MACI (Minimal Anti-Collusion Infrastructure)

A core property where a voter cannot prove to a third party how they voted, even if they want to. This prevents vote buying and coercion by making any proof of a specific vote cryptographically impossible. The system ensures that a coerced voter can later change their vote without the coercer knowing.

• Key Mechanism: Uses a key-change message that allows voters to change their public key, invalidating any previous vote commitment.
• Result: Attackers cannot trust a voter's claim about their vote, eliminating financial incentives for coercion.

Votes are encrypted and processed in a way that reveals only the final result, not individual voting choices. This is achieved through homomorphic encryption and zero-knowledge proofs (ZKPs).

• Process: The central coordinator collects encrypted votes, processes them, and generates a ZKP that proves the tally was computed correctly without decrypting individual ballots.
• Outcome: Complete voter anonymity is maintained, as on-chain data only contains encrypted messages and validity proofs, not plaintext votes.

Any observer can cryptographically verify that the published election result is the correct sum of all valid votes, despite the process being private. This trust is not placed in the coordinator but in the cryptographic proofs.

• Components:
  • Message Processing Proof: Proves all valid messages were included in the final state.
  • Tallying Proof: Proves the result is correctly computed from that final state.
• Audit: Participants and third parties can verify the ZKPs published on-chain to ensure integrity.

A necessary, semi-trusted entity that processes messages and computes the tally. While it is trusted for liveness (to process messages), it is not trusted for correctness or privacy.

• Role: Receives encrypted votes, applies them in order, and generates validity proofs.
• Trust Model: The coordinator cannot:
  • Censor votes (provable due to on-chain message queue).
  • Alter votes (provable via ZKPs).
  • Reveal a voter's choice (votes remain encrypted to the coordinator).

A primary application where MACI ensures the anti-collusion properties of Quadratic Voting (QV) and Quadratic Funding (QF). These mechanisms aim to reflect the strength of preference rather than just binary choices.

• Quadratic Voting: The cost of casting n votes for a single option scales quadratically (cost ∝ n²), preventing whale dominance.
• Quadratic Funding: A method to fund public goods where matching funds are distributed proportionally to the square of the sum of square roots of contributions.
• MACI's Role: Prevents collusion (e.g., sybil attacks or bribery) that would otherwise break the economic assumptions of QV/QF.

MACI is built from a specific stack of cryptographic tools that work in concert.

• Public-Key Encryption (PKE): Used for encrypting votes to the coordinator's key. (e.g., ECIES).
• Digital Signatures: Voters sign their encrypted messages to prove authenticity.
• Zero-Knowledge Succinct Non-Interactive Arguments of Knowledge (zk-SNARKs): Generate the proofs for correct message processing and tallying. This is the most computationally intensive component.
• Merkle Trees: Often used to efficiently commit to the state of the system and allow for inclusion proofs.

While powerful, MACI introduces specific constraints:

• Finality Delay: Requires a challenge period after voting ends to allow for fraud proofs, delaying result finalization.
• Coordinator Trust Assumption: The coordinator must be trusted to participate (decrypt and process votes) but not to cheat.
• Complexity & Cost: Generating ZK proofs for large vote sets is computationally expensive, leading to high gas costs for on-chain verification.

The Coordinator is a semi-trusted entity responsible for processing encrypted votes and generating a zero-knowledge proof of correct tallying. While they cannot alter votes due to the public key infrastructure (PKI) and zk-SNARKs, they must be trusted for liveness (to process votes) and to not collude with users before the vote ends to break privacy. This is a single point of failure for availability, not for result integrity.

MACI's security is built on three core cryptographic components:

• Elliptic Curve Cryptography (ECC): Used for key generation and message encryption between users and the Coordinator.
• zk-SNARKs (Zero-Knowledge Succinct Non-Interactive Arguments of Knowledge): Prove the Coordinator performed the tally correctly without revealing any individual vote.
• Merkle Trees: Efficiently manage the state of the user registry and message processing. The security of the entire system depends on the cryptographic hardness of these primitives.

MACI is designed to resist two key attacks:

• Collusion Resistance: A voter cannot cryptographically prove how they voted to a third party (e.g., a briber), because the final vote is determined by their last valid message, which they can always change secretly before the deadline.
• Coercion Resistance: A coercer cannot verify if a voter obeyed their command, for the same reason. This property depends on users having a secure channel to submit their final, decisive vote.

The zk-SNARK circuits used by the Coordinator require a trusted setup ceremony to generate proving and verification keys. Participants in this ceremony must be trusted to discard the toxic waste (secret randomness). If compromised, a malicious actor could create false proofs of the tally. This is a one-time, system-wide trust assumption. Projects often use large, multi-party ceremonies (like Perpetual Powers of Tau) to minimize this risk.

MACI splits trust across the blockchain and off-chain servers:

• On-Chain (Trustless): Smart contracts store encrypted messages and the final verification key. They verify the Coordinator's zk-SNARK proof, ensuring the result's computational integrity.
• Off-Chain (Trusted): The Coordinator's server holds the private decryption key and performs computation. Users must trust its availability and initial key management. This hybrid model reduces on-chain costs but introduces the Coordinator trust assumption.

Like any complex cryptographic system, MACI's security in practice depends on correct implementation. Key risks include:

• Cryptographic library bugs in ECC or zk-SNARK operations.
• Logical flaws in the smart contracts or circuit design.
• Side-channel attacks on the Coordinator's server.
• Denial-of-Service attacks preventing vote submission. Rigorous security audits (e.g., by entities like ABDK, SECBIT) and bug bounty programs are critical for production deployments.

A collective decision-making mechanism where participants allocate a budget of voice credits to express the intensity of their preferences. The cost of a vote increases quadratically with the number of votes cast for an option. This system, often paired with MACI, aims to more accurately reflect the strength of community consensus and reduce the impact of Sybil attacks by making them economically prohibitive.

• Key Feature: Diminishing returns on influence per unit of capital.

A framework for public-key cryptography based on the algebraic structure of elliptic curves over finite fields. MACI relies on ECC for its public/private key pairs. The coordinator's ability to decrypt messages depends on the discrete logarithm problem being computationally hard, which secures the system against unauthorized decryption of votes before the tallying phase.

A specific, highly efficient form of zero-knowledge proof used extensively in MACI. They enable the coordinator to generate a small, easily verifiable proof that:

• All submitted votes were signed correctly with valid keys.
• The final tally was computed correctly from those votes.
• No votes were altered, censored, or added. This proof allows any observer to verify the election's integrity without needing to trust the coordinator or see the raw data.

A semi-trusted entity in the MACI protocol responsible for processing messages (votes), maintaining state, and generating the zk-SNARK proof of correct execution. While the coordinator can observe and censor messages during the voting period, it cannot alter votes or forge results without detection due to cryptographic guarantees. The role is often designed to be permissionless or rotatable to minimize trust assumptions.