier to solve than the sum of the individual puzzles. The final puzzle solution only reveals the sum of the individual values without revealing the individual values that make up this sum.
According to A16z’s post, Cicada uses these homomorphic puzzles, allowing votes to be counted even when users log out.
In trying to move Malavolta and Thyagarajan’s system onto the blockchain, A16z researchers hit a roadblock in creating a fair voting system.: Each choice was to be encoded as a boolean value of “1” or “0”. This meant that attackers could attempt to increase your voting power by incorrectly encoding the vote – by encoding “100” as its value, for example.
To solve this problem, Cicada requires voters to submit a zero-knowledge proof of the validity of the vote along with each vote, the post says. The test shows that the vote has been correctly encrypted, but without revealing its content.
Cicada only prevents the votes from being known while the poll is taking place. Once the “poll has been closed” or the lock period has passed, anyone can determine the content of a vote by forcing the puzzle to be solved. However, A16z suggested that this problem can be solved by combining Cicada with zero-knowledge group membership systems like Semaphore, Semacaulk, or zero-knowledge state proofs. In this case, forcing the puzzle will only reveal that the vote was cast by an eligible voter, but will not reveal the credentials used to prove the voter’s eligibility.
As an example, Zhu provided a link to a sample contract produced using Cicada which also relies on Semaphore to demonstrate voter eligibility.
Voting systems have long been a component of decentralized autonomous organizations (DAOs), the governing bodies that often manage blockchain applications. But in most cases, DAOs use tokens to represent votes, which means that individual users can have disproportionate influence if they hold a large number of tokens. For example, on May 22, an attacker took control of Tornado Cash by casting extra votes on a malicious proposal, using it to drain all government contract funds. Later, the attacker offered to return control to the users.
Waves founder Sasha Ivanov has argued that DAOs need to move to a more democratic voting system if governance attacks like these are to be avoided.
Clarification: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information presented here should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the entire amount invested may be lost. The services or products offered are not directed or accessible to investors in Spain.