5 posts tagged with "anonymity"

Why poll joining?​

In the original version of the MACI protocol, one state tree stored information about all registered users, their public key, number of credits, and registration timestamp. Users could vote using encrypted messages and change keys to mitigate potential bribes. However, the coordinator could still decrypt messages and track key changes. Even if the key was changed and the bribed users could cancel their previous votes by voting with their new key, the coordinator could still trace back the key-changing messages and determine the true votes of the bribed users. To remove the link between the original public key and the new, changed public key, we've implemented El Gamal modification of the protocol. This modification worked, but it was expensive from the contract side and introduced a big overhead to the protocol in general.

Even if the El Gamal modification was not the most efficient one, it pointed in the right direction where each user should get a new key for each poll and hide the link with their original key using ZK proofs. That is why we decided to follow that path and improve the protocol further. We introduced a new concept of poll joining.

What is poll joining?​

Poll joining represents a protocol change where each poll contains its own poll state tree that stores the keys of users who want to vote on that poll. The users join the poll by providing a new key that they will use in that specific poll. But wait, then anyone can create as many keys as they like and vote many times so we lose everything? Not really. The users submit their new public key and ZK proof that they own some key in the original MACI state tree. That way, only registered users can join the polls without revealing the link between the old and the new key. To prevent multiple joins, the user also provides a nullifier - computed as a hash of their private key. The submitted ZK proof also verifies that the nullifier is correctly computed from the same private key associated with the public key in the original MACI state tree. On the smart contract side, the user is prevented from joining the poll with an already spent nullifier.

What if some users have a very specific number of credits so they reveal themselves by giving the same number of credits to a new key? We have a solution for that also. The users submit their new desired credit balance which has to be less than or equal to their credit balance associated with the original key in the MACI state tree. The submitted ZK proof also verifies that this condition is valid. Furthermore, a poll can be created so that it sets balances for all keys to a constant value, completely keeping anonymity.

How does poll joining affect the protocol?​

The poll joining does introduce one extra step for the user. Besides that, all functions and circuits on the coordinator's side remain intact. However, poll joining introduces new interesting features for the MACI as it enables putting various conditions on who can join the poll and how their credits are transformed in each poll. Some polls may require a minimum number of credits for joining, others may put a cap on the number of credits to be spent in a poll. The new dynamics open a new world of possibilities for future updates. But wait, there is more!

What else was improved?​

Besides poll joining we have introduced a new feature that drastically lowered the overall cost of the protocol. Before we reveal what was the upgrade, we should first recap how the protocol worked in the original version, specifically the message processing. In the original protocol, users submitted their messages to the Poll smart contract. Each message was stored in a smart contract Merkle tree, the accumulator queue to be precise. At the end of the voting period, the coordinator had to merge the message tree by sending multiple merging messages for data structure subtrees so the final message root could be computed. When the message route was computed, the coordinator used inclusion proofs in the message processing circuit to prove that each processed message was indeed found in the message tree. This sounds like a really expensive procedure - because it was. Let's analyze what could be improved.

First, all messages need to be processed in the same order that they were submitted to the poll contract. Using a tree structure and inclusion proofs does indeed prove that, but if there only was a data structure that maintains the order of items in a given immutable order? Yes, you guessed it, it is Blockchain. Each block in the chain stores an immutable reference to a previous block, keeping the order. It sounds like we have to make the message object even more complex and keep the reference to the previous message, but that is not the way. We can start with a random value, a hash of an initial string, and call it a chain hash. When there are no messages, the chain hash keeps the initial value. Once a new message comes to the poll, we can compute the message hash (already done for the message tree in the original protocol) and update the chain hash to a hash value of the current chain hash and newly received message hash. Formally, $chainHash_i = hash(chainHash_{i-1}, messageHash_i)$

Second, the coordinator collects all messages from the smart contract events, so why should we explicitly store messages in the smart contract? With the chain hash approach - we don't. When the coordinator is processing messages, the only important thing for making sure that the messages are properly ordered and all messages are included is to check that the chain hash is correctly computed. Starting with an initial chain hash value we can process messages and incrementally update the chain hash in the circuit ending up with a value that has to match the last chain hash value in the smart contract. To optimize this procedure for batch message processing, we explicitly store chain hashes for each batch in the smart contract and verify the batch processing by submitting the chain hash values before and after the message batch. We can dynamically set the size of the batch, thus the number of stored batch chain hashes, based on the coordinator's processing power.

