Oops. cryptographers Cancel Election Results After Losing Decryption Key
WASHINGTON, D.C. – The International Association for Cryptologic Research (IACR) has canceled the results of its annual leadership election after a trustee lost a critical decryption key, rendering the tallied votes inaccessible. The incident highlights the inherent risks-even for security experts-in managing cryptographic keys.
The election utilized helios, an open-source voting system employing peer-reviewed cryptography to ensure verifiable, confidential, and privacy-preserving voting. Helios encrypts each vote to maintain ballot secrecy, and allows voters to confirm their ballots were accurately counted.
According to IACR bylaws, three autonomous trustees each hold a third of the cryptographic key material needed to decrypt election results, preventing any two trustees from manipulating the outcome. However, one trustee was “unable to compute their decryption share” due to the irretrievable loss of their private key – described by the IACR as “an honest but unfortunate human mistake.”
“Consequently, Helios is unable to complete the decryption process, and it is indeed technically impossible for us to obtain or verify the final outcome of this election,” the IACR stated Friday.
To mitigate future risk, the IACR will transition to a system requiring only two key shares for decryption. Moti Yung, the trustee responsible for the lost key material, has resigned and been replaced by Michel Abdalla.
A new election began Friday and will run through December 20.
The IACR is a nonprofit scientific institution dedicated to research in cryptology – the science of secure communication and computation systems – and related fields.
