Moscow’s blockchain voting system cracked a month before election
The blockchain-based voting system that Moscow wants to use next month for the regional parliamentary election contains a critical flaw that breaks the security of the entire system, a security researcher has discovered.
The voting system relies on a combination of private and public keys for encrypting ballots. However, it turns out that the private keys can be easily cracked on the basis of the public keys, which could enable threat actors to decrypt the voting data. According to the researcher, the entire system “can be broken in about 20 minutes using a standard personal computer, and using only free software that is publicly available.”
The researcher acknowledged that he has too little knowledge of the voting system to know the exact impact of the attack he developed, but he suggested that “in the worst case scenario, the votes of all the voters using this system would be revealed to anyone as soon as they cast their vote.”