-
Notifications
You must be signed in to change notification settings - Fork 154
/
Copy path2024-02-28-maci-v1.2.0.md
121 lines (72 loc) · 10.1 KB
/
2024-02-28-maci-v1.2.0.md
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
---
slug: maci-v1-2-0-release
title: MACI v1.2.0 Release
description: "MACI v1.2.0: Enhancing Blockchain Privacy & Security with Developer-Friendly Updates"
authors:
name: ctrlc03
title: MACI team
url: https://pse.dev
image_url: /img/pse-logo-round.png
tags: [release, audit, security, documentation]
excerpt: "We are pleased to announce the release of MACI v1.2.0"
---
# MACI v1.2 Release
We are pleased to announce the release of MACI [v1.2.0](https://github.com/privacy-scaling-explorations/maci/releases/tag/v1.2.0)!
This is our first release since [MACI v1.1.1](/blog/maci-v1-1-1-release) just over one year ago. This new release focuses on improved developer experience, security, performance and clearer documentation for users looking to learn and use MACI.
## Background
MACI - Minimal Anti-Collusion Infrastructure - is an Ethereum application that provides privacy and collusion resistance for on-chain voting. If you're new to MACI, we first recommend reading our [documentation](/docs/introduction) for background information and technical details.
## Refactoring Work
We prioritized enhancing MACI's developer experience by refactoring its code, fixing bugs, and improving documentation.
Key refactoring activities were:
1. Upgrading libraries to their latest versions and substituting obsolete dependencies with up-to-date and actively maintained alternatives.
2. Making the code standardized, modular, well-documented, and uniformly formatted.
3. Fixing bugs and community-reported issues.
### Library Updates
MACI has relied on custom code and dependencies since its initial implementation, notably from repositories by one of the original MACI developers, [Koh Wei Jie](https://github.com/weijiekoh). We felt that MACI could benefit from a dependency refresh, so we've shifted towards using actively maintained open-source libraries, such as [circomkit](https://github.com/erhant/circomkit) and [zk-kit](https://github.com/privacy-scaling-explorations/zk-kit).
Circomkit has become our go-to for circuit-related tasks, such as compiling circuits, generating test zkeys, and unit tests.
We've moved reusable circuit logic, like our [Poseidon permutation](https://github.com/privacy-scaling-explorations/zk-kit/tree/main/packages/poseidon-cipher) encryption and decryption code, into zk-kit. This not only benefits MACI through more circuit usage and testing but also supports wider community adoption.
These efforts are part of a broader initiative at [Privacy and Scaling Explorations (PSE)](https://pse.dev/) to foster open-source development and contribute to public goods. By aligning MACI with these values, we aim to enhance its utility and encourage collaborative growth. In the coming months, we're committed to extracting more of our circuit logic for broader use ([track progress here](https://github.com/privacy-scaling-explorations/zk-kit/issues/131)) and contributing to projects that align with [our mission](/roadmap#maci-mission--vision).
### Code Refactor
We've undergone extensive efforts to clean up MACI's code:
- Removed dead and redundant code.
- Split monolithic files into smaller, logically structured ones.
- Improved documentation with detailed code comments and tools like ([TypeDoc](https://typedoc.org/) and [solidity-docgen](https://github.com/OpenZeppelin/solidity-docgen)) for automatic doc generation.
- Enforced strong type safety on the TypeScript components.
- Optimized and modularized the smart contract code.
- Extended the test suites.
These improvements aim to simplify the onboarding process for new developers, ensuring they can easily navigate and effectively utilize MACI.
## New Features
### Flexible Voting Strategies
After years of built-in quadratic voting (QV) in MACI, we now support non-quadratic voting polls. This opens up the door to potential integrations with a wider variety of projects, such as DAO governance applications.
The new version of the Tally circuit (specific for non-QV), has reduced constraints, enabling a quicker proof generation process for vote tallying.
We invite projects interested in leveraging this secure, on-chain voting mechanism to reach out for potential integrations. We hope to continue to expand support for additional voting methodologies, so please let us know your project's needs!
### New Gatekeeper
In our effort to fortify MACI against Sybil attacks, we've integrated an innovative gatekeeper mechanism: [EAS](https://attest.sh/) - you can [view the contract here](https://github.com/privacy-scaling-explorations/maci/blob/v1.2.0/contracts/contracts/gatekeepers/EASGatekeeper.sol).
As part of configuring a MACI deployment, the coordinator sets a user signup gatekeeper contract. This contract dictates the criteria a user must pass in order to participate in a poll. For example, user might need to prove ownership of a certain NFT, or prove that they have passed some sort of proof-of-personhood verification.
With the addition of this new gatekeeper, EAS (and soon™ [Hats Protocol](https://www.hatsprotocol.xyz/), MACI instances could be configured to e.g. only allow Ethereum accounts with a trusted EAS attestation or those designated with a specific role by the Hats Protocol. These modules open up new avenues for access control strategies.
