Commit-Reveal Voting is a cryptographic protocol that separates the voting process into two distinct phases to preserve voter privacy and prevent strategic manipulation. In the commit phase, voters submit a cryptographic hash—a one-way, fixed-length digest—of their secret vote combined with a random salt. This commitment is recorded on-chain, locking in their choice without revealing it. Later, in the reveal phase, voters must publicly submit their original vote and salt. The system verifies the reveal by hashing the submitted data and checking it matches the earlier commitment. This mechanism ensures votes cannot be changed after commitment and prevents voters from being influenced by seeing others' choices mid-vote.
LABS
Glossary
Commit-Reveal Voting
A two-phase voting scheme where voters first submit a cryptographic commitment to their vote and later reveal it, providing temporary privacy and preventing strategic adjustment based on early results.
Chainscore © 2026
definition
BLOCKCHAIN CONSENSUS MECHANISM
What is Commit-Reveal Voting?
A two-phase cryptographic protocol used in decentralized systems to ensure vote privacy and prevent strategic manipulation during a polling period.
The primary technical components enabling this scheme are the cryptographic hash function (like SHA-256 or Keccak) and the random salt. The hash function's properties—preimage resistance and collision resistance—guarantee that the commitment reveals nothing about the vote, while the unique salt prevents brute-force attacks where an attacker could guess simple votes. The random salt is crucial; without it, an attacker could hash all possible vote options (e.g., 'Yes' or 'No') to discover a voter's commitment. This design makes the scheme particularly resistant to sniping or last-minute manipulation, where voters might change their votes based on a leading outcome.
A canonical example of commit-reveal voting is its use in decentralized autonomous organization (DAO) governance proposals. For instance, a DAO might use it to vote on a contentious treasury allocation. During a 3-day commit period, members submit hashes. After this period closes, a 2-day reveal period begins where voters disclose their votes. Only votes that are properly revealed are counted. This prevents a well-funded actor from watching the live tally and deploying capital at the last second to swing the vote, a tactic known as vote buying or flash loan voting. The process ensures the final outcome reflects the genuine, pre-committed preferences of the participants.
While powerful, the commit-reveal scheme introduces specific trade-offs and challenges. It requires voters to complete two transactions (commit and reveal), doubling gas fees and complexity, which can reduce participation. There is also a vote forfeiture risk; if a voter commits but fails to reveal, their vote and any associated stake are lost, potentially skewing results. Furthermore, the scheme protects vote privacy only during the voting window; all choices are public after the reveal phase. For long-term privacy, more complex systems like zero-knowledge proofs or homomorphic encryption may be required. Despite these drawbacks, commit-reveal remains a foundational, transparent method for achieving fair voting in transparent environments like blockchains.
The commit-reveal pattern extends beyond simple yes/no voting into various blockchain applications. It is the underlying mechanism for fair random number generation (RNG) in many smart contracts, where participants commit to a number later revealed to compute a collective random seed. It's also used in sealed-bid auctions on-chain, where bidders commit to their bid amount and only reveal it after the bidding period closes, preventing front-running. These use cases leverage the same core property: binding to a secret value early in a process without disclosing it, thereby enforcing fairness and mitigating information leakage that could be exploited for profit.
how-it-works
MECHANISM
How Commit-Reveal Voting Works
A cryptographic protocol used in blockchain governance and applications to ensure vote privacy and prevent strategic manipulation by separating the submission and disclosure of choices.
Commit-reveal voting is a two-phase cryptographic protocol designed to ensure vote privacy and prevent strategic manipulation, such as vote copying or last-minute swings. In the commit phase, voters submit a cryptographic hash of their encrypted vote, along with a secret salt, to the blockchain. This hash acts as a sealed, unchangeable commitment. Once the commitment period ends, the protocol enters the reveal phase, where voters must publicly submit their original vote and the salt. The system verifies the reveal by hashing the submitted data and checking it matches the earlier commitment. Votes with invalid or missing reveals are discarded.
The core cryptographic property enabling this scheme is the preimage resistance of hash functions like SHA-256. It is computationally infeasible to derive the original vote from the hash commitment, preserving secrecy during the commit window. The random salt is crucial; without it, a voter's choice could be guessed if the set of possible votes is small (e.g., a simple 'yes' or 'no'), as an attacker could hash all possibilities to find a match. The salt ensures each commitment is unique, even for identical votes, preventing enumeration attacks.
