Vulnerability in Swiss e-voting system could allow attackers to manipulate cast votes

• Among the detected vulnerabilities, one vulnerability could allow attackers to gain access to the voting system and manipulate cast votes.
• The SwissPost-Scytl e-voting system mix-net uses a trapdoor commitment scheme which allows anyone who knows the trapdoor values to generate a shuffle proof transcript.

What is the issue - Research teams from the University of Melbourne and the Bern University of Applied Sciences have detected vulnerabilities in the Swiss e-voting system.

Why it matters - Among the detected vulnerabilities, one vulnerability could allow attackers to gain access to the voting system and manipulate cast votes.

The vulnerability exists in the cryptographic system that verifies the cast votes. The weak cryptographic system prevents the voting system to completely ensure universal verifiability during the mixing process.

What went wrong - The SwissPost-Scytl e-voting system mix-net uses a trapdoor commitment scheme which allows anyone who knows the trapdoor values to generate a shuffle proof transcript. The transcript could bypass verification and allow attackers to tamper and manipulate votes.

“The problem derives from the use of a trapdoor commitment scheme in the shuffle proof. If a malicious authority knows the trapdoors for the cryptographic commitments, it can provide an apparently-valid proof, which passes verification, while actually having manipulated votes,” The University of Melbourne described.

“This encountered problem in the generation of independent generators fully undermines the security of the whole mix-net, which opens doors for arbitrarily scalable vote integrity and vote secrecy attacks by malicious mixing components. Most of these attacks are undetectable both during and in the aftermath of an election,” researchers from the Bern University of Applied Sciences said.

What was the immediate action taken - Swiss Post, the organization that manages the Swiss e-voting system contacted the developer of the voting system to correct the error in the source code relating to universal verifiability.

“Swiss Post requested that its technology partner, Scytl, correct the error in the code immediately and they have already done so. The modified source code will be applied with the next regular release,” Swiss Post said in a press release.

Scytl, the developer of the voting system has updated the code and thanked the researchers for detecting the security issue.

“Security and transparency have always been a cornerstone for Scytl. The recent publication of the source code as well as the public intrusion test are part of the company’s commitment to ensuring secure and transparent online voting processes. We are thankful to those researchers who helped us identify this issue and support us in building the future of secure online voting,” Scytl said in a statement.

Worth noting - Swiss Post made the source code of the e-voting system available to the contest participants of the bug bounty program and promised a cash reward of $50,000. However, Swiss Post criticized the researchers who shared the e-voting system’s source code online.

Furthermore, It is to be noted that the vulnerabilities reported by the research teams weren't submitted through the bug bounty program.