How efficient is this?​

We removed the entire message accumulator data structure that had exponential space complexity in the number of messages and introduced batch chain hashes of a linear space complexity with a constant of less than one. That resulted in removing the entire message merging step, executed multiple times until the tree was merged. We kept the high level of user anonymity but without the large overhead of the El Gamal approach. We have maybe introduced one extra step for the user to join the poll, but we also removed many steps of message processing and drastically lowered the costs for the coordinator. Not bad.

What is next?​

We are not stopping here, more interesting protocol upgrades are on the way that would improve the security of the protocol even further and eliminate another significant concern. Be patient, and enjoy the privacy!

Who are we?​

Visit 3327.io and find out. Special kudos to our Mihailo Radojević and Boris Cvitak who did a lot of heavy lifting so these cool features could be here today!

We are pleased to announce the release of MACI v2.0.0!

This is our second big release of the year, after the MACI v1.2 release in February of this year. MACI v2.0 brings a more secure and efficient protocol, with improved developer experience, and clearer documentation for users looking to learn about and use MACI.

Background​

MACI - Minimal Anti-Collusion Infrastructure - is an application that provides privacy and collusion resistance for on-chain voting. If you're new to MACI, we first recommend reading our documentation for background information and technical details.

New Features and improvements​

More compact codebase​

We have removed some features that were never used in production, namely Topup and Subsidy. This allowed us to reduce the codebase size, making it cheaper to deploy, as well as reducing the complexity of the zk-SNARK circuits.

We highly thank Chao for his work on these two features over the past years, and look forward to integrating similar features in the future as we come up with new use cases and performance improvements.

On top of that, the merkle tree-like structure holding the signups has been swapped out for a more efficient incremental merkle tree (LazyIMT). This offers some savings for users signing up, as well as simplifies the steps required to finalise a poll, by merging all leaves together and removing the need to compute the subroots and root of the tree.

Improved contract tasks​

It is now possible to deploy contracts and finalise polls using the contracts tasks only. This makes the protocol much easier to use, as there is no need to use the maci-cli anymore, which often came with a large number of flags and options. You will just need to fill a json file with the correct parameters and run few simple commands.

Concurrent Polls​

It is now finally possible to run multiple polls concurrently from a single MACI instance. Users will no longer need to signup again to vote on proposals published by a single organiser. One thing to note is that each poll will have the same amount of voting power, and new users will need to pass the same gating process as existing users.

We believe this feature will work best when used for coordinating several polls for the participants of a single event where signup is gated by the conference ticket and there are multiple voting rounds, like at Devcon or Devconnect.

New Gatekeepers​

Custom Gatekeepers are a great way to guard MACI against Sybil attacks, and with this release we have integrated a number of new protocols, together with the help of our community:

• Hats Protocol
• Gitcoin Passport
• Zupass
• Semaphore

For instance, with Gitcoin Passport as the gatekeeper, the MACI round organiser can set a threshold score and only allow new users with a passport score greater or equal to that threshold. Additionally, with Zupass, we can now gate access to holders of specific event tickets.

We expect to continue to expand our gatekeeper capabilities and welcome the community to come up with new and innovative ways to grant access to MACI's rounds, helping make MACI more customizable and sybil-resilient.

Documentation​

You gave us the feedback that the MACI documentation was way too tough to digest, and we heard you! To make it easier to understand, we have grouped documentation entries under a more logical structure, with different sections for different audiences and objectives.

We continue to use our docs website as the definitive resource for all information related to MACI, including blog releases, documentation updates, and roadmap progress. As always, we welcome suggestions on how to make it better and encourage you to report any inconsistencies you may find.

Security Audit​

As usual before a major release, the protocol has been thoroughly audited by PSE's internal Audit team, and this time no significant issues were found. However, thanks to the auditors' hard work, we have been able to further optimise the protocol and clean up our technical documentation.

For more details on this recent audit, please refer to our audit docs or view the full report.

With more and more eyes on the protocol, we feel more and more confident about MACI's security posture.

Trusted Setup Ceremony​

We are preparing for a new ceremony to cover the changes in our v2.0.0 circuits. To accomplish this, we'll leverage the tooling of p0tion, which helps to streamline and automate Groth16 phase2 ceremonies.

