research-article

Russian Federal Remote E-voting Scheme of 2021 – Protocol Description and Analysis

Authors:

Jelizaveta Vakarjuk,

Nikita Snetkov,

Jan WillemsonAuthors Info & Claims

EICC '22: Proceedings of the 2022 European Interdisciplinary Cybersecurity Conference

Pages 29 - 35

https://doi.org/10.1145/3528580.3528586

Published: 21 July 2022 Publication History

Abstract

This paper presents the details of one of the two cryptographic remote e-voting protocols used in the Russian parliamentary elections of 2021. As the official full version of the scheme has never been published by the election organisers, our paper aims at putting together as complete picture as possible from various incomplete sources. As all the currently available sources are in Russian, our presentation also aims at serving the international community by making the description available in English for further studies. In the second part of the paper, we provide an initial analysis of the protocol, identifying the potential weaknesses under the assumptions of corruption of the relevant key components. As a result, we conclude that the biggest problems of the system stem from weak voter authentication. In addition, as it was possible to vote from any device with a browser and Internet access, the attack surface was relatively large in general.

References

[1]

Andrew W Appel, Maia Ginsburg, Harri Hursti, Brian W Kernighan, Christopher D Richards, and Gang Tan. 2008. Insecurities and inaccuracies of the Sequoia AVC Advantage 9.00 H DRE voting machine.

[2]

Andrew W. Appel, Maia Ginsburg, Harri Hursti, Brian W. Kernighan, Christopher D. Richards, Gang Tan, and Penny Venetis. 2009. The New Jersey Voting-Machine Lawsuit and the AVC Advantage DRE Voting Machine. In Proceedings of the 2009 Conference on Electronic Voting Technology/Workshop on Trustworthy Elections (Montreal, Canada) (EVT/WOTE’09). USENIX Association, USA, 5.

Digital Library

[3]

Adam Aviv, Pavol Černy, Sandy Clark, Eric Cronin, Gaurav Shah, Micah Sherr, and Matt Blaze. 2008. Security Evaluation of ES’&S Voting Machines and Election Management System. In Proceedings of the Conference on Electronic Voting Technology (San Jose, CA) (EVT’08). USENIX Association, USA, Article 11, 13 pages.

Digital Library

[4]

J. Bannet, D. W. Price, A. Rudys, J. Singer, and D. S. Wallach. 2004. Hack-a-vote: Security issues with electronic voting systems. IEEE Security & Privacy 2, 1 (2004), 32–37.

Digital Library

[5]

M. Bellare, C. Namprempre, D. Pointcheval, and M. Semanko. 2001. The One-More-RSA-Inversion Problems and the Security of Chaum’s Blind Signature Scheme. Cryptology ePrint Archive, Report 2001/002. https://ia.cr/2001/002.

[6]

Central Election Commission of Russia. 2021. Дистанционное электронное голосование. https://deg.rt.ru/materialsRetrieved January 13, 2022 from

[7]

Central Election Commission of Russia. 2021. Описание ПТК ДЭГ. https://deg.rt.ru/landing/materials/8/deg2021_tech_description.pdfRetrieved January 13, 2022 from

[8]

Central Election Commission of Russia. 2021. Описание протокола ДЭГ к выборам, голосование на которых состоится 17, 18 и 19 сентября 2021 г.https://deg.rt.ru/landing/materials/7/deg2021_protocol.pdfRetrieved January 13, 2022 from

[9]

Central Election Commission of Russia. 2021. Порядок дистанционного электронного голосования на выборах, назначенных на 19 сентября 2021 года. http://cikrf.ru/upload/decree-of-cec/26-225-8-pril.docxRetrieved January 13, 2022 from

[10]

David Chaum and Torben P. Pedersen. 1992. Wallet Databases with Observers. In Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology(CRYPTO ’92). Springer-Verlag, Berlin, Heidelberg, 89–105.

[11]

Consult Partner. 2021. Making SNILS to a foreign citizen. https://immigrationservice24.ru/en/services/for-foreign-citizens/making-snils-to-a-foreign-citizen/Retrieved January 13, 2022 from

[12]

David L. Dill, Bruce Schneier, and Barbara Simons. 2003. Voting and technology: who gets to count your vote?Commun. ACM 46, 8 (2003), 29–31.

