Validating ZK Voting

--- tags: buidl guidl --- # Validating ZK Voting **Validation Process** 1. Research zero knowledge proofs 3. Defining assumptions to validate 4. Define zero knowledge voting use cases 5. 'Market Research'/Hints of Validation 6. Validate problem with DAO operators ### Defining assumptions to validate * Privacy is needed for _both_ governance votes (treasury allocation) and decision making (application selection, pay) * DAO operators want their decisions to be private * DAO operators don't want larger token holders to influence votes * DAO operators want their decisions to remain private * DAO operators want voting to be completely decentralized ### Define use cases * Group voting on project effort for pay distribution * Application/project selection vote * Governance voting without influencing ### Market Research/Hints of Validation from Other Projects * [Snapshot integrates shielded voting to hide votes during the voting period](https://twitter.com/snapshotlabs/status/1580674555710181378?s=46&t=IrPEfPR_Fla03cGBjDLf_Q). * This doesn't necessarily solve the issue of hiding a DAO operators vote indefinitely and uses threshold encryption rather than zero knowledge proofs and is not decentralized. * It does provide validity to the assumption that "DAO operators don’t want larger token holders to influence votes" * Superfluid, a web3 tool to stream payment stated salaries are public and they _will_ implement on a privacy blockchain like zksync. * Provides some validity that DAOs and web3 companies want salaries and KPI tokens to be private ![](https://i.imgur.com/47qJS7s.png) ![](https://i.imgur.com/2f1n6tf.png) ### Validate problem with DAO operators #### Summary There isn't enough data _yet_ to validate or invalidate all assumption. There is demand to have a private voting, but it has not been validated that anonymous voting needs to be decentralized or even remain anonymous after the voting period ends. #### Origin Protocol * They don't have a need right now, but could in the future ![](https://i.imgur.com/KdpU6NE.png) #### Seedclub * Voting/boosting an application for Seed Club isn't visible, but is discoverable. ![](https://i.imgur.com/O40PeTj.png) #### RookDAO * Talked to a member who finds it annoying that how he votes on the treasury is public and wishes some of those decisions were anonymous * Said he could see the need for zk voting if the vote stayed anonymous ### Next Steps * Continue to refine validation questions * Continue to build web3 network * Prioritize the biggest problems DAO operators are seeing around voting for pay, projects, or governance # Appendix ### Researching Zero Knowledge * ['Introduction to Zero Knowledge Proofs' - Elena Nadolinski](https://www.youtube.com/watch?v=BT88s7_VtC8!) * [Why and How zk-SNARK Works 1: Introduction & the Medium of a Proof](https://medium.com/@imolfar/why-and-how-zk-snark-works-1-introduction-the-medium-of-a-proof-d946e931160) * ZKSnarks use polynomials since they have an extremely small number of correct answers and makes it near impossible for the prover to cheat the verifier. * Verifier choses a random number and solves the polynomial then gives the prover the solution to solve the polynomial and return to the verifier. The answer should match the verifier's answer. * [Why and How zk-SNARK Works 2: Proving Knowledge of a Polynomial](https://medium.com/@imolfar/why-and-how-zk-snark-works-2-proving-knowledge-of-a-polynomial-f817760e2805) * The prover needs to prove that his/her polynomial is the multiplication of the cofactors **without revealing his/her polynomial** * The prover needs to divide his polynomial by one of the cofactors to identify the other cofactor. If he/she can't then he/she doesn't have the correct cofactors * The prover could have the wrong answer and divide his polynomial by the cofactor and have a remainder which can further be divided and evenly divisible * Verifier can avoid this by checking that solutions for the provers polynomial and the cofactor are integers, but it limits the number of answers zero knowledge can check * To account for this, ZK-SNARKS use homomorphic encryption in the exponent as well as modulo arithmetic. The result is an encrypted value that is extremely hard to guess, but the prover could still guess without knowing the given verifier's initial solution * To confirm a prover has solved the problem with the verifier's initial solution, the verifier can ask for two answers, one being a shifted equation. The prover needs to solve both equations which verifies that he/she has the correct polynomial * To make this truly zero knowledge-based, the protocol can add an initial shift, which further obscures knowledge about the solution. * [Why and How zk-SNARK Works 3: Non-interactivity & Distributed Setup](https://medium.com/@imolfar/why-and-how-zk-snark-works-3-non-interactivity-distributed-setup-c0310c0e5d1c) * To have non-interactive proofs, the protocol needs cryptographic pairings * Additionally, a trusted party would have to generate a common reference string (CRS) which allows any prover or verifier to check a solution without interacting with any other entity * Rather than a single trusted party generating a (CRS), multiple parties could generate a composite CRS * Can further strengthen by enforcing all parties except the first to encrypt their and publish their secret parameters * [Why and How zk-SNARK Works 4: General-Purpose Computation](https://medium.com/@imolfar/why-and-how-zk-snark-works-4-general-purpose-computation-dcdc8081ee42) * [Why and How zk-SNARK Works 5: Variable Polynomials](https://medium.com/@imolfar/why-and-how-zk-snark-works-5-variable-polynomials-3b4e06859e30) * [Why and How zk-SNARK Works 6: Verifiable Computation Protocol](https://medium.com/@imolfar/why-and-how-zk-snark-works-6-verifiable-computation-protocol-1aa19f95a5cc) * [Why and How zk-SNARK Works 7: Constraints and Public Inputs](https://medium.com/@imolfar/why-and-how-zk-snark-works-7-constraints-and-public-inputs-e95f6596dd1c) * [Why and How zk-SNARK Works 8: Zero-Knowledge Computation](https://medium.com/@imolfar/why-and-how-zk-snark-works-8-zero-knowledge-computation-f120339c2c55) * [Diving into the zk-SNARKs Setup Phase](https://medium.com/qed-it/diving-into-the-snarks-setup-phase-b7660242a0d7) * If a multiparty ceremony is used to create the CRS, then only one party needs to be honest when creating the toxic waste * [KZG polynomial commitments](https://dankradfeist.de/ethereum/2020/06/16/kate-polynomial-commitments.html)