Moscow Blockchain Voting System 'Completely Insecure,' Says Researcher

A blockchain system that will soon be used to allow Moscow residents to vote in elections is currently easy to hack, according to a researcher.

AccessTimeIconAug 16, 2019 at 12:17 p.m. UTC
Updated Aug 18, 2021 at 11:38 p.m. UTC

Presented By Icon

Election 2024 coverage presented by

Stand with crypto

A blockchain-based system that will be used to allow Moscow residents to vote in municipal elections this autumn is very easy to hack, according to a research note from a French cryptography expert.

Titled, "Breaking the encryption scheme of the Moscow internet voting system," the paper by Pierrick Gaudry, a researcher from French governmental scientific institution CNRS, looked at the encryption scheme used to secure the public code of the Moscow city government's ethereum-based e-voting platform.

  • Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
    13:18
    Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
  • Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
    05:10
    Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
  • The first video of the year 2024
    04:07
    The first video of the year 2024
  • The last regression video of the year 3.67.0
    40:07
    The last regression video of the year 3.67.0
  • Gaudry concluded that encryption scheme used in part of the code "is completely insecure, explaining:

    "It can be broken in about 20 minutes using a standard personal computer, and using only free software that is publicly available. More precisely, it is possible to compute the private keys from the public keys. Once these are known, any encrypted data can be decrypted as quickly as they are created."

    To be clear, the issue is not with the ethereum code used as a basis for the platform. The encryption used in the Moscow system, the researcher said, is a variant of ElGamal and uses keys that are "less than 256 bits long."

    "This is way, way too short to guarantee any security," Gaudry said.

    As stated on the city administration's website, voters from three constituencies can choose to use the system to elect deputies to the Moscow City Duma, or parliament, on Sept. 8.

    For the trial effort, the site claims:

    "Moscow electronic elections guarantee complete anonymity and secrecy of the vote. No one can associate an electronic return with the name of the voter."

    In fact, Gaudry said, "in the worst-case scenario," the poor level of encryption at present would mean details of all voters' choices "would be revealed to anyone as soon as they cast their vote." He added though that, not having read the protocol for the system, the consequences of a potential hack are hard to pinpoint.

    To be fair to the development team, the system had been the subject of a "public intrusion test" aimed to spot any such issues late in July with Gaudry using the source code made available on Github.

    Gaudry did reach out to the Moscow Department of Information Technology team developing the voting system about the security weakness. They acknowledged that the cryptographic keys are not currently sufficiently secure, and said they would be upgraded to 1,024 bits soon.

    Moscow image via Shutterstock

    Disclosure

    Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

    CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.


    Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.