Moscow's Blockchain Voting System Cracked a Month Before Election (zdnet.com) 53
An anonymous reader quotes a report from ZDNet: A French security researcher has found a critical vulnerability in the blockchain-based voting system Russian officials plan to use next month for the 2019 Moscow City Duma election. Pierrick Gaudry, an academic at Lorraine University and a researcher for INRIA, the French research institute for digital sciences, found that he could compute the voting system's private keys based on its public keys. This private keys are used together with the public keys to encrypt user votes cast in the election. Gaudry blamed the issue on Russian officials using a variant of the ElGamal encryption scheme that used encryption key sizes that were too small to be secure. This meant that modern computers could break the encryption scheme within minutes.
What an attacker can do with these encryption keys is currently unknown, since the voting system's protocols weren't yet available in English, so Gaudry couldn't investigate further. "Without having read the protocol, it is hard to tell precisely the consequences, because, although we believe that this weak encryption scheme is used to encrypt the ballots, it is unclear how easy it is for an attacker to have the correspondence between the ballots and the voters," the French researcher said. "In the worst case scenario, the votes of all the voters using this system would be revealed to anyone as soon as they cast their vote." The Moscow Department of Information Technology promised to fix the reported issue. "We absolutely agree that 256x3 private key length is not secure enough," a spokesperson said in an online response. "This implementation was used only in a trial period. In few days the key's length will be changed to 1024."
However, a public key of a length of 1024 bits may not be enough, according to Gaudry, who believes officials should use one of at least 2048 bits instead.
What an attacker can do with these encryption keys is currently unknown, since the voting system's protocols weren't yet available in English, so Gaudry couldn't investigate further. "Without having read the protocol, it is hard to tell precisely the consequences, because, although we believe that this weak encryption scheme is used to encrypt the ballots, it is unclear how easy it is for an attacker to have the correspondence between the ballots and the voters," the French researcher said. "In the worst case scenario, the votes of all the voters using this system would be revealed to anyone as soon as they cast their vote." The Moscow Department of Information Technology promised to fix the reported issue. "We absolutely agree that 256x3 private key length is not secure enough," a spokesperson said in an online response. "This implementation was used only in a trial period. In few days the key's length will be changed to 1024."
However, a public key of a length of 1024 bits may not be enough, according to Gaudry, who believes officials should use one of at least 2048 bits instead.
1024 bits? 2048 bits? (Score:2)
Fuck everything, we're doing 5120 bits.
Re: (Score:3, Funny)
640 bytes ought to be enough for anyone.
Re: (Score:1)
Re: 1024 bits? 2048 bits? (Score:3)
Commonly misattributed to Bill Gates
Re: (Score:2)
It was "kilobytes", actually. 640K
Re: (Score:2)
640,000 bits? Now THAT's a key!
Re: (Score:2)
Also... Elgamal? Why Elgamal of all things? The only reason it was ever used was because PGP needed a non-patented RSA analog, but the RSA patent expired nearly 20 years ago.
Having said that, good on the Russians for encouraging open scrutiny, and paying up when someone found a weakness. Every single US voting computer vendor could learn someting from them.
Worst case? (Score:4, Insightful)
I'm guessing he means the worst case scenario given this particular vulnerability? Because the general worst case scenario for a compromised voting system is being able to change the results without that change being detected.
Re: (Score:1)
They where not. Many boxes of cast ballots disappeared until after the election, all of them in Dem leaning areas.
Re: (Score:1)
There is no such thing as a popular vote.
Journalists can run around tallying up 'votes' but it's an apples/oranges combination. Every state in these United States decides how it's votes for the President are allocated.
Re: Worst case? (Score:1)
But he won the election.
Re: (Score:1)
I think he's speculating people could be deanonymized then punished for voting wrong.
Re:Worst case? (Score:4, Insightful)
That is a VERY Soviet-style way to handle voting, are we certain this was a "mistake"?
Re:Worst case? (Score:5, Interesting)
...the general worst case scenario for a compromised voting system is being able to change the results...
