,
28 tweets,
7 min read
Read on Twitter
It is 9am Swiss Time, @VTeagueAus, Olivier Pereira & I are releasing details of a cryptographic trapdoor that we found in the Swiss Post #evoting system that would allows admins to falsely "prove" mixes that alter votes & undetectably compromise elections: people.eng.unimelb.edu.au/vjteague/Swiss…
Along with a detailed paper describing the issue (people.eng.unimelb.edu.au/vjteague/Unive…), we have also released sample false proofs that demonstrate how someone could exploit this trapdoor to change election outcomes.
I am going to use this thread to provide my own opinions on this issue, and how it fits into the wider context of evoting. It's 1am in Vancouver, but I will be awake for a little while.
As a note: We did not participate in the bug bounty, but we did provide advanced notice of our findings to Swiss Post as a courtesy. I will get into this in a little while.
I initially commented on this system a few weeks ago. I pointed out several concerning areas that triggered red-flags. Let us take a moment to remember how Scytl and Swiss Post responded to those observations:
This finding raises several important questions. This system has apparently been audited multiple times, and both Scytl and Swiss Post have not been shy about their confidence in this system. Why did those audits miss this critical issue?
We don't believe that this trapdoor was deliberately inserted (although if you *did* want to put a backdoor in an election system...) Swiss Post have stated that this *was* a mistake, it was known about since 2017, but that Scytl had failed to fix it:
post.ch/en/about-us/co…
post.ch/en/about-us/co…
So how did this trapdoor come to exist in the code? This code is being held up as "state-of-the-art", and yet the system contained at least one critical cryptographic vulnerability - apparently left open for years.
As researchers we have spent a lot of time over the last few weeks working on this, but we still only focused on a small portion of a much larger system. There are very important questions to be asked about what other issues lurk in both the specification and the implementation.
- Comedy Break -
Narrator: It was not.
Narrator: It was not.
If we really are set in living in a world with evoting then we need to come to terms with the scale of the challenge, understand that puffery, redacted audits and bug bounty marketing stunts have no place in building secure infrastructure.
As I stated, we did not participate in the bounty. I feel that Swiss Post's terms and conditions were & are incompatible with the necessity for the public to be told about critical issues, like this one.
We need to understand that it is unacceptable that the same organization that stands to benefit from running evoting infrastructure should be in a position of deciding what and when researchers can disclose issues.
That last point is very important in the context of an issue like the trapdoor we discovered. Do not let people minimize this issue. This isn't "some random hacker can steal an election" this is "SwissPost can prove they didn't steal an election, even if they did"
Media Break: This article by @KimZetter about this research: motherboard.vice.com/en_us/article/…
Let us not downplay this. This code is intended to secure national elections. Election security has a direct impact on the distribution of power within a democracy. The public has a right to know everything about the design and implementation of the system.
Media Break: Some more analysis of this finding from @RepublikMagazin republik.ch/2019/03/12/gra…
I see that the official spin on this whole thing is that this was a successful result of the public intrusion test. I disagree completely with that characterization.
I can't tell the people of Switzerland what to do. They have to guide their own democracy. But I can suggest, that given the circumstances, they investigate mechanisms to halt further adoption (evoting-moratorium.wecollect.ch/de) until the many critical questions have been answered.
Why did previous audits not catch this? If they did, as is claimed, why does the issue still exist 2-3 years later? Are those answers true for the many thousands of other lines of code?
And it is worth pointing out that this is bigger that Switzerland. Other countries are moving towards evoting, many are adopting systems that are related to this code base (how they are related is another big question worth asking).
I'm not here to tell you what to think, but I am here with a whole list of questions that I think are very important to answer if governments are really serious about giving these evoting systems the power to decide who controls a nation.
Interestingly I've talked to several journalists today & not one asked me what I think is one of the more interesting questions:
"Do you know of other issues in the code?"
"Do you know of other issues in the code?"
The answer is yes. I do. They are not as critical as this issue, but they are there. This code is simply not up to the standard we should require of critical public infrastructure.
Amazing how quickly "people in unofficial channels who don't understand cryptography" becomes "We are thankful to those researchers who helped us identify this issue "
Probably worth linking to the thread that started me down the path that lead to many long nights of analyzing code:
I should also add that even though, according to some Swiss media over the last few weeks, I "look like someone who would have been burned at the stake" I want to assure you all that this isn't deep magic, it's just math.
Statement from the Swiss Federal Chancellery on this issue: bk.admin.ch/bk/de/home/dok…
