[Proposal setup] Proposal title

Please provide your proposal title

Midnight ZK Privacy-Preserving Digital Ballot Prototype

[Proposal Summary] Time

Please specify how many months you expect your project to last

3

[Proposal Summary] Translation Information

Please indicate if your proposal has been auto-translated

No

Original Language

en

[Proposal Summary] Problem Statement

What is the problem you want to solve?

Ballot processes in elections and governance rely on in-person steps & trusted operators. Digital options centralize control or expose data, with no assurance of privacy or cryptographic integrity.

[Proposal Summary] Supporting Documentation

Supporting links

• https://github.com/lambdacc/midnight-zk-ballot-prototype

[Proposal Summary] Project Dependencies

Does your project have any dependencies on other organizations, technical or otherwise?

No

Describe any dependencies or write 'No dependencies'

No dependencies

[Proposal Summary] Project Open Source

Will your project's outputs be fully open source?

Yes

Please provide here more information on the open source status of your project outputs

All deliverables will be released under MIT and made public from day one. The full codebase containing Compact contracts, cli module, UI, tests, and documentation will be openly accessible in a GitHub repository, ensuring the project functions as a true reference DApp that others can study, fork, and build on.

[Theme Selection] Theme

Please choose the most relevant theme and tag related to the outcomes of your proposal

RWA

[Campaign Category] Category Questions

What is useful about your DApp within one of the specified industry or enterprise verticals?

This reference dApp is useful because it gives any organisation a practical example of how to run private and verifiable digital voting. The patterns it demonstrates can be applied across several governance-heavy sectors.

In public or civic governance, it helps show how people can vote without revealing who they are or how they voted. It supports remote participation and removes the need for central servers to handle sensitive data.

In enterprises, it can support board elections, shareholder votes, internal policy votes, or anything where confidentiality matters. It provides a model where a company can prove the vote results are correct without exposing employee or shareholder choices.

In education, student unions and academic councils can use the same pattern to run fair and private elections without relying on university administrators to manage or see the ballots.

DAOs and Web3 communities can use the code as a template for private on-chain governance, which is still a major gap in most blockchain voting systems.

By releasing a fully open-source implementation (Compact contract + ZK circuits + UI + wallet integration), developers can adopt the contract, UI, and circuits, and adapt them to their own governance needs. This reduces the barrier to adopting privacy-preserving digital governance and provides developers with a concrete, working example of how to use Midnight for secure decision-making.

What exactly will you build? List the Compact contract(s) and key functions/proofs, the demo UI flow, Lace (Midnight) wallet integration, and your basic test plan.

We will build a complete reference voting dApp on Midnight that demonstrates how private, verifiable digital ballots can work using Compact contracts and Zero-Knowledge proofs. The project includes two eligibility models, the full voting circuits, a simple UI, and Lace (Midnight) wallet integration. Everything will be released open-source so other developers can reuse it.

1. Compact Contract

We will deliver a single Compact contract that supports the full voting flow:

• Create, open, and close a poll
• Record private yes/no vote commitments
• Enforce one-person-one-vote using ZK proofs
• Store minimal private state: vote counts, used nullifiers or consumed tokens, and eligibility indicators
• Support two eligibility paths: vote-access token model | Merkle-root eligibility model (within limits of what’s allowed by midnight SDK libraries)

The contract will be small, easy to read, and designed to be used as a teaching example.

2. Voting Circuits (Core Proofs)

We will build circuits that show:

• The voter is eligible
• The vote is valid and well-formed
• The vote does not reveal identity or metadata
• A token or nullifier is consumed so the voter cannot vote twice
• For the Merkle path, we will add a membership proof circuit if the Midnight SDK supports it. If not, we will structure the contract so this piece can be slotted in later.

3. Eligibility Models

We will implement and demonstrate two eligibility approaches:

• Vote-access token model : Each voter receives a non-transferable token. Casting a vote consumes the token. Enforces exactly one vote per person

• Merkle-root eligibility model: A registration authority publishes a Merkle root of eligible voters. Voters prove membership privately without revealing identity. Ideal for smaller-scale governance or fixed voter lists

Both flows will be available in the repo so other developers can choose based on their use case.

4. Demo UI

A simple UI that lets a user:

• See the poll status and question
• Check which eligibility model applies
• Cast a private yes/no vote
• View local confirmation that the vote was submitted

The UI will stay minimal and instructional, since this is a reference dApp.

5. Wallet and CLI Integration

The project will support both:

• Lace (Midnight) for signing and submitting votes, minting the token, and opening/closing polls
• CLI-based workflow for generating wallets, minting tokens, opening polls, and casting votes directly from the command line

This makes the project useful for developers who prefer UI-based or CLI-based flows.

6. Repository and documentation

• Full open-source repo with Compact contract, circuits, UI, and tests
• A README explaining how everything works and how to run it
• A short guide comparing the two eligibility models
• Scripts for local testing and replaying vote flows

Everything will be MIT-licensed so other teams can fork or extend the design.