We'll update this page after the ceremony completes to include the production-ready zkey artifacts. In the meantime, the artifacts for v.1.2 can be found on our website, and the artifacts can still be used in production for releases 1.2.0 up to 1.2.5.

Get Involved​

MACI is deeply committed to our community, through our open initiatives like public roadmaps, transparent repository management, and a public Discord channel for interaction with our team.

With every issue, PR, feature and roadmap iteration, we welcome feedback to ensure that the continued development of MACI reflects your and the community's needs. Keep an eye on our documentation, GitHub discussions and our official Twitter/X account for updates.

For those looking to contribute directly, report bugs, or offer feedback, our GitHub repository is open for issues and discussions. We're eager to assist with your projects or contributions.

For practical implementation insights, review our docs as well as the clr.fund, Allo Stack with MACI, and maci-platform repositories as reference implementations. The first two integrations are quadratic funding implementations, a mechanism which otherwise is highly susceptible to collusion and bribery.

For any other questions or feedback, please reach out to us via PSE's Discord, in our #🗳️-maci channel. We're excited to connect and collaborate with you!

References​

• MACI GitHub repository
• MACI documentation
• A technical introduction to MACI 1.0 - Kyle Charbonnet
• Minimal anti-collusion infrastructure - Vitalik
• PSE Discord server
• Allo Stack with MACI
• maci-platform
• clr.fund

Release​

Here's the link to the new release code in GitHub: v2.0.0 Release.

Greetings anon,

We’re excited to share with you what we're building over the next few months. You'll see some of the same themes as our Q2 roadmap as we strive to make MACI and MACI-RPGF more user-friendly and accessible.

If you haven’t read the Q2 in review yet to learn what we’ve been up to the last three months you can check that out here.

MACI Platform​

The team is doubling down efforts to build a comprehensive voting platform with MACI powering it all. Initially called maci-rpgf, the project is soon turning into an all-in-one solution for hosting voting, quadratic funding, and rpgf rounds. We plan to work on improving the product with the following high-level initiatives:

• Complete the integration of the PSE's design team’s new design
• Bootstrap an e2e testing framework to ensure the code is more robust and reliable
• Support quadratic voting
• Support the use of different signup mechanisms
• Move application's data storage from Vercel to IPFS
• Support contributing/voting to multiple rounds on the same deployment

Our efforts will include supporting community organisers who want to fork and operate MACI Platform rounds in production. If you're interested in running a round for your community, please get in touch!

Coordinator Service​

After successfully implementing a proof generation service as part of our effort of reducing the burden on round organisers, we have plans to continue automating all MACI related operations. This includes contract deployment, proof generation and submission, contract details storage, automatic upload of final tally results to IPFS and more.

We see the “Coordinator Service” as the ultimate automation of MACI’s main pain-points, and look forward to building a secure and efficient service that will abstract away all the operational burdens of using MACI. For more information on the full feature list that this service will include, please refer to this GitHub issue.

Explore Account Abstraction​

It is clear that mass adoption of blockchain applications will be difficult if users, especially first time users, must pay to interact with dapps. Furthermore, having a crypto wallet installed and configured to work on a specific chain might also not be straightforward for an average user.

To support this thesis, the MACI team will start a collaboration with other PSE teams involved in researching and implementing account abstraction (AA) solutions. We look forward to bringing some proof of concepts (PoC) for MACI Paymasters and more, which will help remove friction when it comes to web3 UX.

MACI Protocol Improvements​

As always, we plan to improve the MACI protocol both in terms of making it cheaper and easier to use, as well as making it more secure.

As part of this effort, we are currently working with the 3327 team to integrate their Anonymous Poll Joining grant work into a new MACI version. The effort can be tracked in this public GitHub board. This work enables unconditional voter privacy, further strengthening user privacy in the protocol. For more details, please refer to this blog post.

On top of this, the team will begin the ground work to implement Vitalik’s latest MACI proposal Mostly Offchain Happy Path - in a nutshell, the proposal seeks to completely remove transaction costs for users by moving certain operations offchain. For maximum privacy and trustlessness, voters will still be able to go directly on-chain and submit their own signup/vote actions.

How does that sound?​

Questions? Concerns? Ideas? We’d love to hear from you!

If there is a feature you think we should work on, or an initiative you'd like to collaborate with us on, please let us know! We welcome input from anyone in the community. The best ways to get in touch are to hop in our Discord (#🗳️-maci channel), tag us on X, or create an issue on GitHub.

