1  Anonymous voting
 2  ================
 3  
 4  Anonymous voting[^1] is a type of voting process where users can
 5  vote without revealing their identity, by proving they are accepted
 6  as valid voters.
 7  
 8  The proof enables user privacy and allows for fully anonymous voting.
 9  
10  The starting point is a Merkle proof[^2], which efficiently proves that
11  a voter's key belongs to a Merkle tree. However, using this proof alone
12  would allow the organizer of a process to correlate each vote envelope
13  with its voter's key on the database, so votes wouldn't be secret.
14  
15  ## Vote proof
16  
17  ```zkas
18  {{#include ../../../../proof/voting.zk}}
19  ```
20  
21  Our proof consists of four main operation. First we are hashing the
22  _nullifier_ using our secret key and the hashed process ID. Next,
23  we derive our public key and hash it. Following, we take this hash
24  and create a Merkle proof that it is indeed contained in the given
25  Merkle tree. And finally, we create a _Pedersen commitment_[^3]
26  for the vote choice itself.
27  
28  Our vector of public inputs can look like this:
29  
30  ```
31  let public_inputs = vec![
32      nullifier,
33      merkle_root,
34      *vote_coords.x(),
35      *vote_coords.y(),
36  ]
37  ```
38  
39  And then the Verifier uses these public inputs to verify the given
40  zero-knowledge proof.
41  
42  [^1]: Specification taken from [vocdoni franchise proof](https://docs.vocdoni.io/architecture/protocol/anonymous-voting/zk-census-proof.html)
43  
44  [^2]: [Merkle tree on Wikipedia](https://en.wikipedia.org/wiki/Merkle_tree)
45  
46  [^3]: See section 3: _The Commitment Scheme_ of Torben Pryds Pedersen's
47      [paper on Non-Interactive and
48      Information-Theoretic Secure Verifiable Secret
49      Sharing](https://link.springer.com/content/pdf/10.1007%2F3-540-46766-1_9.pdf)