News: 1763963001

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Cryptology boffins’ association to re-run election after losing encryption key needed to count votes

(2025/11/24)


The International Association for Cryptologic Research will run a second election for new board members and other officers, after it was unable to complete its first poll due to a lost encryption key.

As explained in November 21 [1]election update , the association (IACR) used an electronic voting system called “Helios” to run its elections, with members able to vote between October 17 and November 16.

That phase of the election seems to have gone off without a hitch. But when vote-counting started, the association “encountered a fatal technical problem that prevents us from concluding the election and accessing the final tally.”

[2]

That problem related to the fact that the IACR’s bylaws require three members of its election committee to each hold a portion of the cryptographic key material required to jointly decrypt the results.

[3]

[4]

“This aspect of Helios’ design ensures that no two trustees could collude to determine the outcome of an election or the contents of individual votes on their own: all trustees must provide their decryption shares,” the update explains.

That’s a sensible way to run an election, and perhaps necessary as the affairs of professional and industry associations can sometimes become [5]heated .

[6]

This time around, the process didn’t work for IACR.

“Unfortunately, one of the three trustees has irretrievably lost their private key, an honest but unfortunate human mistake, and therefore cannot compute their decryption share,” the org’s update states. “As a result, Helios is unable to complete the decryption process, and it is technically impossible for us to obtain or verify the final outcome of this election.”

The org conducted “careful consideration” and decided “the only responsible course of action is to void this election and start a new election from scratch.”

[7]

It appears that the person who lost their key has resigned from their role as a trustee of the election, which IARC will re-run from November 21 to December 20. The same candidates will again stand for election, and the org’s electoral roll will remain unchanged.

“We are deeply sorry for this failure and for the disruption it has caused; this situation should not have happened, and we take it very seriously,” the association’s update states. “We respectfully ask for your understanding and patience while we remedy the problem and ensure that the renewed process is as smooth, secure, and transparent as possible.”

The org now plans to adopt a two-out-of-three threshold mechanism for the management of private keys and will circulate a clear written procedure for all trustees to follow before and during the election.

A new election isn’t the only item on IACR’s to-do list, as in December its annual [8]Asiacrypt conference comes to Melbourne, Australia. The [9]list of accepted papers includes works written by researchers from China’s National University of Defense Technology, AWS, Google, Bain Capital, and JP Morgan. ®

Get our [10]Tech Resources



[1] https://www.iacr.org/news/item/27138

[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aSQ6yW2OehbTn8EZkAUqsAAAAJI&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0

[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aSQ6yW2OehbTn8EZkAUqsAAAAJI&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aSQ6yW2OehbTn8EZkAUqsAAAAJI&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[5] https://www.theregister.com/2025/06/26/icann_letter_afrinic_election_suspended/

[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aSQ6yW2OehbTn8EZkAUqsAAAAJI&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[7] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aSQ6yW2OehbTn8EZkAUqsAAAAJI&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[8] https://asiacrypt.iacr.org/2025/

[9] https://asiacrypt.iacr.org/2025/acceptedpapers.php

[10] https://whitepapers.theregister.com/


You couldn’t make this situation up

Anonymous Coward

fdFfTu744yGGtt5UhUBGvvvHhHBiuiIh7uyytJj7

This reminds me of an old joke

Giles C

Clairvoyant meeting cancelled due to unforeseen circumstances

Honestly this could have been run on the 1st April…

IACR shouldn't have accepted Baldrick as a member...

Bebu sa Ware

let alone as one of the three trustees holding one of the three rings of power encryption keys.

A cunning plan: he probably wrote his portion of the key under the third sheet of a roll of toilet paper where no one would look.

One only hope that Melbourne, Australia is where the conference will actually be organised and not [1]Melbourne, Florida . ;)

[1] https://en.wikipedia.org/wiki/Melbourne,_Florida

Re: IACR shouldn't have accepted Baldrick as a member...

Like a badger

Well,looking to the positives, somewhere a wife is saying "About bloody time Graham! I'm glad I threw out that post it note on your monitor and you've had to resign, all because it needs three cryptologists to add up a few numbers! The time you've wasted on that bloody cryptology society nonsense! And i still haven't forgiven you for my birthday card that was in ROT13. Then there was the time we got thrown out of the bank after you demanded that two other employees needed to vouch for the cashier, and then the same for those other two employees. It was even worse than when you were Grand Moose in the Masons and were asked to leave for pointing out 37 logical flaws and 11 continuity errors in the third degree ritual of craft masonry. What is it about you and secret societies meeting in sheds? Anyway, now you can fix the dripping tap in the bathroom and put up that shelf you said you would"

Important learning experience

Richard 12

It's apparently taken until now for these boffins to realise that the Real World exists, and people are human.

Security systems that rely on human perfection cannot possibly work. They must be designed to continue to function when the squishy bits make mistakes. That means recovery options, alternatives etm.

Because if they aren't, then workarounds will be found. Usually at short notice, and by people who don't really know what the consequences might be.

Re: Important learning experience

SVD_NL

Well, lesson not entirely learned, because they're still a bit stuck in their own cryptology bubble. They could've looked at the world around them and realised that if you're doing an election with possible conflicts of interest you could just get an independent party to conduct the election and verify the results.

That is one top notch sub-heading

Like a badger

That was all.

Logic doesn't apply to the real world.
-- Marvin Minsky