WTF: Key gone – Cryptologists can't access their election results
A renowned group of cryptography researchers uses a sophisticated security system – and ultimately falls victim to it themselves.
Everything was fine until the key went missing: This is what happened to a group of cryptologists who now have to repeat their elections.
(Image: zffoto / Shutterstock.com, mit Grafik von heise online)
It is one of the worst possible scenarios for cryptologists when their own encryption system can no longer be cracked. This is precisely what happened to the International Association of Cryptologic Research (IACR). A month of electronic voting processes lies behind them – and now ahead of them again. Because the election results can no longer be decrypted. The IACR intended to fill a total of seven important positions with these elections.
The encrypted results can only be accessed with the help of three keys. Each of them is held by a human custodian. If even one of them misplaces their key, there is no chance of counting the votes. Or a "fatal technical problem" as the group called it when they informed their members on Friday described this exact situation that has now occurred.
The enemy of every scatterbrain
The Helios voting system used in the election is, so to speak, the natural enemy of any klutz. A predetermined number of people – three in the case of the IACR – must each generate a public and a private key. To access the data, all individuals must provide their private key. If even one person has misplaced their key, decryption is not possible. This was also the case with the IACR, which thus wanted to ensure that no two custodians could collude to count the result of an election or the content of individual votes themselves. For a group of cryptography professionals, this seemed to be the significantly greater risk than locking themselves out of their own system.
The mishap can also be traced on the IACR's election page, where it is displayed which of the custodians has already deposited their private key. Custodian Moti Yung's key is still missing. According to the IACR, the reason for this is human error: Yung lost his key.
Only one chance left
Therefore, the IACR has to bite the bullet to get the results; they have to repeat the elections. The IACR announced this on Friday and immediately started new elections, which will be conducted electronically. The organization deeply regrets the error and the resulting disruptions, it emphasizes. "This situation should not have happened, and we take it very seriously," the election committee and the board assure.
The IACR is drawing consequences from the incident and is slightly weakening its security system: From now on, it should be possible to access the results with two out of three private keys. There will also be a clearly defined procedure for handling private keys that all custodians must adhere to.
Videos by heise
Key loss led to resignation
Yung also drew consequences from the incident: the researcher, employed by Google, announced his resignation as a custodian of an IACR election vote key. His position at the IACR is to be filled immediately.
The IACR has thousands of members worldwide, from students to renowned scientists. Its goal is to advance research in the field of cryptography; the group has already made notable publications in the field.
(nen)