Digital Library

[13]

Taher El Gamal. 1985. A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms. In Proceedings of CRYPTO 84 on Advances in Cryptology (Santa Barbara, California, USA). Springer-Verlag, Berlin, Heidelberg, 10–18.

Digital Library

[14]

Ariel J. Feldman, J. Alex Halderman, and Edward W. Felten. 2007. Security Analysis of the Diebold AccuVote-TS Voting Machine. In Proceedings of the USENIX Workshop on Accurate Electronic Voting Technology (Boston, MA) (EVT’07). USENIX Association, USA, 2.

Digital Library

[15]

Pierrick Gaudry and Alexander Golovnev. 2020. Breaking the Encryption Scheme of the Moscow Internet Voting System. In Financial Cryptography and Data Security, Joseph Bonneau and Nadia Heninger (Eds.). Springer International Publishing, Cham, 32–49.

[16]

J. Paul Gibson, Robert Krimmer, Vanessa Teague, and Julia Pomares. 2016. A review of E-voting: the past, present and future. Ann. des Télécommunications 71, 7-8 (2016), 279–286.

[17]

Sven Heiberg, Kristjan Krips, and Jan Willemson. 2021. Mobile Voting – Still Too Risky?. In Financial Cryptography and Data Security. FC 2021 International Workshops, Matthew Bernhard, Andrea Bracciali, Lewis Gudgeon, Thomas Haines, Ariah Klages-Mundt, Shin’ichiro Matsuo, Daniel Perez, Massimiliano Sala, and Sam Werner (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 263–278.

[18]

Identity Blitz. 2021. Russian e-government system of trusted identities. Retrieved January 13, 2022 from https://identityblitz.com/?portfolio=russian-e-government-system-of-trusted-identities

[19]

Michael Naehrig Josh Benaloh. 2022. ElectionGuard Specification v1.0. https://github.com/microsoft/electionguard/releases/download/v1.0/EG_spec_v1_0.pdfRetrieved March 30, 2022 from

[20]

Atte Juvonen. 2019. A framework for comparing the security of voting schemes. Retrieved January 13, 2022 from URN:NBN:fi:hulib-202001211117; http://hdl.handle.net/10138/310011

[21]

Kristjan Krips and Jan Willemson. 2019. On Practical Aspects of Coercion-Resistant Remote Voting Systems. In Electronic Voting, Robert Krimmer, Melanie Volkamer, Veronique Cortier, Bernhard Beckert, Ralf Küsters, Uwe Serdült, and David Duenas-Cid (Eds.). Springer International Publishing, Cham, 216–232.

[22]

Mikhail Tetkin, RBC. 2020. Ростелеком» разработает систему голосования на блокчейне по заказу ЦИК. https://www.rbc.ru/crypto/news/5f3d04e69a79475a99a7526dRetrieved January 14, 2022 from

[23]

Ministry of Digital Development, Communications and Mass Media of the Russian Federation. 2021. Единая система идентификации и аутентификации (ЕСИА). https://digital.gov.ru/ru/activity/directions/13/Retrieved January 13, 2022 from

[24]

Stephan Neumann. 2016. Evaluation and Improvement of Internet Voting Schemes Based on Legally-Founded Security Requirements. Ph. D. Dissertation. Technische Universität Darmstadt.

[25]

Adi Shamir. 1979. How to Share a Secret. Commun. ACM 22, 11 (November 1979), 612–613.

Digital Library

[26]

Stanislav V. Smyshlyaev, Evgeny Alekseev, Igor Oshkin, Vladimir Popov, Serguei Leontiev, Vladimir Podobaev, and Dmitry Belyavsky. 2016. Guidelines on the Cryptographic Algorithms to Accompany the Usage of Standards GOST R 34.10-2012 and GOST R 34.11-2012. RFC 7836. https://rfc-editor.org/rfc/rfc7836.txt

[27]

A. Degtyarev V. Dolmatov. 2013. GOST R 34.10-2012: Digital Signature Algorithm. https://datatracker.ietf.org/doc/html/rfc7091Retrieved January 14, 2022 from

[28]

A. Degtyarev V. Dolmatov. 2013. GOST R 34.11-2012: Hash Function. https://datatracker.ietf.org/doc/html/rfc6986Retrieved January 14, 2022 from

[29]

Carlos Vegas and Jordi Barrat. 2016. Overview of current state of E-voting worldwide. In Real-World Electronic Voting. Auerbach Publications, 6000 Broken Sound Parkway, NW, (Suite 300), 67–92.

