A firm considered one of the leading global voices in encryption has cancelled the announcement of its leadership election results after an official lost the encrypted key needed to unlock them.
The International Association for Cryptologic Research (IACR) uses an electronic voting system that requires three members, each with part of an encrypted key, to access the results.
In a statement, the scientific organization revealed that a trustee had misplaced their key in an honest but unfortunate human mistake, making it impossible to decrypt the final results.
The IACR announced it would rerun the election and implement new safeguards to prevent similar incidents from occurring in the future.
The IACR is a global non-profit organization founded in 1982 to promote research in cryptology, the science of secure communication. The voting for three Director and four Officer positions commenced on October 17 and closed on November 16.
The association employed an open source electronic voting system called Helios that used cryptography to maintain vote confidentiality. Independent trustees were designated to hold portions of the encrypted data, but only two of the three trustees submitted their parts.
Unfortunately, the IACR stated that the failure to achieve results stemmed from the irreversible loss of the private key by a trustee, rendering it impossible to determine the election outcome.
The organization expressed its deep regret over the situation and acknowledged the seriousness of the error. Renowned cryptographer Bruce Schneier highlighted that failures in cryptographic systems often occur due to human error.
Voting for the new IACR positions has recommenced and will continue until December 20. The association has replaced the trustee responsible for the lost key and is adopting a "2-out-of-3" threshold mechanism for key management, accompanied by a detailed protocol for the trustees.
