Cointime

Download App
iOS & Android

Building a private, on-chain, implementation for RetroPGF

From optimism By samajammin

Hello Optimism Collective!

Excited to share plans on a project our team has been working on over the past few weeks.

Our goal is simple - we’d like to add private, bribery-resistant, on-chain voting to Optimism’s RetroPGF rounds.

Who are we?

We’re the core team working on MACI, an on-chain voting platform which protects privacy and minimizes the risk of collusion and bribery. We’re an engineering team within PSE 1, which is supported by the Ethereum Foundation

You can learn more about MACI in our documentation.

What are we doing?

We’re building a proof-of-concept RPGF implementation that supports private on-chain voting for badgeholders of the Citizens House.

  • Thanks to folks at Gitcoin & their work on EasyRetroPGF, we have a purpose-built web app that we’re forking for our frontend
  • For the “backend”, we’re essentially swapping out the SQL database for the MACI smart contracts
  • For badgeholder verification, we’ve built an EAS gatekeeper contract which ensures only OP badgeholders are eligible to register to vote
  • In line with PSE’s mission 1 and inspired by the efforts of EasyRetroPGF, we also open-source all our code in case it’s beneficial for others

Here’s the source code:

GitHub

GitHub - privacy-scaling-explorations/maci-rpgf: RPGF with MACI 3

RPGF with MACI. Contribute to privacy-scaling-explorations/maci-rpgf development by creating an account on GitHub.

Here’s where were tracking our progress:

GitHub

MACI team sprint board • privacy-scaling-explorations 3

MACI team sprint board

Why are we doing this?

In many ways, Optimism’s RPGF rounds are already a massive success. It seems the process worked in round 3 but - like many of you - we see several areas that can be improved.

For one, the RPGF process currently depends heavily on the OP foundation to act honestly and competently. In round 3, the community had to trust that:

  • Only badgeholders would be able to submit ballots
  • No badgeholder ballots would be censored or manipulated or double-counted
  • The final tally of ballots would be calculated correctly

If we think about what security properties are critical to a voting, Vitalik outlined this in his blog post (Blockchain voting is overrated among uninformed people but underrated among informed people) as well as anyone could:

Any voting system requires a few crucial security properties in order to be trusted by users:

  • Correct execution: the results (tally of votes) must be correct, and the results must be guaranteed by a transparent process (so that everyone is convinced that the results are correct)
  • Censorship resistance: anyone eligible to vote should be able to vote, and it should not be possible to interfere with anyone’s attempt to vote or to prevent anyone’s vote from being counted
  • Privacy: no one should be able to tell which candidate anyone voted for, or if they even voted at all
  • Coercion resistance: you should not be able to prove to someone else how you voted, even if you want to

Unfortunately RPGF currently fails in all 4 dimensions. As RPGF continues to grow, we think the need to enforce process integrity will be of upmost importance.

Talking with the folks from the OP foundation about, they’ve mentioned some key requirements for future versions of their RPGF stack:

  • Provably correct execution - They’d want to demonstrate the legitimacy to community in terms of how ballots are submitted and calculated
  • Privacy protection - They want to ensure not just voter privacy, but also vote privacyWhy? While voter privacy alone would offer some valuable protection, if the votes are public, there’s the chance that data sleuths would be able to deduce the identity of some badgeholders. e.g. say a badgeholder publicly declares a few projects where they have conflicts of interest. If they are the only badgeholder who does NOT vote for those specific projects, anyone would be able view their public ballot and tie it to that specific badgeholder, thus circumventing this supposed privacy protection
  • Why? While voter privacy alone would offer some valuable protection, if the votes are public, there’s the chance that data sleuths would be able to deduce the identity of some badgeholders. e.g. say a badgeholder publicly declares a few projects where they have conflicts of interest. If they are the only badgeholder who does NOT vote for those specific projects, anyone would be able view their public ballot and tie it to that specific badgeholder, thus circumventing this supposed privacy protection
  • Collusion resistance - given the money at stake with RPGF, bribery resistance is a key component for any RPGF implementation

What solutions exist?

We reviewed the options in this private voting report: State of Private Voting

It’s great to see an array of private on-chain voting solutions emerging! As you can see from the report, each has a unique set of features and trade-offs with their implementation.

Image 2024-02-28 at 15.00.571470×734 205 KB

Why did we decide on this implementation?

A number of projects solve some of the above requirements, but again - given the money at stake with RPGF, we feel that collusion resistance (”Briber Protection”, in that report), is an essential component for any RPGF implementation. Currently MACI is the only project with all 3 of these features:

Image 2024-02-26 at 19.13.391326×640 179 KB

An RPGF MACI integration has the potential to provide several important security guarantees to the RPGF voting process:

  1. Correct execution: With MACI, user registration, voting data and poll logic is stored on-chain. While tallying computation is handled off-chain, ZK-proofs guarantee the correct execution of this logic. In this way, we know the result (tally of votes) will be correct, and the results are guaranteed by a transparent process (anyone can verify that the result is correct) .
  2. Censorship resistance: With voter verification (via an EAS attestation gatekeeper) and vote submission happening on-chain, there’s no way for anyone (including the OP foundation) to censor any badgeholder votes.
  3. Privacy: With MACI’s receipt-free voting scheme, we’re able to ensure that results are transparent, but it is impossible for outsiders to verify how any specific user voted (since on-chain votes are encrypted). Vote tallying takes place off-chain but ZKPs are submitted and verified on-chain, which guarantees votes are counted correctly without revealing the individual votes.
  4. Coercion resistance: With MACI’s private, receipt-free votes, this makes cheating (like bribery) much harder. User’s cannot prove which option they voted for, and therefore bribers cannot reliably trust that a user voted for their preferred option. This prevents any bribers from simply reading the transaction data to see which option a user voted for.

