ZAP // pvproductions / Freepik; Stockcake
One of the world’s leading security organizations annulled the results of the annual elections for its leadership after one of those responsible lost the encryption key needed to unlock the votes, which had been recorded in an encrypted voting system.
The International Association for Cryptologic Research (IACR) announced this Friday that the elections for its board of directors had been annulled, as it was impossible to count the votes submitted to your hyper-secure system of choice.
According to one from the IACR, votes were submitted and counted through the Heliosan open source voting system that resort to encryption subject to peer review to collect and count votes in a verifiable way, confidential and privacy-protected.
O Helios encrypts every vote to ensure that each bulletin remains secret. Other cryptographic mechanisms used by Helios also allow each voter confirm that your bulletin was counted correctly.
According to the association’s statutes, three members of the electoral commission act as independent repositories of votes.
To prevent two of them from conspiring each other to tamper with the results, each depository holds one-third of the cryptographic key necessary to decrypt the results.
After this year’s vote, two of the three depositories responsible for decrypting the results provided their secret keys, but one of them, Moti Yung, cryptographer and researcher at Googledid not do so, according to what appears to indicate the names of the depositors and their public keys.
In its statement, the association classified the mishap in the electoral process as an “honest but unfortunate human error”, resulting “from the strict cryptographic requirements of the system itself”.
The lost key is unrecoverable — just like the election results, the statement adds. “Unfortunately, one of the three depositories irretrievably lost their private key, and therefore Can’t calculate your share of decryption,” the IACR wrote.
“As a result, Helios cannot complete the process of decryption and it is technically impossible for us to obtain or verify the final result of this election”, concludes the note.
To avoid a similar incident in the future, the IACR will adopt a new private key management mechanism. Instead of requiring all three segments of private key material, elections will now require only two out of three segments — apparently abdicating the principle that the system should “prevent two of them from conspiring with each other”.
According to Moti Yung, the custodian who was unable to provide his third of the key material, resigned.
The association, headquartered in Bellevue, in the US state of Washington, is dedicated to promote research in cryptologythe science that seeks to protect information through ciphers and codes.
With thousands of members around the world, including full members, students and seniors, the IACR publishes some of the most prestigious research in the field.
