Cointime

Download App
iOS & Android

How we achieved anonymity on Web3 token-based elections

From Vocdoni by Vocdoni and Lucas Menendez

At the heart of Vocdoni's mission there is to innovate secure and anonymous voting mechanisms, as we believe it's a primitive for fair and legitimate participation in many scenarios.

Voter's anonymity can be easily preserved in 1Person-1Vote scenarios, as we already offer with our SDK and UIs using zk-Snarks. However, for token-based elections, separating identities from votes is not enough because token holders have a unique balance for a token, making them easy to identify as the weight of a vote can be correlated with an address.

In this article, we'll detail our approach to resolving this issue.

Introduction

A key part of the Vocdoni stack is Census3. Census3 is a service that checks for updates to a list of tokens or other crypto assets, and maintains an updated list of holders for each registered token. This service allows users to create a census based on a token, or combining censuses using strategies, in a way compatible with Vocdoni's blockchain (Vochain).

Census3 allows creating public or anonymous-compatible censuses and publishes them on IPFS, allowing for a transparent use and public auditing. But when the election is configured to be anonymous, we must consider not only the addresses of the holders, but also their balances because depending on the token holder distribution it could be easy to identify voters.

In the context of public blockchain technology where balances are public, preserving voter anonymity on token-based elections is a big challenge. To address this, we have been considered different approaches:

  • Find a way or mechanism to keep the balance secret. ❌ Balances are public, and the Vochain needs to know the weight value to perform some checks and to calculate the results.
  • Find a way to hide the balances. ✅ Modifying the balances as little as possible to make them difficult to correlate with identities and achieving sufficient anonymity.

The Vocdoni protocol is very flexible on how to configure and process elections. That includes weighted voting. In this type of election, not all voters wield the same power; instead, their voting power is determined by their token holdings as defined in the census.

Rounding censuses

To ensure that the balances of token-based censuses remain private, we must alter them in some way. However, any change must meet two requirements:

  1. The resulting balance must be less than or equal to the original one.
  2. The resulting balance should stay as close to the original as possible.

We explored two approaches:

  • Statistical approach: Using a classification algorithm based on k-means but introducing the minimum number of members in a cluster requirement. ❌ Unfortunately, this approach required too many iterations to converge.
  • Logical approach: Sorting participants by their balance and then grouping them, with some data cleaning techniques.✅ This approach proved sufficient to provide a solution.

Logical approach

We have developed an algorithm to meet these requirements, rounding balances to the nearest one, forming groups of at least 3 (privacyThreshold) equal balances. This process obscures individual holder's balances. The algorithm optimizes the number of members in a group, taking in account the difference between balances, to reduce the accuracy loss.

Basic steps

  1. Identify and exclude outliers: Participants balances are analyzed to detect outliers using z-score algorithm.
  2. Forming groups: Participants are initially grouped based on the privacy threshold. A group can extend to include participants with identical balances or with balances differences falling below the groupBalanceDiff criteria.
  3. Balancing groups: For each group, we adjust the balances, rounding them down to the smallest amount within the group to obscure individual values.
  4. Accuracy loop: The algorithm tries to find the highest accuracy possible while maintaining a minimum privacy threshold. It starts with the minimum privacy threshold and increases it by a small amount until the accuracy is maximized.

For example, here is the pseudocode of the core part, grouping participants (2):

Function groupAndRoundCensus Input: participants (array of Participant), privacyThreshold (integer), groupBalanceDiff (pointer to big integer) Output: array of Participant Sort participants by balance Initialize groups as an empty array of array of Participant Initialize currentGroup as an empty array of Participant For each participant in participants If currentGroup is empty Add participant to currentGroup Else Set lastParticipant to the last element in currentGroup Calculate balanceDiff as the absolute difference between participant's balance and lastParticipant's balance If the length of currentGroup is less than privacyThreshold OR balanceDiff is less than or equal to groupBalanceDiff Add participant to currentGroup Else Add currentGroup to groups Set currentGroup to a new array containing only participant If it's the last iteration Add currentGroup to groups Set roundedCensus to the result of flattening and rounding groups to the minimun balance Return roundedCensus End Function

Results accuracy

To measure accuracy, we compare the total of the adjusted balances from the census against the sum of the original balances, incorporating outliers in both calculations for consistency.

Our tests covered censuses involving 21 different tokens, showcasing various holder counts and token formats, including ERC20, ERC721, and POAP. This comprehensive testing ensures our approach is robust across different Web3 assets.

Our test results with different tokens

Initial conclusions

Our algorithm has several advantages, such as simplicity and speed. However, there's room for refinement. For example, tokens characterized by uneven distribution among holders present a challenge, as outliers not fitting into any group maintain their original balances, potentially revealing their identity.

