Paper 2023/741

The Referendum Problem in Anonymous Voting for Decentralized Autonomous Organizations

Artem Grigor, Aragon ZK Research
Vincenzo Iovino, Aragon ZK Research
Giuseppe Visconti, University of Salerno

A natural approach to anonymous voting over Ethereum assumes that there is an off-chain aggregator that performs the following task. The aggregator receives valid signatures of YES/NO preferences from eligible voters and uses them to compute a zk-SNARK proof of the fact that the majority of voters have cast a preference for YES or NO. Then, the aggregator sends to the smart contract the zk-SNARK proof, the smart contract verifies the proof and can trigger an action (e.g., a transfer of funds). As the zk-SNARK proof guarantees anonymity, the privacy of the voters is preserved by attackers not colluding with the aggregator. Moreover, if the SNARK proof verification is efficient the GAS cost will be independent on the number of participating voters and signatures submitted by voters to the aggregator. In this paper we show that this naive approach to run referenda over Ethereum can incur severe security problems. We propose both mitigations and hardness results for achieving voting procedures in which the proofs submitted on-chain are either ZK or succinct.

Available format(s)
Publication info
Published elsewhere. 5th Distributed Ledger Technology Workshop (DLT 2023)
Contact author(s)
artem @ aragon org
vincenzo @ aragon org
peppevisconti93 @ gmail com
2023-05-25: revised
2023-05-23: received
See all versions
Short URL
Creative Commons Attribution-NonCommercial


      author = {Artem Grigor and Vincenzo Iovino and Giuseppe Visconti},
      title = {The Referendum Problem in Anonymous Voting for Decentralized Autonomous Organizations},
      howpublished = {Cryptology ePrint Archive, Paper 2023/741},
      year = {2023},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.