Proof of Concept for Private Voting in Nouns DAO

Aragon ZK Research and Aztec joined forces to research private voting for Nouns DAO over the last few months.

They just concluded their research with a proof-of-concept and both general and technical reports. They also developed two time-locked cryptography protocols to support their work.

The Nouns DAO Private Voting Research Sprint was funded by Nouns DAO, a social and cultural DAO known to push the edges of governance experimentation, to research solutions for private voting for their organization. Three teams were funded, including one team composed of Aragon ZK Research and Aztec. They had three months to complete their research and deliver findings.

In the research sprint, they sought to answer the following primary question:

Up to which point is it possible to build a user-friendly, trustless (decentralized), fair (no one can count votes before a given time), weighted (voting power depends on the amount of tokens hold/delegated) and ballot-secret (it is impossible to link a voter with a choice) voting system in Ethereum?

Answer: With the promising progress on both research and development achieved throughout the sprint, it is very possible.

And they have a demo to prove it!

The only parameter not addressed in this research was weighted. This proof of concept allows one vote per NFT. So, if you own two NFTs, you will need to cast a ballot for each NFT separately.

Let’s dive into the proof of concept the teams built, how it can be used by Nouns DAO, and what’s next for bringing private voting to all DAOs built on Aragon.

An anonymous person

Why is onchain private voting important?

In DAOs today, all votes are public because the blockchain is transparent. However, private voting has been a long sought-after goal in the web3 industry.

DAO members might not want all of their decisions to be public to everyone on the internet. For example, if there was a vote that involved some friends or close colleagues, how would they feel if you voted against them, even if you believed it was the better choice? What about an election for a role—how would those being elected and the voters feel that their choices are available for everyone to see?

There is also the issue of security. If votes are public, voters could be more easily persuaded to vote a certain way through blackmail or bribes. But with fully encrypted private voting, the voter’s choice cannot be decoded.

Having the option for private voting solves this. But the onchain component is critical as well, because it means there’s no middleman storing your results in between: it’s just the blockchain.

Some private voting solutions might sacrifice decentralization for the sake of shielding votes, but Nouns DAO knew that would be a deal-breaker. So, they selected teams willing to solve the problem of voting that is both private and onchain.

A graphic showing a ZK logo.

What is the private voting proof of concept?

The teams built a proof of concept (POC) following the parameters put forward by Nouns DAO. This proof of concept is not a live product, meaning it’s not market-ready or audited. In our case, you need to interact with the POC through the CLI, so you’re writing code rather than clicking on buttons in an interface.

The POC is important because it shows that trustless private voting on Ethereum is possible, which is exciting for the industry as a whole.

You can test it out yourself. Here are the steps:

Watch the Video

1: Register your wallet before voting for the first time

Every wallet must register their public key before the voting process is started. This must only be done once per address—you don’t need to register every time you vote.

Connect your wallet to the zkRegistry app, register the public key, and copy the private key, which is needed for voting.

A screenshot of the private voting UI.

2: Create the voting process

Anyone can create a voting process via the CLI with the `create-process` subcommand. An IPFS ID can be provided to bind the process to certain information.

Additional logic, like limiting voting to only wallets with either owned or delegated NFTs, can be easily implemented on the smart contract level.

The CLI shows a Nouns logo when you query it.

3: Cast your vote

Registered wallets that meet the eligibility requirements (such as holding NFTs—either non-delegated owned or delegated—at the time of the voting process creation) can generate a ballot and the corresponding proofs.

The vote can be submitted to the Nouns voting smart contract (VSC) during the voting period. Vote generation (ballot + proofs) and submission are performed together through the CLI using the `vote` subcommand.

One vote is allowed per NFT, because weighted voting was excluded in our proposal. So, if you own more than one NFT, you will repeat this step—generating a new ballot and casting a vote—for each NFT you hold.

4: Tally the votes

The CLI tallying the votes.

After the voting period ends and the decryption key is released, anyone can verify the outcome of the voting process by tallying the results and sending them and the corresponding proofs to the VSC. This must only be done once.

Use the CLI with the `tally` subcommand. The subcommand does not return an output if called before the end of the voting period.

As you can see in the image below, the final results of the vote are shared without the wallet addresses of the voters.

The result of the votes is outputted

Dive into their research

Check out these links to explore their research:

Docs:

Repositories:

  • nouns-anonymous-voting: voter client library, tally CLI, and smart contracts (including zkRegistry)
  • noir-trie-proofs: RLP decoding and Ethereum state and storage proof verification in Noir
  • tlcs-c: Timelock Cryptographic Service Protocol C implementation (currently used in Timelock.zone)
  • tlcs-rust: Timelock Cryptographic Service Protocol rust implementation (to be used in Timelock.zone when put in production)
  • tlcs-chain: Cosmos Blockchain which provides a Time Lock Cryptography Service
  • zk-registry-ui-demo: Web based UI using MetaMask for zk registry registration

-

Aragon has been building onchain governance infrastructure for over 7 years, with its tech securing billions of assets. Govern your protocol onchain with Aragon OSx: the secure and modular DAO framework with customization built in. Or, launch a DAO in 10 minutes or less without writing any code on the Aragon App.

Developer Portal | Aragon App | Custom DAO Builds | Mirror | X | Newsletter

Discover the Aragon App, the no-code way to build your DAO.
Get help starting your DAO from a DAO Expert.
Stay up to date with our weekly newsletter.

Explore more guides

Need Help? Find an Expert
Hire the DAO expertise you need and connect with DAO experts to build your DAO, your way.