'Low' risk that Swiss online voting bug could have been exploited, says the system's developer

Bug bounty did its job, says David Galindo

David Galindo was one of the senior developers of the ‘zero-knowledge' protocols used to secure the Swiss online voting system already used in several Cantons as well as in Australia. Zero-knowledge proofs ensure that each vote is counted accurately and verifiably without revealing the identity of the voter.

On Tuesday, Computing reported that researchers had found a major security flaw in Switzerland's online voting system that could allow 'vote manipulation' without detection, leading to calls that online voting should be banned in the forthcoming national elections in October.

Currently senior lecturer in computer security at the University of Birmingham, Professor Galindo no longer works with the system's developer Scytl, but he remains a strong advocate of electronic voting as a way of enabling disenfranchised citizens to make their voices heard. Computing interviewed him recently about this and other issues and we'll be publishing that article shortly, but we asked him to comment on the story, specifically that researchers had found that the software was showing a correct computation even after the process had been interfered with.

Galindo maintains there is no cause for alarm. The code, specifications and all the documentation are in the public domain so that it can be tested before launch, he pointed out, adding that a bug bounty was put in place precisely in order that flaws can be rooted out before October.

The issue relates to the implementation of the system rather than its design and so is relatively easy to fix, he said, adding that it would be very hard for an attacker to exploit in a real-world scenario.

"Given the source code was intentionally released to the technical community for bug spotting I welcome the identification of this serious implementation flaw, however it should also be noted the ability for this vulnerability to have been exploited in practice is certainly low. More importantly, it has now been swiftly resolved and the core cryptographic design remains robust and secure."

Galindo added that the flaw was a known type of vulnerability in the implementation of zero-knowledge proofs, and that a similar error had been previously spotted and fixed in the cryptocurrency Zcash.

"The SwissVote and Zcash cases reminds us of the fact that no computer system is free from bugs. What is important is to follow industry best practices, such as validating your design through third-party certifiers and auditors, being as transparent as possible, and creating bounty programmes inviting the public to test your systems," said Galindo.

"This is precisely what has been done in this case by Swiss Post/Sctyl in a probably unprecedented move. We should celebrate the fact that this will ultimately improve the security of our voting systems".

Our interview with David Galindo on e-voting and zero-knowledge proofs will be published shortly.