We expect to continue to expand our [gatekeeper capabilities](https://github.com/privacy-scaling-explorations/maci/tree/v1.2.0/contracts/contracts/gatekeepers) and welcome the community to come up with new and innovative ways to grant access to MACI's rounds, helping make MACI more customizable and sybil-resilient. The Hats Protocol gatekeeper is [currently in progress](https://github.com/privacy-scaling-explorations/maci/pull/1191) and will be released soon™ (in v1.2.1).
### Documentation Website
We're excited to announce that all MACI documentation has been unified on our new website, [maci.pse.dev](/)!
This platform will serve as the definitive resource for all information related to MACI, including [blog](/blog) releases, [documentation](/docs/introduction) updates, and [roadmap](/roadmap) progress. Please report any inconsistencies you may find. As always, we welcome suggestions on how to make it better.
## Security Audit
Thanks to thorough reviews by PSE's internal Audit team, clr.fund's developer, [yuetloo](https://github.com/yuetloo), and our core development team, we've identified and addressed several bugs during our recent refactoring efforts. Most notably, a critical bug in MACI v1.x discovered by [Kyle](https://github.com/kcharbo3), which could have allowed coordinators to censor votes, has been [fixed](https://github.com/privacy-scaling-explorations/maci/pull/1170).
For more details on our recent audit, please [refer to our audit docs](/docs/security/audit#pse-audit-2024) or [view the full report](/audit_reports/20240223_PSE_Audit_audit_report.pdf).
After this audit and the resulting fixes, we feel more confident with MACI and its security.
## Trusted Setup Ceremony
Following the successful completion of our [MACI trusted setup ceremony](https://ceremony.pse.dev/projects/Maci%20v1%20Trusted%20Setup%20Ceremony) for [MACI v1.1.1](/blog/maci-v1-1-1-release), we are preparing for a new ceremony to cover the security enhancements added in our v1.2.0 circuits.
To accomplish this, we'll leverage the tooling of [P0tion](https://github.com/privacy-scaling-explorations/p0tion), which helps to streamline and automate Groth16 phase2 ceremonies.
We'll update this page after the ceremony completes to include the production-ready zkey artifacts. In the meantime, the artifacts for v.1.1.1 can be found on our [website](/docs/security/trusted-setup), and the [`tallyVotes`](https://github.com/privacy-scaling-explorations/maci/blob/dev/circuits/circom/tallyVotes.circom) artifacts can still be used in production.
## Get Involved
MACI is deeply committed to our community, through our open initiatives like [public roadmaps](https://github.com/privacy-scaling-explorations/maci/discussions/859), transparent [repository management](https://github.com/privacy-scaling-explorations/maci/discussions/847), and a [public Discord channel](https://discord.com/invite/sF5CT5rzrR) for interaction with our team.
With every issue, PR, feature and roadmap iteration, we welcome feedback to ensure that the continued development of MACI reflects your and the community's needs. Keep an eye out on our [documentation](/), [GitHub discussions](https://github.com/privacy-scaling-explorations/maci/discussions) and our official [Twitter/X account](https://twitter.com/zkMACI) for updates.
For those looking to contribute directly, report bugs, or offer feedback, our [GitHub repository](https://github.com/privacy-scaling-explorations/maci) is open for issues and discussions. We're eager to assist with your projects or contributions.
For practical implementation insights, review our docs as well as the [clr.fund](https://github.com/clrfund/monorepo/) and [QF](https://github.com/privacy-scaling-explorations/qf) repositories as reference implementations. Both are quadratic funding implementations, a mechanism which otherwise is highly susceptible to collusion and bribery. Most notably, clr.fund is already working on integrating MACI v1.2.0, after having used v0.x until now. You can follow their development effort under this [GitHub branch](https://github.com/clrfund/monorepo/tree/feat/maci-v1).
For any other questions or feedback, please reach out to us via [PSE's Discord](https://discord.com/invite/sF5CT5rzrR), in our [`#🗳️-maci` channel](https://https//discord.com/channels/943612659163602974/1164613809730748507). We're excited to connect and collaborate with you!
## References
- [MACI GitHub repository](https://github.com/privacy-scaling-explorations/maci)
- [MACI documentation](/docs/introduction)
- [A technical introduction to MACI 1.0 - Kyle Charbonnet](/blog/maci-1-0-technical-introduction)
- [Minimal anti-collusion infrastructure - Vitalik](https://ethresear.ch/t/minimal-anti-collusion-infrastructure/5413)
- [PSE Discord server](https://discord.com/invite/sF5CT5rzrR)
## Release
Here's the link to the new release code in GitHub: [v1.2.0 Release](https://github.com/privacy-scaling-explorations/maci/releases/tag/v1.2.0).