Another problem identified is the loss of accuracy. The algorithm allows for parameter adjustments to enhance precision, and these can certainly be used to improve accuracy, but we didn't find any pattern in our test to do so. We've established parameter settings that generally perform well across various token types and distributions, so we consider this to be sufficient for now.

We've also detected potential vulnerabilities to specific attacks. For example, acquiring a certain amount of a token to manipulate the algorithm into grouping an address with others could theoretically expose that address. However, such strategies are impractical and unlikely to significantly impact election outcomes. This type of attack also requires an analysis of balance distributions, complicating its execution.

Additionally, among other possible enhancements, there is also the possibility of improving the algorithm's performance.

This is our first implementation to token-based anonymous elections. But we'll be pleased to hear about better approaches, or suggestions, to achieve anonymous voting on these and other types of elections. We warmly invite you to share them with us at chat.vocdoni.io or info[at]vocdoni.org

Comments

All Comments

Recommended for you

  • Lightchain AI announces testnet launch and completes $15 million in financing

    blockchain project Lightchain AI has announced the official launch of its testnet and has completed a $15 million financing round. The project's main technological innovations include the Proof of Intelligence (PoI) consensus mechanism and the AI Virtual Machine (AIVM). The PoI consensus mechanism is achieved by rewarding nodes to solve AI computing problems, while the AIVM provides developers with a toolkit to build AI applications on the blockchain. The project is currently in the final round of presale, and the funds raised will be used for technology development, infrastructure expansion, and talent recruitment. Lightchain AI plans to launch its mainnet in 2025 and will focus on developing enterprise-level decentralized AI solutions in the future.

  • Over 64.5404 million USD was liquidated in the past hour, mainly due to long orders

    According to data, in the past hour, the total liquidation amount of the entire network reached 64.5404 million US dollars, of which the liquidation amount of long positions was about 63.1007 million US dollars, and the liquidation amount of short positions was about 2.2016 million US dollars.

  • The State Council Tariff Commission: Additional tariffs will be imposed on some imported goods originating from the United States

    The State Council Tariff Commission issued a notice: with the approval of the State Council, tariffs will be imposed on some imported goods originating in the United States from February 10, 2025. A 15% tariff will be imposed on coal and liquefied natural gas, and a 10% tariff will be imposed on crude oil, agricultural machinery, large-displacement cars, and pickups. (Jinshi)

  • Japanese listed company Remixpoint increased its holdings by 30.83 BTC, bringing its total Bitcoin holdings to 509.33

    Japanese listed company Remixpoint announced on February 3 that it had released a "Notice of Additional Purchase of Cryptocurrency" on January 30, 2025, and passed a resolution to purchase a total of 2 billion yen (approximately $12.89 million) worth of cryptocurrency at a board meeting held on the same day. Based on the resolution, the company completed the purchase of the first 500 million yen (approximately $3.22 million) worth of cryptocurrency on January 31, 2025, including the addition of 30.83 BTC, bringing the company's total Bitcoin holdings to 509.33.

  • US spot Ethereum ETF had a net inflow of $83.54 million yesterday

    According to  TraderT monitoring shows that the net inflow of US spot Ethereum ETF was 83.54 million US dollars yesterday.

  • Yesterday, Fidelity Ethereum ETF had a net inflow of $49.7 million, while Bitcoin ETF had a net outflow of $177.6 million

    According to Farside monitoring, yesterday, the net inflow of Fidelity Ethereum ETF (FETH) was $49.7 million, while the net outflow of Bitcoin ETF (FBTC) was $177.6 million.

  • GOAT Gaming, the AI ​​gaming network on Telegram, completes $4 million in strategic financing

    According to official sources, AI game network GOAT Gaming on Telegram announced the completion of a $4 million strategic financing round, led by TON Ventures, Karatage, Amber Group, and Bitscale Capital. This financing round brings the total funding for Mighty Bear Games, the game studio behind the game, to $15 million.

  • Thailand SEC plans to launch tokenized securities trading system

    According to a report from the Bangkok Post on February 3, Jomkwan Kongsakul, Deputy Secretary-General of the Thai Securities and Exchange Commission, stated that token investment is increasingly being taken seriously, and regulatory agencies will allow securities companies to trade digital tokens to leverage their large investor base. Jomkwan Kongsakul said, "The SEC is using technology to improve the efficiency of the capital market by promoting the electronic securities ecosystem," adding, "New regulations will be introduced to promote the issuance of electronic securities and online purchase of bonds," which are medium- to long-term debt instruments that large companies use to borrow money.

  • BTC falls below $96,000

    The market shows that BTC has fallen below $96,000 and is now trading at $95,909.85, with a 24-hour drop of 5.26%. The market is volatile, so please be prepared for risk control.

  • Web3 data and AI company Validation Cloud completes $10 million in new round of financing

     Web3 data and AI company Validation Cloud announced a $10 million financing round from True Global Ventures. The company plans to use the funds to expand its AI products and achieve seamless access to Web3 data.