Moscow Faces Blockchain Voting System Vulnerabilities

Blockchain technology has come a long way since the launch of Bitcoin’s whitepaper, and people are waking up to the possibilities of next generation voting systems to ensure compliance, security and immutability with our most sacred civic duty.

Did you know that people in Arizona waited up to five hours to vote in a primary election? In some areas, voting locations were closed in an effort to save on cost. How does this happen when we’re in a time of technological advancement that includes self-driving cars? With 2020 elections a year away, something has to be done about the accuracy and transparency in the voting process, and blockchain is seriously being looked and and beta tested in some locations. But like any emerging technology, there are going to be some hurdles that need to be overcome.

In 2010, Bitcoin was being looked as as a way to change the way we vote. At a time, Jeremy Clark and Aleksander Essex, two Ontario-based computer scientists, saw Bitcoin’s potential to enhance the ability to secure and validate the voting process. Their method was called CommitCoin and it provided a way to utilize blockchain technology in order to secure a person’s vote and not allow any election official or political individual to modify that vote.

Moscow implemented a similar blockchain-based voting system and prepared it for upcoming city council elections. While preparations were underway, a security and privacy researcher from France claimed to have found a significant loophole in the voting system. Pierrick Gaudry could effortlessly decipher the encryption code using the digital voting system’s public keys. The Russian authorities, who were all set to use the blockchain framework for a voting system in the city’s municipal elections, have been held responsible for the debacle and ElGamal, an alternate encryption method, was used, but did not offer much in ensuring security.

The complexity involved in encrypting the ballot boxes is open to question and it’s a crying shame that the encryption could have been hacked with public keys, but Gaudry stated that even though it is has not yet been established how weak the encryption scheme was, at worst the votes would be made public as soon as a voter cast it.

The unique voting system was slated to go live on September 8, 2019 and would have enabled Moscow residents to cast a vote from the personal devices without having to go to voting centers. Following Gaudry’s shocking revelation, the Moscow department of IT has confirmed that the issue will be resolved before the elections. A spokesperson acknowledged its susceptibility to unauthorized access and made assurances that key lengths will be increased to 1024 bits.

Moscow’s blockchain voting system is really a first of its kind. It was developed in-house by the Moscow Department of Information Technology, and works as a “smart contract” on top of the Ethereum blockchain. While Moscow officials prepare to reward Gaudry for his timely and important discovery, it is yet to be seen whether the security and encryption vulnerabilities will be in place in time for their elections.