Encryption Crisis: IACR Cancels Elections Due to Lost Key

Wed Nov 26 2025 06:21:22 GMT+0200 (Eastern European Standard Time)

The International Association for Cryptologic Research has announced the cancellation of its leadership elections after a critical encryption key was lost by an official, preventing access to the vote results.

In a surprising turn of events, the International Association for Cryptologic Research (IACR) has canceled the announcement of its leadership election results due to the loss of an essential encryption key by one of its trustees. The IACR, using a three-part key method for its electronic voting system, found itself unable to unlock the results, leading to the decision to re-run the elections with added security measures. The incident has sparked discussions about the vulnerabilities in cryptographic systems that arise from human error.

A firm considered one of the leading global voices in encryption has cancelled the announcement of its leadership election results after an official lost the encrypted key needed to unlock them.

The International Association for Cryptologic Research (IACR) uses an electronic voting system which needs three members, each with part of an encrypted key, to access the results.

In a statement, the scientific organisation said one of the trustees had lost their key in an honest but unfortunate human mistake, making it impossible for them to decrypt - and uncover - the final results.

The IACR said it would rerun the election, adding new safeguards to stop similar mistakes happening again.

The IACR is a global non-profit organisation which was founded in 1982 to further research in cryptology, the science of secure communication.

It opened votes for three Director and four Officer positions on 17 October, with the process closing on 16 November.

The Association used an open source electronic voting system called Helios for the process. The browser-based system uses cryptography to encrypt votes, keeping them secret.

Three members of the association were chosen as independent trustees to each be given a third of the encrypted material, which when shared together would reveal the verdict. While two of the trustees uploaded their share of the encrypted material online, a third never did.

'Irretrievably' lost

The IACR said in a statement that the lack of results was due to one of the trustees irretrievably losing their private key, making it technically impossible for the firm to know the final verdict. It said it was therefore left with no choice but to cancel the election.

The association added that it was deeply sorry for the mistake, which it took very seriously. American cryptographer Bruce Schneier noted that failures in cryptographic systems often stem from human error, whether through forgetting keys or making some other mistake. Voting for the IACR positions has been renewed and will run until 20 December; the association has replaced the initial trustee and introduced a 2-out-of-3 threshold for key management.