Open Media reports that Moscow’s Information Technologies Department has announced an auction to build an ethereum-based system that will host the electronic services now offered to Muscovites. The estimated cost of development is stated as 57 million Russian rubles, or around $860,000.
Russia’s capital is looking for a contractor to build a blockchain system to host the city’s administrative services.
The list of services to be hosted on the platform includes issuance of documents relating to property owners and residents, and allocation of slots at the city’s farmers markets. The system is to be based on proof-of-authority consensus and have a maximum capacity of 1.5 million simultaneous viewers.
Building the platform is expected take 60 days once the contractor has been chosen and the agreement signed, according to the terms. The IT Department said it aims to increase public confidence in Moscow’s electronic services by boosting transparency using blockchain.
The platform is also to be integrated with other blockchain experiments currently undertaken by the Moscow city government, including a voting platform dubbed Active Citizen that lets Moscow residents express preferences on matters such as locations for new bike paths and street decoration, or rating city events.
The city has been testing Active Citizen since 2017. There’s also a plan to allow a number of districts to vote electronically during this autumn’s city legislature elections, also using blockchain tech, according to an official announcement. The option will be available to approximately 6 percent of voters.
Another trial, a system for assigning spots at the city’s farmers market on the ethereum blockchain, was launched in 2018, CoinDesk reported at the time. Over 2,700 trading stands during the April to November market season are normally up for grabs, but about 20,000 people usually bid.
Moscow Blockchain Voting System ‘Completely Insecure,’ Says Researcher
A blockchain-based system that will be used to allow Moscow residents to vote in municipal elections this autumn is very easy to hack, according to a research note from a French cryptography expert.
Titled, “Breaking the encryption scheme of the Moscow internet voting system”, the paper by Pierrick Gaudry, a researcher from French governmental scientific institution CNRS, looked at the encryption scheme used to secure the public code of the Moscow city government’s ethereum-based e-voting platform.
Gaudry concluded that encryption scheme used in part of the code “is completely insecure, explaining:
“It can be broken in about 20 minutes using a standard personal computer, and using only free software that is publicly available. More precisely, it is possible to compute the private keys from the public keys. Once these are known, any encrypted data can be decrypted as quickly as they are created.”
To be clear, the issue is not with the ethereum code used as a basis for the platform. The encryption used in the Moscow system, the researcher said, is a variant of ElGamal and uses keys that are “less than 256 bits long.”
“This is way, way too short to guarantee any security”, Gaudry said.
As stated on the city administration’s website, voters from three constituencies can choose to use the system to elect deputies to the Moscow City Duma, or parliament, on Sept. 8.
For the trial effort, the site claims:
“Moscow electronic elections guarantee complete anonymity and secrecy of the vote. No one can associate an electronic return with the name of the voter.”
In fact, Gaudry said, “in the worst-case scenario”, the poor level of encryption at present would mean details of all voters’ choices “would be revealed to anyone as soon as they cast their vote.” He added though that, not having read the protocol for the system, the consequences of a potential hack are hard to pinpoint.
To be fair to the development team, the system had been the subject of a “public intrusion test” aimed to spot any such issues late in July with Gaudry using the source code made available on Github.
Gaudry did reach out to the Moscow Department of Information Technology team developing the voting system about the security weakness. They acknowledged that the cryptographic keys are not currently sufficiently secure, and said they would be upgraded to 1,024 bits soon.
