Skip to main content

A Swiss E-Voting Mystery: USB Glitch or Sabotage?


A Swiss E-Voting Mystery: USB Glitch or Sabotage?

Imagine that you're a member of an electoral board, and the cryptographic materials required to decrypt votes, coming from an e-voting system, are stored on a USB key that happens to fail. But wait...because another USB key fails, and then another one...That's precisely what happened in the Swiss canton of Basel, now under a criminal investigation for possible electoral fraud. A glitch, or something else? Let's try to untangle an interesting incident involving cryptography, politics, e-voting, and USB keys.


Index

Summary

The reason I'm writing about this incident is because in recent years I've spent a significant amount of time studying and trying to break the Swiss Post e-voting system, which was used in the Basel-Stadt referendum where the incident happened.

It is important to understand how this solution works to try to figure out what happened, because the e-voting system itself was not affected and no vulnerability was involved, but rather a strange common failure of 3 different external hardware elements (secure USB keys) belonging to the canton of Basel-Stadt.

To do so, I've mapped all the currently available information to the actual Swiss Post e-voting codebase and system specification. As a result, it is likely that the flawed USB keys contained the passwords required to derive the EBsk, the secret part of the electoral board ElGamal key pair, that is indispensable to perform the decryption of the votes.

The conclusion is that all the official statements match the technical details, pointing to either a once-in-a-lifetime glitch affecting 3 different secure USB keys (PIN/hardware encryption) or a potential sabotage.

Swiss Post E-Voting System

Switzerland has a well-known tradition of direct democracy, enabling its citizens to vote on referendums on a regular basis. In this context, it makes sense to have a solution that could improve people's exercise of their voting rights, including voters with disabilities or those Swiss citizens who live abroad.

E-Voting solutions are designed to enable a fully electronic electoral process, from voting to counting. The only way to ensure everything is correct is through a verifiable, sound cryptography scheme. Swiss Post developed such a solution, which is complex but open-source and fully verifiable.

The reason I'm "daring" to write about this incident is that in the recent years I spent a significant amount of time studying the Swiss Post e-voting codebase and trying to break it. Up to this day I still hold first place in their bug bounty program, which I always recommend to anyone interested. I really enjoyed the journey, learning a lot along the way, so I felt kind of compelled to try to understand what's going on.

The Basel Incident

More than a month ago, on March 5, the Canton of Basel-Stadt informed the Swiss Federal Chancellery that electronically submitted (2048 in total) votes may not be able to be decrypted.

This is the official statement (DE). From the whole statement there are two important details we have to take into account:

1.

"The Canton of Basel-Stadt informed the Federal Chancellery on March 5, 2026, that during a preparatory step it had become apparent that the electronically submitted votes for the federal referendum on March 8, 2026, might not be able to be decrypted and made available for counting."

2.

The investigation into the cause and the troubleshooting are underway. Based on the available information, the problem can be traced back to an external hardware component (portable storage medium) belonging to the Canton of Basel-Stadt. This storage medium contains a key necessary for decryption. The e-voting system, and in particular the encrypted votes, are unaffected.

Swissinfo.ch provides an additional, and really interesting, detail:

Finally, the Basel government announced all options to read the USB keys had been exhausted with no success.

To sum up:

  • 3 USB keys, belonging to the Canton, that were known to be working suddenly became totally unusable, despite the apparent forensic efforts.
  • The Swiss Post e-voting system and the encrypted votes were not affected. The problem lies in the inability of reading the contents of the USB keys.

Is there any logical explanation for the observed behavior? Let's go technical.

USB keys: a prominent attack vector.

In 2022, I published "Finding vulnerabilities in Swiss Post's future e-voting system - Part 1" (parts II and III) detailing the attack surface and how I approached the analysis of the solution, including a first round of vulnerabilities. The most critical of those vulnerabilities was an arbitrary code execution via a malicious USB key. As explained, this was clearly one of the most significant attack vectors.


Four years later, the Swiss Post e-voting system has improved a lot, so that kind of attack is no longer possible.

However, USB keys still play an important role in transferring data between the offline and online components of the system. As we can see in the most recent Swiss Post e-voting documentation, hardware-encrypted USB keys are assumed on the canton's side at every stage of the electoral process: during configuration (setup), tallying, and verification. It is important to note that these USB keys belong to and are handled by the canton, not by the Swiss Post e-voting system infrastructure.



The use of secure USB keys is expected, and aligned with the recommendations Swiss Post provides for the cantons.


Assuming the Canton of Basel-Stadt followed the recommendations and used this kind of USB key, the forensic efforts were bound to fail. This matches what they announced and their official public declarations:

"Several attempts by IT experts to resolve the problem with the USB sticks have been unsuccessful [...] These votes cannot be read due to the unusable USB sticks and therefore cannot be counted for the vote on March 8, 2026."

