A French security researcher found a critical vulnerability in the blockchain-based voting system Russian officials are planning to use Moscow's 2019 Duma elections next month.
Pierrick Gaudry, academician at the University of Lorraine and researcher at INRIA, the French research institute for digital sciences, has discovered he can calculate the private keys of the voting system based on his public keys . These private keys are used together with the public keys to encrypt the votes of the users expressed in the elections.
Cryptography of the Moscow blockchain voting system interrupted in 20 minutes
Gaudry blamed the problem of Russian officials using a variant of the ElGamal cryptography scheme that used cryptographic key sizes too small to be secure. This means that modern computers could break the encryption scheme in minutes.
"It can be broken in about 20 minutes using a standard personal computer and using only publicly available free software," Gaudry said in a report published earlier this month.
"Once these [private keys] they are known, all the encrypted data can be decrypted as quickly as they are created, "he added.
What an attacker can do with these cryptographic keys is currently unknown, since the voting system protocols were not yet available in English, so Gaudry could not investigate further.
"Without having read the protocol, it is difficult to say precisely the consequences, because although we believe that this weak encryption scheme is used to encrypt the cards, it is not clear how easy it is for an attacker to have the correspondence between the cards and the voters "said the French researcher.
"In the worst case, the votes of all voters using this system would be revealed to anyone as soon as they cast their vote."
A unique system of its kind
Moscow's blockchain voting system is a first of its kind. It was developed internally by the Moscow Department of Computer Science and functions as a "smart contract" on Ethereum's blockchain platform.
The voting system will be put into operation on September 8th and will last 12 hours, in sync with the official voting session.
Once deployed on election day (8 September), it will allow Moscow residents to vote in elections via the Internet, via their phones or home computers, and to have their votes encrypted on Ethereum's public blockchain.
This Internet-based and blockchain-based voting system is not just limited to people traveling abroad or people with disabilities. Anyone who registers in advance can use it, which means that it has the potential to attract people who would normally skip election days.
Once implemented next month, Moscow's Internet voting system would become the first blockchain-based system used in a legally binding election and not just in limited testing.
Moscow officials promise a solution
The French academic was able to test the upcoming Moscow blockchain-based voting system because officials published his source code on GitHub in July and asked security researchers to do their shots. best.
Following the discovery of Gaudry, the Moscow Information Technology Department promised to solve the reported problem: the use of a weak private key.
"We absolutely agree that the length of the 256×3 private key is not secure enough," a spokesman said in an online reply. "This implementation was used only in a trial period. In a few days the key length will be changed to 1024."
Gaudry, who discovered that Moscow officials modified the ElGamal cryptography scheme to use three weaker private keys instead of one, cannot explain why the IT department chose this path.
"This is a mystery," the French researcher said. "The only possible explanation we can think of is that the designers thought that this would compensate for the too small key dimensions of the prime numbers involved. But 3 prime numbers of 256 bits are not really the same as a prime number of 768 bit."
However, a 1024-bit public key may not be sufficient, according to Gaudry, who believes officials should use at least 2048 bits.
This design decision also baffled Chris Roberts, Chief Security Strategist at Attivo Networks.
"Because on this planet the platform developers should choose a weak length in the first place is obviously a question. Is it lack of knowledge and understanding? Or simply trying to maximize speed and efficiency or something else", Roberts said.
"The US system could learn a lot from Mother Russia"
"This is a positive side to this," he added. "The fact that Moscow allowed others to look at the code, to search for it and then to help protect it."
In addition, Moscow officials have also approved a monetary reward for Gaudry, who according to the Russian news site Meduza, will earn one million Russian rubles, which is just over $ 15,000.
According to a previous July report, Gaudry's reward is close to the first prize that the Moscow local government promised to bug hunters when he put the code on GitHub, which was 1.5 million Russian rubles ($ 22,500).
"The US system could learn a lot from Mother Russia about this," Roberts said, referring to the plethora of growing pains the United States has recently been through while trying to protect its electronic voting machines.
These growing problems come mainly from distributors of voting machines, who refuse to engage with the computer security community, something the Moscow government has had no trouble doing.
This closed nature around electronic voting machines and electoral systems used in the United States is the reason why Microsoft recently announced open-source plans on GitHub for a new technology to protect electronic voting machines.