This is Part Three of the Enigma Solutions Series, examining real-world decentralized solutions that can be built with Enigma’s groundbreaking protocol.

Token-Curated registries (TCRs) are an exciting decentralized governance method that helps communities manage the problem of reputation in the absence of a trusted central authority.

There are numerous applications for TCRs, including maintaining the accuracy of geographic points-of-interest, verifying advertisers who don’t reward bot-nets, a set of governance rules, or lists of reputable marketplaces.

Recently Enigma spoke at a meetup of the SF Token Curated Registry Enthusiasts to cover some of the benefits and challenges for TCRs, and how Enigma can provide a platform for real solutions. But what exactly are TCRs, and why are we so “enthusiastic” about them at Enigma?

Enigma presents at the SF TCR Enthusiasts Meetup.

All About TCRS

As a basic concept, TCRs are lists — trusted, decentralized lists. But they’re much more than that! TCRs are elegant because they use token economics to align individual incentives with the maintenance of a high-quality registry. They’re flexible, because a list is a very general structure and can be applied broadly. They’re unique because their intrinsic tokens promote both long-term as well as short-term incentives.

In a TCR, token-holders vote on what entities to include or remove from a registry. TCRs use token weighted voting. This means that if you have more tokens, you get more votes. When a token-holder believes that a current or future registry member should not be included in the registry, they can challenge the applicant by staking a deposit and triggering a vote. Token-holders then vote on whether they believe the challenged member or applicant should be rejected or accepted.

Voters who vote with the winning outcome split a portion of either the applicant or the challenger’s staked amount, depending on who wins. The remainder is disbursed to the winning party, alongside their initial stake.

Who are the players in a TCR?

Registry members: seek membership in a high-quality list

seek membership in a high-quality list Token-holders: vote with their tokens (native to the system) to include or exclude applicants, or accept or reject proposals

vote with their tokens (native to the system) to include or exclude applicants, or accept or reject proposals Registry-users: use the list to make decisions

How does a TCR work?

Someone stakes a deposit to submit an entry to the registry Any token-holder can challenge the applicant If challenged, a vote begins. Token holders vote! Applicant wins: YES voters split challenger’s deposit Challenger wins: NO voters split applicant’s deposit

Robust voting mechanisms are fundamentally important to the success of TCRs. Vote manipulation is one way in which TCR’s can lose their usefulness and be gamed. TCRs are unique because the token-holders stand not only to have their desired vote outcome take place, but to in fact profit from a winning vote.

However, in some cases, someone with enough money can control the entire system. A highly motivated and wealthy attacker (say, an advertiser who would like to discredit TCRs and thus continue to reap juicy bot-net clicks!) can bribe participants through a smart-contract. This is much more effective (and dangerous) than a bribe where you need to have trust that person to make good on their promise.

The current standard of practice is to use a “partial-lock commit reveal” (PLCR) voting mechanism. However, at Enigma, we think “secret voting” can offer the same benefits as PLCR, while improving security and usability.

Why Secret Voting

We propose secret voting as a more secure alternative to the Partial-Lock Commit Reveal mechanism that has advantages both in user experience as well as privacy.

Check out a full implementation of secret voting (including a video walkthrough) here: https://blog.enigma.co/secret-voting-an-update-code-walkthrough-605e8635e725

Recall that secret contracts are smart contracts executed by a decentralized network but that do not reveal input data to the nodes executing the code.

Using secret contracts, it is possible to hold votes where the results can be trusted, but the individual votes are never revealed. In a secret vote, a token holder encrypts their vote using the public key of the TEE. Then, this vote is submitted to the voting contract. When the voting period is concluded, the votes are decrypted and counted within the TEE, which returns the result of the vote but not the individual votes themselves. This solves vote manipulation attacks during voting, after voting, and in repeated rounds of voting. As with PLCR, this also prevents “vote memeing”, while improving on PLCR in usability. Unlike PLCR, votes are never committed unencrypted.

Now we’ll walk through several aspects of voting that are improved by secret voting, then compare secret voting to existing vote mechanisms for TCRs. Finally, we’ll describe a secret vote mechanism in detail and provide a sequence-diagram that illustrates how these work on the first version of the Enigma network.

Protecting voter confidentiality

In current election systems, it is important that an individual’s vote remains private even after the election is concluded. Generations of trial-and-error stand behind our election model. This protects individual freedom of choice, as voters do not need to fear repercussions based on their vote. When votes are recorded to a public blockchain, however, voters do not inherently have this protection.

Using the Enigma network, votes are encrypted by the client, and only decrypted and counted within a trusted execution environment. Thus, a vote can both return trusted results, while maintaining anonymity behind individual votes.

Preventing Bribery: P+Epsilon and related attacks

Another facet of non-private voting is that it provides an opportunity for malicious actors to attempt to influence the outcome of a vote through bribery. If I can prove that I voted a certain way, I can collect on a promised bribe. In the decentralized world, such a bribe could be extremely trustworthy: for example, it could be encoded into a smart contract. Vitalik Buterin has gone into detail on one formulation of this issue, termed the P+Epsilon attack.

When such outcomes are not desirable — for example, in a TCR operating in a vertical with highly motivated and wealthy actors who can gain from influencing a vote — secret voting is the only known method to conduct trusted votes where no one can prove how they voted and thus collect a bribe.

Mitigating vote-memeing

Because voting with the majority results in financial reward for token-holders, there is an incentive to predict which way the majority will vote, rather than according to a voter’s due diligence. If enough voters act in this way, it can result in “vote memeing”, where individuals simply vote with the majority rather than to improve the quality of the TCR. While this devalues the TCR in the long-run, it is a compelling strategy in the short-term.

Using secret voting with Enigma, votes are not committed unencrypted to the blockchain. This prevents token-holding voters from predicting an outcome based on the current status of the vote.

Combine Commit/Reveal mechanism into a single interaction

As mentioned earlier, one mechanism for combating vote memeing is called “Partial-Lock Commit Reveal”. This is an elegant solution for preventing users from simply voting with the majority, by concealing the vote results until a “reveal” period. However, it requires a two-step interaction from users: first a commitment of their vote, and then the reveal of their vote (which is required in order to recoup their staked tokens).

Secret voting provides improved usability over this solution, because users only need to interact once with the voting contract, and the return of their staked tokens will occur automatically when the contract executes at the end of the commit phase.

An excerpt from our presentation at the SF TCR Enthusiasts Meetup.

Example of Secret Voting with TCR use case

After a challenge is initiated, token-holders encrypt their votes, submit encrypted votes and commit stake to voting contract. When voting period ends, encrypted votes are sent to the Enigma network for computation. Votes are securely decrypted within a trusted execution environment and tallied. Tallies only are committed back to the main chain. Votes are never revealed to anyone.

Sequence diagram for secret voting in TCRs.

Conclusion

Secret ballots and vote privacy is taken for granted as part of our voting systems today. This type of voting can be found even in ancient Greece, where it was an innovation that helped protect voters from retaliation and coercion. However, voting on blockchains does not have this feature by default.

Transparency is a strong value for the decentralized web, and one of the benefits of smart contracts is that they can be seen and audited by anyone. But transparency and privacy do not need to be antithetical. Privacy is required to preserve free participation and fairness — and with secret contracts, Enigma finally makes trusted, decentralized, and private voting possible, combining the best features of transparency and privacy.