Vocdoni Introduces Anonymous Voting

Since the founding of the decentralized, universally verifiable voting protocol Vocdoni implementing anonymous voting has been one of our greatest aspirations. We have spent years on proof-of-concept and draft designs, working towards the holy grail of voting: a protocol in which no one – including the election organizers and malicious third parties – can determine how each participant voted, and the results of which cannot be challenged by anyone. As far as we are aware, no system has ever been able to achieve end-to-end verifiable, fully anonymous voting within a flexible protocol before.

We are proud to announce that anonymous voting is now available open-source and for free on Vocdoni.app (check the technical deep-dive here if you want to know more). From now on, anyone can create an anonymous voting process that will allow users to vote with the cryptographic assurance that nobody can correlate their identity with the contents of their ballot. This new feature does not compromise any of the existing properties of our protocol, meaning that we've resolved the apparent conflict between anonymity and end-to-end verifiability. Users can still trace their own ballots from the time of voting to the calculation of results, and they can inspect the contents of their vote envelope as it is counted. This major breakthrough has been achieved partly through the use of cutting-edge zero-knowledge technology.

Cryptographic assurance of anonymity is crucial – at least as an option – to the exercise of democracy. Governance scenarios from surveys and informal polling of a company manager's performance all the way up to high-stakes political elections have a need for anonymity. This is in part due to safety concerns about the avoidance of potential negative repercussions for voters – retaliation from a boss or outright violence from the political opposition – if any votes are de-anonymized. However, the positives of anonymous voting are psychological as well. People may feel more comfortable sharing their opinions candidly if they can be absolutely certain that these opinions will not, and cannot, be made public.

There will always be contexts in which anonymity is an undesirable property – elected representatives’ voting on public legislation, for example, especially as governance shifts to become more digital. However, the ability of a decision-making body to choose the toolset with the properties best suited to their needs is necessary for governance itself. We hope that, by providing flexible and powerful democratic tools, our protocol will break down further barriers to better community decision-making and allow people to express their collective will.

Cutting-Edge Design with zk-SNARKs

To ensure complete end-to-end verifiability, our design allows users to examine the contents of their vote envelope at every step of a voting process. The anonymization layer, therefore, is implemented in each user's proof of identity, rather than by encrypting their ballot itself. The anonymous voting protocol achieves this through the use of zero-knowledge Succinct Arguments of Knowledge, or zk-SNARKs. Zk-SNARKs are software circuits that leverage zero-knowledge cryptographic technology to enable the generation of a proof of a piece of information without revealing this information. In the context of voting, zk-SNARKs are used to prove that a user:

• possesses a secret key that makes them a valid member of the voting census for the given voting process (census proof)
• has not yet cast a vote for this process

We have designed a circuit that can generate a zero-knowledge proof (ZKP) of this information without revealing the user's key, or proof of identity, itself. This proof can then be generated and attached to a vote envelope as an anonymous proof of validity. Vocdoni has successfully achieved scalable, anonymous voting using zk-SNARKs within its own L1 blockchain. While the current Trusted Ceremony was set up internally by the Vocdoni team, we will soon launch a public Trusted Setup Ceremony with all the necessary guarantees to make our anonymous voting fully trustless.

Future developments might include zk-Rollups for vote aggregation and mixing, allowing for off-chain token-based voting with on-chain execution via binding execution on Ethereum.

Let’s explore the Vocdoni Protocol properties

Remote electronic voting researchers typically identify two main sets of theoretical properties by which to judge a voting system: verifiability and privacy. The pinnacle of verifiability is ‘end-to-end’ (E2E) verifiability, which, according to the literature, is composed of a set of three necessary properties:

E2E Verifiability Requisites

Individual verifiability

Vocdoni's anonymous voting design is fully compatible with all components of E2E verifiability. Individual verifiability is guaranteed with the addition of a nullifier – a piece of data included in each vote package that uniquely corresponds to a user's key pair for a given process. This nullifier cannot be used to derive the public key of a voter, but it can be used by a voter to identify and track their vote package once it has been cast. Thus, they can verify that it has been counted in the computation of the voting blockchain (Vochain).

Universal verifiability

Universal verifiability is built into the use of a decentralized ledger (Vochain) to tally votes. Anyone may examine the set of valid votes that have been cast to the gateways, then audit the code being executed on the voting blockchain, use the block explorer to examine the ballots and results tally, or even use the gateway API manually to query and verify the set of ballots.

