DAO's are super disruptive, and governance is hot. What would happen if all votes in a DAO were anonymous? Would a meritocracy emerge from inhibition of voter coordination/buying?

What it does

You can attach any existing DAO to a ZKDAO contract, and realise fully-anonymous governance on proposals.

Votes submitted on proposals are anonymous. Like a usual DAO, proposals have a passing threshold of shareholder power.

"don't quote me on this, but it should work" (Paul Berg - AZTEC Engineer, 2019)

How we built it

With our bare hands:


Solidity, Truffle, Remix, JS, reading the AZTEC paper, Mocha unit tests

Challenges we ran into

  • we had no idea of we were doing (seriously - zero knowledge of zero knowledge algorithms)
  • documentation out of date / incomplete for AZTEC
  • finding and harassing Tom & Paul from AZTEC (thank you very much)
  • off-by-one, off-by-zero errors, JS wat's
  • no REVERT reasons in general

Accomplishments that we're proud of

  • implementing the first-ever ZKDAO
  • being the 1st usage of AZTEC Cryptography Engine in the wild, and much to their dismay ;), a repurposing of their proofs for purposefully leaking information
  • reverse-engineering AZTEC's dividend proof algorithm, which is currently not deployed. We had to dive into the proof engine, the test cases, and how the dividend relation is proven (za, zb).
  • using a commit-reveal scheme to implement the double-voting constraint, as well as a really simple logic to change vote positions
  • a simple nullification of submitted votes when shares are transferred (using note.noteHash as an additional commit)

What we learned

There are two constraints you must design for:

  • double-voting - ensuring that a shareholder cannot vote twice (since your "shares" are private, they could do something like transfer and vote again)
  • multiple proposals - being able to submit votes to multiple proposals

We represent a share in the DAO as an AZTEC ZK-note and represent a "vote" as a ZK proof of a % of that balance.

We can use the totalSupply of the original ERC20 share token to calculate the number of votes required to pass a proposal. We then repurpose the dividend proof to prove that a shareholder "votes" a % of the totalSupply of available votes, without revealing their total number of shares.

We learnt that you can use the AZTEC proofing engine without necessarily destroying/creating notes.

What's next for zkdao

  • turning this POC into an MVP
  • plug-n-play for existing DAO's
  • stealth addresses by default

Built With

Share this project: