Breaking the encryption scheme of the Moscow Internet voting system
This work exposes security flaws in a real-world voting system, posing risks to election integrity for voters and authorities.
The researchers identified two critical vulnerabilities in the encryption scheme of the Moscow Internet voting system: first, they retrieved private keys due to small key sizes in minutes, and second, they exploited a lack of semantic security to count votes for candidates.
In September 2019, voters for the election at the Parliament of the city of Moscow were allowed to use an Internet voting system. The source code of it had been made available for public testing. In this paper we show two successful attacks on the encryption scheme implemented in the voting system. Both attacks were sent to the developers of the system, and both issues had been fixed after that.The encryption used in this system is a variant of ElGamal over finite fields. In the first attack we show that the used key sizes are too small. We explain how to retrieve the private keys from the public keys in a matter of minutes with easily available resources.When this issue had been fixed and the new system had become available for testing, we discovered that the new implementation was not semantically secure. We demonstrate how this newly found security vulnerability can be used for counting the number of votes cast for a candidate.