Hashing Apples, Bananas and Cherries
At the end of March 2022, we discovered a flaw in one of the core cryptographic building blocks of the Swiss Post E-Voting System, more precisely in the specifications of the recursive hash function it uses. Several system components which are critical to guarantee the confidentiality and the integrity of the votes, such as non-interactive zero-knowledge proofs and digital signatures, rely on this function. Interestingly, the issue sheds some light on a gap between how cryptographers, cryptography standards and textbooks define cryptographic hash functions, and respectively how cryptography engineers and developers use them in practice....