Blockchain 3019121 1920 2

A Bug Discovered in Moscow’s Blockchain Based Polling System

Last Updated: July 4, 2020By

Russia’s new blockchain-based polling system might not be as secure as previously assumed. A recent report revealed a bug in the system that might be exploited to enable a third party to view how people voted. Russian journalists found a vulnerability in Moscow’s blockchain-based polling system. If exploited, users’ votes could be decrypted, unveiling how they voted in the election.

The bug was reported on Wednesday by Meduza, a Russian online newspaper based in Riga. Meduza issued research claiming that by using the HTML code of the electronic ballot, the decryption keys for the votes can be retrieved. From June 25 to July 1, 2020, Russian citizens voted on whether they supported the proposed constitutional amendments. One of the changes is removing the two-term restriction for the Russian presidency, which would enable Vladimir Putin to stay in power until 2036.

Residents in the region of Nizhny Novgorod and Moscow had the choice to cast their votes electronically. In Moscow’s case, the city’s Department of Information Technologies and Kaspersky Lab built a polling system that recorded votes on an Exonum-based blockchain system. Poll data was encrypted utilizing TweetNaCl.js cryptographic library for security and to keep the electronic votes confidential. According to Meduza, the system utilized a deterministic algorithm to produce the same cryptographic key if similar input data.

Since the 2020 Russian constitutional referendum basically asked citizens to either vote “Yes” or “No,” there are two universally utilized keys in the system. Meduza declared that it was capable of decoding voting data issued in CSV files by the Department of Information Technologies utilizing the two keys. Issuing the CSV files was intended for usage by independent observers so they can confirm the vote count. But Meduza’s discovery indicated that third parties could verify how a particular person voted, which could mean that voters “may be pressured to vote a certain way in future polls.”

Nevertheless, the Department of Information Technologies opposed Meduza’s report. The department’s representative Artyom Kostyrko revealed that “people can only decode their own votes on their own devices,” which is contrary to the publication’s claim that one can decode any vote with the same cryptographic keys.

Stay informed with daily updates from Blockchain Magazine on Google News. Click here to follow us and mark as favorite: [Blockchain Magazine on Google News].

Gif;base64,r0lgodlhaqabaaaaach5baekaaealaaaaaabaaeaaaictaeaow==

Get Blockchain Insights In Inbox

Stay ahead of the curve with expert analysis and market updates.

Disclaimer: Any post shared by a third-party agency are sponsored and Blockchain Magazine has no views on any such posts. The views and opinions expressed in this post are those of the clients and do not necessarily reflect the official policy or position of Blockchain Magazine. The information provided in this post is for informational purposes only and should not be considered as financial, investment, or professional advice. Blockchain Magazine does not endorse or promote any specific products, services, or companies mentioned in this posts. Readers are encouraged to conduct their own research and consult with a qualified professional before making any financial decisions.

About the Author: Editor's Desk

Avatar