A recent research report by a French cryptographer demonstrates that a blockchain voting framework utilized in Moscow’s municipal elections is susceptible to hacking. The researcher at the French government research establishment CNRS, Pierrick Gaudry, have examined the open code of the e-voting platform dependent on Ethereum in his paper. Gaudry inferred that the encryption plan utilized by a portion of the code is “totally insecure.”
The research report titled, “Breaking the encryption scheme of the Moscow internet voting system” by Pierrick Gaudry, a researcher from CNRS, French governmental scientific institution had examined the encryption plan used to verify the open code of the Moscow city government’s Ethereum-based platform for e-voting.
Gaudry concluded that the encryption scheme utilized by a portion of the code is entirely insecure by clarifying –
We will show in this note that the encryption scheme used in this part of the code is completely insecure. It can be broken in about 20 minutes using a standard personal computer and using only free software that is publicly available. More precisely, it is possible to compute the private keys from the public keys. Once these are known, any encrypted data can be decrypted as quickly as they are created.
Advertisement
Gaudry said that the issue is not with the Ethereum code utilized as a reason for the platform. The encryption used in the Moscow framework is a variant of ElGamal and utilizations keys that are “less than 256 bits long. This is way, too short of guaranteeing any security”.
Furthermore, Gaudry stated that in the extreme situation, the reduced degree of encryption at present would mean voters decisions would be shown to anybody when they cast their vote. However, he included that, having not read the protocol of the framework, the results of a potential hack are challenging to identify.
Advertisement
Gaudry reached out to the Moscow Department of Information Technology group developing the voting framework about the security weak point. Moreover, they recognized that currently, the cryptographic keys are not adequately secured, and said sooner they would be upgraded.