This mechanism is vital in on-chain governance for projects like DAOs, where it prevents voters from being influenced by seeing others' choices before submitting their own. It also underpins fair random number generation (RNG) in smart contracts, where participants commit to numbers later revealed to compute a result. A key limitation is voter participation complexity, as users must safely store their salt and return for the reveal phase; votes not revealed are lost. Furthermore, while it hides individual votes during commitment, the final reveal makes all choices permanently public on the ledger for verification.
In practice, a commit-reveal vote smart contract manages the phases through timers and state variables. It stores commitments in a mapping, and during the reveal phase, it executes a function like revealVote(choice, salt) that calls keccak256(abi.encodePacked(choice, salt)) to validate against the stored hash. Major blockchain platforms, including Ethereum, utilize variants of this scheme for applications like the ENS auction process and various DAO governance modules. It represents a fundamental privacy-preserving primitive, trading some user convenience for enhanced strategic resistance in decentralized systems.
key-features
MECHANISM DEEP DIVE
Key Features of Commit-Reveal Voting
Commit-Reveal is a cryptographic voting scheme that separates the submission of a vote from its publication to prevent strategic manipulation and ensure fairness.
01
Two-Phase Structure
The process is divided into two mandatory, time-bound phases:
- Commit Phase: Voters submit a cryptographic hash of their vote (e.g.,
keccak256(vote, salt)). This hash commits to their choice without revealing it. - Reveal Phase: Voters must later submit their original vote and the secret salt. The system verifies the hash matches the commitment. Votes not revealed are discarded.
02
Prevents Strategic Voting & Sniping
This is the core security benefit. Because votes are hidden during the commit phase, later voters cannot see the current tally and change their vote to snip a winning outcome or engage in vote copying. It forces voters to decide based on their own preferences, not tactical reactions to partial results.
03
Cryptographic Commitment (Hash)
The commitment is created using a cryptographic hash function (like SHA-3 or Keccak). A voter combines their actual vote choice with a randomly generated secret salt and hashes the pair: commitment = hash(vote + salt). The properties of the hash ensure:
- Hiding: The original vote cannot be deduced from the hash.
- Binding: The voter cannot reveal a different vote/salt pair that hashes to the same commitment.
04
Salt (Nonce) for Uniqueness
The salt (or nonce) is a random number generated by the voter. It is critical because:
- Without it, simple votes like "Yes" or "No" would have predictable hashes, allowing others to guess the vote.
- It ensures each commitment is unique, preventing vote replay attacks and ensuring privacy even for identical choices.
- The salt must be kept secret until the reveal phase.
05
Example: DAO Proposal Voting
A practical application in a Decentralized Autonomous Organization (DAO):
- Commit (Day 1-7): Alice votes "Yes" with salt
12345. She submitskeccak256("Yes12345"). - Reveal (Day 8-14): Alice submits the plaintext
"Yes"and the salt12345. - Verification: The contract re-hashes
"Yes12345"and checks it against her initial commitment. If it matches, her "Yes" vote is counted. Bob, who committed but did not reveal, has his vote discarded.
06
Trade-offs & Considerations
While secure, the scheme has inherent trade-offs:
- Complexity: Requires users to manage two transactions (commit and reveal).
- Reveal Incentives: Voters must be incentivized to pay gas fees for the reveal transaction, or votes are lost.
- Timing Attacks: The final result is unknown until the reveal phase ends, which can delay decision-making.
- Gas Costs: Effectively doubles the transaction cost per voter compared to a simple vote.
examples
PRACTICAL APPLICATIONS
Examples and Use Cases
Commit-Reveal Voting is a cryptographic protocol used to ensure ballot secrecy and prevent strategic voting in on-chain governance. These examples illustrate its implementation across different blockchain ecosystems.
02
Random Number Generation (RNG)
Serves as a foundation for commit-reveal schemes in generating verifiably random numbers. Multiple participants commit to a secret number; the final random value is derived from the combination of all revealed secrets.
- Mechanism: Prevents participants from manipulating the outcome by choosing their reveal based on others' inputs.
- Application: Used in blockchain gaming, NFT minting lotteries, and selecting validators or jurors in some systems.
03
Anti-Collusion & Bribery Resistance
A core defense mechanism in decentralized voting. Because votes are hidden as hashes during the active voting period, it becomes practically impossible for a briber to verify if a paid voter actually voted as promised.
- Key Property: Breaks the voter-briber linkability, making bribing contracts non-enforceable.
- Limitation: Effective against on-chain bribes, but vulnerable to off-collusion if votes can be revealed off-chain before the commit phase ends.
05
Technical Implementation Flows
The process follows a strict two-phase smart contract interaction:
- Commit Phase: Voter calls
commit(voteHash, salt). ThevoteHash = keccak256(abi.encodePacked(voteChoice, secretSalt)). - Reveal Phase: Voter calls
reveal(voteChoice, secretSalt). The contract recalculates the hash to validate the original commitment.
- Critical Detail: The cryptographic salt must be kept secret until reveal; its loss forfeits the vote.
- Gas Consideration: Requires two transactions, increasing cost and complexity for users.
06
Limitations & Practical Challenges
While cryptographically sound, the scheme faces usability and game theory hurdles:
- Voter Abstention: Users who commit but fail to reveal lose their voting power and can skew results.
- Gas Costs: Doubles transaction fees, creating a barrier to participation.
- Off-Chain Collusion: Participants can share their
(vote, salt)pairs privately before the reveal, undermining secrecy. - Complexity: Non-technical users struggle with the two-step process and salt management.
visual-explainer
MECHANISM EXPLAINER
Visualizing the Commit-Reveal Process
A step-by-step walkthrough of the cryptographic two-phase voting scheme designed to ensure ballot secrecy and prevent strategic manipulation in on-chain governance.
The commit-reveal process is a two-phase cryptographic protocol used in blockchain voting to separate the act of casting a ballot from the act of making that ballot's choice public. In the first commit phase, a voter generates a cryptographic hash of their vote—combined with a secret random value called a salt—and submits only this hash to the blockchain. This commit transaction locks in the voter's intent without revealing their actual choice, as the hash function is a one-way operation. The commitment is recorded on-chain, timestamped, and immutable.
Following a predetermined time window for commitments, the process enters the reveal phase. During this second stage, voters must submit a second transaction containing their original vote and the exact salt they used. The network verifies this reveal by hashing the submitted data; if it matches the previously stored commitment hash, the vote is counted. Votes that are not properly revealed within the timeframe are invalidated. This separation prevents front-running and vote copying, as late voters cannot simply observe and mimic leading votes to influence the outcome.
The security of the scheme hinges on the properties of the cryptographic hash and the secrecy of the salt. The salt prevents others from guessing a voter's choice by brute-forcing the hash of known options (e.g., "Yes" or "No"). Without the unique salt, identical votes would produce identical hashes, breaking anonymity. This mechanism is crucial for on-chain governance in systems like DAO treasuries or protocol upgrades, where transparent vote buying or last-minute strategic swings could undermine the integrity of the decision-making process.
A practical example is a DAO voting on a funding proposal. Alice wants to vote "Yes." She randomly generates a salt, s123, and computes hash("Yes" + "s123"), submitting the resulting hash as her commit. Later, in the reveal phase, she submits the plaintext data ("Yes", "s123"). The smart contract hashes this data; upon a match, her "Yes" vote is tallied. An observer who saw only the commit hash cannot determine her vote, and a malicious actor cannot change their vote after seeing hers, as their commitment hash would not match.
security-considerations
COMMIT-REVEAL VOTING
Security Considerations and Trade-offs
Commit-reveal schemes are a cryptographic technique used in blockchain voting to hide voter choices until a final tally, preventing strategic voting and coercion. This section details the core security properties and inherent trade-offs of this mechanism.
01
Vote Secrecy & Front-Running Prevention
The primary security benefit is vote secrecy during the commit phase. Voters submit a cryptographic hash of their vote, hiding their choice. This prevents front-running and strategic voting, where later voters could change their votes based on early, visible results. It also mitigates bribery and coercion, as a voter cannot prove how they voted until the reveal phase, making threats less effective.
02
The Cryptographic Commitment
Security relies on the properties of a cryptographic hash function and a secret nonce (salt).