Input/Feedback?

We’d love to hear feedback on this plan! The implementation is in-progress but we’re happy to make potential adjustments based on community input.

If there are any badgeholders interested in being user-testers for us, please let us know and we’ll get in touch to schedule an user interview once we have a working demo up and running on a testnet! Feel free to comment here, hop into the PSE Discord (#🗳️-maci channel), hit us up on Twitter/X 1, or reach out to me directly (sam at ethereum dot org).

Comments

All Comments

Recommended for you

  • A Total of 37,212.18 DMD Permanently Burned Over the Past 7 Days

    July 9, 2026 — According to the latest on-chain data released by DMDAO, a total of 37,212.18 DMD has been permanently burned over the past seven calendar days through the protocol's predefined trading and wealth management burn mechanisms.

  • Whale Transfers 1,133 BTC to Coinbase Prime, Valued at $71.48 Million

    According to Onchain Lens monitoring, a whale transferred 1,133 BTC from Coinbase to Coinbase Prime through an intermediary wallet, valued at $71.48 million.

  • U.S. AI Chip Stocks Decline Before Market Open, Intel Falls Over 3%

    On July 7, U.S. AI chip stocks experienced widespread declines before the market opened. Intel dropped over 3%, while AMD, Qualcomm, and NXP fell more than 2%. TSMC, Broadcom, and Tesla decreased by over 1%, and NVIDIA declined by 0.7%.

  • China's Central Bank Increases Gold Reserves for the 20th Consecutive Month

    As of the end of June, China's gold reserves stood at 75.44 million ounces (approximately 2,346.446 tons), an increase of 480,000 ounces (about 14.93 tons) from the end of May, which reported 74.96 million ounces (approximately 2,331.52 tons). This marks the 20th consecutive month of gold accumulation.

  • China's Foreign Exchange Reserves in June at $341.6262 Billion

    On July 7, China's foreign exchange reserves for June stood at $341.6262 billion, a decrease of $26 billion from the end of May, representing a decline of 0.75%, with expectations set at $343.2 billion.

  • U.S. Storage Stocks Drop Pre-Market, SanDisk and Micron Down Over 4%

    On July 7, U.S. storage concept stocks collectively fell in pre-market trading. Western Digital dropped over 5%, SanDisk and Micron Technology fell over 4%, Seagate Technology declined over 3%, Rambus fell over 2%, and SMI fell over 1%.

  • U.S. Stocks in Optical Communication Sector Drop Pre-Market

    On July 7, stocks in the optical communication sector of the U.S. market collectively fell pre-market. Astera Labs dropped over 4%, while Marvell Technology, Credo Technology, and AXT Inc. fell more than 3%. Tower Semiconductor, MaxLinear, Corning, Applied Optoelectronics, GlobalFoundries, Lumentum, and Qorvo all declined by more than 2%. Coherent, Nokia, Amphenol, and Broadcom dropped over 1%.

  • Pre-market Decline in U.S. Storage Stocks

    In pre-market trading, U.S. storage concept stocks experienced a widespread decline, with Micron Technology falling by 4.8%, SanDisk dropping over 4%, Corning down more than 2%, and Intel decreasing by over 3%.

  • Two Departments: Support for Reinsurance Institutions to Increase Capital and Issue Supplementary Capital Tools

    On July 7, the National Financial Supervision and Administration Bureau and the Shanghai Municipal Government released several measures to accelerate the construction of the Shanghai International Reinsurance Center. Among these measures, they proposed to enhance the quality and efficiency of the reinsurance industry, support reinsurance institutions in increasing capital and expanding shares, and issuing supplementary capital tools to improve the capacity for internal capital accumulation and external capital supplementation, thereby strengthening the reinsurance industry's capabilities. The initiative aims to guide the insurance industry to focus on major national projects, strategic emerging industries, and livelihood security, consolidating insurance and reinsurance underwriting capabilities to enhance risk protection levels. It also supports reinsurance institutions in leveraging their professional technical advantages to assist the insurance industry in reducing risk.

  • Sources: Saudi Arabia Plans to Expand Oil Pipeline to Red Sea, Increasing Capacity by 2 Million Barrels Daily to Bypass Strait of Hormuz

    On July 7, five informed sources revealed that Saudi Arabia is considering expanding the crude oil pipeline capacity to its western coast on the Red Sea, allowing Saudi Arabia and its neighbors to transport more oil without passing through the Strait of Hormuz. This east-west pipeline, built in the early 1980s, has gained strategic importance since the outbreak of the Iran war in February and the disruption of shipping in the Strait of Hormuz. The pipeline can deliver up to 7 million barrels of crude oil per day to the Red Sea port. The CEO of Saudi Aramco stated in May that approximately 2 million barrels are supplied to west coast refineries, while about 5 million barrels are for export. Sources indicate that Saudi Arabia is in preliminary discussions with some neighboring countries regarding the pipeline expansion, aiming to add about 2 million barrels of pipeline capacity per day. It remains unclear whether Aramco's planned expansion involves upgrading existing infrastructure or constructing new pipelines. One source mentioned that the expansion plan also includes a smaller refined oil pipeline. Two sources indicated that the expansion scale could range from 1 million to 2 million barrels per day, with refined oil also being considered. Another source stated that the project would take several years and cost billions of dollars, requiring adjustments to Saudi crude pricing mechanisms.