Security & Privacy Guarantees
Agora combines cryptographic security with blockchain immutability to deliver the highest standards of privacy and verifiability.
Security First — Seven Cryptographic Guarantees
Security and privacy are not optional features at Agora — they are the product. Every user action (vote, post, comment, boost, claim) is protected by at least one of seven cryptographic guarantees, each backed by auditable circom circuits, OpenZeppelin v5 contracts, or formally-enforced infrastructure controls.
Unlike traditional systems that rely on trust in centralized authorities, Agora uses mathematical proofs to guarantee security properties. These guarantees hold even if the backend is fully compromised — as long as the blockchain remains secure and the ZK circuits remain sound. Token Engine v2 is scheduled for a third-party security audit in Q2 2026.
The seven pillars below cover the full surface area: anonymous voting (Semaphore), spam-resistant posts (RLN), pseudonymous reputation (UniRep), on-chain integrity (ERC20Votes snapshots), privacy-preserving analytics (k ≥ 25), shielded fees + multi-sig treasury, and public verifiability.
Semaphore v4 Zero-Knowledge Proofs
Semaphore v4 ZK circuits ensure voter identity is cryptographically separated from vote choice. No backend, blockchain node, or attacker can link a vote to a voter, even with full system access.
Security Guarantees:
- Identity commitment is a Poseidon2 hash — not reversible
- ZK proof verifies membership without identity disclosure
- Nullifier prevents double-voting while maintaining anonymity
- Client-side proof generation — secrets never leave the device
- Groth16Verifier.sol validates all proofs on-chain
RLN — Rate-Limiting Nullifier
RLN (Rate-Limiting Nullifier) provides cryptographically-enforced per-epoch rate limits on anonymous posts and comments. Users who exceed the quota automatically reveal their secret; honest users remain fully anonymous.
Security Guarantees:
- Per-epoch quota enforced by rln.circom
- Spammers self-identify on quota overflow (Shamir secret sharing)
- Honest users remain fully anonymous
- Offline quota tracking on mobile with server sync
UniRep Pseudonymous Reputation
UniRep provides epoch-based reputation that can be proved in zero-knowledge. Users can demonstrate reputation ≥ threshold, boost/squash content, and transition state — all without revealing who they are.
Security Guarantees:
- epoch_key.circom generates fresh pseudonyms per epoch
- reputation_proof.circom proves rep ≥ threshold without disclosure
- state_transition.circom enforces honest epoch transitions
- Sybil resistance through reputation cost, not identity checks
Multi-Chain Immutability + ERC20Votes
Votes, staking, vesting, and governance are recorded on-chain across five networks (Ethereum + Base + Arbitrum + Optimism + Polygon). AGRGovernor uses ERC20Votes snapshots — flash-loan resistant by construction.
Security Guarantees:
- Cryptographically secured by blockchain consensus
- Deployed across 5 networks — no single chain of custody
- ERC20Votes snapshots prevent flash-loan governance attacks
- AGRTimelock.sol enforces execution delay on sensitive operations
k-Anonymity Analytics (k ≥ 25)
Agora's analytics engine enforces k-anonymity with k ≥ 25 on every metric exposed to organization dashboards. Individual user behavior is never exposed — only aggregates that satisfy the threshold are released.
Security Guarantees:
- Every metric query validated against k ≥ 25 threshold
- Event store + schema registry for auditable aggregation
- Daily aggregate tables (PollDailyAggregate, CommunityDailyAggregate, PostDailyAggregate)
- Raw events purged after aggregation window
Shielded Fees + Multi-Sig Treasury
shielded_fee.circom hides the exact poll activation cost. AGRTreasury.sol enforces tiered multi-sig approval: 1 signer for ≤1K AGR, 2 signers for ≤10K, 3 signers for transfers above 10K — preventing both griefing and rug pulls.
Security Guarantees:
- Shielded fee proofs hide exact transfer amounts
- Multi-sig tiered approval (1/2/3 signers)
- Treasury health directly drives reward multipliers (NORMAL/WARNING/CRITICAL/EMERGENCY)
- 40% minimum reserve floor enforced on-chain
Public Verifiability
All proofs are publicly verifiable on-chain. Anyone can audit vote counts, staking positions, vesting schedules, treasury balances, and governance decisions — without compromising voter or user privacy.
Security Guarantees:
- Public blockchain records for full audit
- Groth16 proof verification on-chain
- Merkle tree root validation
- ZKRollupDA.sol anchors batch state commitments
Privacy Guarantees
Identity Protection
Voter identities are never stored with votes. Only identity commitments (hashes) are used, which cannot be reversed to reveal the original identity.
Vote Anonymity
Zero-knowledge proofs ensure that even with access to all system data, it's mathematically impossible to link a vote to a specific voter.
No Correlation
Multiple votes from the same user cannot be correlated. Each vote is independently anonymous, even if the same identity is used.
Coercion Resistance
Since votes cannot be linked to identities, voters cannot be coerced or intimidated based on their voting choices.
