Summary
The Aragon research team is uniquely qualified to develop a prototype of a censorship-resistant, privacy-first voting system for DAOs. This system is a critical missing component in the web3 space that requires a deep understanding of cryptography and math to meet its high security needs. The team has multidisciplinary skills and a track record of success that make them well-equipped to tackle this long-term project. Their work aligns with Aragon’s mission and strategy and will be a major focus for the team over the next 14 months, from January 2023 to February 2024. Funding this project will allow the research team to continue building on their strengths and make significant contributions to the field of web3 technology.
Period | 12 months (1st March 2023 - 29th February 2024) |
---|---|
Requested budget | US$ 1,602,801 |
Full-time positions | 9 (i.e. 8 full-time + 2 half-time equivalents) |
Main outputs | • Prototype of a privacy-centric censorship-resistant voting system for web3 • POCs, software implementations and research publications • Support to Aragon DAO contributors for the integration of the voting system, some of its components, or other software developments done by AZKR • Knowledge transfer on Cryptography, Security, Zero-knowledge, and Mathematics to Aragon DAO contributors |
Aragon impact | • Contribution of a missing key primitive (a “secure” voting system) for safe participation in (Aragon’s) DAOs • Position Aragon as a player in the zero-knowledge space • (Potentially -by integrating deliverables in Aragon) Add utility to the ANT token |
Broader impact | Open sourcing research on applied cryptography (documentation and software) |
Strategic alignment with Aragon
Why does Aragon need a research team?
Web3 companies need to understand math, cryptography, and computer science to keep up with the fast-growing technical innovations in the field. Leading organizations such as Aragon should also contribute to these areas of development and have teams dedicated to them. Building these teams takes time and requires multidisciplinary, knowledgeable team members who can collaborate and experiment.
The setup phase (January - August 2022)
The Aragon research guild was established in late 2021 with the goal of producing proofs-of-concept (such as OVOTE) by leveraging ZK (zero-knowledge) technology to solve decentralized governance challenges. Another goal is to facilitate both vertical and horizontal technology transfers to other Aragon guilds. The guild spent the first few months building the team, identifying areas of interest, and establishing a foundation of knowledge. In May, it set up its blog (https://research.aragon.org) and released its first software PoC: OVOTE. The support its mission, the AZKR guild follows the latest developments in zero-knowledge cryptography, experiments with existing tools and publishes research and training materials related to this area.
The First OKRs season (September - December 2022)
The AZKR guild adopted the objectives and key results methodology in September, with a focus on off-chain voting and private voting. During the first season, the guild accomplished several significant outcomes, creating software prototypes (e.g. blind-OVOTE) and production-ready tools (e.g. SHA512 implementation for Aztec’s Noir language), publishing technical documentation and training materials, and giving talks on private decentralized voting. Further details of our production are provided the annex Team production at end of this document.
Next steps (January 2023 - February 2024)
In light of the Aragon Key Result for 2023 “Voters in Aragon have the option to vote anonymously” of the Objective “Reach defensible product market fit for App & Core”, from January 2023 to February 2024 the AZKR guild will focus its efforts on developing a prototype of a censorship-resistant, privacy-first voting system for DAOs, code-named CeresVote. This is a critical missing component in Aragon’s DAO toolset for enhancing basic participation rights of DAO members, such as privacy. Its development requires a deep understanding of cryptography and math to meet its high security needs. Building on our multidisciplinary skills, our previous work and the resources of this proposal we firmly believe that we can have such a prototype ready for integration by third parties (e.g. App & Core and Vocdoni guilds) by the end of the aforementioned period of time.
As CeresVote will be developed independently of existing ZK platforms, this will open up the possibility of ANT being used to help govern CeresVote, or to secure its infrastructure.
