Article Details

Cryptology boffins’ association to re-run election after losing encryption key needed to count votes. The shoemaker’s children have new friends. The International Association for Cryptologic Research will run a second election for new board members and other officers, after it was unable to complete its first poll due to a lost encryption key. As explained in November 21 election update, the association (IACR) used an electronic voting system called “Helios” to run its elections, with members able to vote between October 17 and November 16. That phase of the election seems to have gone off without a hitch. But when vote-counting started, the association “encountered a fatal technical problem that prevents us from concluding the election and accessing the final tally.” That problem related to the fact that the IACR’s bylaws require three members of its election committee to each hold a portion of the cryptographic key material required to jointly decrypt the results. “This aspect of Helios’ design ensures that no two trustees could collude to determine the outcome of an election or the contents of individual votes on their own: all trustees must provide their decryption shares,” the update explains. That’s a sensible way to run an election, and perhaps necessary as the affairs of professional and industry associations can sometimes become heated. This time around, the process didn’t work for IACR. “Unfortunately, one of the three trustees has irretrievably lost their private key, an honest but unfortunate human mistake, and therefore cannot compute their decryption share,” the org’s update states. “As a result, Helios is unable to complete the decryption process, and it is technically impossible for us to obtain or verify the final outcome of this election.” The org conducted “careful consideration” and decided “the only responsible course of action is to void this election and start a new election from scratch.” It appears that the person who lost their key has resigned from their role as a trustee of the election, which IARC will re-run from November 21 to December 20. The same candidates will again stand for election, and the org’s electoral roll will remain unchanged. “We are deeply sorry for this failure and for the disruption it has caused; this situation should not have happened, and we take it very seriously,” the association’s update states. “We respectfully ask for your understanding and patience while we remedy the problem and ensure that the renewed process is as smooth, secure, and transparent as possible.” The org now plans to adopt a two-out-of-three threshold mechanism for the management of private keys and will circulate a clear written procedure for all trustees to follow before and during the election. A new election isn’t the only item on IACR’s to-do list, as in December its annual Asiacrypt conference comes to Melbourne, Australia. The list of accepted papers includes works written by researchers from China’s National University of Defense Technology, AWS, Google, Bain Capital, and JP Morgan.