Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
Encryption Security

Cryptographers Cancel Election Results After Losing Decryption Key (arstechnica.com) 52

Posted by BeauHD from the face-palm dept.
The International Association of Cryptologic Research (IACR) was forced to cancel its leadership election after a trustee lost their portion of the Helios voting system's decryption key, making it impossible to reveal or verify the final results. Ars Technica reports: The IACR said Friday that the votes were submitted and tallied using Helios, an open source voting system that uses peer-reviewed cryptography to cast and count votes in a verifiable, confidential, and privacy-preserving way. Helios encrypts each vote in a way that assures each ballot is secret. Other cryptography used by Helios allows each voter to confirm their ballot was counted fairly. "Unfortunately, one of the three trustees has irretrievably lost their private key, an honest but unfortunate human mistake, and therefore cannot compute their decryption share," the IACR said. "As a result, Helios is unable to complete the decryption process, and it is technically impossible for us to obtain or verify the final outcome of this election."

The IACR will switch to a two-of-three private key system to prevent this sort of thing from happening again. Moti Yung, the trustee responsible for the incident, has resigned and is being replaced by Michael Abdalla.

Cryptographers Cancel Election Results After Losing Decryption Key More | Reply

Cryptographers Cancel Election Results After Losing Decryption Key

Comments Filter:

  • lol, what a clod (Score:3, Funny)

    by apparently ( 756613 ) on Friday November 21, 2025 @09:15PM (#65811189)

    Moti Yung, the trustee who was unable to provide his third of the key material, has resigned.

    If you prompted an LLM to "Generate an image of the goofy bastard who lost his encryption key because he stuck it up his ass", it would literally be this fucking clod [computer.org]

  • It's still secure, (Score:1)

    by Anonymous Coward
    though.

  • That does not inspire confidence (Score:5, Informative)

    by gweihir ( 88907 ) on Friday November 21, 2025 @09:22PM (#65811197)

    "No backup" is amateur-level. Also that they did not use n-out-of-k with n k is a pretty basic mistake.

    • "No backup"

      Everywhere one looks these days one sees people who think they can lead but are fit for almost nothing at all. To see it from these folks does beggar belief.

    • Re: (Score:2)

      by tlhIngan ( 30335 )

      "No backup" is amateur-level. Also that they did not use n-out-of-k with n k is a pretty basic mistake.

      Especially for people who do cryptography as their livelihood. They understand the importance of keys and to keep them safe.

      Not using n of k is understandable - not every situation warrants n of k and they were likely thinking that it would be fine for all three people to be in charge of the results. N of k usually is for situations where you want K people to have the key so only N of them need to be prese

      • Even if you do keep the key safe, it's impossible to keep YOU safe. A heart attack, a drunk truck driver, a falling meteorite -- are all pretty good at destroying wetware.

        • Re: (Score:2)

          by gweihir ( 88907 )

          Yes. And that case is covered in all _basic_ BCM materials. You do not only need backup for data. You also need backups for roles.

      • Re: (Score:3)

        by rta ( 559125 )

        ...

        Here all 3 people likely were going to be needed to certify the election results so having 2 of 3 wouldn't have done anything other than let one of them lose the key.

        And yet that's exactly what they decided to do on the re-run / moving forward... as mentioned in both TFS and TFA:

        ...The IACR will switch to a two-of-three private key system to prevent this sort of thing from happening again.

      • I think it's not actually that surprising, these guys are mathematicians, not engineers. In fact there was no need for the cryptography in the first place but it was mathematically interesting so let's use it. And here we are.

        • Re: (Score:2)

          by gweihir ( 88907 )

          I know a few mathematicians. None of them are stupid. All of them can do risk management to a reasonable degree. These people from the stroy must be the dross.

      • Re: (Score:2)

        by gweihir ( 88907 )

        Well, either you can trust people to not lose their keys, or you cannot. In the second case, you need some redundancy. But sure, the screw-up also included them apparently trusting incompetents too much.

    • "No backup" is amateur-level.

      For short term transient activities backups are rarely done for most things.

      • Re: (Score:3)

        by gweihir ( 88907 )

        Oh, I am sure _you_ do not do these. Competent people do backups or redundant copies for anything that is critical, regardless of time-frame.

    • Keep quiet in the back, please. These people are professionals, possibly even experts. Remember, listen to the experts.

  • Bixby's Law says, "In any security installation the weakest link is not in the hardware or the software, but in the wetware."

  • They did not lost it, someone was just not satisfied with the election results. Similar situation happened to me.

    • You were not satisfied with the election results?