Goals and activities
Primary Goals
CeresVote prototype
The main goal for 2023 is the development of a prototype for a censorship-resistant voting system for DAOs, internally code-named CeresVote (CEnsorship Resistant) with the focus on maximal privacy, verifiability (individual, universal, and eligibility), and decentralization. Such a voting system is an indispensable primitive for any project aimed at becoming a trustless governance hyperstructure like Aragon as it is fundamental for i) the safe participation of the DAO members in the decision making processes and ii) the legitimacy of the decisions taken. The system will use layer 2 ZK-rollups and recursive SNARK technology, and will be built as a COSMOS zone. Its main features will include census creation, voting on ZK-rollup nodes, vote aggregation and proof generation on ZK-rollup nodes, and on-chain execution of vote results on Ethereum or any EVM-compatible chain. The prototype will be intended for further development into a production-ready product, but some features and functionality, including user interfaces, may still be limited or incomplete. The AZKR guild also plans to research and potentially develop recursive and aggregated ZK proofs, which have the potential to be powerful tools with clear applications for the CeresVote project.
To summarise CeresVote:
- It is not meant to be a generic e-voting solution, but is specifically meant for web3 DAOs with very specific requirements: safe participation (privacy/anonymity), censorship-resistance and low cost on-chain execution (Ethereum/EVM-chain).
- Fulfilling these requirements is not trivial, therefore a significant amount of the efforts must be spent on research, even though we can leverage the team’s existing knowledge and experience.
- The end result will be a prototype that can later be integrated/adapted by 3rd parties (e.g. Aragon DAO or Vocdoni)
Develop recursion and aggregation of ZK proofs
The AZKR guild plans to research and potentially develop recursive and aggregated ZK proofs, which are still in their infancy and have significant potential as a powerful technology. The guild aims to research the state-of-the-art of existing recursive tooling, theoretical research in the field, and suitable elliptic curves, as well as potentially creating additional recursive SNARK applications. Recursive and aggregated ZK proofs have clear applications for the CeresVote project, such as aggregating users’ ZK proofs of census membership and using recursion to chain ZK proofs and results. The guild will decide on whether to create standalone tools or contribute to existing toolsets, such as Arkworks, after the initial research phase which will take place during 23Q1.
POCs and implementations of cryptographic schemes
The AZKR guild plans to develop proofs-of-concept (POCs) to test the feasibility and functionality of concepts and identify potential challenges or implementation issues. One POC will be an experimental COSMOS blockchain with a simple voting system, and the guild also plans to experiment with connecting digital identity systems to voting systems. Depending on the outcome of research and the requirements of the CeresVote project, the guild may also develop additional POCs during the year. In addition, the guild plans to work on implementations of cryptographic primitives, such as the Poseidon hash, which is currently a missing feature of Aztec’s Noir language. This will contribute to the guild’s reputation in the ZK space. The guild expects to complete about one implementation per quarter, with the first being the Poseidon hash in 23Q1.
Other Core Research Activities
The AZKR guild has several other activities planned for the coming year:
- Fundamental research (taking up 20-25% of the team’s resources):
- Continue with regular mathematics and cryptography seminars in order to maintain the team’s ability to understand the newest research publications related to zero-knowledge proofs, which are fundamental to e-voting. This may lead to occasional publications in the form of blog posts.
- Follow research publications in the fields of cryptography, particularly those related to zero-knowledge, privacy, and e-voting, and monitor the development and emergence of new technologies in the ZK space. Occasional technical reports may be published as a result.
- Work on original research and publish 2 papers per year on zero-knowledge proofs.
- Attend and organize meetups and conferences, and improve the visual quality of the AZKR blog in 1Q23.
- Support other Aragon guilds with questions related to cryptography and cryptographic tools.
- Establish new partnerships with other researchers and research organizations to increase and diversify our ability to follow the latest developments in cryptography, and for joint developments like cryptographic primitives. Maintain existing partnerships (e.g. Aztec).
Methodology
To ensure the achievement of the goals of this proposal we will combine a long-term work plan base in the waterfall approach with the Objectives and key results (OKRs) methodology for quarterly planning and success evaluation -as we have done in the last quarter of 2022.
Work plan
Table 1 presents the proposed work plan. This work plan will be periodically reviewed and updated when needed according to the outputs of the OKRs iterations, the research findings or other project development needs. The following chart shows a summarized version at work package (WP) and their lead.
Full details of the initial work plan, including tasks, participants, and main outputs, can be found in this google spreadsheet.
Note that this work plan may be impacted by high-value strategic initiatives if agreed with Aragon product development and Aragon growth guilds.
Objectives and key results 23Q1
The OKRs for the first quarter of 2023 (1st January - 31st March) follow. Please note that i) we use standard quarters, thus, the first two months (January and February) are not part of this proposal in terms of execution period and budget. AZKR-23Q1-O1 will take around 60% of the team effort, and AZKR-23Q1-O2 and AZKR-23Q1-O3 about 20%.
AZKR-23Q1-O1 An anonymous censorship resistant voting solution has a draft design that allows for implementation to begin
- ARZR-23Q1-KR11 Technical and functional requirements have been defined and approved by the Executive Director, Research Lead, and Head of Product Development.
- ARZR-23Q1-KR12 Literature and technical analysis for anonymous censorship resistant voting solutions, including cryptographic primitives, census, and e-voting solutions, have been compiled and reviewed by an external specialist.
- ARZR-23Q1-KR13 Create a POC for anonymous on-chain voting ready to be handed over to the product development guild for integration in Aragon OS as a plugin.
- ARZR-23Q1-KR14 Draft designs of essential components, including Census and Eligibility and voting process types, have been produced and approved by Research Engineers.
AZKR-23Q1-O2 Deliver in progress POCs and software implementations
- ARZR-23Q1-KR21 Poseidon hashing algorithm in Noir has been implemented and integrated into the Aztec Noir repository.
- ARZR-23Q1-KR22 Elliptic curve primitives in Noir have been implemented and a pull request made in the Aztec Noir repository.
- AZKR-23Q1-KR23 A fully operational Blockchain/COSMOS zone is deployed and made available to AZKR guild for testing.
- AZKR-23Q1-KR24 A prototype implementation of BatRaVot has been deployed on an Ethereum testnet.
AZKR-23Q1-O3 Increase knowledge transfer to Aragon DAO
- ARZR-23Q1-KR31 4 blog posts on relevant topics have been posted in the AZKR blog.
- ARZR-23Q1-KR32 3 technical reports have been produced and shared with Aragon’s technical team.
- AZKR-23Q1-KR33 1 meetup or event organized by the AZKR guild and hosted by Aragon.
- AZKR-23Q1-KR34 3 teaching sessions on relevant topics conducted.
- AZKR-23Q1-KR35 A methodology to assess our knowledge transfer tasks has been defined and the first set of results obtained and shared.
Team
Team Leads
The Team Leads coordinate the work of the entire team and are responsible for representing the team, both internally and externally. However, they also take hands-on responsibilities in specific projects and thus contribute to the team’s production.
H1 - Head of Research. Previously served as a blockchain governance and tokenization expert at a European Body. Research interests include mathematics, consensus protocols and monetary theory.
H2 - PhD, Research Manager and guild steward. Assistant professor at a European university. Extensive experience as research engineer and project manager in e-voting and network infrastructure.
Research engineers
Research engineers play a crucial role in developing proofs-of-concept (POCs) and prototypes. They are skilled in using complex cryptographic toolsets and may also contribute to the development of these tools as needed. In order to effectively carry out their work, research engineers must possess a strong understanding of cryptography and cryptographic primitives, as well as advanced software engineering skills. They may also be responsible for implementing schemes developed by cryptography researchers.
H3 - PhD, Research engineer. Software developer with a strong background in pure mathematics. Currently focused on the implementation of cryptographic primitives and voting systems. Previously postdoctoral scientist at a European university.
H4 - Research engineer. Extensive experience in ZK programming, currently focused on scalability and privacy with recursion. Previously worked at ZK-rollups related company.
H5 - Research engineer. Focused on privacy-preserving smart contracts and implementing cryptographic schemes.
H6 - Research engineer. Long experience in software engineering, database development and system design. Contributor to blockchain projects using Bitcoin, Ethereum, BSV and COSMOS. Co-author of several blockchain standards specifications.
