zkdao

• 

  Event logs of the first working POC

• 

  Commit-reveal designs

• 

  Sharing the dividend relation proof equation

• 

  Commit-reveal designs pt.2

Inspiration

DAO's are super disruptive, and governance is hot. What would happen if all votes in a DAO were anonymous? Would a meritocracy emerge from inhibition of voter coordination/buying?

What it does

You can attach any existing DAO to a ZKDAO contract, and realise fully-anonymous governance on proposals.

Votes submitted on proposals are anonymous. Like a usual DAO, proposals have a passing threshold of shareholder power.

"don't quote me on this, but it should work" (Paul Berg - AZTEC Engineer, 2019)

How we built it

With our bare hands:

Solidity, Truffle, Remix, JS, reading the AZTEC paper, Mocha unit tests

Challenges we ran into

• we had no idea of we were doing (seriously - zero knowledge of zero knowledge algorithms)
• documentation out of date / incomplete for AZTEC
• finding and harassing Tom & Paul from AZTEC (thank you very much)
• off-by-one, off-by-zero errors, JS wat's
• no REVERT reasons in general

Accomplishments that we're proud of

• implementing the first-ever ZKDAO
• being the 1st usage of AZTEC Cryptography Engine in the wild, and much to their dismay ;), a repurposing of their proofs for purposefully leaking information
• reverse-engineering AZTEC's dividend proof algorithm, which is currently not deployed. We had to dive into the proof engine, the test cases, and how the dividend relation is proven (za, zb).
• using a commit-reveal scheme to implement the double-voting constraint, as well as a really simple logic to change vote positions
• a simple nullification of submitted votes when shares are transferred (using note.noteHash as an additional commit)

What we learned

There are two constraints you must design for:

• double-voting - ensuring that a shareholder cannot vote twice (since your "shares" are private, they could do something like transfer and vote again)
• multiple proposals - being able to submit votes to multiple proposals

We represent a share in the DAO as an AZTEC ZK-note and represent a "vote" as a ZK proof of a % of that balance.

We can use the totalSupply of the original ERC20 share token to calculate the number of votes required to pass a proposal. We then repurpose the dividend proof to prove that a shareholder "votes" a % of the totalSupply of available votes, without revealing their total number of shares.

We learnt that you can use the AZTEC proofing engine without necessarily destroying/creating notes.

What's next for zkdao

• turning this POC into an MVP
• plug-n-play for existing DAO's
• stealth addresses by default

Built With

• aztec-protocol
• ethereum
• javascript
• solidity
• zero-knowledge-proofs