Cryptographers Cancel Election Results After Losing Decryption Key (arstechnica.com)
- Reference: 0180173783
- News link: https://it.slashdot.org/story/25/11/22/0041203/cryptographers-cancel-election-results-after-losing-decryption-key
- Source link: https://arstechnica.com/security/2025/11/cryptography-group-cancels-election-results-after-official-loses-secret-key/
> The IACR [2]said Friday that the votes were submitted and tallied using [3]Helios , an open source voting system that uses peer-reviewed cryptography to cast and count votes in a verifiable, confidential, and privacy-preserving way. Helios encrypts each vote in a way that assures each ballot is secret. Other cryptography used by Helios allows each voter to confirm their ballot was counted fairly.
"Unfortunately, one of the three trustees has irretrievably lost their private key, an honest but unfortunate human mistake, and therefore cannot compute their decryption share," the IACR said. "As a result, Helios is unable to complete the decryption process, and it is technically impossible for us to obtain or verify the final outcome of this election."
The IACR will switch to a two-of-three private key system to prevent this sort of thing from happening again. Moti Yung, the trustee responsible for the incident, has resigned and is being replaced by Michael Abdalla.
[1] https://arstechnica.com/security/2025/11/cryptography-group-cancels-election-results-after-official-loses-secret-key/
[2] https://www.iacr.org/news/item/27138
[3] https://vote.heliosvoting.org/about
That does not inspire confidence (Score:4, Informative)
"No backup" is amateur-level. Also that they did not use n-out-of-k with n k is a pretty basic mistake.
Re: (Score:1)
> "No backup"
Everywhere one looks these days one sees people who think they can lead but are fit for almost nothing at all. To see it from these folks does beggar belief.
Re: (Score:2)
> "No backup" is amateur-level. Also that they did not use n-out-of-k with n k is a pretty basic mistake.
Especially for people who do cryptography as their livelihood. They understand the importance of keys and to keep them safe.
Not using n of k is understandable - not every situation warrants n of k and they were likely thinking that it would be fine for all three people to be in charge of the results. N of k usually is for situations where you want K people to have the key so only N of them need to be prese
Re: (Score:1)
it already has. verifiable electronic voting is indeed feasible and arguably more secure than paper voting. however i'm not sure it would scale well as it requires strict observance of protocols and cutting corners is something i would expect in the long term. however, that happens with paper elections too. but more importantly ... the process isn't the issue anyway: your piece of paper in the ballot box doesn't allow you to hold your representatives accountable, your choices were rigged from the get go and
Bixby's Law (Score:2)
Bixby's Law says, "In any security installation the weakest link is not in the hardware or the software, but in the wetware."
Re: (Score:2)
You were not satisfied with the election results?
What should really be of interest here (Score:2)
What should be of interest to slashdotters isn't the irony of someone associated with cryptography losing their private key, but that there exists an open source system to securely allow voting and also to absolutely verify that the vote was counted. All while still maintaining anonymity. Barring the issue of losing private keys on the part of those administering the vote, this sort of system is very interesting, and really could be used to promote voter engagement and democracy. I had heard of it before,
Re: (Score:2)
> but that there exists an open source system
this is not new. i worked on such a system 15 years ago, almost entirely opensource down to the os (with the sole exception of the smartcard reader drivers used for key management, this was accepted by the client) and it successfully ran two binding public elections (with a subset of the census, it was a pilot) with no serious issues (some issues, but nothing serious although some people made much fuss about them). people could vote even with their phones. [1]https://www.regjeringen.no/en/... [regjeringen.no]
> could be used to promote voter engagement and democracy
it did promote vo
[1] https://www.regjeringen.no/en/topics/elections-and-democracy/internet-voting-trials/id2666749/
Got a problem? Reduce the security! (Score:1)
"The IACR will switch to a two-of-three private key system to prevent this sort of thing from happening again."
Lets solve the problem by reducing the security.
Is this really the message an outfit whose purpose is security should be promoting?
In (Inevitable) future news ... (Score:2)
> Unfortunately, one of the three trustees has irretrievably lost their private key, ...
> The IACR will switch to a two-of-three private key system to prevent this sort of thing from happening again.
Two of the three trustees have irretrievably lost their private keys ...
lol, what a clod (Score:3)
> Moti Yung, the trustee who was unable to provide his third of the key material, has resigned.
If you prompted an LLM to "Generate an image of the goofy bastard who lost his encryption key because he stuck it up his ass", it would literally be [1]this fucking clod [computer.org]
[1] https://www.computer.org/_next/image?url=https%3A%2F%2Fmain-cdn.computer.org%2Fwp-media%2F2018%2F09%2F08005254%2Fmoti-yung.png&w=640&q=75