changed 2 years ago
Published Linked with GitHub

On-chain Shutter w/ Governor Alpha or Bravo

Motivation

This proposal explores an implemention of "shielded voting" for the Governor Alpha/Bravo smart contract suite using a threshold encryption based commit-reveal scheme and DKG as implemented by Shutter.
The expected benefits of shielded voting are information symmetry and improved censorship resistance which we think have the potential to lead to more accurate and less biased voting results as well as reduced voter apathy. More on those benefits.

Shielded voting as a feature powered by "Shutter Governance" is already live in Snapshot, with multiple larger DAOs having it switched on within the first couple of weeks of it being live.

More on this implementation: Announcement on Snapshot Twitter, additional details on Shutter blog

However, this implementation is fully off-chain (as Snapshot is an off-chain based system), so for Governor Alpha/Bravo, a slightly different system is needed.
Implementating Shutter on-chain is entirely possible, see the 2021 smart contract based alpha release of on-chain Shutter.

Possible architecture overview

participant Voter 1
participant Voter 2
participant Voter n
participant Shutter Contract
participant Keypers
participant Governor Contract

Note over Governor Contract: Vote Starts
Voter 1->Shutter Contract: Submits encrypted vote
Voter 2->Shutter Contract: Submits encrypted vote
Voter n->Shutter Contract: Submits encrypted vote

Note over Shutter Contract: Encrypted vote period ends
Shutter Contract->Keypers: Trigger decryption

Keypers->Keypers: Generate decryption key
Keypers-->Shutter Contract: Fetch and decrypt votes
Keypers->Governor Contract: Submit decrypted votes
Note over Governor Contract: Vote period ends

As with the previous on-chain Shutter prototype it would be entirely possible to "wrap" the Governor Alpha / Bravo contracts with Shutter to provide blinded voting on-chain.
However this would require small modifications to the Governor contracts. Namely the voteBySig functions would need to be changed such that only the Shutter contract is allowed to call it. All other vote functions would need to be disabled.
This is necessary to allow Shutter to submit the final decrypted votes before the actual voting period ends while preventing others from exploting this information and slipping in non-encrypted vote(s) last minute.

On-chain Decryption

Currently decryption is not feasible on-chain due to the required cryptographic primitives not being available as precompiles in the EVM. Therefore, votes have to be decrypted off-chain and only the result can be submitted on-chain. There are a few options to ensure the result is correct:

  • Use the honesty assumption already imposed on the keypers and only accept the result if more than the threshold signed it (using a threshold or aggregate signature scheme). Note that this means that a colluding keyper set can censor votes, but not create fake ones.
  • Allow anyone to submit a result, but give everyone the chance to challenge it. Verifying the challenge would only entail checking decryption of a single vote, which might be possible on-chain at least on side-chains or some L2s. Much more promising however would be to use Cannon, the fault proving library securing Optimism.
  • Advocate for implementing the required pre-compiles that would make decryption feasible. On Ethereum, this is not a viable strategy in the short term, but for L2s and particular for side-chains such as Gnosis Chain it is more promising.
Select a repo