Markets
Share this article

Moscow Blockchain Voting System 'Completely Insecure,' Says Researcher

A blockchain system that will soon be used to allow Moscow residents to vote in elections is currently easy to hack, according to a researcher.

By Daniel Palmer
Updated Sep 13, 2021, 11:20 a.m. Published Aug 16, 2019, 12:17 p.m.
Moscow and state duma

A blockchain-based system that will be used to allow Moscow residents to vote in municipal elections this autumn is very easy to hack, according to a research note from a French cryptography expert.

Titled, "Breaking the encryption scheme of the Moscow internet voting system," the paper by Pierrick Gaudry, a researcher from French governmental scientific institution CNRS, looked at the encryption scheme used to secure the public code of the Moscow city government's ethereum-based e-voting platform.

STORY CONTINUES BELOW
Don't miss another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newsletters
By signing up, you will receive emails about CoinDesk products and you agree to our terms of use and privacy policy.

Gaudry concluded that encryption scheme used in part of the code "is completely insecure, explaining:

"It can be broken in about 20 minutes using a standard personal computer, and using only free software that is publicly available. More precisely, it is possible to compute the private keys from the public keys. Once these are known, any encrypted data can be decrypted as quickly as they are created."

To be clear, the issue is not with the ethereum code used as a basis for the platform. The encryption used in the Moscow system, the researcher said, is a variant of ElGamal and uses keys that are "less than 256 bits long."

"This is way, way too short to guarantee any security," Gaudry said.

As stated on the city administration's website, voters from three constituencies can choose to use the system to elect deputies to the Moscow City Duma, or parliament, on Sept. 8.

For the trial effort, the site claims:

"Moscow electronic elections guarantee complete anonymity and secrecy of the vote. No one can associate an electronic return with the name of the voter."

In fact, Gaudry said, "in the worst-case scenario," the poor level of encryption at present would mean details of all voters' choices "would be revealed to anyone as soon as they cast their vote." He added though that, not having read the protocol for the system, the consequences of a potential hack are hard to pinpoint.

To be fair to the development team, the system had been the subject of a "public intrusion test" aimed to spot any such issues late in July with Gaudry using the source code made available on Github.

Gaudry did reach out to the Moscow Department of Information Technology team developing the voting system about the security weakness. They acknowledged that the cryptographic keys are not currently sufficiently secure, and said they would be upgraded to 1,024 bits soon.

Moscow image via Shutterstock

SecurityRussiaVotingAcademic ResearchNewsMoscow

More For You

Protocol Research: GoPlus Security

By CoinDesk Research
Nov 14, 2025
Commissioned byGoPlus
GP Basic Image

What to know:

  • As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
  • GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
  • Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
View Full Report

More For You

Plume Secures ADGM Commercial License, Eyes Middle East RWA Expansion

By Omkar Godbole, AI Boost|Edited by Oliver Knight
25 minutes ago
Plume co-founders Teddy Pornprinya and Chris Yin (Plume, modified by CoinDesk)

Plume Network has received a commercial license from the Abu Dhabi Global Market, allowing expansion into the Middle East.

What to know:

  • Plume Network has received a commercial license from the Abu Dhabi Global Market, allowing expansion into the Middle East.
  • The license enables Plume to scale real-world asset origination and distribution across the Middle East, Africa, and emerging markets.
  • Plume plans to establish a permanent office in Abu Dhabi by the end of the year, with commercial announcements expected in early 2026.
Read full story