Dialogue Initiator Dora: How to build a fairer quadratic funding donation platform?

Source: Rhythm Research Institute

The governance of large organizations and the fair distribution of funds have always been topics of concern. In the crypto community, which often has substantial financial resources, ensuring fair fund distribution is particularly important. So how can the crypto community prevent the collusion problems common in off-chain governance, and what are the drawbacks of traditional quadratic funding?

Rhythm BlockBeats interviewed Zhang Jiannan, the founder of DoraHacks, which provided the quadratic voting system for ETHDenver 2022. Let's hear his latest understanding of governance issues and his insights on the new version of the quadratic voting system for this ETHDenver.

Governance Challenges in the Public Domain

Rhythm BlockBeats: Considering that many readers may not be particularly familiar with the relevant concepts, let's start with a few more basic ideas before discussing today's main topic. So the first question is, how did you start paying attention to governance issues, and what shortcomings do you see in traditional governance voting mechanisms?

Zhang Jiannan: It's about governance in the real world. Many times, when I see governance failures, I feel very strongly about it because governance failures often lead to a decline in productivity and hinder human progress.

For example, even in some developed democratic countries, during elections, people often question the authenticity and transparency of ballots. Issues like ballot harvesting, where votes are bought through money or other promised benefits, lead to collusion problems.

Another issue is the tragedy of the commons. In the realm of public governance, there are often situations that concern everyone but are not particularly relevant to each individual, ultimately leading to a lack of concern for the issue. The governance and funding of public goods are most affected by the tragedy of the commons.

These problems arise not only in national governance but also in regional governance or organizational governance. If we can address these issues to some extent, we can build a fairer and more efficient society and organizations.

In the cryptocurrency field, the effectiveness of governance often determines whether a project can realize value in the long term. Many infrastructure projects or DAOs have substantial treasuries. These treasuries face community governance issues, such as how to manage procurement or fund their ecosystem.

On one hand, there are effective actions that can promote the overall value growth of the organization. On the other hand, there is a desire to allow more community members to participate in governance according to their token holdings or contributions, forming a decentralized community.

In on-chain governance, witch attacks are often a significant concern because identities can easily be forged in an on-chain environment. However, compared to collusion problems, we have more solutions to prevent witch attacks, such as whitelists, which are always a good solution. Through data analysis, we can also mitigate the impact of witch attacks afterward.

Both on-chain and off-chain voting mechanisms encounter many technical issues. We can categorize these problems into two types: witch attacks, which involve identity forgery, and collusion problems, where small groups within a governance system collaborate with each other.

Collusion, the tragedy of the commons, and witch attack issues exist in both on-chain and real-world governance. Some people, upon noticing these problems, immediately claim that blockchain governance is ineffective, but in fact, these governance issues also exist in the real world, and may even be more severe. Therefore, this is not a problem unique to blockchain, but a common issue faced by governance activities. On the contrary, blockchain provides us with the infrastructure and testing ground to solve these problems.

To summarize, we face the tragedy of the commons in the governance process, and from a governance technology perspective, we typically need to address witch attacks and collusion problems.

Rhythm BlockBeats: We know that quadratic funding is often used in public project funding in the crypto industry. So could you explain quadratic voting and quadratic funding in simple terms, and how they differ from traditional decision-making mechanisms?

Zhang Jiannan: Before Glen and others invented quadratic voting, governance systems either operated on a one-person-one-vote basis or used money to vote. In social governance systems, most cases follow a one-person-one-vote principle. However, in many other areas, such as PoS blockchains or corporate equity governance, the principle is essentially one dollar one vote. Each of these voting methods has its applicable scenarios.

The biggest advantage of one-person-one-vote is that it allows everyone to participate. Since each person has only one vote, it avoids the problem of whales completely controlling the voting outcome. This is useful in many social governance contexts, but the drawbacks are also evident. If I am more concerned about a particular issue, I have no way to cast more votes on that issue.

On the other hand, one dollar one vote reflects your level of concern for an issue. For example, if I am particularly interested in a proposal, I can spend a lot of money to buy many votes. However, the downside is that whales can completely control the voting outcome. Quadratic voting is an improvement on these two mechanisms.