Fundamental Researchers
The fundamental researchers on the team focus on creating new cryptographic schemes and on providing mathematical proofs that these schemes are secure. They stay informed about current research in the field and play a key role in selecting cryptographic schemes for the development of proofs-of-concept (POCs) and prototypes.
H7 - PhD, Cryptographer. Previously Assistant Professor at a European university, where he remains active as an external expert in Cybersecurity. Research interests are in cybersecurity, blockchain, cryptography, and in particular e-voting, functional encryption and ZK.
H8 - Mathematician. (we’re in the process of recruiting to replace a departing team member) Ideal profile: Math PhD with knowledge of cryptography, especially elliptic curve cryptography, and security proofs. Programming skills would be appreciated.
Risks and mitigation
Table 2 presents and classifies the most relevant risks identified and Table 3 the proposed mitigation measures.
Funding breakdown
Table 3 shows the total requested funding. This budget is for a period of 12 months, from March 2023 to February 2024. The budget estimation was done according to the following criteria:
- Full-time workload, compensations and perks: the same policies as presently (as set by Aragon Association)
- Team size: no changes (equivalent of 9 full-time positions)
- Third-party service providers: only the costs for managing the legal wrapper have been budgeted ($ 1.000/moth) as we are choosing to go with the option where the Ops guild takes care of operational overhead.
- Adjustment for inflation: 1.08 (for existing team members, as suggested by the Ops guild)
- Unexpected expenses rate: 1.05 (as suggested by the Ops guild)
- Conversion rate EUR to USD: 1.06 (as suggested by the Ops guild)
Table 4 shows the budget distribution over the 4 funding seasons.
Following the efforts started in 2022, the AZKR guild will continue our collaborations with third parties (Aztec) and look for new ones. All revenue generated by the Aragon ZK Research Guild during the funding period of this proposal through either collaborations, partnerships, or work on behalf of the Aragon Project will be returned to the Aragon DAO treasury intended to be budget-relieving.
Annex - Team deliveries
Code
Implementations available in Github: https://github.com/aragonzkresearch
- BatRaVot: BatRaVot implementation
- Noir SHA2: Noir zk-lang implementation of SHA2 (SHA256 & SHA512) hash functions.
- OVOTE: Offchain Voting with Onchain Trustless Execution (& ovote-node)
- ark-anon-vote: Onchain anonymous voting implementation using arkworks-rs
- ark-ec-blind-signatures: Blind signatures over elliptic curve implementation (native & r1cs constraints)
- Blind-OVOTE: L2 validity rollup combined with blind signatures over elliptic curves inside zkSNARK, to provide offchain anonymous voting with onchain binding execution on Ethereum
Publications
Publicly available
- SNARVs, BatRaVot and SchnorrVot: verifiable voting schemes suitable for Token-based voting on Blockchains
- OVOTE: (Offchain Voting with Onchain Trustless Execution) Ethereum L2 for voting using validity-proofs (kind of zkRollup)
- Blind-OVOTE: a voting system that combines the OVOTE ideas with blind signatures inside zkSNARK, to provide gasless anonymous voting with onchain binding execution on Ethereum.
- SHA-2 in Noir: SHA-256 & SHA-512 hash implementations in Noir zk-language
- Notes on elliptic curves over finite fields and their pairings
- Selected Topics in Cryptography: from the basics to e-voting
- Towards Data Redaction in Bitcoin Use ZKPs to allow any node to delete some data from Bitcoin transactions to make BTC BC compatible with GDPR while preserving the public verifiability of the correctness of the spent and spendable coins.
Tech reports
Restricted access (internal notes for other teams in Aragon)
- Private decentralised voting (2022-11-10)
- Aleo Technical Overview (2022-10-05)
- Anonymous voting in the Vochain without trusted-setup (2022-09-08)
- Ovote - requirements for the transformation of the research output into a product (2022-07-01)
- Rollps, Validiums, zkEVMs concepts (2022-05-12)
- Overview of different proving systems (practical perspective) (2022-02-19)
- Mina overview (2022-02-10)
--------------------------------------------------------------------------------------------------------------------