A team of researchers from Cornell University, including Ethereum co-founder Vitalik Buterin and PhD students Mahimna Kelkar, Kushal Babel, Philip Daian, and James Austgen, is examining potential risks that could lead to the emergence of “dark” voting systems within decentralized autonomous organizations (DAOs). Their research focuses on addressing the growing threat of coordinated attacks on protocols through smart contract bribery, particularly as DAOs gain widespread adoption.
At the Science of Blockchain Conference held at Columbia University in early August, Cointelegraph interviewed Mahimna Kelkar about the group’s work on a new cryptographic concept they introduced in 2023, called proofs of complete knowledge (CK). This concept builds on the traditional proof of knowledge, a cryptography technique that enables one party (the prover) to convince another (the verifier) that they possess secret information, such as a private key, without revealing it. While widely used to enhance transaction privacy in the crypto industry, there remains a “subtle gap” where this secret information could be managed by external mechanisms like trusted hardware instead of directly by the prover.
Kelkar explained that this vulnerability in standard proofs of knowledge could expose voting protocols within DAOs to bribery attacks. Unlike traditional governance systems, DAOs operate without a central authority, relying instead on tokenholders who have voting power. However, in a bribery attack, malicious actors could use smart contracts to financially incentivize tokenholders to vote in favor of a particular proposal or outcome.
Read more: Texas Senator Reveals Up to $100K in Bitcoin Holdings Following Blockchain Support
To mitigate this risk, the researchers have explored the concept of proof of complete knowledge, which would allow voters to prove ownership and control over their keys even when operating within trusted execution environments (TEEs). This ensures that tokenholders retain control over their keys and can prevent attackers from exploiting the voting process. The team identified two approaches to enforce this concept: using TEE to confirm key ownership while allowing tokenholders to regain control at any time, and restricting keys through application-specific integrated circuits (ASICs), which provide user access while preventing their use in a TEE environment.
Although still in the prototype stage, this research highlights a realistic threat to DAOs. Kelkar emphasized that while the deployment of such a “dark DAO” is not imminent, the research demonstrates a feasible model that could facilitate vote-buying in existing DAOs.
Cre: cointelegraph
I’m Jessi Lee, currently living in Singapore. I am currently working as a trader for AZCoin company, with 5 years of experience in the cryptocurrency market, I hope to bring you useful information and knowledge about virtual currency investment.
Email: [email protected]