Voting security: Can the hash code be manipulated?
There are three main steps in the process of authenticating the voting machines before they are deployed at polling stations. One of them is the signing of the software with which the devices are installed - the so-called hash codes.
A hash code is a cryptographic key used to sign the software installed on the machines. It is also the last step in the certification of voting machines. Before the hash code can be generated, the software on the machines must be signed by a special key, which is stored at the Central Election Commission (CEC). Anastas Gyokov has been an election observer for two years and knows the process well. According to him, there can be a change in the hash code only if the software of the machines has been change, which, however, cannot go unnoticed.
"There are two things that are called a key, and they are not the same. One is the cryptographic key, which is used to encrypt a piece of information. This is what the Central Election Commission holds and can be used with a password by three members of the CEC. The other thing, which is called a key, is the cryptographic checksum or so-called hash. Its sole purpose is to verify that a piece of information, in this case the machine's software, is unchanged from the moment it was generated," said Anastas Gyokov, an election observer and member of the CEC's Public Council.
The hash code has been public for a week. It has to be printed in a visible place in all polling stations in the country, it is also printed at the first start of the machines on election day, as well as on every ballot paper that comes out of them. The biggest guarantee for the fairness of the elections is the verification, according to Gyokov.
"As someone who has to do with computer security, I don't trust anyone. Where there is no trust, there should be an opportunity for verification. And in the case with the machines, there are all sorts of opportunities for verification. The most elementary of which is the person who gets their receipt from the machine, regardless of what the machine has counted, on that receipt it clearly says who they voted for. If what the person saw on the paper receipt is what he wanted to vote for and that paper is put in the ballot box, it doesn't matter what the software of the machine is and what has been fiddled," Gyokov further commented.
Still, security breaches are possible.
"If the CEC key is compromised in some way, theoretically someone could feed the machines information that has been altered and the machine would have no way of knowing that, because everything that is signed with the CEC key is authentic to the machine. If someone changes this key, they have to replace the procedure - that is, at some point they have to say: ' CEC will not give the key, and you should use this key', which from a purely human point of view is guaranteed not to happen," clarified the member of the CEC Public Council.
"For example, cryptographic keys are secure as long as a quantum computer is not used to break them. There only several quantum computers in the world," he added.
The deputy minister's presence during the controlled generation of the hash code does not mean the vote was compromised, Goykov is convinced.
"Even if we assume that he has the medium in which the CEC key is saved and he downloaded it, this key again cannot be used without the passwords of those three CEC members who have one-third of them. That is, he alone can do nothing," Anastas Gyokov added.
In order for a new hash code to work, the software of the machines must be changed beforehand, the IT specialist added.
