In today’s representative democracies, citizens typically have a say only once every few years when electing their leaders. Beyond that, the average person has little to no influence over how their country is run.
In an ideal system, people would be able to participate in decision-making in a much more direct way. However, implementing such a system is extremely challenging. Holding frequent referendums is both inconvenient and expensive, especially since the most reliable method still involves paper-based voting.
Today, however, thanks to technologies like blockchain and zero-knowledge proofs, it’s the first time we can realistically imagine replacing paper voting with something just as secure and trustworthy—yet far more cost-effective and convenient.
I’ve explored this topic in several of my previous articles and even developed two proof-of-concept projects to demonstrate how such a system could work. The first project, called zktree-vote, is built on the Ethereum blockchain. The second, zkDemocracy, is a standalone server that doesn’t rely on blockchain and is easy to set up. Both solutions are open-source and available on GitHub.
You can find my articles about the projects here:
zkDemocracy – https://hackernoon.com/zkdemocracy-the-easiest-solution-for-zero-knowledge-proof-based-anonymous-voting
zktree-vote – https://hackernoon.com/how-i-built-an-anonymous-voting-system-on-the-ethereum-blockchain-using-zero-knowledge-proof
Both projects are based on the same zero-knowledge proof technology used by coin mixers—such as the recently controversial Tornado Cash—and also by Worldcoin, which applies it to anonymize its users.
In short, the idea is that each voter can register a commitment before the vote. Every commitment has one and only one nullifier, but only the voter knows which nullifier corresponds to their commitment. The vote itself is cast using this nullifier. Since each nullifier is unique, it guarantees that each person can vote only once.
But here’s the catch: if only the voter knows the link between their commitment and nullifier, how can the voting system verify it? This is where zero-knowledge proofs come into play.
Zero-knowledge proof is a technology that allows someone to prove they’ve performed a computation without revealing any of the inputs used in that computation. In this case, it allows a voter to prove that a valid nullifier can be derived from a registered commitment—without revealing either one directly.
If you’re curious to dive deeper into the technical details, I recommend checking out the articles linked above.
With this system, voter anonymity can be preserved. However, one common criticism still remains: it makes vote buying relatively easy. That’s because a voter can later prove exactly how they voted, simply by sharing their secret with the person who paid for their vote.
This is the problem Vitalik Buterin aims to solve with his proposal called MACI (Minimal Anti-Collusion Infrastructure). In the following sections, I won’t be discussing the original MACI in isolation, but rather a version that combines MACI with the Semaphore protocol mentioned earlier, which ensures voter anonymity.
The core idea behind MACI is that voters can send two types of messages to the voting system. One is the usual vote message, where the voter selects one of the available options. The other is a special message that allows the voter to invalidate their current nullifier and replace it with a new one of their choosing.
The voting system runs inside a Trusted Execution Environment (TEE) — a secure, isolated part of the hardware whose operations are invisible to outsiders. We can trust the correctness of the operations performed inside the TEE because, at the end of the voting process, it generates a zero-knowledge proof showing that all computations were performed according to the rules. This proof can be verified by anyone, ensuring that the algorithm hasn’t been tampered with and that no cheating occurred within the TEE.
When the system is launched, the TEE generates a private key, and the corresponding public key is published. All messages sent to the TEE must be encrypted using this public key. This ensures that only the TEE can decrypt and process these messages — no one else can see their contents.
Let’s take a look at how this works in practice, and how such a system can prevent vote buying:
-
The voter verifies their identity before a registration committee, which records their commitment.
-
Someone attempts to bribe the voter to vote for a specific option. The voter accepts the money.
-
However, since the voter actually prefers a different option, they send a “SWAP” message using their current nullifier to replace it with a new one.
-
They then send a “VOTE” message using the old nullifier. The TEE will ignore this vote, but the message is still completely valid, so the voter can show it to the briber as “proof” they voted as agreed.
-
Finally, the voter sends a new “VOTE” message with their real choice, using the new nullifier, which the system will accept and register.
Because all messages are encrypted, and only the TEE can decrypt them, the briber has no way to know whether the voter sent a SWAP message or not. In other words, the vote is not verifiable, which makes vote buying pointless and ineffective.
The only weak point of the system is the centralized TEE, which everyone must trust. However, in theory, this can be replaced by a setup involving multiple servers working together to perform the computation—this approach is known as MPC (Multi-Party Computation). With MPC, even if only one server is honest, the integrity of the entire system can still be trusted.
This system already comes very close to matching the security of paper-based voting. Perhaps the only remaining loophole is if the vote buyer directly provides the commitment for the voter to use.
However, in a system designed for frequent citizen participation, it makes sense to perform identity validation only once and register a single commitment, from which multiple nullifiers can be derived—one for each vote. In such a setup, the commitment essentially becomes a form of digital identity—like a digital ID card.
If someone gives away their secret, it’s akin to handing over their identity. That’s a steep price to pay, and it’s likely that very few people would be willing to sell their vote under such conditions.
Even for this scenario, a potential safeguard could be added: voters could be allowed to re-register by swapping not just their nullifier, but their entire commitment—in a way that remains hidden from everyone. This would render any votes submitted by vote buyers invalid, completely undermining attempts at vote manipulation.
The system outlined above is anonymous, secure, and makes vote buying significantly more difficult. As such, it offers an affordable and convenient foundation for building direct democracy, making it well worth considering for any state or community seeking a more participatory decision-making process.
