VCIP - Voter Compute Integrity Proof
👉 TLDR: VCIP verifies to any viewer that the results the service creates and publishes are complete and true.
The Voter Compute Integrity Proof (VCIP)
Every voting system faces a fundamental trust problem: after you submit your vote, how do you know the results weren't manipulated? Traditional systems ask you to trust the vote counters. Electronic voting asks you to trust the software. Even blockchain voting often asks you to trust the aggregation service.
MetaPoll's VCIP changes this from "trust us" to "verify it yourself."
The problem: Computational integrity in complex voting
When you submit a vote to MetaPoll, a lot happens behind the scenes:
Your cryptographic signature is verified
Your voting weight is calculated (based on token holdings)
Your multi-dimensional preferences are parsed from the MDCM tree structure
A decay function is computed and applied based on when you voted
After all previous steps, MetaPoll constructs a single Voter Signal.
The Voter Signal is then aggregated with thousands or millions of others
Results are computed across potentially millions of preference combinations creating a final result that gets written into an ever growing history of snapshots for that unique MetaPoll.
Any of these steps could be manipulated by a malicious service. They could ignore certain votes, modify vote weights, incorrectly apply decay functions, or simply compute wrong results. In a traditional system, you'd never know.
This is where VCIP comes in.
What VCIP proves
The Voter Compute Integrity Proof is a zero-knowledge proof that mathematically guarantees every computation in the voting process was performed correctly.
Specifically, it proves:
Signature Verification: Every included vote has a valid cryptographic signature from the voter
Correct Weights: Each vote was weighted according to the rules (token balance, delegation, etc.)
Accurate Decay: Time-based decay function was applied correctly
Proper Aggregation: The MDCM preference aggregation followed the protocol
Final Tally: The ranked results accurately reflect all the above computations
The beauty is that anyone can verify this proof in milliseconds, even though the underlying computation might have taken minutes or even hours.
How it works: From TEE to zkSNARK
MetaPoll's VCIP implementation uses a two-stage approach that balances security with practicality:
Stage 1: Trusted Execution Environment
Vote aggregation happens inside a powerful TEE (Trusted Execution Environment) enterprise server, similar to the secure enclave inside an iphone that runs the TouchID code.
The TEE provides:
Isolation: The computation runs in a secure enclave that even MetaPoll can't access
Privacy: The individual votes are encrypted to a cryptographic key that only the TEE can read, meaning even we can't see the voting data, yet we can be confident that all included votes were valid
Attestation: Cryptographic proof of exactly what code was run
Reproducibility: Anyone can verify the same code produces the same results
Stage 2: Zero-Knowledge Proof
The TEE attestation is then converted into a zkSNARK proof (Zero-Knowledge Succinct Non-Interactive Arguments of Knowledge) .
This transformation is crucial because:
zkSNARKs are more universally verifiable (no dependency on specific hardware)
The proof is succinct - just a few hundred bytes regardless of computation and voter size
It inherits all the zero-knowledge properties we need
The TEE + zkSNARK approach let's MetaPoll ship a working system today while keeping the path open for future VCIP version improvement as ZK technology matures.
Verification in practice
As a voter, verifying the VCIP is straightforward:
Get the snapshot: Download the snapshot containing results you want to verify
Extract the proof: The VCIP proof is included in the snapshot metadata
Run verification: Your client (wallet, dApp, etc.) runs the zkSNARK verifier
Check inclusion: Use the VDIP (separate system) to verify your specific vote was included
Why VCIP matters
VCIP transforms voting from a trust exercise into a cryptographic guarantee.
This matters because:
No more black boxes: Every step of vote counting is mathematically verifiable
Fraud resistance: Impossible to silently include invalid votes - the proof would fail
Error detection: Any bug in tallying would cause proof generation to fail
Future-proof: As MetaPoll evolves, VCIP ensures computational integrity remains
The bigger picture: Verifiable democracy
VCIP is part of MetaPoll's broader vision where every aspect of voting is verifiable:
VDIP proves your individual vote was included
VCIP proves all votes were counted correctly
Arweave storage ensures results can't be deleted
Snapshots chained together provide an auditable history
Together, these create what might be the first truly verifiable voting system - one where "trust me" is replaced entirely by "verify it yourself."
Technical evolution
The current TEE-to-zkSNARK approach is pragmatic but not the end goal. Future versions might:
Generate zkSNARKs directly without TEE intermediation
Use recursive proofs to handle massive vote counts efficiently
Implement specialized circuits optimized for MDCM operations
Enable real-time proof generation as votes arrive
In general, we'll continue to update and improve the VCIP as possible
Don't trust, verify.
Instead of debating which authorities to trust, we can eliminate trust entirely. Every computation, from signature verification to final ranking, becomes mathematically verifiable.
For voters, this means peace of mind. For governance, it means legitimacy through cryptography rather than authority. And for democracy itself, it means a foundation built on mathematical truth rather than institutional trust.
The question changes from "How do I know you counted correctly?" to "Here's the proof - verify it yourself." That's the power of MetaPoll's approach.
Last updated