zkvote: Using ZK-SNARK to Implement Decentralized Anonymous Voting on p2p Network

# zkvote: Using ZK-SNARK to Implement Decentralized Anonymous Voting on p2p Network zkvote-node: https://github.com/Unitychain/zkvote-node zkvote-web: https://github.com/Unitychain/zkvote-web ## Architecture ![](https://i.imgur.com/RAAnWn8.png) ![](https://i.imgur.com/REKBanK.png) - Cmd - zkvote(pkg) - Service(pkg) - Node.go - manager(pkg) - Manager(Collector).go - subject_protocol.go - identity_protocol.go - voter(pkg) - Voter.go - IdentityPool(IdentityIMP).go - Proposal.go - zksnark(pkg) - Verifier.go - Store(pkg) - Validator.go - Store.go - utils(pkg) - crypto(pkg) - Model(pkg) - Subject.go - Identity.go - MerkelTree.go - Context.go - pb(pkg) - zkvote.proto - restapi(pkg) - Controller - Model ## Technical Details - Run `zkvote-node`. The node `K` will connect to other peers in the network. - Nodes form two networks: DHT and pub/sub - The local running node provides a web UI for the user to register and submit proof. - A pub/sub topic is a voting subject - Use `Discovery` package to look up peers that are topic providers. See [Notes on go-libp2p-discovery](/@juincc/Hk_0PWFhS) - Setup a stream from the joining node and to the topic providers - Topic provides respond their pub/sub topics - The joining node can either - Subscribe to one of the existing topic - Start a new topic, this will make the joining node become one of the topic provider - Attach a description to a topic - Store the description locally - key: topic, value: description - Respond to the requestor as well as the topic name - How the p2p network is formed? - as layer 1 solution => need consensus (zkvote doesn't have) - as layer 2 solution => no need for p2p network and need to put the proof back to blockchain (zkvote doesn't have) - need blockchain for DID anyway. L2 is more elegant. - How to verify JWT on zkvote-node? - See `aries-framework-go` - Does not support DID method `ethr` - Verify VC on zkvote-web - Does the node have to resolve the DID doc? - What are in the DID doc? - See https://www.w3.org/TR/did-core/#did-documents - How to exchange VC? - VC should be stored in a DID hub - To make it simple: Copy and paste a raw JWT - What is the content of the ballot VC? - The public key and sugnature of the proposer - Need PKI or PGP? - The public key of the voting person - How to manage private key/DID/zkvote Identity?: 1. Generate Ethereum private key - Use `ethr-did` - Generate the keypair on zkvote-web and show on the console 2. Generate DID - Use `ethr-did` - Derived from Ethereum keypair - Show on console 3. Generate zkvote identity - Use generated private key as the secret - **Question: Some identities are not vlidated by zkvote-node. Why?** - VC - Proposer can issue VC for a subject - Voter has to present the VC received from the proposer to vote on a subject - Need PKI to check if the issuer is the proposer? ## Questions ### Why use DHT? - No need for consensus or blockchain in this PoC - Still need a global state - DHT is efficient and easier to implement - go-libp2p supports Kademlia - Pure file/data sharing application ## Does voting need consensus? - Voting has 2 step: Registry and Proof - How to register? - How to prevent sybil? - Registry is just as simple as storing its key on DHT. - Some verifiable personal info - Registry message has to be signed to provide the intigrity and non-repudiation - Construct the registry list from DHT - Can DHT query a namespace? ### Is DHT necessary if pub/sub is used? - DHT is more efficient only if the size of the subscription is greater than `k` (k=20 for default) - __Pub/sub is necessary for indexing proofs.__ - __Proofs are stored in the DHT, use pub/sub to index the topic and the stored proof__. Nodes that belongs to the same topic will maintain the same set of index ### Does every participant have to run a node? - the sig reveals the identity, no privacy any more - use some nodes to be relay? ## Todo - Implement VC rules to make it permissioned - global identity, add different rules to build local(subject) identities - **zkvote can act as a layer 2. Use zk-rollup to put the proof on blockchain** - Layer 2 needs incentive model ### Refactor - Extract db logic from `Manager` - Extract network logic from `Manager` and `Voter` ### Feature - CLI - Which one? Cobra / Cli / go-ipfs-cmds - Store published message locally - Implement a consensus layer - Sign on the value - Implement a validator that can verify sig - Figure out how validator `pk` works - Implement API for CLI debugger ## Challenges - What if the provider of one topic `A` goes offline? - Only the original topic initiator has to provide? Or, several provides of one topic `A` have to provide? - __How to deprecate subjects?__ - __How to register the identity globally?__ - So far we only register in individual pub/sub network. - What is the best strategy for syncing the identity merkle tree - How to generate identity commitment efficiently? - Should be able to delegate the role of subject creator? - How to manage keys? - How to prevent sybil attack? ## Experts in this field - Barry Whitehat - Oskar - Mikerah - ... ## Reference - [Private voting and whistleblowing on Ethereum using Semaphore](https://medium.com/@weijiek/private-voting-and-whistleblowing-in-ethereum-using-semaphore-449b376808e) - [Notes on kad_node](/9P77VeMYTF6NTOHwsvHqUg) - [go-snark](https://github.com/arnaucube/go-snark) - [go-libp2p](https://github.com/libp2p/go-libp2p) - [Semaphore](https://github.com/kobigurk/semaphore) - [Circom](https://github.com/iden3/circom) - [libp2p pubsub](https://docs.libp2p.io/concepts/publish-subscribe/) - [libp2p-p2p-daemon](https://github.com/libp2p/go-libp2p-daemon) - [STATE OF THE MIXERS: SUMMER 2019](https://github.com/tvanepps/State-of-the-Mixers-Summer-2019/blob/master/README.md) - [Baidu DID](https://did.baidu.com/) ###### tags: `unitychain` `poc` `p2p` `zkp` `dht`