Onward and upward 🚀

Greetings anon,

Glad to have you here! It's that time of the year where we have a few MACI roadmap updates to share. We’re going to take a moment to look at what we accomplished in Q2, as the most active project in the entire PSE GitHub org.

Before we start, we would like to express our gratitude to all our collaborators and contributors to the MACI protocol.

Q2 in review​

In our q2 roadmap, we aimed at a few major Q2 goals that all tied together:

✅ MACI-RPGF​

A lot has happened with MACI-RPGF this last quarter. Much time has been spent improving the product in order to provide a more functional and stable product with a better overall user experience.

PSE's design team came up with a beautiful design that will soon be merged into the stable version of the code. We are looking forward to implementing this major update and are excited for you to try it!

On the outreach and support side, we also engaged with several communities to run a round using MACI-RPGF. There are three rounds ongoing with EthMexico, ETH Tegucigalpa and Cryptoversidad. Our developers have been working closely with their development teams to deploy and run MACI-RPGF. We look forward to supporting them throughout their rounds and helping facilitate the distribution of funds directly into community members building amazing things in the Ethereum ecosystem.

✅ MACI Coordinator Service​

The use of a Coordinator Service would greatly simplify the operation requirements when running MACI. To better support communities running MACI polls, whether as a QF round or a simple voting application, the team has prioritised the development of a Coordinator Service that can be used by any Round Operator.

In the last three months we successfully completed the first iteration of a proof generation service, which can be used to more easily finalise MACI polls. Additionally, work on a frontend dashboard has started. This dashboard can be used to more easily deploy contracts in a customisable way via an intuitive user interface.

✅ MACI Core Protocol Improvements​

To achieve our Q2 goal of “Unconditional Privacy" we worked with the 3327 team (responsible for the ElGamal on MACI implementation) to come up with an effective solution and a better user experience that we could have hoped for. More on this can be found in our blog, but we have now started this grant work and are looking forward to seeing this in action in the coming months.

We have also been busy working on some new features and improvements to the codebase. It is now easier than ever to deploy MACI instances, as well as re-use certain smart contracts that have already been deployed and will not need changing.

Furthermore, we have managed to slightly reduce the costs for users by removing unused features, as well as using different and more optimised data structures. This brought several improvements, such as allowing for concurrent polls to be run from one MACI instance (finally!).

Finally, we worked with the community to integrate a number of different gatekeepers:

• Semaphore
• Gitcoin Passport
• Zupass - thanks gasperpre for the implementation

You can now use these (plus more) to gatekeep signups to MACI and shoot down those sybil attacks!!.

Stay tuned for an upcoming MACI release where all these efforts can be seen in action.

✅ Support Gitcoin Allo protocol integration​

Throughout May and June, Gitcoin and Nick Lionis in particular worked hard to integrate MACI in the Allo Stack. You can find the code on their GitHub. The stack will soon be used in production by Gitcoin to support running grant rounds privately.

We are excited to see rounds being run with this integration, and look forward to continue to collaborate with the Allo team to improve MACI and integrate new versions into their stack.

✅ Support ETHDam hackathon QV round​

In April, we successfully supported the ETHDam team to run a private quadratic voting (QV) round for the ETHDam hackathon, powered by MACI. Conference attendees used clr.fund to vote on their favourite hackathon projects in order to allocate $10,000 to projects building novel privacy and security solutions in the ecosystem.

✅ MACI starter kit​

We've teamed up with Buidl Guild and the Scaffold-ETH team to build a MACI starter kit: a web app that integrates MACI in order to run polls. Thanks to Yash's efforts we now have a ready-to-use MACI starter kit. This has already been used in two hackathons (as an example here's an Eth Berlin project) to quickly prototype projects using MACI. We thank Yash for all his effort with this and are looking forward to see what the community will build with it.

That was a lot, and there’s more to come! Be sure to keep an eye out here for our next post where we look forward to what is coming for MACI in Q3, 2024.

Minimal Anti Collusion Infrastructure (MACI) is a public good that allows one to run secure, private, on-chain voting polls.

Given MACI's open source nature, it's common for our core team to develop new features or to fix issues based on community feedback. However, it's been less common for external contributors to make significant changes to the core protocol.