This idea first appeared in the book "Radical Markets," which includes a very good example. In a remote mountain village in Japan, a child's relative was killed by a thief. Later, someone proposed in parliament to allow residents of remote areas to carry guns.

If this proposal were in a democratic voting system, you would find that most people are indifferent to it, so the proposal is unlikely to pass. However, for families in remote areas, this is a very important issue. In a one-person-one-vote system, the interests of these minority groups can easily be overlooked.

Thus, there is an idea that instead of one-person-one-vote, everyone has something called voice credits, similar to points, for example, each person has 20 voting credits, and you can use these credits to vote.

This year, each person might have 20 credits, and there are 20 proposals. You can vote once for each of the 20 proposals, or you can allocate all your credits to a single proposal. At this point, it seems like we are just turning one-person-one-vote into one-person-20-votes, so what’s the difference?

We can increase the cost of continuing to vote. For example, families in remote areas may be very interested in the proposal to carry guns. At this point, I can allocate all 20 votes to this proposal. However, unlike ordinary voting, there is a difference: casting the first vote costs one credit, but to cast the second vote, it requires two credits.

Following this logic, the fourth vote requires four credits, and with 20 credits, you can get at most five votes because the sixth vote would require at least 21 credits. Therefore, the number of votes is roughly related to the square root of the number of credits, which is why we call this mechanism quadratic voting.

Quadratic funding is an algorithm that extends quadratic voting, where the process is the same, but the difference is that the results of quadratic voting are used to allocate a funding pool.

We can imagine a public goods community (such as a community in a city or a blockchain infrastructure) that has some public goods in its ecosystem.

These public goods may lack venture capital support because they may not have actual investment value in their early stages. So how do we fund them? Alternatively, from another perspective, if we want to allocate a sum of money to multiple public goods (or proposals), how do we do it?

We can set up a prize pool and use donations to vote for these public goods. The cost of voting increases continuously.

For example, voting for one token can earn you one vote, but to earn a second vote, you need to spend two tokens. If a whale wants to vote many times for their preferred proposal, the cost will increase quadratically, effectively limiting the whale's control over the funding pool. Finally, we complete the distribution of the entire prize pool based on the results of quadratic voting.

So the algorithm for quadratic funding is essentially the same as that of quadratic voting; they just have different use cases.

Deficiencies of the Quadratic Funding Mechanism

Rhythm BlockBeats: Currently, platforms like DoraHacks and Gitcoin, which are based on the quadratic funding mechanism, have been running for some time. From the perspective of actual funding effectiveness, what problems exist in the current quadratic funding system?

Zhang Jiannan: In fact, quadratic funding has proven to be extremely effective in small-scale applications. Therefore, our main task is to consider what problems we might encounter in large-scale applications.

The first issue is identity, which relates to the witch attack problem. In quadratic funding, for example, if there are 20 people, and each votes once, the funding that the project can receive is more than if one person votes 20 times. Because according to the algorithm, if you vote alone, the actual number of votes you receive is the square root of your votes. This gives people a strong incentive to forge more identities to participate in voting.

However, over the past nearly two years, we have developed many methods to address this issue. For instance, a common approach is to analyze the data after each round, allowing us to identify who or which addresses may be forged.

Alternatively, we can use some type of whitelist, such as a decentralized identity system, to prove that one is a real person or a community user. When we combine these methods, we can largely prevent witch attacks.

The second, more complex issue is collusion. This refers to different small groups within the system forming alliances and using various means to achieve preferred governance outcomes.

For example, in democratic elections, ballot harvesting is a form of collusion. Collusion, unlike witch attacks, is not very severe in small-scale applications, but when the prize pool becomes hundreds of thousands or millions of dollars, it becomes highly consequential. People may think of various methods and use collusion to obtain more matching funds.

So in the long run, collusion is actually a more serious and complex problem than witch attacks. It is difficult to prevent collusion using conventional methods because you cannot know who is colluding with whom.

In the traditional world, we have rarely seen effective methods to solve collusion. For example, insider trading, as a form of collusion, is prohibited by law. However, in reality, most insider trading cannot be discovered or proven. In contrast, on the blockchain, we have more cryptographic tools to address collusion issues.

