Friday, July 3, 2020

Backdoor in Russian Blockchain Revealed How People Voted on Constitutional Amendments in Real Time

Russians recently voted on constitutional amendments the main purpose of which was to keep Vladimir Putin in power until at least 2036. In Moscow and Nizhny Novgorod, people had an option to vote electronically on Exonum-based blockchain system created by Moscow’s Department of Information Technologies with the help of Kaspersky Lab. Here is how the keys for decrypting votes could be retrieved using the HTML code of the electronic ballot even before the polls closed.

Votes were encrypted with a deterministic algorithm (TweetNaCl.js cryptographic library) which generates the same cryptographic key for both encoding and decoding the vote. That’s why Russian news outlet, Meduza, deciphered the two keys for the “yes” and “no” votes while the voting was still in progress.  These cryptographic keys allow to decode any vote. Meduza even published instructions on how to decipher your own code from Google Chrome's settings panels:

That helps explain why Russian gov’t, despite its aversion to blockchain and decentralization of power in general, suddenly decided to dabble in blockchain voting. It was presented to the public under the sauce of increasing transparency for the “independent” observers to verify the correct vote count. The reality is that this Russian twist on blockchain voting provides transparency to check who voted how.

Putin Orders the Issue of Russia's National Cryptocurrency – the CryptorubleThis is important to Russian gov’t. Ask any Russian (who actually lives there) and most will tell you it’s common practice for employers to pressure their employees to vote for the sitting president and the ruling party. Before blockchain voting, to verify the “correct” vote, the employee could be required to take a photo of his marked ballot from inside the voting booth. Lots of similar methods are used but they are flawed because, even after the employee shows you a cell phone photo of a pre-marked ballot, there is no guarantee that they actually dropped it inside the box. Requiring voters to take videos is too cumbersome to scale.

That's why buggy blockchain is superior to intimidating voters with pre-marked ballots. Because all interested parties can see exactly who is voting how in real time.

So that’s how Russia utilizes latest cutting edge technology to increase voting transparency.