Privacy, or lack of, in Weighted Voting
It should be easy to make weighted voting systems private, right?
A short blog post about B-Privacy led by Sam and Dani, with extra commentary and thoughts by me. The paper was recently accepted at USENIX 2026.
There is a common mechanism shared between DAOs and traditional corporate governance: weighted voting systems to allow a set of stakeholders to collectively make decisions.
In a weighted voting system, voting power is proportional to ownership:
Shareholders — shares,
DAOs — tokens.
Voting weights are often highly disproportionate with a small number of very large voters alongside a long tail of small voters. This is because the voting weights, shares or tokens, often possess real-world economic value and represent the holder’s financial stake.
Governance influence is intentionally tied to economic exposure rather than political equality between participants.
Transparent Voting Systems
Remarkably, nearly all implementations of weighted voting systems are very public in nature:
Votes are public,
Voting power is public,
Running tally is public,
Public voting does allow anyone to independently verify the result, but it also introduces a range of well-known problems. This raises the question of whether classical e-voting research can be applied to support private and publicly verifiable voting in a weighted voting setting.
Interestingly, while DAOs are fully public, shareholder voting is semi-private as small voters are hidden behind brokers and only large voters are revealed or inferable.
Public vs Private Voting: Which Is Better?
This brings us to a central question:
Should governance systems incorporate privacy-preserving voting mechanisms or should voting remain fully public?
At the heart of this question is the risk of a governance tragedy of the commons, where individually rational voting behaviour may undermine long-term collective interests.
Put another way, should voting systems protect a voter’s ability to vote according to their own judgement, or should they enable third parties to observe, pressure, or otherwise influence how voters vote?
There are several reasons why keeping the status quo of public voting is desirable:
Anyone can openly challenge and hold accountable voters for decisions they make.
Public voting encourages lobbying, coalition formation, and strategic coordination around proposals.
Voters may vote strategically to influence outcomes, signal alignment with particular groups, or engage in broader political posturing.
The above may sound unusual in the context of democratic voting, but DAOs and shareholder voting are often more closely aligned to business governance than to public-good decision-making. In these settings, stakeholder alignment, coalition-building, and visible consensus can be especially important.
At the same time, private voting can allow voters to express their true preference without external pressure, which may be especially important for controversial decisions with long-lasting consequences, or where a voter disagrees with the wider political posturing around the issue.
Private voting relies on the concept of plausible deniability: voters can mislead third parties about how they voted because they cannot produce convincing or definitive proof of their actual vote.
This breaks the enforceability of vote buying, coercion, and other forms of external influence.
However, this leads to a tension between privacy and accountability.
Voters have a material impact on organisational structures, protocol upgrades, and major treasury allocations. If participants can vote in ways that undermine the collective interest, as perceived by others, should those decisions remain private or publicly visible and open to challenge?
The debate on whether to implement public or private voting for governance decision-making rests on two deeper questions about what leads to better governance outcomes:
Are governance systems more likely to produce better outcomes when voters can confidently express their true preferences?
Or when influence, lobbying, coordination, and political alignment are fully observable and enforceable?
There is no straightforward answer to this question.
However, as this article is focused on private voting, we assume that privacy-preserving voting systems are desirable for DAOs and shareholder voting.
Security and Privacy Notions in Academic E-Voting Research
E-voting is a field of research that is over 30 years old with numerous protocols, primarily focused on one-person-one-vote systems.
Nearly all voting systems focus on:
Ballot-secrecy: The content of a vote remains private under the protocol’s stated trust assumptions (i.e., unless tallying authorities collude).
Dispute-freeness: Anyone can verify, from the public transcript, that the protocol was executed correctly and that each voter followed the protocol rules.
Additionally, for an individual voter, the voting system should provide end-to-end verifiability, meaning that:
Cast as intended: The voter has a way to check that the voting system captured the choice they intended to make.
Recorded as cast: The voter can verify that their cast ballot was recorded on the public bulletin board or included in the set of accepted ballots.
Tallied as recorded: Anyone can verify that the recorded ballots were correctly included in the final tally.
The above properties focus on privacy and verifiability, but they do not by themselves prevent external influence, lobbying or vote buying.
This is because a system may satisfy all of the above guarantees, but still allow a voter to convincingly prove how they voted to others. If a voter can credibly prove how they voted, they can credibly sell their vote to the highest bidder.
This brings us to the concept of receipt-freeness and coercion-resistance that seeks to weaken the voter’s credibility to convince a third party on how they voted:
Receipt-freeness: A voter cannot produce convincing evidence of how they voted to another party, even if they willingly attempt to do so.
Coercion-resistance: A coercer or voter cannot reliably determine whether a voter followed their instructions, even if the voter actively interacts with them during the voting process.
Put simply, receipt-freeness prevents a voter producing evidence, whereas coercion-resistance undermines the coercer’s confidence that a voter has followed their instruction.
Privacy Breaks Down in Weighted Voting Systems
The security notions developed for one-person-one-vote systems do not necessarily apply for weighted voting systems.
Let’s assume there is a weighted voting system with strong privacy guarantees such that:
All ballots are encrypted,
Link between voters and votes is hidden,
Voters cannot prove how they voted.
Voter privacy can be broken if the set of voters, their voting weights, and the final tally are public.
Let’s work through an example to illustrate why.
Take this opportunity to review the above diagram.
Can you tell how any individual voter voted?
Yes!
Answer: Alice and Bob’s voting weights sum to 4, meaning they must have voted FOR together. Caroline is the only voter with sufficient voting weight to produce 5 AGAINST, meaning she must have voted AGAINST.
Does the Tally Really Leak Votes at Scale?
