In the Swiss e-voting system, a second critical crypto vulnerability was found to be exploitable to hide voting manipulation, researchers revealed on Sunday.
In February, the Swiss government, specifically Swiss Post, announced the launch in its electronic voting systems of a public bug bounty program. There have been awards of up to $50,000 and over 3,000 hackers from all over the world signed up for the program which ended on 24 March. Since 2004, Switzerland has conducted e-voting trials, and Swiss Post believes it now has a fully verifiable system that can make electronic voting widely available in Switzerland.
However, it is found that the system components designed to ensure that votes that had already been thoroughly tested have not been manipulated have certain potentially serious vulnerabilities. Two teams of researchers reported earlier this month that they discovered independently a crypto-related vulnerability which might have been used for undetectable voting handling.
Scytl, a Spain-based provider of electronic voting solutions that develops the Swiss government system, claims to have addressed this problem. The researchers have however said that they did not see the patched source code so that their claims could not be verified. The failure also affected the systems used by Scytl in New South Wales, Australia (NSW).
All the parties involved downplayed the effect of the defect and argued that it was difficult to operate an external attacker, since deep access to the Swiss Post’s IT infrastructure and extensive system knowledge required. However, the researchers pointed out that the system of e-voting should also be resistant to inside manipulation and the vulnerability showed that it was not.
The Swiss e-voting system is designed to mix votes to protect the privacy of individual votes. The servers responsible for this shuffling process should be able to demonstrate that the input voting corresponds exactly to the output votes in order to ensure that the number of votes is not altered.
The first vulnerability of researchers was related to this process-votes could be added or deleted, but apparently no manipulation was demonstrated. The second weakness, which the scientists described as “critical,” has to do with the votes themselves.
Every vote is encrypted and a zero-knowledge-proof encryption method is used to ensure that the electoral body does not declare an option other than what the voter has chosen. “Zero knowledge means that the decryption key does not reveal anything, so voting privacy is protected. And evidence means observers can perform the verification algorithm to ensure that the vote claimed is really what’s hidden inside the encryption, “Vanessa Teague, University of Melbourne associate professor and one of the experts involved in this research, said.
“But our research found that this evidence is not sound. Evidence that passes verification can be produced but changes the content of the encrypted vote. It’s kind of like leaving the voting box observable all day, but it can somehow slip several votes into the count, “Teague added. “This is a technique process-but it is possible for anyone with access to the right part of the voting system.”
Unlike the first problem, the exploitation, cryptography expert Sarah Jamie Lewis, the executive director of the privacy-focused non-profit Open Privacy organization and one of the research participants, explained that it is a trace.
On Twitter, Lewis revealed that they also identified other “major problems.” The researchers disclosed their findings in technical detail and published proof-of-concept (PoC) code. She believes that these problems are not isolated and not easy to resolve. It was notified both to Swiss Post and to the NSW Electoral Commission.
The Swiss Post has yet to comment on the results, but the NSW Electoral Commission is confident that it will not affect its own systems. It should be noted that these defects have not been reported to Swiss Post in the bug bounty program.