A firm considered one of the leading global voices in encryption has cancelled the announcement of its leadership election results after an official lost the encrypted key needed to unlock them.
The International Association for Cryptologic Research (IACR) uses an electronic voting system which needs three members, each with part of an encrypted key, to access the results.
The organization stated that one of the trustees lost their key in an honest but unfortunate human mistake, making it impossible for them to decrypt - and uncover - the final results.
The IACR announced it would rerun the election, adding new safeguards to prevent similar mistakes in the future.
The IACR, a global non-profit founded in 1982, promotes research in cryptology, the science of secure communication. Voting for three Director and four Officer positions opened on October 17 and closed on November 16.
The organization utilized an open source electronic voting system called Helios, which encrypts votes to maintain confidentiality.
Three independent trustees were assigned a third of the encrypted material, necessary for revealing the results. Although two trustees successfully uploaded their shares online, a third did not.
'Irretrievably' lost
The IACR disclosed that the absence of results stemmed from one trustee irretrievably losing their private key, rendering it technically impossible to determine the outcomes.
This led the organization to ultimately cancel the election, expressing deep regret for the severe oversight.
American cryptographer Bruce Schneier commented that failures in cryptographic systems are often due to human error such as forgetting or mismanaging keys. He underlined the critical role human management plays in cryptographic security.
The renewed voting process for IACR positions will run until December 20, with the association appointing a new trustee and implementing a “2-out-of-3” threshold mechanism for key management.