      • He can't get no
        Satisfaction

      • Nope. I am involved in a legal court case, a 15 year long justice battle. And someone was not satisfied with court ruling, with his it was going, so they stole crucial documents from official archives, and it was reported 'lost"
        • Get your lawyer to argue it was intentional destruction of evidence. That would allow the jury to make whatever inferences they want about what may have been in it (they'll probably do this anyway, but getting the judge to tell them that always helps) and then let your lawyer insinuate that it's worse than it probably is.

  • What should really be of interest here (Score:3)

    by caseih ( 160668 ) on Friday November 21, 2025 @10:07PM (#65811247)

    What should be of interest to slashdotters isn't the irony of someone associated with cryptography losing their private key, but that there exists an open source system to securely allow voting and also to absolutely verify that the vote was counted. All while still maintaining anonymity. Barring the issue of losing private keys on the part of those administering the vote, this sort of system is very interesting, and really could be used to promote voter engagement and democracy. I had heard of it before, but kind of forgot about it.

    • Re: (Score:3)

      by znrt ( 2424692 )

      but that there exists an open source system

      this is not new. i worked on such a system 15 years ago, almost entirely opensource down to the os (with the sole exception of the smartcard reader drivers used for key management, this was accepted by the client) and it successfully ran two binding public elections (with a subset of the census, it was a pilot) with no serious issues (some issues, but nothing serious although some people made much fuss about them). people could vote even with their phones. https://www.regjeringen.no/en/... [regjeringen.no]

      could be used to promote voter engagement and democracy

      it did promote vo

    • Re: (Score:1)

      by Anonymous Coward

      and really could be used to promote voter engagement and democracy. I had heard of it before, but kind of forgot about it.

      Unfortunately for elections, if votes could enact changes that matter, they wouldn't let us do it.

    • Re: (Score:2)

      by rta ( 559125 )

      Barring the issue of losing private keys ...

      Getting normal people to have / manage / distribute a key pair has been an ongoing / unsolved practical problem in just plain encryption/ authentication for like 35 years. The protocols have always supported it (or close enough to "always") but it just never took off.

      Technically when you hit your bank's site in a browser, your browser COULD prompt you to present a client cert that you'd pre-registered with the bank and not even let you connect otherwise. And it's been able to do that as long as HTTPS ha

    • What should be of interest to slashdotters isn't the irony of someone associated with cryptography losing their private key, but that there exists an open source system to securely allow voting and also to absolutely verify that the vote was counted. All while still maintaining anonymity.

      .. and which fails catastrophically the minute some random guy loses a key. Yup, that's a typical crypto design all right, runs perfectly on a whiteboard, fails perfectly in the real world.

    • there exists an open source system to securely allow voting and also to absolutely verify that the vote was counted.

      We've had that for a while now. It's a non-starter because very few people can actually understand how it works, thus very few people will accept the results of such an election. Even now (in the US) there are still people screaming about how the 2020 and 2024 elections were rigged by shenanigans in counting the ballots, and what we have is a pretty straightforward system. Make the whole thing

  • "The IACR will switch to a two-of-three private key system to prevent this sort of thing from happening again."

    Lets solve the problem by reducing the security.

    Is this really the message an outfit whose purpose is security should be promoting?

    • Re: (Score:2)

      by mudimba ( 254750 )

      It's weird for the article to not even address this, given how two sentences earlier they said "To prevent two of them from colluding to cook the results..."

  • In (Inevitable) future news ... (Score:4, Funny)

    by fahrbot-bot ( 874524 ) on Friday November 21, 2025 @10:33PM (#65811271)

    Unfortunately, one of the three trustees has irretrievably lost their private key, ...

    The IACR will switch to a two-of-three private key system to prevent this sort of thing from happening again.

    Two of the three trustees have irretrievably lost their private keys ...

  • I actually know this name. He is a prominent cryptographer who wrote one of the early books about Cryptovirology in the late 90s when others hadnâ(TM)t thought of it yet.

    I met his co-author of that book while doing a stint at Bloomberg, Dr Adam Young.

    Sad to see his name under less than good circumstances but I can at least say this is a respectable person who has authored significant works in the field.

  • And I don't even want to hear a lecture about why that's a bad idea. You don't get to do that anymore.

  • Next thing ya know, it will be a member requirement to have an RDID tag implanted in your hand, as a condition of joining this group.

  • Oh, all those petards exploding in the wrong places. Retards hoist by their own petards perhaps also should be referred to as "petards."

  • Later after Two weeks of extreme hacking, hacker group reveals the election results, saving the day

  • I always kept my half of the EAM decryption key in my wallet on a random piece of paper that looked like a phone number and on the back of clip-board magnetically attached to the SIOP safe.

Slashdot Top Deals

Almost anything derogatory you could say about today's software design would be accurate. -- K.E. Iverson

Close