French security researcher Pierrick Gaudry found that the Moscow blockchain voting system, which is scheduled to be used next month, has serious vulnerabilities and can calculate the private key based on the public key. The private and public keys are used to encrypt user votes in the election. The main problem is that the key length is too short, and modern computers can be cracked in a short time. It is unclear what the attacker can do with the key, and the researchers believe that the identity of the voter may be exposed. The French researcher said:
“Without having read the protocol, it is hard to tell precisely the consequences, because, although we believe that this weak encryption scheme is used to encrypt the ballots, it is unclear how easy it is for an attacker to have the correspondence between the ballots and the voters.
In the worst case scenario, the votes of all the voters using this system would be revealed to anyone as soon as they cast their vote.”
The Moscow Information Technology Department promised to address the issue, and the department’s spokesperson acknowledged that the 256×3 private key length was not secure enough and they planned to change the key length to 1024 bits. But 1024 bits are obviously too weak, Gaudry thinks the key length should be at least 2048 bits.