Well, this soon will be a reality thanks to a MACI improvement proposal sent by the 3327 team. 3327 is collective of 10+ people working on improving blockchain technologies, with a focus on research and engineering. Their engineering team previously worked on implementing the ElGamal flow into MACI (here's a nice presentation on it from Marija Mikić at EthCC [6]). The work described in this post aims to be its direct replacement due to its simplified nature and several additional benefits.

This proposal can be divided into two parts:

1. bring unconditional privacy to MACI's voters
2. optimise inefficient merkle tree structure holding messages, by replacing it with a hash chain

1) Enable unconditional voter privacy​

Currently with MACI, if a voter performs a key change, the voter's new key would not be anonymous to the coordinator. The coordinator could collude with a bad actor to inform the latter of the key change, as the coordinator would have access to all decrypted messages.

The key focus of this improvement is to enable users to be completely anonymous by removing the link between the original signup key and the key used for voting. How would this work? Well, users sign up to vote via the MACI contract, and depending on the gatekeeper in use, they'd have to prove that they've passed the entry condition. Now, given knowledge of this key, they can signup with a new key to polls deployed by this same MACI contract.

Thus, voters can prove anonymously that they know the preimage of a StateLeaf, by passing this information to a zk-SNARK circuit, and validating this proof within the poll contract when joining with the new key. You might be thinking that everyone knows the preimage of a state leaf, as it's public information that can be taken from the contracts' logs. However, the circuit will not accept the public key directly but would instead take the private key and use it to generate the public key. This way, only users with knowledge of a specific private key can generate a valid inclusion proof.

Now after signing up to the Poll with this new key, there will not be any link to the original key, and users will effectively be anonymous. Of course users should ensure that they are using different wallets where possible.

Finally, with the use of a nullifier, it will not be possible for the same original key to be used to signup more than once for each new poll.

Are there any drawbacks? Well, yes. There will be an extra step for users to register to individual Polls. We aim to offset this cost and additional step soon either with gasless transactions or by moving some logic off-chain.

2) Message structure optimisation​

On top of the improvements to anonymity, the 3327 team aims to also replace the Merkle tree used for storing messages with a hash chain. Some of the benefits of this approach are:

• unlimited number of messages
• removal of expensive merge operations from the coordinator
• cheaper to send messages as only one hash is required to update the hash chain
• less constraints on the circuits due to simplified logic

Unlimited messages

Merkle trees are usually bound by a depth property. Together with the number of leaves per node, we can calculate the max capacity of a tree. For instance, for a binary tree with a depth of 10, we can host up to 2^10 (1024) leaves. On the other hand, hash chains do not have a limit, unless if we wanted to set one, so we technically can support an unlimited number of messages.

Cheaper operations

Hashing the previous hash chain with the message is cheaper than inserting into a Merkle tree. Additionally, removing the need for the coordinator to perform merge operations on the accumulator queues that were used on chain will greatly reduce costs and processing time.

Smaller circuits

As cited in their proposal, processing message inclusion proofs for k messages in a tree with height h requires k * h hashing operations within the circuit with 2 * k * h signal values for inclusion proofs. Processing messages with chain hashes removes the unnecessary inclusion proofs and requires only k hashes to be computed for k messages without any extra signals, as the requirement is to prove that the order and inclusion of all messages are correct.

A call for MACI grant proposals​

So what does this mean for you, Anon?

As an open-source project of PSE with support from the Ethereum Foundation, MACI is fortunate to have the resources to invest in the maintenance and improvement of the protocol. This means we're able to fund full-time developers as well as allocate grants for various research and development initiatives.

We encourage all community members to contribute to the improvement and ongoing development of MACI! After all, our goal is to build the most secure e-voting system, and this cannot be accomplished without all of your support.

As a team, we are incredibly excited about this proposal and will continue to work hard to help the 3327 team get this upgrade production-ready over the next 3 months.

To contribute to MACI, submit issues, or learn more about it, you can reach out to us either via Discord or GitHub issues.

If you have an ambitious idea you'd like to work on, reach out to us and we could create a proposal to build together! If you don't yet have a specific idea but are still keen to work on MACI, we have some research ideas which might inspire you and we could collaborate on a grant together. Feel free to explore these ideas below and get in touch:

• MACI coordinator in a TEE
• Group wise matching
• Folding schemes for MACI's circuits

References​

• 3327 team
• 3327 ElGamal flow
• 3327 ElGamal API
• Marija Mikić - Anonymity in MACI - EthCC [6]
• MACI Original idea
• MACI Anonymization