Moscow Blockchain Voting System ‘Completely Insecure,’ Says Researcher

News


A blockchain-based system that will be used to allow Moscow residents to vote in municipal elections this autumn is very easy to hack, according to a research note from a French cryptography expert.

Titled, “Breaking the encryption scheme of the Moscow internet voting system,” the paper by Pierrick Gaudry, a researcher from French governmental scientific institution CNRS, looked at the encryption scheme used to secure the public code of the Moscow city government’s ethereum-based e-voting platform.

Gaudry concluded that encryption scheme used in part of the code “is completely insecure, explaining:

“It can be broken in about 20 minutes using a standard personal computer, and using only free software that is publicly available. More precisely, it is possible to compute the private keys from the public keys. Once these are known, any encrypted data can be decrypted as quickly as they are created.”

To be clear, the issue is not with the ethereum code used as a basis for the platform. The encryption used in the Moscow system, the researcher said, is a variant of ElGamal and uses keys that are “less than 256 bits long.”

“This is way, way too short to guarantee any security,” Gaudry said.

As stated on the city administration’s website, voters from three constituencies can choose to use the system to elect deputies to the Moscow City Duma, or parliament, on Sept. 8.

For the trial effort, the site claims:

“Moscow electronic elections guarantee complete anonymity and secrecy of the vote. No one can associate an electronic return with the name of the voter.”

In fact, Gaudry said, “in the worst-case scenario,” the poor level of encryption at present would mean details of all voters’ choices “would be revealed to anyone as soon as they cast their vote.” He added though that, not having read the protocol for the system, the consequences of a potential hack are hard to pinpoint.

To be fair to the development team, the system had been the subject of a “public intrusion test” aimed to spot any such issues late in July with Gaudry using the source code made available on Github.

Gaudry did reach out to the Moscow Department of Information Technology team developing the voting system about the security weakness. They acknowledged that the cryptographic keys are not currently sufficiently secure, and said they would be upgraded to 1,024 bits soon.

Moscow image via Shutterstock



Source link

Infolinks.com, 3210366 , DIRECT rubiconproject.com, 20322, RESELLER, 0bfd66d529a55807 google.com, pub-6373315980741255, RESELLER, f08c47fec0942fa0 google.com, pub-4299156005397946, RESELLER, f08c47fec0942fa0 Adtech.com, 11409, RESELLER appnexus.com, 3251, RESELLER Pubmatic.com, 60809,RESELLER,5d62403b186f2ace Pubmatic.com, 158270, RESELLER,5d62403b186f2ace sovrn.com, 268479, DIRECT, fafdf38b16bf6b2b lijit.com, 268479, DIRECT, fafdf38b16bf6b2b lijit.com, 268479-eb, DIRECT, fafdf38b16bf6b2b aol.com, 6202, RESELLER aol.com, 17744, RESELLER lkqd.net, 295, RESELLER, 59c49fa9598a0117 lkqd.com, 295, RESELLER, 59c49fa9598a0117 Freewheel.tv, 482337, RESELLER Freewheel.tv, 480609, RESELLER appnexus.com, 7666, RESELLER, f5ab79cb980f11d1 rubiconproject.com, 156042, RESELLER, 0bfd66d529a55807 pubmatic.com, 156872, RESELLER, 5d62403b186f2ace Rubiconproject.com, 20848, RESELLER, 0bfd66d529a55807 contextweb.com, 559988, RESELLER, 89ff185a4c4e857c rhythmone.com, 2221906906,DIRECT,a670c89d4a324e47 districtm.io, 101519, RESELLER indexexchange.com, 175407, RESELLER 33across.com, 0010b00002CpYhEAAV, RESELLER, bbea06d9c4d2853c rubiconproject.com, 16414, RESELLER, 0bfd66d529a55807 pubmatic.com, 156423, RESELLER, 5d62403b186f2ace rhythmone.com, 2439829435, RESELLER, a670c89d4a324e47 indexexchange.com, 185506, RESELLER Smartadserver.com,3238,RESELLER contextweb.com,560288,RESELLER,89ff185a4c4e857c pubmatic.com,156439,RESELLER pubmatic.com, 154037,RESELLER rubiconproject.com,16114,RESELLER, 0bfd66d529a55807 openx.com,537149888,RESELLER,6a698e2ec38604c6 sovrn.com, 257611,RESELLER, fafdf38b16bf6b2b appnexus.com,3703,RESELLER,f5ab79cb980f11d1 EMXDGT.com, 68, RESELLER, 1e1d41537f7cad7f rubiconproject.com, 17262, RESELLER, 0bfd66d529a55807 indexexchange.com, 184311, RESELLER gumgum.com,13318,RESELLER,ffdef49475d318a9 adtech.com,12094,RESELLER google.com, pub-5617098146054077, RESELLER, f08c47fec0942fa0 spotx.tv, 74964, RESELLER, 7842df1d2fe2db34 openx.com, 540362347, RESELLER, 6a698e2ec38604c6 advertising.com, 24831, RESELLER appnexus.com, 10736, RESELLER

Leave a Reply

Your email address will not be published. Required fields are marked *

12 + 8 =