Light-weight MACI Anonymization

Adding anonymization to MACI has been discussed within the Ethereum research community. Although MACI offers anti-collusion features amongs users, privacy and anti-collusion are not unconditional and rely on the operator. The goal of MACI anonymization is to add privacy between operators and users. There are two existing proposals that could achieve this goal:

Vitalik’s proposal requires 2-of-2 MPC between the operator and user. Kobi Gurk’s proposal doesn’t require MPC but adding re-redomization encryption to the protocol, which adds complexity to the design and implementation in practice.

There are two common requirements from both proposals:

  1. client-side ZKP generation
  2. operations to deactivate keys at will

We identify that the first requirement is universally necessary, and the second requirement depends on the privacy requirement of the use case.

In this design, we loose the privacy preserving assumption, and hope to provide a practically light-weight protocol that achieves anonymization while providing no less anti-collusion properties than original MACI. Privacy is preserved as long as the users do not reveal identities to the operator.


We assume MACI is a system as described in:

We then build a practically light-weight protocol that adds privacy between the operator and users.

User prepares the following information before submitting votes.

  • , the operator’s public key
  • : user’s private keys
  • : user’s one-time private key, with public key
  • : user’s vote
  • , vote encrypted using operator’s public key
  • , is private to other users
  • , a set of hashed public keys that are used for signup

User provides ZKP proving:

  • public output:

The operator tallies votes:

  • process all messages in reverse order
  • all messages accepted by smart contract are valid
  • decrypt
  • if , there’s repeated message, vote discarded. If , and message is valid, process the message and tally the vote

Additional Reads