Security Measures
Cryptographic Security
- Semaphore v4 + RLN + UniRep — 6 custom circom circuits
- Poseidon2 hash function for commitments
- EdDSA signatures + Groth16 verification
- Merkle tree depth 20 (supports 1M+ members per group)
- crypto.randomInt() (not Math.random) across all ZK paths
Smart Contract Security
- 13 contracts built on OpenZeppelin v5 primitives
- Solidity 0.8.27 (Cancun EVM), optimizer runs=200
- Role-based AccessControl on PollManagerV2+ (POLL_ADMIN, MERKLE_ADMIN, OPERATOR)
- AGRTimelock + multi-sig tiered treasury approval
- ERC20Votes snapshots — flash-loan resistant governance
- Third-party security audit — Planned Q2 2026
Infrastructure Security
- HTTPS/TLS encryption for all communications
- AWS KMS key management (EU-West-1) for Canton validator
- Rate limiting (RLN + application-level throttling)
- Prometheus + Grafana monitoring for prover, staking, treasury
- Gnark prover cluster isolated on private subnet
Audit & Verification
Agora's security model is designed for transparency and verifiability. All critical components are open-source and can be independently audited:
Smart Contracts
- Open-source Solidity contracts
- Publicly verifiable on Etherscan
- Third-party audit recommendations
ZK Circuits
- Semaphore protocol (battle-tested)
- Circom circuit source code available
- Trusted setup ceremony participation
Security Best Practices
Users should always verify smart contract addresses, use official frontends, and keep their private keys secure. Never share your identity secret or private keys with anyone.
Threat Model & Mitigations
Backend Compromise
Threat: Attacker gains access to backend database and servers.
Mitigation: ZK proofs ensure votes remain anonymous even if backend is compromised. Identity secrets are never sent to servers. Blockchain verification is independent of backend.
Blockchain Attack
Threat: 51% attack or smart contract exploit.
Mitigation: Ethereum's security model and smart contract best practices. Immutable records prevent retroactive tampering. Public verifiability enables detection of anomalies.
Identity Correlation
Threat: Attempts to link votes to identities through metadata or timing analysis.
Mitigation: ZK proofs prevent any correlation. Nullifiers prevent double-voting without revealing identity. Merkle tree structure hides individual memberships.
Comprehensive Risk Analysis
Technical Risks
ZK Proof Complexity
Risk: ZK proof generation requires significant computational resources, especially on mobile devices. Complex proofs may take 10-30 seconds to generate.
Mitigation: Client-side proof generation with progress indicators. Optimized Semaphore circuits. Future mobile optimizations planned.
Gas Costs
Risk: Ethereum mainnet gas costs can be high (estimated 800K-5M gas per poll creation, ~200K-500K gas per vote). High gas prices may limit accessibility.
Mitigation: Layer 2 solutions planned (Polygon, Arbitrum, Base). Gas optimization in smart contracts. Transaction relayer for subsidized costs.
Scalability Limitations
Risk: Merkle tree depth of 20 supports up to 1,048,576 voters per poll. Very large polls may face performance challenges.
Mitigation: Batch processing for large polls. Off-chain aggregation with on-chain verification. Future support for larger tree depths.
Smart Contract Vulnerabilities
Risk: Potential bugs or exploits in smart contracts could compromise vote integrity.
Mitigation: OpenZeppelin contracts for standard security. Comprehensive testing. Planned third-party audits. Formal verification for critical functions.
Regulatory & Legal Risks
Voting Regulations
Risk: Different jurisdictions have varying regulations for electronic voting. Some may require specific certifications or compliance.
Mitigation: Platform designed for non-binding polls and surveys. Legal consultation for binding vote use cases. Compliance framework development.
Securities Regulations
Risk: AGR token may be subject to securities regulations in some jurisdictions.
Mitigation: Token designed as utility token for platform use. Legal review of token structure. Compliance with applicable regulations.
Data Protection Laws
Risk: GDPR, CCPA, and other data protection regulations may apply to user data.
Mitigation: Privacy-by-design architecture. Minimal data collection. Anonymization through ZK proofs. Compliance framework development.
Market & Adoption Risks
Low Adoption
Risk: Platform may struggle to gain traction if users don't see value or find it too complex.
Mitigation: User-friendly interfaces. Educational content. Incentive mechanisms (token rewards). Strategic partnerships. Community building.
Competition
Risk: Established platforms (Snapshot, Aragon) or new competitors may capture market share.
Mitigation: Unique value proposition (true anonymity via ZKP). Continuous innovation. Strong community engagement. Technical superiority.
Token Price Volatility
Risk: AGR token price volatility may affect platform economics and user incentives.
Mitigation: Deflationary model creates upward pressure. Treasury management. Utility-focused token design. Long-term value proposition.
Operational Risks
Infrastructure Failures
Risk: Backend servers, databases, or blockchain network issues could disrupt service.
Mitigation: Redundant infrastructure. Monitoring and alerting. Disaster recovery plans. Blockchain decentralization reduces single points of failure.
Key Personnel Risk
Risk: Loss of key team members could impact development and operations.
Mitigation: Documentation and knowledge sharing. Team expansion. Community contributions. Future decentralization.
Treasury Management
Risk: Poor treasury management could deplete reserves and affect sustainability.
Mitigation: Automated dynamic reward system. Minimum reserve requirements (40%). Transparent treasury reporting. Future DAO governance.