Cryptocurrency company cancels election after losing encryption keys

Laura Kresstechnology reporter

grey placeholderGetty Images Green and red digital CPU button with green lock symbol. getty images

A company considered one of the leading global voices in cryptography canceled the announcement of its leadership election results after officials lost the encrypted key needed to unlock it.

The International Association for Cryptographic Research (IACR) uses an electronic voting system that requires three members, each with a portion of the encrypted key, to access the results.

The scientific body said in a statement that one of its trustees lost the key due to an “honest but unfortunate human error,” making it impossible to decipher and reveal the final results.

The IACR said it would re-run the election, adding “new safeguards” to prevent similar mistakes from happening again.

IACR is a global non-profit organization founded in 1982 with the goal of “furthering the study” of cryptography, the science of secure communications.

Voting for three directors and four officers began on October 17, and the process closed on November 16.

The association used an open source electronic voting system called Helios for this process.

Browser-based systems use encryption to encrypt or keep votes secret.

Three members of the association will be appointed as independent trustees, each receiving one-third of the encrypted material, which they will then share together to render a verdict.

Two of the trustees uploaded their shares of encrypted material online, but the third did not.

‘Irreversibly’ defeated

The IACR said in a statement that no results were forthcoming because one of the trustees had “irretrievably” lost his private keys, making it “technically impossible” for the company to know the final verdict.

Therefore, the position is that there is no choice but to cancel the election.

The association said it was “deeply sorry” for this mistake and added, “We take it very seriously.”

American cryptographer Bruce Schneier told the BBC that the failure of cryptographic systems often lies in the fact that they need to be “operated by humans” “to provide real security”.

“Encryption systems often fail for very human reasons, such as forgetting keys, sharing keys improperly, or making other mistakes,” he said.

Voting for the IACR position has been renewed and will run through December 20.

The association said it has replaced an initial trustee that lost encrypted information and will now adopt a “two out of three” threshold mechanism for managing private keys and clear written procedures for trustees to follow.

grey placeholderGreen promotional banner with black squares and rectangles forming pixels moving from the right. In the text