Russia's Blockchain Voting System Let Users Decrypt Results Before Count

Published at: July 2, 2020

Russia’s blockchain-based voting system for the constitutional amendments had a vulnerability that reportedly made it possible to decipher votes before the official count. 

Constituents could decipher their own private keys 

According to research by Russia-language news outlet Meduza, when the constituents casted their vote via a special website, the results would get encrypted by a JavaScript library called TweetNaCl.js. 

This is an implementation of the "Networking and Cryptography," or NaCi, cryptography library created by the mathematician Daniel J. Bernstein and cryptographers Tanja Lange and Peter Schwabe. 

Per Meduza, the voting system relied on the so-called deterministic encryption, meaning that using the same parameters lead to identical ciphertexts. Both the sender and the receiver received a shared key, which could be used for encryption or decryption of the message.

That means that any constituent could theoretically decipher their own vote before it would get decrypted by the electoral commission, or even allow third parties to do so. In order to do that, the voter had to save their private key.

To retrieve the private key, the constituent had to go to the e-bulletin page, open the developer console in their web browser and make a minor adjustment to the election.js library (add logpoint, enter: voter secret key is', encryptor.keyPair.secretKey) and then cast their vote. 

Meduza conducted an experiment where all participants retrieved their private keys, and were reportedly able to decipher all of the votes as a result. 

There is a positive side to the bug

According to the publication, the vulnerability theoretically allows employers to make sure that their employees voted, and even check their votes after inducing them to save their private keys. There have been reports suggesting that state-funded entities in Russia push their employees to vote at the government’s request.

On the other hand, the same bug could be used to increase transparency of the vote in the scenario where the electoral commission refuses to publish the decryption of each vote (as it did after Moscow City Duma election in 2019, where blockchain was also supposedly used). 

Meduza elaborated, “For example, supporters of one specific candidate may agree to install the same browser extension. That way, they can track the minimum number of votes that their candidate should definitely get after the count”. 

77.9% voted for the amendments, allowing Putin to rule until 2036

E-voting took place from June 25 to June 30 for residents of Moscow and Nizhniy Novgorod, and was based on the Exonum blockchain platform developed by Bitfury. The remaining regions could only vote offline. 

The referendum itself ended yesterday, on June 1. With all the ballots counted earlier today, 77.9% voted for the reform package and 21.3% against, according to the electoral commission.

As for the e-vote results, 62.33% of the Moscow voters supported the amendments and 37.37% opposed it. In Nizhniy Novgorod, the results were somewhat similar: 59.69% and 40.31% of the constituents voted “for” and “against” respectively. 

Notably, one e-bulletin was deemed invalid. As explained by a Moscow government official, the voting user stopped "the transaction between a mouse click and getting it into the crypto library of his computer." Since the blockchain can only take “yes” or “no” for an answer, the system allegedly marked the said vote as invalid during decryption.

As per the Constitutional amendments, Vladimir Putin’s term limits will be reset in 2024, meaning that he may remain president until 2036.

Tags
Related Posts
Russia Pilots Federal Voting on Waves Blockchain
Russia is set to pilot a national blockchain-based e-voting system in September. The new system was developed in partnership between Rostelecom, Russia’s largest integrated provider, and Waves Enterprise. Another recent blockchain e-voting experiment in Russia ended in fiasco after the system suffered a number of setbacks and attacks. The Russian government used a different blockchain provider of digital services and solutions, Bitfury, for that particular implementation however. Artem Kalikhov, chief product officer of Waves Enterprise, told Cointelegraph that their work with Rostelecom was independent of that previous pilot. Kalikhov said that the system developed by Waves employes zero-knowledge proofs and …
Technology / Aug. 19, 2020
Blockchain will transform government services, and that’s just the beginning
Governments are tasked with bringing fair and efficient services to the public. Unfortunately, providing transparency and accountability often results in a reduction in efficiency and effectiveness or vice versa. Governments are usually forced to choose to improve one at the cost of the other. On rare occasions, technology comes along that enables governments to improve fairness and efficiency. The move from paper-based record keeping to computer databases was one such technology. The internet was another. Blockchain is the next. Like the internet before it, blockchain will not only improve how the public interacts with government services, it will have broad …
Adoption / Sept. 26, 2021
The pandemic year ends with a tokenized carbon cap-and-trade solution
It has been a blazing start to a new decade, with 13% more large, uncontrolled wildfires around the world this year compared with 2019. This has spelled dire consequences for CO2 levels, which have made worse a terrible COVID-19 pandemic that has led to unprecedented worldwide lockdowns that have rapidly pushed the economy toward digitization. Related: How has the COVID-19 pandemic affected the crypto space? Experts answer As a result of the COVID-19 pandemic, governments around the world have been forced to focus on integrating blockchain technology into their financial services. At the 75th anniversary of the United Nations General …
Technology / Dec. 27, 2020
Russia Updates Its Laws for Cryptocurrencies
The volume of cryptocurrency flows on darknet markets — which are involved in illegal drug and arms trafficking, remittance and transfer of illicit funds — have doubled for the first time in four years, a new report says. Accordingly, Russia has been updating its bribery and Anti-Money Laundering laws regarding cryptocurrencies to aid its burgeoning digital economy. Related: Presumed Guilty: Financial Watchdogs See Crypto as Illicit by Default Cryptocurrency bribery Bitcoin (BTC) hit the headlines in Russia after it emerged that the Russian Federal Security Service, or FSB — successor agency to the Soviet KGB — had tried to extract …
Technology / March 11, 2020
Medici Ventures Leads Funding Round for Blockchain-Based E-Voting Platform
Medici Ventures, the blockchain-based subsidiary of Overstock.com, has led a $7 million funding round for a blockchain-based voting platform, according to a press release on June 6. The blockchain-based voting platform, Voatz, is reportedly designed to allow citizens to participate in official elections and similar events via mobile devices, such as smartphones or tablet computers. The platform is reportedly based on blockchain tech, encryption, and biometrics, and purports to provide better convenience, security, and auditability for voters and vote collectors. Voatz says that the proceeds of their $7 million Series A funding round will go toward improving accessibility and usability …
Blockchain / June 6, 2019