DaoLeaks: Anonymous DAO Messaging Platform

Product Description

DaoLeaks is a decentralized platform that enables anonymous messaging for DAO members and token holders. Users can post messages while proving their voting power eligibility through zero-knowledge proofs, maintaining privacy without revealing their identity or exact token holdings.

Core Functionality

Anonymous Messaging: Token holders can share opinions, feedback, and governance insights without exposing their wallet addresses. Messages are categorized by voting power tiers (>1k, >10k, >50k tokens) to provide context while preserving anonymity.

Zero-Knowledge Verification: The system uses cryptographic proofs to verify that users meet minimum token requirements without revealing their actual balances or identities. This prevents spam while maintaining privacy.

Gasless Operation: Users don't pay transaction fees. Messages are submitted through a relay service that handles blockchain interactions.

Technical Implementation

Architecture:

• Smart contracts on Base Sepolia for message storage and proof verification
• Noir zero-knowledge circuits for privacy-preserving token balance verification
• React frontend with wallet integration and client-side proof generation
• Ethereum storage proofs to verify token balances against blockchain state

Privacy Mechanism:

1. User connects wallet and composes message
2. System generates storage proof of token balance from blockchain
3. User signs message with EIP-712 standard
4. Zero-knowledge proof is generated client-side proving signature ownership and sufficient voting power
5. Message submitted anonymously via relay service

Security Features: Message authenticity through cryptographic signatures, storage root validation for recent blockchain state, and EIP-712 domain separation for replay protection.

Current Status

Deployed: Working smart contracts, complete zero-knowledge circuits, functional web interface with wallet integration, and operational relay system for gasless transactions.

Use Cases: Anonymous feedback on governance proposals, whistleblowing on DAO issues, minority opinion expression, and honest discourse without social pressure.

The platform addresses the need for private communication channels in token-based governance systems where public accountability can inhibit honest feedback and minority voices.

DaoLeaks: Technical Implementation

Architecture Overview

DaoLeaks is built using a three-layer architecture combining zero-knowledge cryptography, smart contracts, and a React frontend to enable anonymous yet verifiable messaging for DAO members.

Core Components

Zero-Knowledge Circuit (Noir)

• Storage Proof Verification: Custom Noir circuits verify Ethereum storage proofs to confirm token balances without revealing exact amounts
• Signature Verification: ECDSA secp256k1 signature verification ensures message authenticity while maintaining anonymity
• Merkle Patricia Trie Implementation: Full implementation of Ethereum's storage trie verification including RLP decoding and node traversal
• Multi-depth Support: Circuits compiled for storage proof depths 1-20 to handle different blockchain storage structures
• Ultra Honk Backend: Uses Aztec's Ultra Honk proving system for efficient proof generation and verification

Smart Contract System (Solidity)

• Proof Verification: 20 separate Honk verifier contracts for different storage proof depths
• Message Storage: On-chain storage of anonymous messages with voting power tiers and timestamps
• EIP-712 Implementation: Structured message signing with domain separation for security
• Storage Root Management: Oracle system for managing valid blockchain storage roots with time-based expiration
• Voting Power Tiers: Three-tier system (1k, 10k, 50k tokens) with configurable thresholds

Frontend Application (React/TypeScript)

• Wallet Integration: WalletConnect/AppKit for seamless wallet connections
• Client-side Proving: Browser-based zero-knowledge proof generation using WebAssembly, ensuring user data never leaves their device
• Storage Proof Generation: Direct RPC calls to fetch Ethereum storage proofs for user's token balance
• Signature Utilities: EIP-712 message signing with proper domain parameters
• Relay Integration: Gasless transaction submission through API endpoints

Cryptographic Flow

Proof Generation Process:

1. Storage Proof Fetching: Query blockchain RPC for storage proof of user's token balance at specific block
2. Message Signing: Generate EIP-712 signature of message content using connected wallet
3. Public Key Recovery: Extract public key from signature for circuit input
4. Circuit Execution:
   • Verify storage proof against known storage root
   • Verify signature matches recovered public key
   • Confirm token balance meets minimum threshold
   • Generate zero-knowledge proof of all constraints entirely in the user's browser
5. On-chain Verification: Smart contract verifies proof using precompiled Honk verifier

Privacy Guarantees:

• Identity Protection: Wallet address never included in public inputs or stored on-chain
• Balance Privacy: Only tier-level voting power revealed, not exact token amounts
• Unlinkability: No correlation possible between multiple messages from same user
• Forward Secrecy: Historical messages remain anonymous even if identity later revealed
• Client-side Privacy: All sensitive computations happen locally in the browser, eliminating the need to trust external proving services

Security Considerations

• Storage Root Validation: Time-bounded storage roots prevent stale state attacks
• Signature Domain Separation: EIP-712 prevents cross-contract signature reuse
• Proof Depth Validation: Circuit constraints prevent malicious storage proof manipulation
• Relay Protection: Server-side validation before blockchain submission
• Client-side Proving: Eliminates need to trust external proving services and ensures maximum privacy `