How will other developers learn from and reuse your repo? Describe repo structure, README contents, docs/tutorials, test instructions, and extension points. Which developer personas benefit, and how will you gauge impact (forks, stars, issues, remixes)?

Repo structure

• Clean folder layout for Compact contract, circuits, UI, wallet integration, and scripts, extended from midnight starter template.
• Clear file names so developers can follow the full voting flow end to end
• Minimal scaffolding to keep everything easy to navigate

README

• Setup steps for Midnight CLI, generating a wallet, and connecting it to the demo
• How to build and deploy the contract
• Walkthrough of both eligibility paths (token and Merkle)
• Simple diagrams showing how a private vote moves through the system

CLI usage

• Instructions for generating Midnight CLI wallets
• Commands for minting vote tokens, opening/closing polls, and submitting votes
• Examples of running the full vote flow through CLI without the UI
• Scripts that wrap common CLI actions to help new developers get started fast

Documentation and tutorials

• Short guides like: “Open a poll with CLI”, “Mint a vote token with Lace or CLI”, “Cast a private vote from CLI”, Copy-paste examples showing how to call each circuit
• Notes on how to adapt the contract to other governance uses

Tests

• Tests for poll creation, token minting, vote casting, and double-vote prevention for compact related code.
• CLI-driven tests where possible, so developers can replay the scenarios themselves

Reusability

Fully MIT-licensed repo. Developers can fork it, replace the UI, or reuse only the Compact contract patterns

This will be a practical reference for anyone building private voting, governance, or eligibility systems on Midnight

[Your Project and Solution] Solution

Please describe your proposed solution and how it addresses the problem

The Real Problem: Why National Elections Need This

Countries across the world struggle with election integrity due to:

1. Duplicate Voting & Identity Fraud: Manual rolls and weak authentication allow: multi-voting, impersonation,

spoofed entries, fraudulent re-entries

2. Physical Presence Requirement

To prevent impersonation, countries require citizens to physically appear: long queues, travel barriers, disenfranchisement of remote workers or diaspora, accessibility challenges for elderly, disabled, military personnel

3. Booth Capture & Coercion

In many regions, political actors or militants take over polling stations, ballots are replaced, voters are forced or prevented from voting, polling agents become targets

4. Tampering & Manipulation

Paper-based systems have risks of ballot stuffing, manual counting errors, delayed results, opacity, confusion, and political allegations

5. Public Blockchains Cannot Fix This

Placing votes publicly on-chain breaks secrecy:

votes become linkable, metadata and timing leak identity, adversaries can analyze patterns, transparency is not equalt to privacy. A functioning national voting system must guarantee both: Absolute Privacy, Absolute Integrity. Today, no public blockchain or traditional system can satisfy both.

Midnight + Zero-Knowledge can.

The Proposed Solution: A Privacy-Preserving Voting Prototype on Midnight

This project delivers an open-source reference DApp showing how:

1. a citizen proves eligibility privately
2. vote choice remains confidential forever
3. only one vote can be cast
4. results are verifiably correct
5. elections can be conducted remotely and safely
6. auditors gain mathematical integrity proofs

The aim is not to build a full national voting system, but a small, complete reference implementation demonstrating the core cryptographic pattern.

Eligibility Models (Two Supported Approaches)

1. Vote Token–Based Eligibility (Recommended for large scale ballots)

A non-transferable vote-access token (VAT) is delivered to each eligible voter’s wallet. The Midnight contract verifies that token exists, token not used, token burned/consumed during voting.

This model is ideal for, national elections, corporate board elections, shareholder voting, secure referendums

2. Merkle-Root Eligibility (for small-scale cases)

Midnight’s Compact libraries provide promising flexibility for building eligibility proofs, and we anticipate growing support for Merkle-based verification patterns as the SDK matures. This approach remains open-ended: depending on available primitives, the system may support:

• leaf-existence proofs (“I am in the eligibility tree”), or
• additional verification of Merkle root construction, if feasible.

In this model, a registration authority creates a Merkle tree of eligible voter commitments off-chain, while the contract stores only the root. Users then submit a ZK proof of inclusion without exposing any identifying information.

If supported by Midnight’s evolving libraries, this pattern lends itself especially well to smaller-scale governance scenarios such as, student elections, DAOs, associations, civic organizations

Core Voting Circuits (High-Level Only, Not Tied to Implementation Details)

Eligibility Circuit

• Token-based: validates the presence/consumption of vote access token
• Merkle-based: validates membership in eligibility list

Vote Circuit

• Ensures vote format is valid
• Proves vote does not leak identity
• Poll State Circuit
• Allows secure regulation of election
• Checks election is open
• Checks nullifier or token has not been used

These circuits are described intentionally at a conceptual level for flexibility.

