Leadership Election Cancelled by Cryptology Firm Due to Lost Encryption Key

Tue Nov 25 2025 18:30:22 GMT+0200 (Eastern European Standard Time)

The International Association for Cryptologic Research has postponed its leadership elections after a trustee misplaced a crucial encryption key necessary to reveal the voting results.

The International Association for Cryptologic Research (IACR) has announced the cancellation of its leadership election results due to a trustee losing the encrypted key required for decryption. This unprecedented error, described as an 'honest but unfortunate human mistake', led to the inability to access the election outcome. The IACR plans to rerun the elections with improved security measures, reinforcing the importance of human error awareness in cryptographic systems.

A firm considered one of the leading global voices in encryption has cancelled the announcement of its leadership election results after an official lost the encrypted key needed to unlock them.

The International Association for Cryptologic Research (IACR) uses an electronic voting system which needs three members, each with part of an encrypted key, to access the results.

The IACR stated that one of the trustees lost their key in an honest but unfortunate human mistake, making it impossible for them to decrypt - and uncover - the final results.

The IACR said it would rerun the election, adding new safeguards to prevent similar mistakes in the future.

The IACR is a global non-profit organisation founded in 1982, aimed at furthering research in cryptology, the science of secure communication.

Voting for three Director and four Officer positions began on October 17 and closed on November 16. The Association utilized an open source electronic voting system called Helios which uses cryptography to encrypt votes.

Three members of the Association were designated as independent trustees, each assigned a third of the encrypted material, which when combined, would provide the final verdict. While two trustees uploaded their portion of the encrypted data, a third trustee failed to do so.

'Irretrievably' Lost

The lack of results was due to one trustee irretrievably losing their private key, leaving it technically impossible for the firm to know the final verdict. Consequently, IACR had no choice but to cancel the election. The Association expressed deep remorse for the oversight, emphasizing its seriousness.

American cryptographer Bruce Schneier commented that failures in cryptographic systems often stem from human errors, highlighting that operational security challenges often arise when humans are involved.

In light of the incident, voting for IACR positions has reopened and will continue until December 20. The organization has since replaced the initial trustee involved in the error and will implement a 2-out-of-3 threshold mechanism for private key management, accompanied by clear procedural guidelines for trustees.