Study shows: Moscow blockchain voting system "extremely insecure"
According to a research report by French cryptographers, the blockchain voting system used in Moscow's municipal elections this fall is vulnerable to hacking and can be compromised within 20 minutes, posing a significant security risk.
Table of Contents
French government scientific research institution CNRS's researcher Pierrick Gaudry recently wrote a paper titled "Breaking the Moscow Internet Voting System" here, delving into the cryptographic voting platform based on Ethereum that protects the public codes of the Moscow city government.
According to Gaudry's research conclusions, the cryptographic scheme used in some of the code is "extremely insecure," as explained below:
It can be cracked in about 20 minutes using a regular personal computer and only requires the use of publicly available free software. More precisely, the private key can be computed from the public key. Therefore, any encrypted data can be quickly decrypted at the time of creation.
Gaudry pointed out that the issue does not lie in the Ethereum code underlying the platform's construction. He stated:
The cryptographic algorithm used in the Moscow system is a derivative of ElGamal, with a key length "less than 256 bits," which is too short to ensure any security.
As stated on the city government's official website, voters in three districts can freely choose to use this system or traditional methods to elect representatives to the Moscow City Duma, the lower house of the parliament, on September 8.
Regarding the third digital voting trial, the website claims:
The digitalization of Moscow elections ensures complete anonymity and voting confidentiality, with no one able to link electronic declarations with voter personal data.
The report indicates that the election system has undergone two tests: on July 11, students elected the chairman of the capital's student council; on July 23, citizens decided on how to handle stray animals. The second vote had 3,377 participants, was successful, and had no functional failures.
Gaudry added:
In the worst-case scenario, the current system's low security means that it could potentially expose all voters' voting details, "leaking to anyone with malicious intent as soon as they vote, making it difficult to determine the potential consequences of a hacker attack.
Gaudry also contacted Moscow's IT department about the developers responsible for the security vulnerabilities in the voting system. They admitted in a blog that the encryption keys are still not secure enough, so they are only being used during the trial period and will be upgraded to 1,024 bits in a few days.
Related Reading
- The Central Bank of Egypt is considering issuing a cryptocurrency
- India's major trade organization Nasscom opposes the ban on cryptocurrencies
Join now to get the most complete information on financial technology, blockchain insights, and industry examples!
Related
- Sub-Saharan Africa Emerges as a Key Driver in the Cryptocurrency Market, Chainalysis: DeFi and Stablecoins Play Crucial Roles
- X Returns to Brazil: Twitter must pay a $1.9 million fine to resume operations
- PayPal upgrades encryption functionality across the board, allowing corporate users to also buy and sell cryptocurrencies.