Pierrick Gaudry, a French researcher at Lorraine University, has uncovered a vulnerability in a blockchain-based voting system that Russian officials plan to use for the 2019 Moscow City Duma election on Sept. 14. Gaudry was able to compute the voting system’s private keys based on its public keys, according to a report by ZDNet.
The Moscow Department of Information Technology built the voting system on the Ethereum blockchain. Residents would be able to vote via phone or computer and their votes would be cryptographically recorded on the Ethereum blockchain.
Gaudry claimed the weakness in the system was the ElGamal encryption scheme that used encryption keys that were too small to be secure.
“It can be broken in about 20 minutes using a standard personal computer, and using only free software that is publicly available,” Gaudry said in a report.
Moscow Department of IT officials claim they will fix the issue by providing a stronger key.
“We absolutely agree that 256×3 private key length is not secure enough,” a spokesperson said in an online response. “This implementation was used only in a trial period. In few days the key’s length will be changed to 1024.”