An academic paper, B-Privacy: Defining and Enforcing Privacy in Weighted Voting, examined how much information a tally can leak about individual votes.
They analysed 3,844 proposals across 31 DAOs:
Small DAOs with <45 voters, complete voter recovery in 791 / 878 cases, 90% of all proposals.
Large DAO, primarily whales (large voters) are leaked and can represent up to 80% of total voting power.
Full voter recovery in 1,122 proposals (29.2%)
The authors only relied upon the public voting weights and the final tally to perform the analysis. To validate the results, they used the public voting data as ground-truth data.
Tally Privacy Is a Missing Security Property
Any threat model for a weighted voting system must consider the Tally itself and whether it leaks information to an adversary.
In some cases, the distribution of voting power makes leakage unavoidable:
Superwhale. If a single whale controls more than 50% of the total voting weight, then the final outcome will reveal how the whale voted. In this setting, the problem is no longer breaking the Tally, but identifying whether the whale participated in the vote at all.
Outside of extreme cases where voting power is highly concentrated, the takeaway for Tally privacy is that information leakage should be understood as a spectrum rather than a binary property.
At one end of the spectrum, publishing the exact tally creates the highest risk of leakage, as demonstrated previously. At the other end, revealing only the final outcome without publishing the tally leaks the least amount of information.
The missing piece of the spectrum is the middle, where the tally is revealed but it is harder to infer. This is called fuzzing, where noise is intentionally added to the final tally. Noise is effectively adding positive or negative values to each tally option and intentionally weakening the linkage between the aggregation of all votes and the published results.
However, its effectiveness depends on two key factors:
Distribution of voting power
Amount of noise introduced to the tally
If voting power is highly concentrated, no reasonable level of noise will meaningfully protect voter privacy. Conversely, as we will see, where voting power is distributed across multiple voters, a fuzzing approach can help obscure how individual voters voted.
The appropriate level of noise depends on the concentration of voting power, but care must be taken. Too much fuzzing may reduce the usefulness of sentiment analysis and it may also accidentally flip the vote and present the wrong winning outcome. Solution in paper always preserves the right outcome.
Framework for Fuzzing Tallies and Privacy Against Bribery
The B-Privacy paper introduced a new framework for investigating the privacy of a voting system through the lens of a bribery game.
The briber’s goal is to maximise the probability of a yes outcome. To do that efficiently, they must determine whether they can plausibly detect if voters adhered to the bribe’s instructions and should be paid the bribe.
Some bribery strategies include:
Outcome-Based Bribery. A briber may adopt a strategy that conditions payment solely on the outcome of the election. For example, if the proposal passes, the briber can reward the voters representing the top 51% of voting power. In this model, voters do not need to prove how they voted individually as compensation is based entirely on the final result.
Pivotal Voter Bribery. A briber may focus on voters who are likely to determine the outcome of an election. If the vote is expected to be close, a small number of voters may be sufficient to swing the result. In such cases, the briber can target only these pivotal voters and offer rewards contingent on their participation or support for a particular outcome, detectable through the final tally.
It is natural to focus on different bribery strategies that a briber may take on, but it is also important to model a voter’s own utility to evaluate whether they are likely to change their vote and accept a bribe. Several factors may influence a voter’s decision:
Bribe Margin. How much more likely is the voter to get paid if they obey the briber?
A voter is more likely to accept a bribe when voting as instructed meaningfully increases their probability of being paid. If the tally does not let the briber distinguish compliance from defection, the bribe is less enforceable.
Voter Pivotality. How much does the voter’s vote actually matter?
Voters with less voting power and who are less likely to change the election may be more willing to accept the bribe.
Belief About Others. What does the voter expect others to do?
Voters make decisions under uncertainty. Their willingness to accept a bribe depends on their expectations regarding how others will vote and how this impacts the outcome of the election.
Simulation of Bribery — Fuzzing Can Help!
The paper offers a simulation that tests a set of realistic bribery strategies, budgets for the briber, hidden utilities for voters, and tests it against different tally options (winner-only, fuzzed tally, full-disclosure tally). The simulation provides some insight to answer the following question:
How many times more expensive does it become to buy the vote when you change the tally design?
This is condensed into a single metric called Relative B-Privacy. I’d recommend having AI digest the paper to fully understand how the metric is computed and works.
The main conclusion is that adding noise to the Tally does work, but the minimum decisive coalition (MDC) has a significant impact:
Balancer. There is a majority whale that dominates the DAO and adding noise has no impact.
Arbitrum. Around 3.8 voters can swing votes and adding noise increases the cost of bribery by 1.5 times. If winner-only is published, then the cost of bribery increases by 4 times.
Aavegotchi. Around 13 voters can flip the vote and adding noise increases the cost of bribery by 6.2 times. If winner-only is published, then the cost of bribery increases by 19 times.
Of course, the results are simulated and should be treated with a pinch of salt. 🧂
Short Conclusion
The most interesting contribution of B-Privacy is not simply that adding noise can help.
It is interesting because privacy can be evaluated economically by asking how expensive it becomes for an adversary to use leaked information to influence the vote.
That moves the analysis beyond an all-or-nothing privacy break and towards a more practical question:
How much useful leverage does the tally give an adversary? And how much are they willing to pay to use it?
It is a wonderful example of security economics where a side-channel leak can be leveraged by the adversary to advance their own motives.
I spent some time myself on understanding how an adversary can leverage bribery to undermine consensus and still believe it is an under-appreciated topic in cryptocurrency mechanism design. Now, there is a framework dedicated to evaluating privacy via bribery games, yay!
With that, I hope you enjoyed this post, see you next time! 😊









