Cryptographic flaws in an electronic voting system proposed for use in Switzerland would allow “undetectable vote manipulation”, security researchers concluded today.
Sarah Jamie Lewis, Olivier Pereira and Vanessa Teague found that the proposed Swiss e-voting system (built by Barcelona-headquarted Scytl) was open to manipulation owing to weaknesses in how encrypted electronic votes are “shuffled” to protect voter privacy.
The vulnerability could, in the worst case, allow “massive and centralized election fraud” cryptography expert Matthew Green noted.
The @swisspost folks are going to write this off as a “bug” and a successful result of their bug bounty program. But don’t let that fool you. This is the equivalent of installing the shock absorbers backwards when you’re building a nuclear plant on top of the San Andreas fault.
— Matthew Green (@matthew_d_green) March 12, 2019
Bizarrely, SwissPost, which was hoping to support elections across the country using the system, said the error was already identified in 2017.
“However, the correction was not made in full by the technology partner Scytl, which is responsible for the source code. Swiss Post regrets this and has asked Scytl to make the correction in full immediately which they have now done.”
Computer Business Review has called and emailed Scytl requesting an explanation. Scytl’s existing systems have been used to manage over 100,000 electoral events electronically across more than 20 countries, including the USA, Mexico, France, Norway, Switzerland, Austria, BiH and India, the company says.
Swiss e-Voting System: Malicious Admin Could Manipulate Votes
The system tested also assumes a benign actor on the server side of the system, meaning an authority administrating (or a hacker penetrating) one of the system’s servers could manipulate votes whilst maintaining a clean audit trail.
Their paper, “the use of trapdoor commitments in Bayer-Forth proofs and the implications for the verfiability of the Scytl-SwissPost Internet Voting System” concluded: “A malicious administrator or software provider… could manipulate votes but produce a proof transcript that passes verification.”
The findings did not come as part of a widely publicised bug bounty programme promoted by Swiss Post on February 7. The researchers were caustic on that bounty programme, saying its disclosure terms were restrictive.
“If we really are set in living in a world with evoting then we need to come to terms with the scale of the challenge, understand that puffery, redacted audits and bug bounty marketing stunts have no place in building secure infrastructure”, Sarah Jamie Lewis – Executive Director at Open Privacy – wrote on Twitter.
She added: “We need to understand that it is unacceptable that the same organization that stands to benefit from running evoting infrastructure should be in a position of deciding what and when researchers can disclose issues.”
This finding raises several important questions. This system has apparently been audited multiple times, and both Scytl and Swiss Post have not been shy about their confidence in this system. Why did those audits miss this critical issue?
— Sarah Jamie Lewis (@SarahJamieLewis) March 12, 2019
The findings come despite the system have been through several audits.
It comes as Switzerland looks to roll out e-voting across the country following extensive trials. SwissPost published the source code for the system last month (a legal requirement) offering a bounty of up to CHF150,000 for major vulnerabilities.
“If someone did want to introduce an opportunity for manipulation, the best method would be one that could be explained away as an accident if it was found. We simply do not see any evidence either way”
The researchers said they did not believe the vulnerability was a deliberate one. “Rather [It is] entirely consistent with a naive implementation of a complex cryptographic protocol by well-intentioned people who lacked a full understanding of its security assumptions and other important details.”
“Of course, if someone did want to introduce an opportunity for manipulation, the best method would be one that could be explained away as an accident if it was found. We simply do not see any evidence either way.”
Scytl responded: “The code has already been updated by using the random verifiable mechanism that was already implemented in the voting system but had not been activated. The e-voting system currently in use in various cantons is not affected by this situation. The finding exclusively concerns universal verifiability properties, which have never been used in a real election in Switzerland so far.”
“Security and transparency have always been a cornerstone for Scytl. The recent publication of the source code as well as the public intrusion test are part of the company’s commitment to ensuring secure and transparent online voting processes. We are thankful to those researchers who helped us identify this issue and support us in building the future of secure online voting.”
SwissPost said: “To exploit the weak point the attacker had to override numerous protective measures. They needed control over Swiss Post’s secured IT infrastructure, for example, as well as help from several insiders with specialist knowledge of Swiss Post or the cantons.”
This may not reassure all parties. As Sarah Jamie Lewis wrote after the source code was first released: “I wish the swiss election team the best of luck in ensuring that the thousands of new, highly configurable, ZKP code, written in Java, decomposed over hundreds of files, is up to the standard of securing national elections.”