Dark DAOs: Vitalik Buterin explores ways to mitigate bribery threats
Researchers Investigate "Dark" Voting Systems in DAOs: Proof of Complete Knowledge (PoCK)
A team from Cornell University, including Ethereum co-founder Vitalik Buterin and PhD students Mahimna Kelkar, Kushal Babel, Philip Daian, and James Austgen, is exploring the risks of "dark" voting systems in decentralized autonomous organizations (DAOs). Their research, presented at the Science of Blockchain Conference at Columbia University in early August, focuses on mitigating threats posed by bribery attacks through smart contracts.
The researchers have introduced the concept of Proof of Complete Knowledge (PoCK) in 2023. This new cryptographic method aims to address a gap in traditional Proof of Knowledge (PoK) systems, which can inadvertently allow external mechanisms, like trusted hardware, to control secret information rather than the prover themselves.
Bribery Attacks
In a DAO, tokenholders use their voting power to make decisions. However, bribery attacks pose a significant threat, where malicious actors offer financial incentives to influence voting outcomes. This could undermine the core principle of decentralization in DAOs.
Proof of Complete Knowledge
To counter this, the researchers propose two methods for enforcing PoCK:
Trusted Execution Environment (TEE): This approach involves using a TEE to prove that a voter controls a key and can use it. Although the key is held within the TEE, it remains under the voter’s control, preventing an attacker from manipulating the voting process.
Application-Specific Integrated Circuits (ASICs): By sending a key to an ASIC, which lacks a TEE, the key stays accessible to the user but demonstrates that it was used by the ASIC. This method ensures complete control over the key while avoiding its use within a TEE environment.
The researchers acknowledge that while their research has produced a practical prototype demonstrating these threats and solutions, PoCK is still in its early stages. Kelkar highlighted that while the concept isn’t ready for immediate deployment, it represents a viable prototype for addressing these emerging threats to DAO governance.