Major security flaw in Switzerland's online voting system could allow 'vote manipulation' without detection

E-voting security weakness lies in the way encrypted e-votes are 'shuffled' to protect voter privacy

Security researchers have discovered a critical security flaw in Switzerland's e-voting system, which could enable hackers to manipulate votes cast, without ever being detected by the authorities.

After finding the weakness in the system, the researchers have advised the Swiss government to immediately halt plans to implement the electronic voting across the country for elections to be held in October 2019.

The Swiss e-voting system was developed by Barcelona-based firm Scytl for Swiss Post, the country ' s national postal service. Scytl claims that it manages a large number of electoral 'events' electronically in several countries, including the US, France, Mexico, Norway, and Austria.

In the current work, the researchers - Sarah Jamie Lewis, Olivier Pereira and Vanessa Teague - examined the source code of the Swiss e-voting system, and found a serious weakness that, according to them, lies in the way encrypted e-votes are "shuffled" to protect the privacy of voters.

In the Swiss online voting system, the voting website authenticates voters using their date of birth and an initialisation code, which is sent by Swiss Post. After voters cast their vote online, the system encrypts the votes and sends them to the Swiss Post servers, where they are cryptographically shuffled to ensure the anonymity of the votes as well as the voters.

Once the shuffling process completes, votes are counted and then decrypted.

Notably, the process of encryption, shuffling and decrypting votes is completed not at a single server, but at four different servers. The system also uses zero-knowledge proof to guarantee that ballots are not swapped out during the shuffling phase.

Surprisingly, researchers found the flaw in zero-knowledge proof. According to them, the vulnerability not only enables an attacker to swap out all of the votes, but it also enables the zero-knowledge proof to show that shuffling of votes worked perfectly and was completely valid - even thought it wasn't.

The researchers have posted a paper online detailing their findings. So far, they have scanned only a small part of the source code and need more time to thoroughly analyse the rest of the code.

Swiss Post has admitted the presence of the vulnerability in the source code. The agency said it had asked Scytl to fix the issue.

Latest: The system's developer told Computing there was a low risk that this flaw could gave been exploited and that it has been fixed.