Kite: How to Delegate Voting Power Privately

Ensuring the privacy of votes in an election is crucial for the integrity of a democratic process. Often, voting power is delegated to representatives (e.g., in congress) who subsequently vote on behalf of voters on specific issues. This delegation model is also widely used in Decentralized Autonomous Organizations (DAOs). Although several existing voting systems used in DAOs support private voting, they only offer public delegation. In this paper, we introduce Kite, a new protocol that enables $\textit{private}$ delegation of voting power for DAO members. Voters can freely delegate, revoke, and re-delegate their power without revealing any information about who they delegated to. Even the delegate does not learn who delegated to them. The only information that is recorded publicly is that the voter delegated or re-delegated their vote to someone. Kite accommodates both public and private voting for the delegates themselves. We analyze the security of our protocol within the Universal Composability (UC) framework. We implement Kite as an extension to the existing Governor Bravo smart contract on the Ethereum blockchain, that is widely used for DAO governance. Furthermore, we provide an evaluation of our implementation that demonstrates the practicality of the protocol. The most expensive operation is delegation due to the required zero-knowledge proofs. On a consumer-grade laptop, delegation takes between 7 and 167 seconds depending on the requested level of privacy.

💡 Research Summary

Kite is a novel protocol that enables private delegation of voting power in decentralized autonomous organization (DAO) governance while preserving the ability to conduct either public or private voting. Existing DAO voting systems, such as Compound’s Governor Bravo and OpenZeppelin’s Governor, support private ballot casting but expose delegation relationships on‑chain, creating social pressure and discouraging re‑delegation. Kite solves this problem by cryptographically hiding the identity of the delegate during the delegation, undelegation, and re‑delegation processes, yet still allowing the delegate to cast votes on behalf of the delegator.

The protocol relies on three standard cryptographic building blocks: (1) a CPA‑secure additively homomorphic encryption scheme to encode voting power (the number of ERC‑20 governance tokens owned); (2) succinct non‑interactive zero‑knowledge arguments (zk‑SNARKs) to prove correct formation of delegation and vote transactions without revealing any private data; and (3) standard digital signatures, hash functions, and Merkle trees for message authentication and state verification.

When a voter wishes to delegate, they construct a vector that is zero everywhere except at the index of the chosen delegate, where the entry equals the voter’s token balance. This vector is encrypted homomorphically and posted to the blockchain together with a zk‑SNARK proof that (i) the voter actually owns the claimed tokens, (ii) the delegate is a registered delegate, and (iii) the delegation does not exceed the voter’s balance. The smart contract adds the ciphertext to the delegate’s encrypted power total using the homomorphic property, and simultaneously locks the voter’s tokens to prevent double‑spending. Undelegation works analogously, subtracting the encrypted vector. Because the proof is zero‑knowledge, the delegate’s address never appears in clear on‑chain.

Voting can be performed in two modes. In public voting, the delegate simply adds its total encrypted power to the chosen option’s tally, allowing anyone to see how much power voted for each option. In private voting, the delegate re‑randomizes its encrypted power and submits it only to the selected option while submitting encryptions of zero to all other options. The final tally is an encrypted sum for each option; a trusted tally authority (TA) holds the decryption key, decrypts each option once at the end of the election, and publishes the clear results. This design yields a single decryption step, unlike prior schemes that must process each ballot individually.

Security is proved in the Universal Composability (UC) framework, specifically using the Sequential UC (SUC) variant. An ideal functionality for private delegation and voting is defined, and a composition theorem shows that the real protocol securely emulates this functionality in a hybrid model where the blockchain serves as an authenticated, immutable bulletin board. The proof demonstrates confidentiality of delegate identities, integrity of delegated power, resistance to replay and forgery, and correctness of the final tally, assuming the underlying cryptographic primitives are secure.

Implementation extends the open‑source Governor Bravo contract in Solidity, adds ERC‑20 token locking, and integrates the Noir zk‑SNARK framework for proof generation and verification. Circuit optimizations reduce on‑chain verification gas costs. Benchmarks on a consumer‑grade laptop show delegation proof generation times ranging from 7 seconds (low privacy level) to 167 seconds (high privacy level), with verification costs well within typical Ethereum block gas limits. The most expensive operation is delegation, as expected; voting and tallying are comparatively cheap.

Related work on proxy voting and delegation privacy either requires additional trusted servers, anonymous communication channels, or complex mix‑net constructions that are ill‑suited for blockchain environments. Other blockchain‑based private delegation schemes tie delegation to ballot casting, forcing voters to re‑delegate for each proposal. Kite separates delegation from voting, supports optional public accountability, and achieves a more straightforward tallying process.

In summary, Kite provides a practical, UC‑secure solution for private delegation in DAO governance. It hides delegation relationships while preserving accurate power aggregation, offers flexible voting privacy, integrates seamlessly with existing DAO contracts, and demonstrates acceptable performance on current blockchain infrastructure. The protocol paves the way for more privacy‑preserving governance mechanisms without sacrificing transparency or accountability where desired.