The announced electoral system with a blockchain of Russia was struck during the last week, in two acts separately, purpose of the referendum for the constitutional amendment carried out between the 25 and the 30 of June.
The first of the episodes occurred on day 27, when the platform was attacked through the node of one of the election observers. The information was disseminated by the state agency TASS reported that the attempt is not failed to have regard to the votes in the block and not generated by a malfunction of the system.
According to statements by Artem Kostyrko, chief of technological development of the government of Moscow, there was no disruption in voting, and all votes were recorded in the chain of blocks. The official added that the access to the node used for attacking would be restored to complete their function.
The authorities did not make clear whether the attacker was identified or arrested or how it came to the attempt of hacking. Only it was reported that the situation happened around 8:00 in the evening and that was identified without consequences.
Contents
Vulnerability of the vote
Four days after this happened, the Russian news agency Meduza reported a vulnerability in the system that allowed its journalists to decrypt the votes before they were counted.
Through a publication, broadcast this Wednesday, Meduza reported that the electors qualified to vote electronically did so through a web site. According to the media the results were encrypted using the JavaScript library TweetNaCl.js.
“The voter of the internet was able to decipher his / her vote by himself or to allow them to do others (…) The new system is characterized by the encryption is deterministic: the use of the same parameters leads to the formation of texts are encrypted to identical. In addition, the sender and the recipient form a shared key, which is suitable both to encrypt the message as to decrypt it,” explained Meduza in the press release.
The agency ensures that if an elector recovering your private key could know his own vote. One of the journalists explained that the voting process included the receipt of the key in the Google Chrome browser, after entering the page of the newsletter. On the adjustment stated the following:
“We open the ‘developer tools’, select the tab ‘sources’, we seek the library elect.js and we find a line with the generation of the private and public keys, after we place a point of record ‘secret key of a voter is’, encryptor.keyPair.secretKey”.
The journalists of Meduza released part of the code I changed it to decrypt the votes. Source: Meduza.io
The researchers noted that in theory, the vulnerability would allow Russian organisations to ensure that people vote, or verify the votes after notifying them that they had to save their private keys. It is also alleged, according to Meduza, which the companies funded by the State pressured their employees to vote.
Elections with blockchain
Russia started to investigate on the feasibility of electoral systems with blockchain in 2016. In August of that year Breaking News reported that government authorities were interested in the possible applications of the call technology of accounting distributed (DLT).
Since then, the government has investigated how to use this technology to its elections, as it was originally intended for the digital transmission of value without intermediaries.
In June of this year the country announced that it would use an electoral system based on blockchain to conduct a referendum on the possible amendment of the constitution. Among the issues to be decided in the process was the possibility that president Vladimir Putin could extend its mandate for 12 more years. The platform uses the network Exonum developed by Bitfury.