Voting is a powerful application for Web3 platforms, thanks to the unique properties of the blockchain – so long as we can implement robust privacy. Garbled circuits offer the perfect solution for this use case.
International law and human rights frameworks clearly state the right to private voting as a core principle of democracy. Just one of many relevant references occurs in Article 21(3) of the Universal Declaration of Human Rights (UDHR):
“The will of the people shall be the basis of the authority of government; this will shall be expressed in periodic and genuine elections which shall be by universal and equal suffrage and shall be held by secret vote or by equivalent free voting procedures.”
Secrecy of voting is vital for free and fair elections, and is internationally recognized as an essential condition for protecting voters from coercion, bribery, and retaliation. A 2000 study from the US showed that moving to a secret ballot system led to a significant fall in turnout, which was linked to poorer voters previously relying on small bribes. Without the means of verifying their votes, these voters were discouraged from participating. Another large-scale study, Election turnout in authoritarian regimes, showed that the threat of reprisals increased turnout, but that coercion understandably led to less fair elections. For example, analysis suggests that such pressure at the smallest (and least well-observed) polling stations was likely decisive in the outcome of the 2013 Venezuelan presidential elections.
In short, privacy allows people to express their genuine preference at the ballot box, without fear or external pressure.
Normal practice in the offline world doesn’t always translate to similar standards in the Web3 space. Like other kinds of transactions, from simple transfers to complex smart contract interactions, blockchain votes are transparent and can be viewed by anyone.
The Advantages Of On-Chain Voting
Blockchain’s unique properties over Web2 systems make it particularly well-suited for voting applications:
- Trustlessness. There are no third parties to act as gatekeepers or censor votes.
- Decentralization. Cutting out single points of failure reduces the scope for service outages or interference.
- Security. Votes can only be cast by a user who holds the right private key or who fulfils other criteria, such as token ownership, providing strong cryptographic guarantees.
- Immutability. Blockchain is a tamper-proof ledger that ensures votes cannot be manipulated or miscounted.
- Speed and Automation. Tallying can take place immediately after the vote ends, with final results delivered near-instantly.
Transparency is the dealbreaker. While the transparency of the blockchain brings certain advantages, including auditability, it also undermines privacy. Ethereum accounts are pseudonymous, consisting only of a string of alphanumeric characters, but it’s often possible to find out the real-world identity behind an address, or otherwise benefit from knowing how users vote.
This has resulted in a wide range of abuses over the years. Perhaps the most notorious is EOS governance being captured by cartels as block producers bribed voters with a share of their block production rewards. The transparency of the blockchain meant it was easy to enforce deals made between voters, since it was clear who voted for which producers.
Blockchain voting powers multi-billion-dollar DAOs and other applications. We accept the shortcomings only because we haven’t been able to implement a satisfactory solution – so far. That is starting to change, as new decentralized confidential computing (DeCC) technologies reach maturity. However, not all are suited to private voting. This is one area in which garbled circuits truly shine.
What Happens In An Online Vote?
Any vote involves a series of steps.
- Eligibility checking. The voter must fulfil certain criteria before being allowed to vote. For example, they may need to be over 18, meet certain citizenship requirements, to live in a certain district, to hold a particular class of shares, and so on.
- Casting the vote, selecting one (and sometimes more than one) option from a list.
- Tallying the vote and delivering the result.
The task for DeCC implementations is ensuring this process is carried out efficiently and securely, as well as privately. All valid votes must be accurately tallied, but no individual vote should be revealed to third parties.
Garbled Circuits Deliver Full Privacy: Both Voter Anonymity And Ballot Secrecy
Garbled circuits are capable of handling the whole voting pipeline in a way that other DeCC technologies are not.
Zero-Knowledge Proofs (ZKPs) are great for proving that a statement is true without revealing any additional information about it. For example, you can prove that you’re eligible to vote, or that your vote is in the correct range (e.g., the vote should be between 0 and 10, where each number in the range refers to one candidate). However, ZKPs are not suited to operations that involve computation on shared state, such as performing the tally at the end of the vote. Suppose that the tally’s result should disclose only the number of votes of the top three candidates, or the ones that received more than 10% of the vote. This is a task ZKP cannot fulfil on its own.
As an example, Scroll, one popular zkEVM platform, integrated with Secret Network, to provide DeCC functionality, including private DAOs. Secret Network relies on Trusted Execution Environments (TEEs) for private computation; this is not ideal as TEEs pose many single points of failure.
Another example is the NounsDAO Aztec private voting prototype, which uses ZKP to anonymize the voters, but does not provide ballot secrecy; as mentioned, this cannot be solved solely with ZKP. They use the commit-reveal approach, where in the “commit phase” anonymized users submit their vote commitment (e.g. a hash of the vote) and in the “reveal phase” they provide the actual vote in cleartext, and so the tally result can be computed on-chain as usual. This however is open to many attacks, like having users submitting their vote commitment in the “commit phase” but not the actual vote in the “reveal phase”.
Fully Homomorphic Encryption (FHE) could theoretically be used to tally votes. However, FHE is slow and computationally expensive, and would not suffice when a high throughput is needed, as in the case where the number of votes is large.
Garbled Circuits (GC), in contrast, can be used to handle the whole voting process, from eligibility checking, through voting, tallying, and providing a succinct result that leaks no further information – quickly, efficiently, and securely. Unlike in the NounsDAO PoC, individual votes are never decrypted. End-to-end encryption is preserved throughout.
Web3 Voting
This combination of properties is useful for DAOs, where voting may have several eligibility steps, including at the proposal stage, voting itself, ensuring a quorum is reached, and then enacting the result, which could be an on-chain operation that is automatically executed.
Web3 voting may include a range of other features, such as quadratic voting (where voting power scales in a non-linear way to token balance to express intensity of preference), vote delegation, ranked choice or preference voting, weighted voting or rule-based voting (similar to A- and B-class shares), and more. All of these introduce additional steps and logic branches, and must be tallied/executed securely and efficiently.
To date, blockchain voting has mainly been restricted to Web3 applications, with only a handful of trials carried out for public votes. With effective and streamlined privacy, blockchain has the potential to power use cases like presidential or municipal elections, corporate voting, and other types of democratic process.
Follow Us
To find out more about Soda Labs’ work on garbled circuits, explore our documentation, join the gcEVM Vanguards Telegram group, or stay up to date with the latest developments by following the project on X.
