A second vulnerability in the cryptographic protocol employed by the Swiss government’s e-voting system has been found, this time relating to how votes are decrypted.
It comes just weeks after the in-development system was found to contain a cryptographic trapdoor that could allow vote manipulation to take place unbeknown to the authorities.
That flaw centred around the way the country’s sVote system, which uses software from the Spanish vendor Scytl, verified votes using a sequence of shuffle proofs.
It was later confirmed to be present in NSW's iVote system, which also uses Scytl's e-voting software, though it was declared unaffected and safe to use for last week's election.
But new research, published on Monday by the same group of researchers, reveals a similar weakness with the implementation of the cryptographic technique used to create the decryption proof, known as Fiat-Shamir heuristic.
Cryptography and privacy researchers Sarah Jamie Lewis, Oliver Pereira and Australia’s-own Venessa Teague said the error “allows a cheating authority to produce a proof of proper decryption, which passes verification, but declares something other than the true plaintext”.
“This voids the soundness of the decryption proof and, in effect, the arguments that sVote audit offers complete verifiability: since the verification procedure is based on an assumption that we show to be false, no conclusion can be made from its successful completion,” the paper states.
The paper also reveals other problems stemming from the Fiat-Shamir Heuristic that affect proof soundness, but that not all of them had been properly investigated yet.
In demonstrating the impact of the error, the researchers said they “exhibit[ed] an exploit in which a malicious authority … modifies selected votes during the (partial) decryption procedure [employed by sVote] and forges decryption proofs that are indistinguishable from valid ones, and would therefore pass verification”.
While they said this would likely “leave evidence that something went wrong”, it would be “indistinguishable from malicious vote encoding by a corrupt (buggy) client”.
They said the presence of the flaw yet again contradicted the claim the e-voting system offers a form of proof called “complete verifiability”.
“A cheating mixer can forge decryption proofs and claim that ciphertexts decrypt to something other than the truth, in a way that passes verification," the researchers said.
“It would probably be observed that something unusual occurred (the presence of invalid votes), but it would not be attributed to the cheater who would be exonerated by the ‘proof’.”
The NSW Electoral Commission has indicated the new flaw, unlike the earlier cryptographic trapdoor defect, is not present in the state's iVote system.
“Based on its assessment of the information supplied by these academics, the NSW Electoral Commission is confident that the new issue they described in the Swiss Post system is not relevant to the iVote system,” it said in a statement issued on Friday.
The Commission also indicated that a patch had been installed to address the previous issues.
More than 200,000 voters had used iVote to cast their vote in the 2019 state ballot as at 23 March.
