Russia’s Blockchain Voting System Let Users Decrypt Results Before Count
Russia’s blockchain-based voting system for the constitutional amendments had a vulnerability that reportedly made it possible to decipher votes before the official count.
Constituents could decipher their own private keys
According to research by Russia-language news outlet Meduza, when the constituents casted their vote via a special website, the results would get encrypted by a JavaScript library called TweetNaCl.js.
This is an implementation of the “Networking and Cryptography,” or NaCi, cryptography library created by the mathematician Daniel J. Bernstein and cryptographers Tanja Lange and Peter Schwabe.
Per Meduza, the voting system relied on the so-called deterministic encryption, meaning that using the same parameters lead to identical ciphertexts. Both the sender and the receiver received a shared key, which could be used for encryption or decryption of the message.
That means that any constituent could theoretically decipher their own vote before it would get decrypted by the electoral commission, or even allow third parties to do so. In order to do that, the voter had to save their private key.
To retrieve the private key, the constituent had to go to the e-bulletin page, open the developer console in their web browser and make a minor adjustment to the election.js library (add logpoint, enter: voter secret key is’, encryptor.keyPair.secretKey) and then cast their vote.
Meduza conducted an experiment where all participants retrieved their private keys, and were reportedly able to decipher all of the votes as a result.
There is a positive side to the bug
According to the publication, the vulnerability theoretically allows employers to make sure that their employees voted, and even check their votes after inducing them to save their private keys. There have been reports suggesting that state-funded entities in Russia push their employees to vote at the government’s request.
On the other hand, the same bug could be used to increase transparency of the vote in the scenario where the electoral commission refuses to publish the decryption of each vote (as it did after Moscow City Duma election in 2019, where blockchain was also supposedly used).
Meduza elaborated, “For example, supporters of one specific candidate may agree to install the same browser extension. That way, they can track the minimum number of votes that their candidate should definitely get after the count”.
77.9% voted for the amendments, allowing Putin to rule until 2036
E-voting took place from June 25 to June 30 for residents of Moscow and Nizhniy Novgorod, and was based on the Exonum blockchain platform developed by Bitfury. The remaining regions could only vote offline.
The referendum itself ended yesterday, on June 1. With all the ballots counted earlier today, 77.9% voted for the reform package and 21.3% against, according to the electoral commission.
As for the e-vote results, 62.33% of the Moscow voters supported the amendments and 37.37% opposed it. In Nizhniy Novgorod, the results were somewhat similar: 59.69% and 40.31% of the constituents voted “for” and “against” respectively.
Notably, one e-bulletin was deemed invalid. As explained by a Moscow government official, the voting user stopped “the transaction between a mouse click and getting it into the crypto library of his computer.” Since the blockchain can only take “yes” or “no” for an answer, the system allegedly marked the said vote as invalid during decryption.
As per the Constitutional amendments, Vladimir Putin’s term limits will be reset in 2024, meaning that he may remain president until 2036.