[30]

Waves Enterprise. 2021. Technical description of the Waves Enterprise Voting. https://docs.we.vote/en/votingdocs.pdfRetrieved January 13, 2022 from

[31]

Waves Enterprise. 2021. Семинар «Технологии блокчейн и криптозащиты в системе ДЭГ. https://wavesenterprise.com/ru/media/seminar-tekhnologii-blokchejn-i-kriptozashchity-v-sisteme-degRetrieved January 13, 2022 from

[32]

Департамент города Москвы по конкурентной политике. 2021. Протокол подведения итогов открытого конкурса в электронной форме от 12.05.2021 №ППИ1. https://zakupki.gov.ru/epz/order/notice/ok504/view/supplier-results.html?regNumber=0173200001421000490Retrieved January 14, 2022 from

Cited By

Herasimau VKazlouski М(2024)Using a Cloud-Based Electronic Signature System for Organizing Electronic VotingDigital Transformation10.35596/1729-7648-2024-30-1-52-6230:1(52-62)Online publication date: 23-Mar-2024
https://doi.org/10.35596/1729-7648-2024-30-1-52-62
Vladucu MDong ZMedina JRojas-Cessa R(2023)E-Voting Meets Blockchain: A SurveyIEEE Access10.1109/ACCESS.2023.325368211(23293-23308)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3253682
Oppenlaender J(2022)The Perception of Smart Contracts for Governance of the MetaverseProceedings of the 25th International Academic Mindtrek Conference10.1145/3569219.3569300(1-8)Online publication date: 16-Nov-2022
https://dl.acm.org/doi/10.1145/3569219.3569300

Recommendations

A hybrid approach to vector-based homomorphic tallying remote voting

Vector-based homomorphic tallying remote voting schemes provide an efficient protocol for vote tallying, but they require voters to prove in zero-knowledge that the ballots they cast have been properly generated. This is usually achieved by means of the ...
Analysis and Implementation of Internet Based Remote Voting
MASS '14: Proceedings of the 2014 IEEE 11th International Conference on Mobile Ad Hoc and Sensor Systems

Voting over the internet has been a topic of great interest for many years. We researched E-Voting: its theory, its practice, and its examples. We found many potential problems with E-Voting; concerns both for election integrity and voter privacy. We ...
New Research Results for Electronic Voting

Voting systems have become controversial in the years following the multiple election disasters that occurred in the United States during and after 2000. Of particular note were the electronic voting (e-voting) systems that were widely deployed to ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

EICC '22: Proceedings of the 2022 European Interdisciplinary Cybersecurity Conference

June 2022

114 pages

ISBN:9781450396035

DOI:10.1145/3528580

Copyright © 2022 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 21 July 2022

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

Estonian Research Council

Conference

EICC 2022

EICC 2022: European Interdisciplinary Cybersecurity Conference

June 15 - 16, 2022

Barcelona, Spain

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
70
Total Downloads

Downloads (Last 12 months)30
Downloads (Last 6 weeks)0

Reflects downloads up to 03 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Herasimau VKazlouski М(2024)Using a Cloud-Based Electronic Signature System for Organizing Electronic VotingDigital Transformation10.35596/1729-7648-2024-30-1-52-6230:1(52-62)Online publication date: 23-Mar-2024
https://doi.org/10.35596/1729-7648-2024-30-1-52-62
Vladucu MDong ZMedina JRojas-Cessa R(2023)E-Voting Meets Blockchain: A SurveyIEEE Access10.1109/ACCESS.2023.325368211(23293-23308)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3253682
Oppenlaender J(2022)The Perception of Smart Contracts for Governance of the MetaverseProceedings of the 25th International Academic Mindtrek Conference10.1145/3569219.3569300(1-8)Online publication date: 16-Nov-2022
https://dl.acm.org/doi/10.1145/3569219.3569300

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Table of Contents