Russian officials announced the Moscow City Duma election would use a blockchain voting system for the first time to secure elections. To test the security of the system prior to accepting real votes, Moscow officials offered a prize on Github. They promised a cash prize to anyone who could successfully ‘crack’ the new voting system.
Pierrick Gaudry, from Lorraine University, was able to break the Ethereum-based smart contract encryption in only 20 minutes using nothing more than an average desktop computer and free, publicly available software. Gaudry estimates more modern equipment and sophisticated techniques could crack the encryption in only 10 minutes.
The United States is talking about reverting to paper ballots in favor of electronic voting. Is the dream of a completely secure, electronic voting system dead? I don’t think so — this is simply Russia’s latest assault on the truth.
In this article
- The problem with US electronic voting systems
- Estonia’s success with electronic voting
- Moscow’s blockchain voting experiment
- The long con continues
The problem with US electronic voting systems
According to the New York Times, the Senate Intelligence Committee concluded Russia attempted to infiltrate electronic voting systems in all 50 states in the 2016 election.
According to Vox, the ‘labyrinth’ voting process,
… is overseen by a mix of state and local governments that use different machines, software, and processes to count votes.
It was thought by election officials, such a mix of disparate systems would make electronic infiltration nearly impossible. It turns out the officials were wrong.
Although there is currently no evidence votes were changed by the Russians, we do have proof Russians were able to view voter registration records.
This is worrying, but that IS the point. Russia specializes in the disinformation game. They don’t need to change votes, they only need to make you think the election results are ‘rigged’.
Estonia’s success with electronic voting
Democracies around the world should be closely looking at Estonia. Estonia has long-embraced blockchain technology and is the pioneer in electronic voting technology.
But it wasn’t always this way. It was only by a twist of fate that Estonia became the blockchain powerhouse that it is today.
Think back to the Soviet Union. The red menace. The better dead than red era – it’s not so long ago
Estonia was part of the Soviet Union for nearly five decades. In 1990, Estonia said goodby to their Soviet comrades, and by 1991, Russia recognized Estonia’s independence, ending 48 years of Soviet occupation.
This left Estonia in an interesting situation. Absolutely every piece of technology and telecommunication hardware was polluted and completely infiltrated by what was left of the KGB (which incidentally also broke up in 1991). Let me break that down for you – every piece of telecommunication hardware – phone or internet – every communication – spoken or typed – was completely open to Russian spies and almost certainly recorded.
After so many years of occupation by the Soviets, there was one thing Estonia knew for sure; if they wanted a secure state, free of Russian interference, they would have to tear out everything touched by the Russians — root, and stem.
And that’s exactly what Estonia did. The only Soviet-era telecommunication equipment left in the country today is in museums. Everything else was torn out and destroyed. Nothing could be trusted as secure if it had been installed by one of the many Estonian puppet leaders over the years.
This gave Estonia a clean telecommunication slate to build on. Ultimately this led Estonia to be an early adopter of blockchain. Estonia needed a way to communicate and securely save government, voter, and medical records.
Estonia needed a way to keep the Russians out of their affairs.
Blockchain technology is one of the tools that has made keeping Russia out, a reality. Estonia implemented secure, electronic nation-wide i-voting in 2005. To put this achievement in perspective, i-voting in Estonia pre-dates the invention of Bitcoin.
Today, Estonia’s entire government and every citizen’s identity is secured on the blockchain and the entire country is backed up (yes, you read that right) backed up in Luxembourg. Estonia keeps no paper records. Everything is digital, everything is secured with encryption, and everything is backed up in another country to ensure record safety.
Voter registration, votes, everything …
As an interesting side-note, Estonia removes personal data of any kind from a citizen’s vote in an election. However, if a citizen changes their mind about a political candidate (of course before the election is over) a citizen can change their vote over the Internet, with no other human interaction. The entire process is securely automated. No Russian hacker can interfere with the process.
Moscow’s blockchain voting experiment
So, what happened in Moscow?
Moscow programmers decided to use three short private keys (basically passwords) instead of one long private key to secure Moscow voting data.
Three private keys sound better than one private key, right?
