“In this case, our analysis of the code shows errors that are consistent with a naive implementation of a complex cryptographic protocol by well-intentioned people who lacked a full understanding of its security assumptions” – Associate Professor Vanessa Teague.
Not a surprise really. So many software flaws have been discovered even in delicate situations and we expect to have more of similar reports in future.
Researchers have discovered an error – an interesting trapdoor – in a source code for the SwissPost e-voting system published by Scytl.
Findings show that the coding error which is a result of the implementation of a trapdoor commitment allows an insider, could be one of the developers, to gain access and electronically modify votes without leaving any trace.
This is not the first time serious issues affecting the anonymity of voters and the security of votes has been discovered in an e-voting system. Prior to this, dangerous bugs were also found in e-voting systems used in Washington D.C., New South Wales, Western Australia and Estonia.
A Faulty Proof
Whether it is done using permanent voter’s cards (PVCs) or an e-voting system, there has to be a publicly available verifiable proof which shows that the privacy of the voters are concealed, and the random voted output is equal to input.
This is the only way to conduct a free and fair election. But what happens when the system meant to prove the integrity of the system has such a fascinating trapdoor?
In computing, a trapdoor is a kind of secret backdoor that allows a developer access into a program or operating system without going through the normal security access procedure. Trapdoors are created by programmers for several reasons.
While looking into the mathematical proof provided in the source code for the SwissPost-Scytl e-voting system, the researchers found that a trapdoor had been wrongly (much likely unknowingly) implemented in the system.
Using this trapdoor, a malicious authority would be able to manipulate votes if they are able to compromise clients used for voting. The attacker could also modify votes if they are able to gain access to information that show the set up of election parameters and values needed for the votes to be valid or acceptable.
Getting the desired information has only gotten easier. It could be done if the happen to share the same USB hub, connect to your Wi-Fi or install a data stealing application on your phone or computer.
The interesting part of this error is that even when this trapdoor is used in ways mentioned in the preceding paragraph, there would be no trace left and all the verification on earth would still give an output with valid votes that were not manipulated.
In the simplest of terms, someone with knowledge of errors like this can alter election results without leaving a trace.
What’s really fascinating is the nature of this problem: The report shows that this error is very much an oversight but then, you never know if it was simply an oversight or a deliberately implemented fault that would look like a mistake when discovered.
Source: Trapdoor commitments in the SwissPost e-voting shuffle proof by Sarah Jamie Lewis, Olivier Pereira and Vanessa Teague