We finally have a statement from @Scytl on the suspension of the @swisspost evoting system because of multiple critical vulnerabilities (mostly: "This vulnerability could allow a voter to cast an invalid vote which would not be detected by the voter")

scytl.com/en/statement-r…

"Scytl acknowledges the valuable input provided by the researchers who have participated in this initiative and more concretely to the ones that detected the issues in the source code."

We have names Scytl.

"No other Scytl solutions are affected by this recent finding."

Given that other Scytl solutions *were* impacted by our previous finding (the mixnet with the trapdoor) it's surprising that none are impacted by the weak ZKP implementations. Sadly there is no code to check.

I think it is fair to contrast this statement with the original statement they made about comments on their source code, in which they criticized our conduct and stated we had "misunderstandings related to the cryptographic mechanisms"

No apology still.

scytl.com/en/statement-r…

"It is indeed because the cryptographic protocols have achieved complete verifiability that the source code has been published, with the confidence that no attack might compromise the secrecy of the ballot box and the integrity of the election results."

Worth remembering.

We cannot judge the accuracy of statements made by Scytl. It is only because we spent the time to pick apart the source code (after getting criticized for doing that) that we found issues that directly contradict not just previous statements but the whole auditing process.

This is a "We take the security of your democracy very seriously" statement.

It's disingenuous. It's unapologetic.

Any government that decides to entrust Scytl with their democracy after all of this should be regarded with intense suspicion & placed under harsh scrutiny.

Every. Single. Zero. Knowledge. Proof. Implementation. In. The. Scytl. System. Has. Critical. Issues.

Every. Single. One.

The Shuffle Proof - Cryptographic Trapdoor leading to a break in Universal Verifiability - people.eng.unimelb.edu.au/vjteague/Unive…
The Maurer Framework - Weak Fiat-Shamir, leading to broken Decryption Proofs people.eng.unimelb.edu.au/vjteague/HowNo… & break in Individual Verifiability people.eng.unimelb.edu.au/vjteague/HowNo…

The OR Proof - shouldn't have been there at all, failed verification check leading to a completely broken Verifier. people.eng.unimelb.edu.au/vjteague/HowNo…

Every other zkp protocol implementation in the code is made up of one or more of the above.

We (@VTeagueAus, Olivier Pereira and I) found issues in every. single. one. In many cases we generated fraud proofs that would pass a real instantiation of the verifier, and provided some tests that would pass despite providing clearly fraudulent inputs.

The idea that no other critical issues exist in that code base would directly contradict every piece of evidence up to right now. The idea that other similar issues don't exist in other Scytl solutions that haven't been subjected to the same transparency is laughable.

It is 2019, election hacking is a very real risk. Most of the adversaries that you have to worry about are not a tiny team of sleep-deprived academics and underfunded non-profit researchers.

Let's be brutally honest here, our team did amazing work, but it's a drop in the ocean.