Sybil resistance voting to enable safe quadratic voting or other mechanisms

Dear all,

I was wondering if you guys have a need for 1-person-1-vote protection against sybil attacks. This allows you to have proper quadratic voting. I saw on snapshot that you used quadratic voting in the past, which is susceptible to sybil attacks. While quadratic voting is the better voting strategy, you need to protect against sybil attacks and bots.

If you agree, I would be curious to hear your feedback on a project I’m working on. At zkPortal.io you can get a solution which does not require showing anyone your passport nor does it cost you anything. You can simply log in to your crypto exchange, after which a proof of the fact that you went through KYC at that platform is saved. Then you can use our snapshot strategy which guarantees sybil & bot resistance. Let me know what you think!

Sybil-resistant voting is a huge problem so thank you for flagging this!

Could you please point us to two things?

  1. Any existing customer or user case studies?
  2. Audits and/or formal verification? Esp. on the zk side, given zk is still somewhat frontier would be good to understand which existing zk libraries you’re using to power the proving & verifying mechanisms

That is great to hear! We are currently beta testing the application and have been overwhelmed by the demand for it.

As for existing customers, I should note that in contrast to existing identity providers, the tool will be free to use, so I will refer to them as users from here onwards. Besides the great response we got from the Snapshot team, two concrete example users who we are talking with are (those are not meant as endorsements just that we are in contact with them):
(1) zk-SPARK. They are building an ecosystem around 2nd layer applications and startups, and are going to operate a launchpad to airdrop tokens to users. Contrary to existing airdrops in the crypto space, they want to leverage technology to make it fair, and enable 1-person-1-airdrop.
(2) Buildship. They are operating a very successful website for no-code NFT launches, with over 5 mln USD raised. They are looking for ways to ensure that their respective users can launch NFT collections whereby only a limited number of NFTs can be given out per particular user.

For both of these projects, there will not only be votes on the line, but actual money. We even got some initial interest from 1inch and Uniswap developers, but of course these are huge projects so they will take time to materialize. You can get the scoop of being an adopter before them. :wink:

As for audits/formal verification, we are quite transparent about our setup, you can find a high level overview here: Technical security model - zkPortal Docs which we will keep updating with relevant information. In the first stage of our setup, we are actually reliant on a Trusted Execution Environment called SGX by Intel, perhaps you know it already. Essentially it means that we will simply open source our code so you can easily evaluate actually yourself that we are doing what we are saying. No need for static audits which expire as soon as we make a small update to the code :slight_smile:

Before we overwhelm you further with documentation, does this model sound acceptable? Are there any community members who we should talk to?

re:ZK setup – Intel SGX noted. Out of curiosity, where and how are these MPC nodes hosted?

re:Users – Snapshot interest in this tool is a positive sign!

Not a core contributor here, by any means so I’ll let them reply to this and react once they’ve had a chance to digest.

Thanks again for sharing.

Cool, thanks for your feedback. Do you have suggestions on who I should reach out to?

We use Snapshot for voting, so getting this integrated with Snapshot would be the ideal situation (for many reasons). Otherwise, how is this setup/hosted/what’s the UX like? Snapshot is the obvious choice for project governance because of simplicity of use.

I don’t see a huge benefit to quadratic voting for anything GMX related. Why shouldn’t voting be linearly weighted by “shares” owned, like a traditional company?

And if we implemented quadratic voting, for whatever reason, Sybil voting is already discouraged by the staking, esGMX, and MP point system.

I think you have a super cool and valuable tech but I don’t see any benefits for this specific project.

One reason I’ve heard and am somewhat sympathetic to is that quadratic voting minimizes governance cartelization and potentially governance attack risk.

This is a very good pt. It already is somewhat sybil resistant so this would really then come down to one token, one vote vs. some other means of vote distribution, minimizing the potential benefit