Lost Key Leads to Election Chaos for Cryptology Firm

Fri Dec 05 2025 13:50:23 GMT+0200 (Eastern European Standard Time)

A leading cryptology organization, IACR, faces a leadership election setback after a trustee loses a key needed to access election results.

The International Association for Cryptologic Research (IACR) has had to cancel its leadership election results because one of its trustees lost an encryption key needed for the encrypted voting system. This incident highlights the vulnerabilities in cryptographic systems when human error is involved. The IACR has announced they will redo the election with new safeguards to avoid repeat mistakes.

A firm considered one of the leading global voices in encryption has cancelled the announcement of its leadership election results after an official lost the encrypted key needed to unlock them.

The International Association for Cryptologic Research (IACR) uses an electronic voting system which needs three members, each with part of an encrypted key, to access the results.

In a statement, the scientific organisation said one of the trustees had lost their key in an honest but unfortunate human mistake, making it impossible for them to decrypt - and uncover - the final results.

The IACR stated it would rerun the election, adding new safeguards to prevent similar mistakes in the future.

The IACR is a global non-profit organisation founded in 1982 with the aim to further research in cryptology, the science of secure communication.

The association opened votes for three Director and four Officer positions on October 17, with the deadline closing on November 16. It utilized an open source electronic voting system called Helios.

The browser-based platform encrypts votes to maintain secrecy.

Three members of the association were chosen as independent trustees, each given a portion of the encrypted material, which when combined would reveal the outcomes. However, while two trustees completed their part, the third failed to do so.

The IACR reported in a statement that the absence of results was attributable to one trustee irretrievably losing their key, leaving the organization unable to determine the results.

They expressed deep regret for the incident and emphasized the gravity of the mistake.

Bruce Schneier, an American cryptographer, commented that failures in cryptographic systems often stem from human factors, warning that keys can be forgotten or improperly shared.

The voting process has been restarted and will run until December 20. The IACR has replaced the missing trustee and plans to implement a 2-out-of-3 key management policy with clear procedures to enhance security.