Contract State (Minimal & Privacy-Preserving)

The contract maintains only the essential data required to enforce one-person-one-vote and to process votes privately:

Eligibility Indicators (Two Modes Supported)

Access-token mode: record of consumed vote tokens or token IDs

Merkle-mode: optional stored Merkle root representing an eligibility commitment

Double-Voting Protection

A set of used nullifiers or consumed token identifiers to ensure each voter can vote only once

Private Ballot Data

Privacy-protected vote commitments stored inside Midnight’s confidential contract state

Election Status

A simple open/closed flag indicating whether the poll is accepting votes

This will demonstrate Midnight’s private-state capability.

How It Solves National Election Problems

• No duplicate voting: Cryptographic nullifiers or consumed tokens ensure exactly one vote.
• No booth capture: Remote voting eliminates physical takeover risk.
• No voter coercion: Vote choice stays forever private even from election authorities.
• No ballot replacement: Votes are commitments secured by ZK proofs and private contract state.
• No counting manipulation: Tallying happens inside a private Midnight state with verifiable final hashes.
• No long delays: Results can be declared within minutes of poll closure.
• Accessibility: Remote, private voting increases participation for diaspora, elderly, disabled, and marginalized groups.
• Corporate & Institutional Use: The same system can serve: shareholder voting, board elections, employee councils, university governance, cooperative & union voting

[Your Project and Solution] Impact

Please define the positive impact your project will have on Midnight ecosystem

Benefits to the Midnight & Cardano Ecosystem

1. First reference governance DApp for national-scale use cases
2. Demonstrates Midnight’s unique selective-disclosure & private-state model
3. Acts as a base pattern future developers can reuse
4. Helps governments, enterprises, and DAOs understand real Zero-Knowledge use cases
5. Expands Midnight’s early developer ecosystem

Primary Users

• Civic technology developers
• Governance solution builders
• Enterprises needing secure board/shareholder voting
• Universities and institutions
• DAOs requiring anonymous ballots
• Researchers & hackathon participants

Long-Term Value

A functional, replicable, adaptable prototype for any privacy-preserving voting system across industries.

[Your Project and Solution] Capabilities & Feasibility

What is your capability to deliver your project with high levels of trust and accountability? How do you intend to validate if your approach is feasible?

• We have direct experience with Midnight’s Compact contracts, circuits, private state, and tooling from earlier prototype work.
• Our background in Cardano governance systems, smart contracts, backend architecture, and wallet integration aligns exactly with the needs of a private voting flow.
• The project scope is intentionally small and well-defined, which makes delivery within three months realistic.
• The contract, circuits, UI, and CLI steps are all modular and simple, reducing technical risk and keeping the build predictable.
• A public repo is already live with the initial structure and early circuit work, demonstrating readiness and giving reviewers immediate visibility. https://github.com/lambdacc/midnight-zk-ballot-prototype
• All development will happen openly, with milestone-by-milestone commits, tests, and demos available for inspection.
• Behaviour can be validated through unit tests, CLI-driven vote flows, and a runnable UI demo that shows vote casting and private-state updates.
• MIT licensing ensures the community can verify, review, and reuse the implementation at any point during the project.

[Final Pitch] Budget & Costs

Please provide a cost breakdown of the proposed work and resources

Compact contracts and ZK circuits: $4,000

CLI module and TypeScript utilities: $2,000

UI and wallet integration: $2,000

Tests and documentation: $1,000

Project reporting: $1,000

Total Requested: $10,000 USDM

[Final Pitch] Value for Money

How does the cost of the project represent value for the Midnight ecosystem?

• Delivers one of the first reference dApps on Midnight focused on private, verifiable ballot flows that can scale from small groups to national-grade governance.
• High reuse potential for governments, enterprises, DAOs, universities, cooperatives, and any group needing trusted decision-making.
• Gives developers a ready-made starting point for building new privacy-enabled governance tools on Midnight.
• Fully open-source, easy to study, and designed as a teaching example, which increases long-term impact beyond the scope of this project.
• Small, well-defined scope ensures efficient use of funds, with clear milestones and verifiable progress at each stage.

[Self-Assessment] Self-Assessment Checklist

I confirm that the proposal clearly provides a basic prototype reference application for one of the areas of interest.

Yes

I confirm that the proposal clearly defines which part of the developer journey it improves and how it makes building on Midnight easier and more productive.

Yes

I confirm that the proposal explicitly states the chosen permissive open-source license (e.g., MIT, Apache 2.0) and commits to a public code repository.

Yes

I confirm that the team provides evidence of their technical ability and experience in creating developer tools or high-quality technical content (e.g., GitHub, portfolio).

Yes

I confirm that a plan for creating and maintaining clear, comprehensive documentation is a core part of the proposal's scope.

Yes

I confirm that the budget and timeline (3 months) are realistic for delivering the proposed tool or resource.

Yes

[Required Acknowledgements] Consent & Confirmation

I Agree

Yes