SoylentNews is people
SoylentNews
A French security researcher has found a critical vulnerability in the blockchain-based voting system Russian officials plan to use next month for the 2019 Moscow City Duma election.
Pierrick Gaudry, an academic at Lorraine University and a researcher for INRIA, the French research institute for digital sciences, found that he could compute the voting system's private keys based on its public keys. This private keys are used together with the public keys to encrypt user votes cast in the election.
Gaudry blamed the issue on Russian officials using a variant of the ElGamal encryption scheme that used encryption key sizes that were too small to be secure. This meant that modern computers could break the encryption scheme within minutes.
"It can be broken in about 20 minutes using a standard personal computer, and using only free software that is publicly available," Gaudry said in a report published earlier this month.
"Once these [private keys] are known, any encrypted data can be decrypted as quickly as they are created," he added.
The block-chain based electronic voting system of Moscow's parliament is basically insecure, like in, totally broken. https://t.co/EafAAYXkpB pic.twitter.com/ISNcuPDvFu
— Lukasz Olejnik (@lukOlejnik)
What an attacker can do with these encryption keys is currently unknown, since the voting system's protocols weren't yet available in English, so Gaudry couldn't investigate further.
"Without having read the protocol, it is hard to tell precisely the consequences, because, although we believe that this weak encryption scheme is used to encrypt the ballots, it is unclear how easy it is for an attacker to have the correspondence between the ballots and the voters," the French researcher said.
"In the worst case scenario, the votes of all the voters using this system would be revealed to anyone as soon as they cast their vote."
Moscow's blockchain voting system is a first of its kind. It was developed in-house by the Moscow Department of Information Technology, and works as a "smart contract" on top of the Ethereum blockchain platform.
The voting system is set to go live on September 8, and will run for 12 hours, in sync with the official voting session.
[...] Following Gaudry's discovery, the Moscow Department of Information Technology promised to fix the reported issue -- the use of a weak private key.
"We absolutely agree that 256x3 private key length is not secure enough," a spokesperson said in an online response. "This implementation was used only in a trial period. In few days the key's length will be changed to 1024."
Gaudry, who discovered that Moscow officials modified the ElGamal encryption scheme to use three weaker private keys instead of one, couldn't explain why the IT department chose this route.
"This is a mystery," the French researcher said. "The only possible explanation we can think of is that the designers thought this would compensate for the too small key sizes of the primes involved. But 3 primes of 256 bits are really not the same as one prime of 768 bits."
However, a public key of a length of 1024 bits may not be enough, according to Gaudry, who believes officials should use one of at least 2048 bits instead.
(Score: 2) by JoeMerchant on Monday August 26 2019, @05:26PM (6 children)
As I recall, 256 bits is a perfectly secure keylength - if you're using elliptical keys...
🌻🌻 [google.com]
(Score: 2, Informative) by fustakrakich on Monday August 26 2019, @05:54PM (2 children)
Security does nothing about built in fraud, flipping votes and whatnot...
If a human can't read the ballot every step of the way, it's no damn good.
La politica e i criminali sono la stessa cosa..
(Score: 3, Insightful) by JoeMerchant on Monday August 26 2019, @07:05PM
Agreed - I'd rather see a voting system built on "first principles" blockchain, instead of this twisted crap that's been "open source developed" for the past 10 years - so convoluted that if you haven't been living and breathing it for a couple of years you won't know what's going on.
Of course it should be open source, of course it should be human readable.
The real conundrum is: you can't really audit votes and have them anonymous at the same time. If they're really anonymous, then anyone can go skim all the ballots from the dead people and drop them in the box anonymously...
🌻🌻 [google.com]
(Score: 2) by DannyB on Monday August 26 2019, @08:53PM
Not just if a human can read it every step of the way.
WHICH humans can read it?
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 2) by FatPhil on Monday August 26 2019, @11:51PM (2 children)
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 2) by JoeMerchant on Tuesday August 27 2019, @12:56AM (1 child)
Right up until quantum supremacy rolls over it...
🌻🌻 [google.com]
(Score: 2) by FatPhil on Tuesday August 27 2019, @02:51AM
Not that QC has delivered anything but the most trivial o results currently, that which would have dropped out in 4 steps of Fermat's algorithm, 4 being lglg(N) or lg(D), thus an example that makes an exponential algorithm look logarithmic. So QC did sweet FA that was impressive.
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves