The International Association for Cryptologic Research (IACR), a prominent organization focused on encryption, has canceled the announcement of its leadership election results due to a key management issue. An official with the organization allegedly misplaced an encrypted key required to unlock the election results, making it impossible to access the final verdict.
The IACR employs a specific electronic voting system that necessitates the collaboration of three members, each holding a segment of the encrypted key. According to the organization, one trustee lost their part of the key in what was described as “an honest but unfortunate human mistake.” This incident has prevented the group from decrypting and publicizing the election outcomes.
In response to this situation, the IACR has stated it will conduct a new election, introducing “new safeguards” to prevent similar incidents in the future. Founded in 1982, the IACR is a non-profit organization dedicated to advancing research in cryptology, the science of secure communication. The voting for three Director and four Officer positions commenced on October 17 and concluded on November 16. The association utilized an open-source electronic voting platform called Helios, known for its cryptographic features that maintain vote confidentiality.
The critical issue arose when only two of the three trustees submitted their encrypted segments online, while the third failed to do so. The trustee’s loss of their private key was deemed “irretrievable,” leading the IACR to cancel the election. The organization has expressed regret over the incident, emphasizing the seriousness of the error. Expert Bruce Schneier noted that failures in cryptographic systems often stem from human error, such as key management mistakes.
Voting for the IACR positions has been renewed and is set to run until December 20. The association has replaced the trustee who lost the key and will implement a “2-out-of-3” threshold for managing private keys, alongside a documented procedure for trustees to follow.
Source: https://www.bbc.com/news/articles/c62vl05rz0ko?at_medium=RSS&at_campaign=rss