This is an extension of the article.

Vocdoni Circuits details

The Vocdoni voting process uses a chain of four cryptographic circuits: one generated by the user and three by the sequencer. Each circuit builds upon the previous proof recursively. By dividing the sequencer’s work into three circuits, we enable parallel processing, enhancing scalability and minimizing the risk of collisions when multiple sequencers generate state transitions simultaneously.

1. Vote Circuit: Generated by the user when casting a vote, this circuit proves that the encrypted ballot is valid and that the nullifier and commitment are correctly generated.

   • Constraints: Approximately 53,000
   • Curve: BN254
   • Framework: Circom/SnarkJS
   • Actor: User

2. Authenticate Circuit: Generated by the sequencer, this circuit transforms the vote proof to the BLS12-377 curve for native recursion and validates the user’s eligibility in the census, as well as their signature.

   • Constraints: Approximately 3.1 million
   • Curve: BLS12-377
   • Framework: Gnark
   • Actor: Sequencer

3. Aggregate Circuit: This circuit accumulates multiple authenticated votes into a single proof. It also verifies that all accumulated votes belong to the same voting process.

   • Constraints: 40,000 × (number of votes)
   • Curve: BW6-761
   • Framework: Gnark
   • Actor: Sequencer

4. State Transition Circuit: Given the aggregated votes proof, this circuit verifies the correct inclusion of all new votes into the process’s state Merkle tree. It generates the final state transition proof that will be validated by the Ethereum smart contract.

   • Constraints: Approximately 4 million
   • Curve: BN254
   • Framework: Gnark
   • Actor: Sequencer

By structuring the process this way, we ensure that voting can be performed from any device—including smartphones and web browsers—while keeping the sequencer’s computational requirements within the capabilities of accessible, CPU-based machines with 64 GiB of memory.

image1477×575 42.2 KB

Circuits definition

1. Vote

Assertions:

• The ballots meets the ballot mode provided following the protocol rules.
• The ballots encryption is correct.
• The nullifier and commitments are correctly computed.

image2939×1177 172 KB

2. Authenticate

Assertions:

• The vote zkProof is valid for the inputs provided.
• The signature of the inputs provided is valid for the public key of the voter.
• The address derived from the user public key is part of the census, and verifies the census proof with the user weight provided.

image2448×1523 198 KB

3. Aggregate

Assertions:

• The accumulated zkProofs are valid.
• The ProcessId, CensusRoot, BallotMode and EncryptionPubKey is the same for all of them.

image2588×1099 124 KB

4. State Transition

Assertions:

• The agreggated zkProof is valid.
• The MerkleTree transition witness proves every change between Root1 and Root2.
• ProcessID, BallotMode, CensusRoot, EncryptionKey remain unchanged.
• Ballots are correctly counted as new or overwrites, and added to results accumulators.

image3396×2206 339 KB