Rhythm BlockBeats: In Gitcoin's funding activities, it is common for a project to retroactively airdrop rewards to its donors. Does this behavior fall under the collusion problem or vote-buying you just mentioned?

Zhang Jiannan: Yes, attracting votes through airdrops is a common form of collusion.

Rhythm BlockBeats: You just mentioned that there are new methods on the blockchain that can help solve collusion problems. Could you explain how we can achieve this improvement through cryptographic techniques?

Zhang Jiannan: First, we need to think about why collusion occurs and why it is so difficult to solve.

The entire governance process can be viewed as a game (a game theory scenario). In an ideal situation, if everyone's information is not interconnected, then no one can collude with anyone else; this is a perfect but unrealistic scenario.

In reality, information can be shared among participants, turning the game into a cooperative game. Since different participants can cooperate with others, the outcome becomes unpredictable. In governance systems, this often leads to a significant reduction in fairness. Moreover, cooperation itself can be highly covert, making it almost impossible to detect collusion.

To truly solve this problem, we need to think from another angle: can we, in specific scenarios like quadratic voting, transform a cooperative game into a non-cooperative game?

That is, how can we ensure that participants cannot communicate their results, thus preventing cooperation? However, participants can still communicate information. In this case, how can we make it so that they cannot effectively cooperate? This is where we need to integrate cryptographic solutions with zero-knowledge proofs. Although they can communicate, they cannot trust each other.

For example, if I want to spend $10 to buy a vote from you, after you vote, I cannot know if you actually voted for me, nor can you prove that you voted for me. As long as both parties cannot trust each other, we can solve the collusion problem. So can we design such a system? In fact, we can.

A basic solution is MACI (Minimal Anti-Collusion Infrastructure). The specific approach is that when we all vote, we do so through an administrator.

The administrator will issue a public key to the entire market, and of course, the private key is held by the administrator. All information is encrypted using the public key, so you can only see the ciphertext of everyone's information, not the plaintext.

Users can vote through this system, change keys, or perform other actions. Since all these operations are encrypted, you cannot know whether the information is for voting or for something else.

So, if someone wants to bribe, for example, I give you $100 to vote for candidate number three. Since all information is encrypted, you cannot prove that you actually voted for that candidate. Through this simple encryption mechanism, you cannot prove that you voted for me.

Finally, the administrator announces the results. But how do we ensure that the final results are credible without disclosing specific voting details? At this point, we need to use zero-knowledge proofs to guarantee this.

When the administrator publishes the results, they also attach a zero-knowledge proof of the results, allowing us to trust the outcome without anyone knowing how anyone voted. This completes the entire voting mechanism loop.

In May 2019, Vitalik proposed the conceptual framework for MACI in the Ethereum research community. Later, several developers from the Ethereum Foundation and ConsenSys turned MACI into an experimental open-source project. MACI became a product in 2021, with clr.fund and DoraHacks implementing quadratic voting based on MACI.

clr.fund first created a product MVP at ETHDenver 2021. As an open-source developer community in a multi-chain ecosystem, DoraHacks implemented the MACI-based quadratic voting and quadratic funding infrastructure by the end of 2021. During this process, the original appliedzkp team provided significant support and advice to the DoraHacks team.

Our other goal is to simplify the MACI process, providing users with a very straightforward product that allows them to vote and support developer communities in an anti-collusion environment. We have basically achieved this; conducting MACI quadratic voting on DoraHacks is simpler than ordinary quadratic voting.

Rhythm BlockBeats: The concept of MACI (Minimal Anti-Collusion Infrastructure) sounds a bit complex. Can you explain the basic logic in simpler terms? For example, can I understand that the role of MACI is to allow everyone to vote in secret?

Zhang Jiannan: You can understand it this way. Simply put, it means that everyone encrypts their votes. In the end, we announce a result and use zero-knowledge proofs to verify the authenticity of this result without disclosing any details or processes.

Rhythm BlockBeats: If we want to transform the current quadratic funding model into a MACI version of quadratic funding, what necessary technologies would we need to use? Besides the zero-knowledge proofs you just mentioned, are there any other additions?

