Venture capital fund Andreessen Horowitz, also known as A16z, has released a Solidity library that can be used for anonymous voting on Ethereum. Called “cicada”, the library prevents the choice of an individual voter to be known before the end of the vote. When combined with zero-knowledge group membership systems like Semaphore, it can also make a voter’s identity permanently unknown, according to a May 24 blog post by A16z engineer Michael Zhu.
Excited to announce Cicada: a new building block for private on-chain voting. https://t.co/hxE4KL4Se6
— moodle soup (@moodlezoup) May 24, 2023
Cicada is based on time-lock puzzles, a type of cryptography that allows users to encrypt secret values that can only be cracked after a specified period of time has passed, Zhu said.
These puzzles have been around since 1996. But before 2019, they would have required users to reveal their secret values after the time period had elapsed. In voting systems, this could have caused problems with users submitting votes and then being disconnected, preventing all votes from being counted.
In 2019, the concept of “homomorphic” time-lock puzzles was proposed by cryptographers Giulio Malavolta and Aravind Thyagarajan. This allowed the puzzles to be added together to produce a final puzzle that was much easier to solve than the sum of the individual puzzles. The solution to the final puzzle reveals only the sum of the individual values without revealing the individual values that make up this sum.
According to A16z’s post, Cicada uses these homomorphic puzzles, allowing votes to be counted even if users go offline.
In attempting to transfer Malavolta and Thyagarajan’s system to the blockchain, the A16z researchers ran into an obstacle in creating a fair voting system: each option had to be encoded as a boolean value of “1” or “0.” This meant that attackers could attempt to increase your voting power by incorrectly encoding the vote, encoding “100” as its value, for example.
To solve this problem, Cicada requires voters to submit proof of zero-knowledge ballot validity along with each ballot, the publication said. The test shows that the vote was encrypted correctly, but without revealing the content of the vote.
Related: Anchorage Digital Opens DeFi Voting for Custody Clients
The cicada only prevents the votes from being known while the poll is being conducted. Once the “poll has been closed” or the time lock period has passed, anyone can determine the content of a vote by brute force solving the puzzle. However, A16z suggested that this problem can be solved by combining Cicada with zero-knowledge group membership systems like Semaphore, Semacaulk, or zero-knowledge state proofs. In this case, the brute force of the puzzle will only reveal that the vote was cast by an eligible voter, but will not reveal the credentials used to prove the voter’s eligibility.
As an example, Zhu provided a link to a sample contract produced with Cicada that also relies on Semaphore to demonstrate voter eligibility.
Voting systems have long been a component of decentralized autonomous organizations (DAOs), the governing bodies that often manage blockchain applications. But in most cases, DAOs use tokens to represent votes, which means that individual users can have enormous influence if they have a large number of tokens. For example, on May 22, an attacker took control of Tornado Cash by casting additional votes on a malicious proposal, using them to drain all government contract funds. The attacker then offered to return control to the users.
Waves founder Sasha Ivanov has argued that DAOs need to move to a more democratic voting system if government attacks like these are to be avoided.