- Commit:
commit = hash(voteChoice + nonce). The hash is submitted on-chain. - Binding: It must be computationally infeasible to find a different
(voteChoice', nonce')that produces the same hash, ensuring the committed vote cannot be changed. - Hiding: The original vote choice must be unrecoverable from the hash alone, preserving secrecy until the reveal.
03
Reveal Phase Vulnerabilities
The reveal phase introduces specific attack vectors that must be managed.
- Transaction Fee Market Manipulation: Attackers can spam the network to increase gas prices, preventing reveals from being included in blocks before the deadline (censorship attack).
- Reveal Incentive Problem: Voters must pay a second transaction fee to reveal. If the outcome is already clear or their vote seems insignificant, they may choose not to reveal, leading to vote loss and potentially invalidating the round.
04
Complexity & User Experience Cost
The two-phase process creates significant UX friction and operational complexity.
- Multiple Transactions: Users must sign and broadcast two transactions (commit and reveal), doubling costs and requiring them to be online twice.
- Deadline Management: Users must track commit and reveal deadlines; missing the reveal window forfeits their vote and any associated stake.
- Gas Cost Overhead: The scheme is inherently more expensive than a simple vote, which can be prohibitive for frequent, low-stakes decisions.
05
Alternatives & Complementary Schemes
Other cryptographic methods address similar problems with different trade-offs.
- ZK-SNARKs / zk-SNARKs: Allow a voter to prove their vote is valid without revealing its content in a single transaction, but require complex setup and verification.
- Threshold Decryption: Used in MACI (Minimal Anti-Collusion Infrastructure), where votes are encrypted to a central key, which is later decrypted in a trust-minimized way, preventing collusion and bribery.
- Simple On-Chain Voting: Offers simplicity and finality instantly but sacrifices all privacy, leading to the problems commit-reveal aims to solve.
PROTOCOL DESIGN
Comparison with Other Voting Mechanisms
A feature comparison of commit-reveal voting against common on-chain and off-chain alternatives, highlighting trade-offs in privacy, cost, and finality.
| Feature / Metric | Commit-Reveal | Open Voting | Off-Chain Snapshot |
|---|---|---|---|
Voter Privacy During Voting | |||
Resistance to Front-Running | |||
On-Chain Gas Cost | High (2 tx/voter) | Low (1 tx/voter) | None |
Time to Finality | Reveal Period + 2 blocks | 1 block | N/A (Off-Chain) |
Cryptographic Guarantees | Binding commitment | None | Signature verification |
Requires Trusted Coordinator | |||
Native On-Chain Execution |
COMMIT-REVEAL VOTING
Common Misconceptions
Commit-reveal is a cryptographic voting scheme used in blockchain governance to prevent vote manipulation, but its mechanics are often misunderstood. This section clarifies how it works and addresses frequent points of confusion.
No, commit-reveal voting is not anonymous; it is designed to be private during the voting period but ultimately verifiably public. The commit phase uses a cryptographic hash to conceal a voter's choice, preventing others from seeing or influencing votes in real-time. However, during the mandatory reveal phase, voters must publish their original vote and secret to prove their commitment was valid. Once revealed, the vote is permanently and publicly linked to the voter's address on-chain, providing full transparency and auditability for the final tally.
COMMIT-REVEAL VOTING
Frequently Asked Questions (FAQ)
A deep dive into the cryptographic voting mechanism used to protect voter privacy and prevent strategic manipulation in on-chain governance.
Commit-reveal voting is a two-phase cryptographic protocol designed to ensure voter privacy and prevent strategic manipulation in on-chain governance. In the commit phase, voters submit a cryptographic hash (a commitment) of their vote, which conceals their choice. In the subsequent reveal phase, voters submit their original vote data; the system validates it by checking that it produces the previously submitted hash. This prevents voters from seeing others' votes before committing, eliminating the "bandwagon effect" where late voters might be influenced by early results. The mechanism is fundamental to achieving privacy-preserving voting in transparent blockchain environments.
ENQUIRY
Get In Touch
today.
Our experts will offer a free quote and a 30min call to discuss your project.
NDA Protected
Confidentiality24h Response
Time to ValueDirectly to Engineering Team
No Sales Fluff10+
Protocols Shipped
$20M+
TVL Overall