Zhang Jiannan: We need to address related engineering and security issues. Additionally, the DoraHacks platform has already provided a lot of infrastructure, allowing us to quickly implement a user-friendly MACI quadratic voting system.

Currently, the MACI quadratic voting system has not yet been widely used, so it will require some time for testing. We also need to solve some issues: how to further enhance privacy, improve efficiency, and so on.

We have optimized the data structure of the state tree in the original MACI to increase the limits on the number of participants and votes. We have also fixed some security-related bugs in the MACI codebase.

Moreover, the product needs to be more user-friendly, such as having an effective and very friendly UI, so that users experience the same ease of use when voting with MACI as they do with ordinary quadratic voting. We have basically achieved this; many users have reported that the MACI voting experience is simpler.

Rhythm BlockBeats: Are there any obvious difficulties in implementing the MACI version of quadratic funding? For example, technical or social challenges?

Zhang Jiannan: Technically, we need to further enhance privacy and efficiency while ensuring a basic anti-collusion governance system based on MACI.

Socially, an anti-collusion system is generally welcomed because it makes governance systems fairer.

In large-scale governance, collusion can become a very unstable factor in the system, making the entire system very unfair and eroding trust.

Therefore, anti-collusion is a necessary issue to address in the process of scaling on-chain governance and quadratic funding; it is a trend.

How to Implement the Improved Quadratic Funding

Rhythm BlockBeats: You just mentioned that to implement MACI, we actually need to introduce an identity node called an administrator. I wonder if introducing this node will cause new problems, such as whether it becomes a centralized node, or if there are ways to make it relatively decentralized?

Zhang Jiannan: The administrator is a centralized node, but the extent to which this node can act maliciously is limited. First, the administrator cannot publish incorrect results, which is guaranteed by zero-knowledge proofs. However, the administrator can commit other misdeeds, such as delaying, not publishing results, or leaking private information.

We can say that MACI has solved the main issues, but privacy is also very important. To address this, we can introduce more cryptographic constructs to ensure that while the administrator publishes results, they themselves cannot see the votes of each individual, thus guaranteeing privacy.

Rhythm BlockBeats: We know that the developer platform HackerLink.io by DoraHacks allows support for early projects through quadratic funding. Will HackerLink.io integrate the MACI mechanism in the future, and when can we expect to see the formal adoption of zero-knowledge quadratic voting?

Zhang Jiannan: The first round of formal MACI Grants by DoraHacks was at this year's ETHDenver. For the first time, ETHDenver used the MACI infrastructure provided by DoraHacks for community quadratic voting. On February 20, the ETHDenver 22 judging panel selected 30 projects from hundreds of submissions, which were voted on by approximately 12,000 participating developers and attendees.

All participants had the opportunity to experience the MACI voting process. So we can understand that this event at ETHDenver will be the first medium-scale use of MACI.

Rhythm BlockBeats: For many users, including developers participating in these events, this may be their first encounter with quadratic funding using MACI. Could you introduce this new organizational method and how it differs from traditional quadratic funding?

Zhang Jiannan: Actually, the entire process is not significantly different, except that in quadratic funding, you can vote directly, meaning once you cast your vote, you cannot change it. However, in MACI, after you vote, you can vote again, and the new vote will overwrite the previous one.

What might be particularly different is that before the voting results are announced, everyone cannot see the results because all votes are encrypted. When people need to verify the results, they need to use the published zero-knowledge proof to verify the authenticity of the results. This means that we may find there is no real-time leaderboard for vote counting.

Aside from that, the entire voting process is not different; the user experience may even be simpler.

Rhythm BlockBeats: Does the entire process require our participants to use certain tokens as collateral or voting tools?

Zhang Jiannan: Actually, it is not necessary, which is an interesting aspect; it is somewhat simpler than before.

Rhythm BlockBeats: Finally, one last question: after adopting zero-knowledge proofs for quadratic voting, is it unlikely for project teams to airdrop rewards to supporters based on voting history?

Zhang Jiannan: Yes, you can basically understand it this way: project teams cannot do that at all. So these project teams might give the same amount of airdrops to all funders of the projects or not airdrop anything to any of the funders.