Eligibility verifiability

Anonymous voting might seem incompatible with eligibility verifiability, but both properties are achieved thanks to the power of mathematics, computer science, and zero-knowledge cryptography. Prior to the process, election officials upload a census of eligible voters’ pre-registered custom credentials, derived from their private data (name, email, ID# etc.). These credentials are then privately sent to each voter individually, who inputs them along with their password, known only to them, generating a nullifier with the credentials + password combination. This nullifier is used when the user votes, thereby preventing people from voting twice, and bad actors from impersonating other people to vote. This is just one method of conducting a census with Vocdoni.

While nobody can see who cast each vote package to the voting blockchain, the ZKP attached to each vote allows anyone to verify that the vote was cast by someone holding a private key belonging to the voter census. In other words, anyone can verify that any vote has been uniquely cast by an eligible voter.

Privacy Properties

We might consider the following privacy properties, as suggested by studies and our own research:

Identity and ballot obfuscation

One might imagine that the promise of ‘anonymous voting’ would fulfill all privacy requirements. However, the distinctions and overlaps between various privacy properties are subtle. The type of anonymity offered by our groundbreaking design is one of identity obfuscation, one which, from the perspective of a third party, breaks the link between a voter and their ballot. This corresponds with a colloquial understanding of election anonymity. Voters' preferences remain confidential and only available to them, as only they can generate the nullifier that refers to their unique ballot.

Ballots themselves, however, are not obfuscated. We believe that ballot obfuscation (in our design, at least) would conflict with E2E verifiability by taking away a user's ability to examine the contents of their ballot after it has been cast. Unfortunately, this E2E verifiability is for the moment vulnerable to social engineering attacks such as coercion or vote-buying.

Coercion-resistance

We can still achieve coercion-resistance, as defined here, by enabling the ‘encrypted poll’ process flag, signifying that vote packages will be encrypted until a process has ended. No voter would thus be able to demonstrate the contents of their vote to a third party during an election. They could still, however, verify their vote, as it is decrypted and counted after the election ends, so E2E verifiability would be preserved. Thus, unlike in conventional elections, where one cannot guarantee one’s vote has been counted correctly, one can be assured of the integrity and tamper-proofness of a process using our design, as this is inherent to E2E verifiability.

Any remote voting system is vulnerable to physical coercive attacks, i.e. a malicious actor controlling a valid voter and forcing them to vote a certain way. On the one hand, this attack could be somewhat mitigated by allowing users to cast multiple votes and only accepting the last vote as valid (this feature is on our roadmap to be implemented). This would increase the barrier to physical coercion by requiring malicious actors to control a valid voter for the entire duration of an election. On the other hand, physical coercion (especially in an election that is physically decentralized) is inherently difficult to scale. While it should be viewed as a threat, this strategy would be prohibitively costly to deploy with enough range to affect a national-sized election.

Receipt-freeness

Receipt-freeness is more difficult to achieve. The issue here is that the nullifier that enables a voter to verify their own ballot could be shared, under threat or bribe, with a malicious actor, who could check that their nullifier is included in the computed votes or identify it on Vochain, revealing the vote contents, and leading to fraudulent votes. This is the greatest challenge to our design.

While we are not able to achieve absolute receipt-freeness in this iteration (see our proof-of-concept for a receipt-free voting system), we have implemented some measures to greatly increase the difficulty of conducting coercive attacks (details can be found in the technical deep-dive LINK). Nonetheless, the system is thus vulnerable to ballot stuffing, however, such an attack would likely require custom tooling, in-depth communication with victims, and/or absolute control over victims' devices, but it is not scalable enough to have any meaningful impact.

DAOs & The Future of (d)GovTech

The ability for absolute privacy and E2E verifiability to coexist in a single system seems unattainable from a common-sense perspective. This conflict, however, is an open research question. While we have not solved it completely, our design reduces this absolute incompatibility to a mere tradeoff with practical considerations of cost and scalability. We hope this vital contribution towards the development of decentralized digital governance will help usher in easier, faster, and more transparent democracy.

We are committed to providing optionality to DAOs and allowing them to choose their own privacy requirements. Without anonymous voting, DAO voting is problematic from a sovereign-network perspective as voters can be held liable for the actions of a DAO, rather than the DAO itself. Moreover, unless we remove the association of personhood from each vote, we will be surrendering to a dystopian future where AI profiling and surveillance are the norm.

That’s why the Vocdoni team is incredibly excited to be working on offering, for the first time ever, free, truly anonymous blockchain-secured voting to the DAO ecosystem that will be easily integrated through Vocdoni API (Email us at info@vocdoni.io to try it out) This represents significant progress in the evolving development and transformation of governance towards the nascent decentralized digital paradigm of Web3.