French researcher cracks Moscow’s blockchain voting system, a month before elections

Moscow earlier announced that they would hold upcoming municipal elections using Etherum blockchain. But in a major setback for the city, a research by French cryptograph professional showed that the framework that would be used for elections is fairly simple to hack.

Just a month before the election an analyst from French governmental scientific institution CNRS, Pierrick Gaudry published a six-page report explaining how the blockchain system using for elections can be hacked. In the report, he mentioned that the system which is being used for voting is completely insecure and can be cracked in 20 minutes using a standard personal computer and free softwares.

According to the report, it is possible to compute the private keys from the public keys, and once that is achieved, it very simple to decrypt the encrypted data. Gaudry blamed the Russian official for the vulnerabilities in the system.

Moscow's elections would be first-ever legally bound blockchain-based elections
Moscow’s elections would be first-ever legally bound blockchain-based elections

Moscow’s authorities have promised to fix the issue before the elections. The voting system is supposed to go live on 8th September, which gives them a time of less than a month to correct the system. The plan of Moscow authorities is to allow residents of the city to vote through their phones and computer and have their votes recorded cryptographically on the Etherum blockchain. If Moscow successfully deploys the system and contests election, it would be the first legally bound blockchain-based election.

Moscow Department of Information Technology is being criticized for its decision to use a weak private key. Gaudry said that he was surprised by the decision of the Moscow IT department to use the private key of  256×3 bits length, which is not very secure. Moscow IT department has now decided to use 1024 bits, but according to Gaudry, that is also not secure enough. In July Moscow authorities put the code on Github to find any bugs in the system and announced a reward of a million Russian Ruble which is just over $15,000.