A French security researcher has found a critical vulnerability in the blockchain-based voting system that will be used next month for the 2019 Moscow City Duma (parliament) election.
Pierrick Gaudry, a researcher for INRIA, the French research institute for digital sciences, and CNRS, The French National Center for Scientific Research, found that he could compute the voting system’s private keys based on its public keys. This private keys are used together with the public keys to encrypt user votes cast in the election.
Gaudry blamed the issue on Russian officials using a variant of the ElGamal encryption scheme that used encryption key sizes that were too small to be secure. This meant that modern computers could break the encryption scheme within minutes.
“It can be broken in about 20 minutes using a standard personal computer, and using only free software that is publicly available,” Gaudry said in a report published earlier this month.
Moscow’s blockchain voting system is a first of its kind. It was developed in-house by the Moscow Department of Information Technology, and works as a "smart contract" on top of the Ethereum blockchain platform.