I'll respectfully disagree. In my opinion, the worst outcome is that people can be persecuted for their votes. By being able to associate voters with their choices, an unscrupulous candidate can ensure that his opponent's supporters will not defy him again, with varying amounts of force from "intimidation" to "elimination".
An illegitimate result can be identified with decent accuracy through statistical analysis. It's much more difficult to identify a result that is legitimate, but coerced.
Re: (Score:2)
Given that this is Russia, I wonder if this was deliberate. They don't have any real concerns about the legitimacy of the vote since they are the ones rigging it anyway. The ability to identify which way a person voted though, that would be of great interest to them, I'm sure.
Re: (Score:2)
The worst case is that people presume that all vote are illegitimate and stop caring about the result. The other suggestions for worst case so far all connect candidates to acts that at least theoretically disqualify them from the election. They are vulnerable to their co-conspirators turning on them. But if the voters don't care, there's no one to reject or disqualify or prosecute and there's no way for a clean candidate to succeed. You first have to get dirty in order to win in order to clean up future el
Vote Revealed Might Be Worse (Score:1)
Feature, not bug (Score:3)
$ Filter error: You can type more than that for your comment.
Re: (Score:2)
Yep. I think the researcher discovered the 'assured victory' shortcut feature. Another reason I'm totally fine with paper ballots.
Re: (Score:2)
Every voter being able to verify all the ballots is a feature to make the votes tamper-proof, not to cheat. Isn't making the data verifiable the whole point of a blockchain vote?
In order to compromise an election, someone would have to be able to trace particular ballots to particular voters in some way (so that intimidation can be applied). This 'flaw' doesn't seem to be describing any way to do that.
Re: (Score:1)
But they admit they only can't describe the attack vector because the encryption weakness was found before an English copy of the API docs.
Re: (Score:2)
> Isn't making the data verifiable the whole point of a blockchain vote?
Blockchain lets you verify transaction history; Each block in the chain contains its own transaction information plus a cryptographic hash of the previous block in the chain. To change one record in the chain, you have to update all of the records from that point onwards... so if necessary you can verify the entire history by checking the hashes.
This seems pretty useless in a voting system; There is really only one event (the vote) s
Re: (Score:2)
Because, um, "Everything is Better with Blockchain!" (TM)
Re: (Score:2)
You don't even have to change votes, one could just insert fake votes. Anyone could track their own votes. But the other votes are just anonymous, i.e. they could be real, or they could be fake, and there's no way to tell. All you can tell is that your own vote is in.
Since usually only about 60-80% of the population votes, it's pretty easy to insert 5% fake votes without anyone being able to tell. And more often than not, only a few % difference is enough to swing the outcome.
Re: (Score:2)
> Anyone could track their own votes. But the other votes are just anonymous
If the votes can be tracked to a specific person, then they are not anonymous.
Any ballot system where it's even theoretically possible to associate a vote with the individual who cast it is ripe for exploitation. You can bribe or coerce people to vote a certain way, and if they can verify their own vote then there is a mechanism to verify they voted the way you told them to.
=Smidge=
But Blockchain will change the world! (Score:1)
But blockchain was going to change the world, give everyone a puppy, and liberate us from big bad things that make us sadface!
How can this be?!?! /sarcasm
Re:But Blockchain will change the world! (Score:4, Informative)
well, it's the key length that was the actual problem, not 'blockchain'. per se.
Re:But Blockchain will change the world! *snort* (Score:1)
Re: (Score:2)
Apply blockchain to elections *will* change the world. It will make people trust election results with no tangible evidence to validate that trust. The question is, is that a bug or a feature?
If you over-engineer a bridge by using girders that are too large, you're just wasting money. But any time you over-engineer a *system*, particularly by giving it extraneous parts and features, you're undermining it.
Re: (Score:1)
Apply blockchain to elections *will* change the world. It will make people trust election results with no tangible evidence to validate that trust.
I'm not so sure that would be the case.
Applying a blockchain to elections will make people who understand what a block chain is, what problems encryption addresses and how, and knows some about math, to trust the election results are accurate - *if* the code is implemented without bugs.
The first set of requirements rules out most people in full.
The second requirement would completely depend on the situation.
