Moscow's Blockchain Voting System Cracked A Month Before Election

Arthur T Knackerbracket has found the following story:

A French security researcher has found a critical vulnerability in the blockchain-based voting system Russian officials plan to use next month for the 2019 Moscow City Duma election.

Pierrick Gaudry, an academic at Lorraine University and a researcher for INRIA, the French research institute for digital sciences, found that he could compute the voting system's private keys based on its public keys. This private keys are used together with the public keys to encrypt user votes cast in the election.

Gaudry blamed the issue on Russian officials using a variant of the ElGamal encryption scheme that used encryption key sizes that were too small to be secure. This meant that modern computers could break the encryption scheme within minutes.

"It can be broken in about 20 minutes using a standard personal computer, and using only free software that is publicly available," Gaudry said in a report published earlier this month.

"Once these [private keys] are known, any encrypted data can be decrypted as quickly as they are created," he added.

The block-chain based electronic voting system of Moscow's parliament is basically insecure, like in, totally broken. https://t.co/EafAAYXkpB pic.twitter.com/ISNcuPDvFu

- Lukasz Olejnik (@lukOlejnik)

What an attacker can do with these encryption keys is currently unknown, since the voting system's protocols weren't yet available in English, so Gaudry couldn't investigate further.

Read more of this story at SoylentNews.