Moscow authorities claim that cryptographer Pierrick Gaudry only managed to detect a vulnerability, but nobody successfully cracked its blockchain voting system, which is planned to be used in the upcoming elections to the Moscow City Duma.

Artem Kostyrko, deputy head of the Moscow Department of Information Technologies, said that so far no one has been able to crack the electronic voting blockchain system, which will be used in the elections to the Moscow City Duma in September 2019.

“No one, including the French specialist, was able to crack the system. Nevertheless, since Pierrick Gaudry pointed out the vulnerability of the system and drew attention to its testing, he will receive a reward worth a million rubles,” reports the article in the Russian newspaper “Evening Moscow”, referring to the message of Moscow authorities.

“All the tasks that confronted us were completed. There were no interruptions and failures in the functioning of the system. As for several voters’ comments, yes, we have received feedback and will work on it,” Kostyrko added.

The reward will be paid to the French specialist, if during the next test, which will be held on 21 August, no one will be able to crack the blockchain system.

In July, DIT of Moscow posted a part of the code of its voting blockchain system on Github and announced a reward for its successful hack worth 2 million rubles. French cryptographer Pierrick Gaudry carefully studied the published code and found that the length of the public key is too short, that means that it is possible to hack encrypted data in 20 minutes using just processing power of an ordinary personal computer and free software. DIT of Moscow recognized that the length of the public key should be increased, and wrote that this will be done in the near future. In the Github test published on 18 August, the length of the public key was already increased from 256 bits to 1024 bits.

Russian-speaking media Meduza used Gaudry's article as an instruction and attempted to decrypt data, participating in testing on Github. Meduza employees managed to decode encrypted data from the task published on 7 August. But it was not possible to verify the correctness of their answers, as DIT Moscow did not publish answers to this task on Github, although before and after that date Moscow authorities regularly disclosed the answers to their tasks. This may indicate that the Moscow authorities are trying to hide the vulnerability of the voting blockchain system.

Approximately 3% of Moscow voters will be able to use electronic voting in the elections to the Moscow City Duma to be held on 8 September.