Part of the source code of Russia’s blockchain voting system published

In the public domain размещены the source codes of the key algorithms of the remote electronic voting system (DEG), which is planned to be used for the by-elections to the State Duma of the Russian Federation on 13 September. They include counting servers, smart contracts and internal libraries. An overview of the system опубликован in Rostelecom’s blog on Habr.

A public test of the system took place on 31 August.

Public testing fully replicated all stages of the upcoming electronic voting: application registration, authentication and identification via the state services portal, online voting and vote counting. According to Rostelecom specialists, during the trial voting there were no failures or interruptions in the DEG’s operation; the system remained stable under peak loads.

Following the test, the user interface and ballot display on mobile screens were improved. The dashboard showing the statistics of the voting process was enhanced. A new feature was added — loading encrypted transactions generated during voting directly from the blockchain. Observers gained the ability to see in real time the number of user authorizations, SMS messages sent, and successful confirmations.

From a technical standpoint, the DEG system consists of a large number of software and hardware components and allows participants in the electoral process to interact in a unified information environment, according to the developers.

Diagram of the interaction between components and participants in the DEG PTK system

The blockchain in the remote voting system ensures immutability of information and transparency of smart-contract execution, protects and stores data in a decentralised manner, including the voter registry and encryption keys, and also enables tracking of transactions within the network.

“Without using this technology, achieving the necessary properties in the voting system, as well as trust in it, is practically impossible,” the developers note.

Thanks to smart contracts, the electronic and ‘blind’ signatures for each transaction with encrypted ballots are verified for authenticity, and a basic check of the encrypted ballot’s correctness is also performed.

“Distributed storage and counting of votes is not limited to blockchain nodes. For each node a separate counting server can be deployed. It provides distributed generation of the ballot encryption keys, decryption of results, and tallying of the final votes, which can be verified for correctness,” the review states.

The following are used at various stages of the voting process:

• electronic signature;
• blind signature of the voter’s public key;
• ElGamal encryption on elliptic curves;
• zero-knowledge proofs;
• DKG (Distributed Key Generation) Pedersen 91 protocol;
• Shamir’s secret sharing protocol.

A distinctive feature of the system is its use of homomorphic encryption.

“Encrypted ballots can be combined without decrypting to obtain the aggregated count for each voting option in the ballots. The system implements mathematical proofs of the correctness of such calculation, which can be verified by observers,” the developers explain.

Diagram of the voting process

According to the developers, the key properties of blockchain voting are verifiability and voter anonymity, ballot confidentiality, immutability and verifiability of data, and the reliability of the network architecture.

“The system was initially conceived and technically implemented to be as transparent and verifiable as possible, through the use of blockchain technology and a special cryptographic protocol. After completing all rounds of closed and open testing, the system is ready to conduct the first pilot vote. Moreover, the testing allowed a clear understanding of the points for further scaling of the system,” said Artem Kalikhov, Product Director at Waves Enterprise.

Ivan Begtin, the director and founder of ANO ‘Information Culture’, came away with the impression that the code was written ‘on the knee’.

“The code is not impressive at all. A superficial check of the cryptolib tool code in Python via pylint yields a score of 3.21 out of 10. For the other ‘pieces of code’ the situation is not much better — the level of programming culture is below average,” Begtin wrote.

The remote electronic voting is scheduled for the September by-elections to the Russian State Duma in the Yaroslavl and Kursk regions.

The last blockchain voting on amendments to the Constitution of the Russian Federation took place in late June 2020. In the first hours of operation the electronic voting system encountered a fault, attributed to an influx of voters. The next day the fault affected data export.

Subsequently, unknown attackers attempted an attack on the vote-observation service, and a vulnerability found allowed decrypting voters’ votes before counting.

In early July, the database of participants’ passports was made available on one of the forums. The Moscow government denied this information, but the hacked archive later appeared in the open beyond the forum.

Follow ForkLog news on Telegram: ForkLog Feed — the full feed of news, ForkLog — the most important news and polls.