We can reasonably assume there are no major flaws in something like the bitcoin code base, as that is
Re: (Score:2)
Bugs, although a big problem, are a secondary problem. Malware, possibly put there intentionally by the developer or the system administrator, is the primary one.
If there is no tangible, physical, human-readable artifact which represents the intent of the voter, there is *in principle* no way to confirm a result is truthful. Oh, after you get to a certain point you can prove that the information hasn't been tampered with, but between the time the user puts his finger on an area of the touchscreen and the
Re: (Score:1)
Russia looks at another method to prove the count. The West does not want to accept the result.
Paper, blockchain? The only way to get the Wests approval is to select a leader the West wants.
if not vote for putin then open trap door. (Score:2)
if not vote for putin then open trap door.
USing those systems is folly. (Score:2)
The PC and networking was designed with the philosophy of sharing. Using those for anything that need to be that secure and this widespread is folly.
One needs to start with a unique chip design, unique bios, the OS in ROM, and a checksum that different from system to system, and not networked.
That where digital voting needs to start.
Re: (Score:2)
A decent system wouldn't even have something as absurd as a BIOS.
Putin wins anyway. (Score:2)
It the blockchain says he wins . . . he wins!
If the blockchain says he does not win . . . he is declared winner anyway!
Kinda sorta a "win-win" situation where only the common voters are the losers.
Putin says (Score:2)
Got NATO, Putin? (Score:2)
You do now.
You play with nuclear fire, you get burned.
obxkcd (Score:5, Funny)
https://xkcd.com/2030/ [xkcd.com]
Yeah...
Wear gloves.
West Virginia (Score:2)
Remember that West Virgina instituted blockchain based voting (with a plaintext email to the counting office step) either shortly before or after that XKCD. It went live in 2018 as a "test" and should be in wider adoption in 2020. That's far scarier than what's happening in Moscow.
Paper voting only (Score:2)
A necessary feature of voting is that the average person must be able to understand the whole process. Anything else means trusting a small group of people not to fail, and not to be malicious. Anything computer related is going to involve so much hardware and software that there's no chance of anyone understanding it all completely.
So vote by marking pieces of paper and putting them in ballot boxes. If you want to get fancy, use OCR to do the counting but keep the ballot papers to allow manual recounts.
Re: (Score:2)
as always, it must be pointed out elections have been gamed for over a century, mostly when paper ballots were used. It's trivial to foil such a system. Going to paper does nothing to prevent election fraud, it's an old polished art.
This message brought to you from the City of Chicago, where the dead vote early, and often, on paper or by machine.
Hardly matters... (Score:2)
It hardly matters, it can only be for show. What would be the saying: "In Soviet Russia, the candidates select the voters?" That's not quite right, but anyway, in modern Russia you vote the way the government tells you to, or they make your life very, very difficult.
Anyway, it's not votes that count, but who counts the votes. Blockchain? Guess who is running the servers.
Those pesky french investigators... (Score:1)
Seriously Though- Re: (Score:1)
"In the worst case scenario, the votes of all the voters using this system would be revealed to anyone as soon as they cast their vote."
In all seriousness... this "worst case scenario" sounds suspiciously like a "best case scenario" for a Socialist government looking for a new avenue of mass surveillance. I seriously doubt that Russia would overlook a vulnerability this severe in their own voting system; this smells like a backdoor to me.
Reality... (Score:2)
In Russia, chain blocks you more than 1024 times.
In Soviet Russia... (Score:1)
It's time to ditch e-voting. (Score:2)
Want a secure, reliable election? Use paper ballots, marked with a pen by the voter him/herself, read and counted by the dumbest machine that still makes it feasible to count N votes in T time.
Can such an election still be corrupt? Of course. But it's a lot harder to rig a system when there's a tactile record of votes cast by actual, human voters. To throw an election in an e-voting world, all you need is one person with the right tools and access.
A wholesale switch to e-voting in the U.S. might just be th
Russians just want to cheat with elections (Score:1)
Well, the answer is simple. Weak encryption is used intentionally to ease cheating with votes. Russian government afraid to loose elections. MS guys just did as they have been asked to do. And the goal was to open easy way to falsification of elections.