Russian Blockchain E-Voter Identities Can be Exposed Through Vulnerability
On the final day of Russia’s vote on the proposed constitutional amendments—a vulnerability in the blockchain-based system that allows user’s votes to be decrypted has been exposed by Russian media.
The Constitutional amendment proposal was first introduced on Jan 15, 2020, and if passed it would allow Russia’s President Vladimir Putin to serve for another two six-year terms. The e-voting period took place between June 25 to June 30. Should the Russian people vote against the amendments, Putin will have to vacate the presidency by 2024.
On the final day of the vote, June 30, Meduza a Russian media outlet published a report which revealed that votes could be decrypted by retrieving keys through the HTML code of the electronic ballot.
Meduza’s research found that votes which had been recorded on the blockchain-based system were encrypted using the TweetNaCl.js cryptographic library which essentially provides two cryptographic keys, one for encoding and one for decoding.
The Exonum blockchain-based system which was created by Moscow’s Department of Information and Technology, with assistance from Kapersky Labs, was made available for electronic voting in Moscow and Nizhny Novgorod.
According to Meduza, their journalists were able to find the two keys that were universally used to encode the “yes” and “no” votes on the system—allowing them to decode the voting data as the voting proceeded.
These votes were being published in CSV files by the Department of Information Technologies as the voting proceeded, as a means to offer transparency to the vote count. But it was through this avenue that Meduza’s team was able to check how particular people voted.
In a country synonymous with the secret police, corrupt oligarchs, and less than democratic legal processes—the threat of future pressure in voting is very real. The BBC recently reported that state-owned organizations in Moscow were forcing their employees to sign up for the e-voting system and shared their account details with their management.
Russia’s Blockchain Voting Issues and Attacks
Russia’s integration of blockchain-based voting is off to a bad start as the Bitfury powered system was reportedly attacked on June 27, through an election observer’s node. However, the media site reports that government officials insist the attack did not cause a system malfunction and all the votes that have been recorded on the blockchain are valid.
This was not even the first issue with the blockchain system as previous reports claim the website for e-voting was inaccessible during the first few hours after it went live.
Further to being inaccessible, it appears to be less than tamper-proof, as a local journalist name Pavel Lobkov, shared a video discussing how he had managed to vote twice—once offline at the local polling station, and then again online less than an hour later.
Image source: Shutterstock