An Attack on the the Encryption Scheme of the Moscow Internet Voting System
Alexander Golovnev
TL;DR
This paper analyzes the security flaws in Moscow's Internet voting encryption scheme, revealing that the updated ElGamal implementation remains vulnerable and can potentially be exploited to count votes.
Contribution
The paper demonstrates that the revised ElGamal encryption used in Moscow's Internet voting system is not semantically secure and discusses potential exploitation methods.
Findings
The new ElGamal implementation is not semantically secure.
Vulnerability can be exploited to count votes.
Security flaw persists despite recent fixes.
Abstract
The next Moscow City Duma elections will be held on September 8th with an option of Internet voting. Some source code of the voting system is posted online for public testing. Pierrick Gaudry recently showed that due to the relatively small length of the key, the encryption scheme could be easily broken. This issue has been fixed in the current version of the voting system. In this note we show that the new implementation of the ElGamal encryption system is not semantically secure. We also demonstrate how this newly found security vulnerability can be potentially used for counting the number of votes cast for a candidate.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsInternet Traffic Analysis and Secure E-voting · Network Security and Intrusion Detection · Cryptography and Data Security