Researcher Demonstrates 20-Minute Hack of Moscow Parliament Voting System
Pierrick Gaudry, a specialist from the University of Lorraine, has demonstrated a method for quickly breaking the encryption used in the internet-connected voting systems set to be used in the Moscow parliament elections on September 8, 2019.
βIn September 2019, voters in the Moscow parliament elections will be allowed to use an online voting system. The systemβs source code was published for public testing. The encryption used is a variant of the ElGamal scheme with a key size that is far too small. We explain how, using easily accessible resources, it is possible to derive private keys from public keys in just a few minutes,β the study states.
The encryption system is based on the Ethereum blockchain with smart contract functionality. At the end of July, part of its source code was posted on GitHub for public testing. During the testing phase, the code was updated daily by changing public keys and adding new encrypted data. Each day, previous keys and decrypted data were also published. Cryptographers were tasked with obtaining private keys and decrypting the data in less than 12 hours.
According to Gaudry, the encryption scheme used in the code is vulnerable and can be hacked in just 20 minutes using a personal computer and free, publicly available software. Because the key size is too small, private keys can be derived from public keys.
Gaudry notified the responsible parties in Russia about the issue. According to officials, they are aware that the key size is too small and plan to increase it to 1024 bits. The recommended length for cryptographic keys is 2048 bits.
The ElGamal scheme is a public-key cryptosystem based on the difficulty of computing discrete logarithms in a finite field. It includes both an encryption algorithm and a digital signature algorithm.
Source
- Our other channels
- Our friends and partners