Wednesday, August 21, 2019

French Researcher Cracks Moscow's Blockchain Voting System a Month Before Election

From ZD Net, August 20:

French researcher nets $15,000 prize for finding bugs in Moscow's Ethereum-based voting system.
A French security researcher has found a critical vulnerability in the blockchain-based voting system Russian officials plan to use next month for the 2019 Moscow City Duma election.

Pierrick Gaudry, an academic at Lorraine University and a researcher for INRIA, the French research institute for digital sciences, found that he could compute the voting system's private keys based on its public keys. This private keys are used together with the public keys to encrypt user votes cast in the election.

Moscow blockchain voting system encryption broken in 20 minutes
Gaudry blamed the issue on Russian officials using a variant of the ElGamal encryption scheme that used encryption key sizes that were too small to be secure. This meant that modern computers could break the encryption scheme within minutes.

"It can be broken in about 20 minutes using a standard personal computer, and using only free software that is publicly available," Gaudry said in a report published earlier this month.
"Once these [private keys] are known, any encrypted data can be decrypted as quickly as they are created," he added....MORE