This September’s elections for the Moscow City Duma have already gained renown for inspiring regular mass protests, but they are also remarkable for another reason: In three of the Russian capital’s districts, voters will be able to use an online system to select their new representatives. Moscow’s Information Technology Department held intrusion tests on GitHub in late July to verify the integrity of the system: Officials gave programmers several opportunities to attempt to decrypt mock voting data, and each round of data was subsequently published so that it could be compared to the results of those hacking attempts. On August 16, Meduza reported on French cryptographer Pierrick Gaudry’s successful attempt to break through the system’s encryption. To confirm that the encryption keys used in the system are too weak, we also implemented Gaudry’s program ourselves. City Hall officials responded to the successful hackings by refusing to post its private keys and data, thereby preventing outsiders from confirming that the system had indeed been hacked. Instead, Ekho Moskvy Editor-in-Chief Alexey Venediktov, who is also leading the citizens’ board responsible for the elections, accused Meduza of abusing the testing process. Here’s why he’s wrong.
The claim
On August 21, during the latest round of testing for Moscow’s online voting system, Alexey Venediktov said the following:
“It’s all very simple. This is what Gaudry explained to me. How did Meduza abuse the system when they said they hacked it? They took the private key that our technical group put out, and then they cracked the code! We won’t publish that key — I’ve forbidden it — until all the votes are counted. So they can’t say they hacked us. If you want to hack us, hack us! Who’s stopping you? They say they hacked us. But they took the private key our technical group put out. It’s just dishonest. And Mr. Gaudry explained all this to me. Because that’s exactly what he did himself.”
Get the backstory
What Gaudry did and Meduza replicated
Contrary to Venediktov’s arguments, neither Gaudry nor Meduza “cracked the code” using a “private key” that was already “put out.” First and foremost, that’s because Venediktov’s version of events makes no sense in the context of cryptography: If you already have a private key, you can decrypt data that has been encrypted using that key’s public pair right away. In other words, if we really did have a “private key” from the start, we wouldn’t have had to “crack” anything.
In fact, what both Gaudry and Meduza did was simply complete the testing challenge Moscow City Hall issued to check the strength of its encryption system. Here’s how that challenge was set up:
- City Hall creates a mock dataset.
- The dataset is encrypted using a public key.
- The public key and encrypted data are both posted online.
- City Hall gives the public time to try to hack the system and decrypt the data.
- City Hall posts the “answers” to the challenge — that is, the private key and the initial data.
Because the keys Moscow officials used were too weak (and too short), both Gaudry and Meduza were able to decrypt the test dataset in only 20 minutes. In actual election conditions, that would theoretically allow hackers to track voting results almost in real time well before polls officially close.
Does Meduza have a secret key to Moscow’s elections now?
No. The challenge Moscow officials posted on GitHub was a test that used its own mock data and its own test keys. The results Meduza and Gaudry obtained have no bearing on the actual elections or even the new round of testing that began on August 21. Hacking those datasets was never the goal. Instead, the goal of this exercise was to demonstrate that the Moscow government’s voting encryption system itself was weak and should be strengthened.
So what did Venediktov stop the city from posting until all votes are counted?
We don’t know for sure, but it seems that he was talking about the “solution” to the testing challenge. Every time City Hall posts a new challenge, it simultaneously publishes the “solution” (that is, the private key and the initial data) for the previous challenge. Posting the private key and the dataset for the testing round Gaudry and Meduza solved would enable other journalists and the general public to verify that the city’s encryption really was successfully hacked.
When City Hall posted the materials for a new round of testing on August 18, however, it did not publish the “solution” to the round that was posted on August 7 (i.e., the round Meduza solved). In other words, City Hall refused to publish data that had nothing to do with Moscow’s actual elections but would have enabled the public to confirm that the city’s online voting system is eminently hackable.
Artyom Kostyrko, the second-in-command at Moscow’s Information Technology Department, explained on August 21 that “there was a problem in there on [August] 7th” but promised that the private key from the challenge would be published as usual. Immediately after Kostyrko made that announcement, Venediktov, who was sitting directly to his left, declared that the key would not, in fact, be published.
Footage from the discussion clearly shows Kostyrko deliberating about whether or not to interrupt Venediktov’s subsequent arguments:
Kostyrko, who actually appears to understand how the encryption system works, ultimately did not say anything to correct Venediktov’s errors.
Did Moscow change its online voting system after the system was hacked?
Yes. The latest round of testing for the system features a longer and more secure encryption key. This modified encryption system will not be possible to hack in the span of 20 minutes. In other words, Moscow City Hall practically acknowledged that there was a vulnerability in its voting system and implemented changes to eliminate that vulnerability.
Update: After this fact check was published in Russian, Alexey Venediktov said on Ekho Moskvy, the radio station he leads and co-owns, that “nothing was hacked” but that Pierrick Gaudry “prevented [the online voting system] from being hacked” and may therefore receive up to $15,000 from the funds set aside as rewards for hackers in the testing process. Venediktov also argued that “some of my colleagues have sworn that our system is hackable in 20 minutes” but that its encryption has in fact never been successfully broken. He was apparently referring to the August 16 report by Meduza in which the system was indeed hacked. However, the encryption system for Moscow’s online voting has been strengthened since that report was published, and tests for the newly strengthened system are currently ongoing.
Translation by Hilah Kohen
Public key
Asymmetric cryptography uses two keys: a public key and a private key. In Moscow’s voting system, the public key is used to encrypt data, and the private key is used to decrypt it. Specifically, during the election, a public key will be sent to each voter’s device so that a special program can encrypt their ballot on the spot before sending the encrypted voting data to a server. A private key will then be used after the voting period is over to decrypt the results.