"Three USB sticks were used, all with the correct code, but none of them worked," Basel government spokesperson Marco Greiner told Swissinfo."

The main questions are: what did these 3 USB keys contain? and why did they fail?

What did these 3 USB keys contain?

We have to refresh the Federal Chancellery official statement:

The Canton of Basel-Stadt informed the Federal Chancellery on March 5, 2026, that during a preparatory step it had become apparent that the electronically submitted votes for the federal referendum on March 8, 2026, might not be able to be decrypted and made available for counting.

There is a lot to read between lines in this paragraph if we understand how the Swiss Post e-voting works.

Basically, it comprises three different phases: Configuration, Voting, and Tally. As we can read in the System specification during the Configuration phase the crucial cryptographic elements that will enable the voting (SetupVoting) and Tally (SetupTally) phases are generated. From this base, there are three important observations:

  • The fact that the impossibility of decrypting the votes was detected three days before the referendum means the Configuration phase had already been completed.
  • The fact that voters could successfully cast their electronic votes means the canton realized the voting phase could also be completed successfully. This in turns means the Swiss Post Infrastructure (Control Components) had received the cryptographic materials required to validate the votes and return the Choice codes, which are codes the voters can use to verify that their votes were successfully casted.
  • The fact that this was detected and communicated to the Federal Chancellery during "a preparatory step" three days before the referendum means the canton realized the Tally phase would be impossible to complete (no decryption possible).

These 3 points narrow down the scope of the failure: the configuration and voting phases were technically feasible, but not the tally phase.

Then, the key question is: what kind of cryptographic material, requiring external interaction of the electoral board (via USB keys), is generated during the Configuration phase and not used until the Tally phase? The Electoral Board Secret Key - EBsk (2.5 Electoral Board - System Specification).


During the Configuration phase, the setup component generates the electoral board key (EBpk, EBsk), an ElGamal key pair. EBsk is derived from the electoral board members' passwords, which must enforce a policy of a length between 24 and 64 characters, with digits, special characters, and upper/lower case (4.2 SetupTally - System Specification). This makes any kind of brute-force attack practically unfeasible, and requires these passwords to be stored safely (for example, using secure USB keys).



As you can see in the code above, the passwords are wiped after EBsk is derived so even a forensic analysis of the setup component wouldn't have been useful (already highly unlikely due to the time that had elapsed between the Configuration phase and the moment they realized the USB keys were not working).

Eventually, during the Tally phase, the Electoral board members need to present their passwords again to derive EBsk (6.3.3 MixDecOffline - System Specification).


Please note that the Swiss Post e-voting system requires at least 2 electoral members.

A plausible scenario

The electoral board members were storing their passwords on these secure three USB keys.

During the preparatory step, they attempted to decrypt at least two of these USB keys, only to discover they couldn't. Without these passwords, the EBsk cannot be derived, so they realized the Tally phase would inevitably fail so they warned the Federal Chancellery accordingly.

Now, the question is: why on earth did three secure USB keys, which had been working fine up until that moment, all fail at the same time?

Once-in-a-lifetime Glitch or Sabotage?

This section will be short: I don't think three secure USB keys can fail at the same time.

Instead, if I had to come up with a realistic explanation I'd say that someone with physical access to those USB keys triggered the common built-in self-destruction feature present in this kind of hardened keys, by entering a wrong PIN multiple times.

Why would someone do that? That's a totally different story. There could be multiple reasons, but you just need to read the reactions of experts in the media coverage to realize that for anyone opposed to e-voting, this "incident" is a total victory:

"The fact that this is happening now is a disaster," says Hermann. "It is devastating for electronic voting, because there are already many reservations about it. A glitch like this sets e-voting back years."

"political scientist Lucas Leemann believes the USB glitch is likely to give new momentum to critics of e-voting. "This is a significant setback," says Leemann. "It gives opponents a concrete example to point to the risks and problems."

Conclusions

E-Voting is a thorny topic. Ironically, people who work with computers don't usually trust them, so when a pivotal part of a democratic process is at stake, certain groups immediately lean toward the "absolutely not, paper please" position. That position is understandable, but it should also be supported by technical facts rather than belief or personal conviction. And that's when things start to get complicated.

From a technical perspective one could argue that even without e-voting, any modern election already relies on computers not just paper: information needs to be collected, analyzed, transmitted and presented. Yet, many people are simply oblivious to these underlying processes.

There are no simple answers to an incident of this type, and I'm sure the investigation will eventually clarify what happened. In the meantime, I think it is more productive to try to understand the situation than to attack e-voting as a whole.