One of the leading security organizations globally, the International Association of Cryptologic Research (IACR), has annulled the results from its annual leadership election. This comes after an official misplaced an encryption key essential for unlocking results from a secure voting system.
The IACR revealed on Friday that the voting process was facilitated using Helios, an open-source system renowned for its use of peer-reviewed cryptography to guarantee the security and privacy of both casting and counting votes. Helios ensures the confidentiality of each vote by encrypting ballots and provides cryptographic proof that allows voters to verify the accurate counting of their votes.
A human error led to the current predicament. According to the association's bylaws, three election committee members serve as independent trustees, each holding a third of the cryptographic key needed to decrypt the election results. This division is intended to prevent any two from colluding to manipulate outcomes.
Unfortunately, as the IACR explained, one trustee inadvertently lost their private key, an 'honest but unfortunate human mistake.' This error renders Helios incapable of completing the decryption process, making it technically impossible to verify or obtain the final election results.
The IACR has decided to adopt a new method for managing private keys to avoid this issue in the future. The revised system will only require two of the three key components to decrypt the results. The trustee who misplaced their key, Moti Yung, has resigned and will be succeeded by Michel Abdalla.
The International Association of Cryptologic Research is a nonprofit scientific organization dedicated to advancing research in cryptology, the discipline that secures computation and communication systems against adversaries. A fresh election commenced on Friday and will run through December 20.