Moscow blockchain voting system is vulnerable to hacking

According to a study by a French cryptography expert, the current version of the blockchain system for voting in Moscow at municipal elections turned out to be easily vulnerable to hacking.

Researcher at the French National Center for Scientific Research (CNRS) Pierrick Gaudry published a document entitled “Hacking the encryption scheme of the Moscow Internet voting system.” In his research, he studied the encryption scheme used to protect the open source code of the Ethereum-based blockchain platform, which was developed by the Moscow government for online voting.

Godry concluded that the encryption scheme used in part of the code is “completely unsafe.” He notes:

“It can be cracked in about 20 minutes using a standard personal computer and only free and open source software. In particular, you can calculate private keys from public keys. As soon as they become known, any encrypted data can be decrypted as quickly as it was created. ”

At the same time, the researcher clarifies that the problem is not in the Ethereum code used as the basis for the platform. According to Godry, the encryption used in the Moscow system is a variant of the El-Gamal scheme and uses keys no longer than 256 bits.

“It’s too, too little to guarantee any kind of security,” says Godry.

As indicated on the Moscow administration’s website, voters from three constituencies can choose to use the blockchain system for voting during the election of deputies of the Moscow City Duma or parliament on September 8.

According to Godry, “in the worst case,” a low level of encryption will mean that voters’ data and their votes “will be open to everyone as soon as they vote.” He added that without access to the system protocol, it is difficult to determine the consequences of a potential hack.

To be fair in relation to the project development team, Godry noted that the system was the subject of a “public hack test”, the purpose of which was to identify any such problems. Godry used the source code available on Github.

Godry turned to the team of the Moscow Department of Information Technology (DIT), which developed a voting system for security issues. The Department recognized that the cryptographic keys are currently not secure enough, and said that they will soon be updated to 1024 bits.

The other day it became known that DIT Moscow will create
blockchain platform for the automation of electronic services and data storage.