An Attack on the the Encryption Scheme of the Moscow Internet Voting System
This work addresses a critical security flaw in a real-world voting system, though it is incremental as it builds on prior fixes.
The authors identified a semantic security vulnerability in the updated ElGamal encryption implementation of the Moscow Internet voting system, which could potentially allow attackers to count votes for candidates.
The next Moscow City Duma elections will be held on September 8th with an option of Internet voting. Some source code of the voting system is posted online for public testing. Pierrick Gaudry recently showed that due to the relatively small length of the key, the encryption scheme could be easily broken. This issue has been fixed in the current version of the voting system. In this note we show that the new implementation of the ElGamal encryption system is not semantically secure. We also demonstrate how this newly found security vulnerability can be potentially used for counting the number of votes cast for a candidate.