After cracking the Moscow system, Gaudry couldn’t explain why ‘cryptography experts’ would be so stupid.
“This is a mystery. The only possible explanation we can think of is that the designers thought this [using 3 private keys] would compensate for the too small key sizes of the primes involved. But 3 primes of 256 bits are really not the same as one prime of 768 bits.”
(I know I’m over-simplifying private keys but it’s important you understand the BIG picture rather than get swamped in the details).
Simply speaking, the Russians inexplicably made three really weak passwords to secure Moscow’s voting data. It would be like choosing;
‘Password’, ‘123’, and ‘Russia’
as your three-word password to protect national voting data from being changed, or the votes of voters being made public. Naturally, at first it may seem three passwords are better than one, but one really good private key is nearly invulnerable to hacking.
It is therefore estimated, that standard desktop computing power would take 4,294,967,296 x 1.5 million years to break a DigiCert 2048-bit SSL certificate. Or, in other words, a little over 6.4 quadrillion years. Learn more.
Lance Gutteridge published an article on Medium in late 2017, about banking-standards for encryption (128-bit encryption). Read that again, please – 128-bit encryption. This standard has been in place even well before I owned my own fin-tech company back in the early 2000's.
From Lance’s article;
So to crack a 128-bit key with modern hardware is going to take around 500 billion years. Moore’s law says that computers get twice as fast every 2 years. In cryptography terms that means that advances in computer power will give you one extra bit every two years.
The question is, why would the Russian government purposely choose an inferior encryption method to secure their elections?
The Long-Con continues
Russia created this farce to cast doubt on blockchain security. Russia wants the world to believe elections cannot be secured from Russian interference. They want the world to doubt blockchain as well as the results of elections they protect.
Is anyone fooled by this? Russia, the country famed for screwing with elections across Europe and the Americas using Soviet-style propaganda, disinformation, bots, troll farms, misinformation, lying, gaslighting, coercion, murder, …
Don’t get me wrong. I’m not blaming Russia for their desire to use asymmetrical warfare against their enemies (perceived and real). Hell, I admire Putin’s grit, and I’m dismayed by the weakness and stupidity of our politicians in the West to fight back.
- But are we seriously supposed to believe, a country who has successfully infiltrated the voting apparatus of every single state in the United States can’t figure out how to secure their own electronic voting?
- Are we seriously supposed to believe, a country who used to OWN Estonia and now is completely shut out of their electronic voting system can’t figure out how to secure their own electronic voting?
- Are we seriously supposed to believe, a country with the technological experience and expertise the Russians currently have, released their code on Github, offered a prize to hackers to hack their new voting system, and got cracked in 20 minutes?
How stupid does Russia think we are?
Secure, blockchain-protected voting, when property encrypted, is tamper-proof.
This ‘security breach’ story is nothing more than another idiotic Russian disinformation campaign. The whole reason for this charade is to cast doubt.
Uh oh, I’m not sure if blockchain cryptography is secure. The Russians were hacked! And they used 3 passwords!!
Here’s the truth – the Russians created three (easily crackable) keys as a talking point for lazy, stupid, bought, or otherwise compromised Western politicians to reference, to misdirect the public.
(Sadly, Wired has alredy fallen for this idiotic Russian misdirection. Wired, please do a little reasearch!)
Here’s another truth – Blockchain is not perfect. With enough computing power, blockchain cryptography can be cracked … but not with today’s technology.
Let me say that again. If governments follow proper cryptography protocols, blockchain cryptography cannot be cracked with today’s technology. So how was Moscow’s election voting system cracked in only 20 minutes?
Let me explain this simply and at the risk of a ‘uranium injection’, Russia is screwing with you. If they wanted to secure Moscow elections, they would secure Moscow elections. But let’s get real. Putin doesn’t need, nor want secure Moscow, secure Russian, secure European, or secure North American elections.
In fact, Russia wants the opposite. Russia needs complete confusion, anger, fear, and doubt if they want to have any significant influence in world politics in the future.
I’m Edward Iftody — If you’d like to read more about cryptocurrency and blockchain, you can learn more at www.blockchainin.asia