Venture capital fund Andreessen Horowitz, also known as A16z, has released a Solidity library that can be used for anonymous voting on Ethereum. A library named “Cicada”. prevents the choice of an individual voter before the end of voting. Combined with zero-knowledge group membership systems like Semaphore, it can also make a voter’s identity permanently unknowable, according to a May 24 blog post by A16z engineer Michael Zhu.
We are excited to announce Cicada: a new building block for on-chain private voting. https://t.co/hxE4KL4Se6
— moodle zoup (@moodlezoup) May 24, 2023
Cicada relies on time-lock puzzles, a type of cryptography that allows users to encrypt secret values that can only be decrypted after a certain period of time has passed, Zhu said.
These puzzles have been around since 1996. However, before 2019, they would require users to reveal their secret values after a period of time. In voting systems, this could cause problems with users submitting votes and then going offline, preventing all votes from being counted.
In 2019, the concept of “homomorphic” timelock puzzles designed by cryptographers Giulio Malavolta and Aravind Thyagarajan. This allowed the puzzles to be added together to create a final puzzle that was much easier to solve than the sum of the individual puzzles. Solving the final puzzle only reveals the sum of the individual values, without revealing the individual values that make up that sum.
According to A16z’s post, Cicada uses these homomorphic puzzles to allow votes to be counted even when users go offline.
When the A16z researchers tried to convert Malavolta and Thyagarajan’s system to the blockchain, they ran into an obstacle to creating a fair voting system: Each choice had to be encoded as a Boolean value of “1” or “0”. This meant that attackers could try to increase their voting power by encoding the vote incorrectly — for example, encoding “100” as their value.
To solve this problem, Cicada requires voters to submit proof of validity of zero-knowledge ballots with each ballot, the post said. The proof shows that the vote was encoded correctly, but without revealing the content of the vote.
Related: Anchorage Digital Opens DeFi Voting to Escrow Clients
Cicada only prevents votes from being known during voting. Once the “poll closes” or the time lock expires, anyone can determine the content of the vote by brute forcing the solution to the puzzle. However, A16z suggested that this problem could be solved by combining Cicada with zero-knowledge group membership systems such as Semaphore, Semacaulk, or zero-knowledge proofs of state. In this case, the brute force puzzle will only reveal that the vote was cast by an eligible voter, but not the credentials used to prove the voter’s eligibility.
As an example, Zhu provided a link to a sample contract built with Cicada, which also relies on Semaphore to prove voter eligibility.
Voting systems have long been part of decentralized autonomous organizations (DAOs), the governing bodies that often govern blockchain applications. However, in most cases, DAOs use tokens to represent votes, which means that individual users can have excessive influence if they hold a large number of tokens. For example, on May 22, an attacker took control of Tornado Cash by casting special votes on the adverse proposal and using it to exhaust all management contract funds. The attacker later offered himself return control to users.
Waves founder Sasha Ivanov he argued that The DAO must move to a more democratic voting system if it is to avoid such attacks on the government.