![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
thewayneThis is both funny and sad because (A) it happened to the International Association of Cryptologic Research, an organization that's been around for 50-some years, and (2) because it demonstrates how brittle encryption can be.
The organization was its annual leadership election, and was using high-strength and verifiable encryption. Everyone who submitted their vote could verify, through their own encryption key, that their vote was correct and not tampered with. Three members of the election committee each held one-third of the key required to completely decrypt the master file to tabulate the vote, so all three had to simultaneously submit their part of the key to process the votes.
One of the members lost their part of the key, irrecoverably, through simple human error - not a hack. Thus, the file remains forever locked.
The IACR is re-running the election which will close on December 20 using a different encryption methodology requiring two of the three key portions. And the person who lost their part of the key has resigned from the election committee, I don't know if they're still part of the organization.
https://arstechnica.com/security/2025/11/cryptography-group-cancels-election-results-after-official-loses-secret-key/
https://www.schneier.com/blog/archives/2025/11/iacr-nullifies-election-because-of-lost-decryption-key.html
The organization was its annual leadership election, and was using high-strength and verifiable encryption. Everyone who submitted their vote could verify, through their own encryption key, that their vote was correct and not tampered with. Three members of the election committee each held one-third of the key required to completely decrypt the master file to tabulate the vote, so all three had to simultaneously submit their part of the key to process the votes.
One of the members lost their part of the key, irrecoverably, through simple human error - not a hack. Thus, the file remains forever locked.
The IACR is re-running the election which will close on December 20 using a different encryption methodology requiring two of the three key portions. And the person who lost their part of the key has resigned from the election committee, I don't know if they're still part of the organization.
https://arstechnica.com/security/2025/11/cryptography-group-cancels-election-results-after-official-loses-secret-key/
https://www.schneier.com/blog/archives/2025/11/iacr-nullifies-election-because-of-lost-decryption-key.html
no subject
Date: 2025-11-29 09:48 am (UTC)Hugs, Jon
no subject
Date: 2025-11-29 05:53 pm (UTC)Like I said, cryptography can be brittle. As demonstrated. Lose your key, you are utterly screwed. There's a guy in England who has put together a bunch of backers who want to buy a town dump because a hard drive got thrown away that contains Bitcoins that contain over $400 million in value. They may or may not be able to find it, and the coins may or may not be retrievable. But it would be a major environmental problem to dig up the dump!
no subject
Date: 2025-11-30 02:18 am (UTC)no subject
Date: 2025-11-29 04:58 pm (UTC)no subject
Date: 2025-11-29 05:56 pm (UTC)Thank you! I do appreciate it. Being a geek, and being able to usually spread information in an understandable way to the less geeky, I like doing so. Of course, you need no simplification. :-)
no subject
Date: 2025-12-01 01:29 am (UTC)no subject
Date: 2025-11-29 11:10 pm (UTC)This is so sad that it's funny.
no subject
Date: 2025-12-03 06:16 am (UTC)I dread the day that someone comes into the library and it's not "I forgot my e-mail password, we need to reset it," but "I forgot the password to my password vault, but you know how to retrieve that, right?" And we will have a long conversation at that point.