November 25, 2025

Lost key, found drama

Article URL →HN comments →

Cryptology firm cancels elections after losing encryption key

Experts lose key to their own vote; commenters chant 'paper!' and meme the mess

TLDR: An encryption research group couldn’t reveal its election results after a trustee lost a key share, so it’s rerunning with new safeguards. Commenters split between “use paper ballots” and “at least they were transparent,” while jokes about experts forgetting passwords and a terminology spat added spice.

The International Association for Cryptologic Research (IACR) — the folks who study secure communication — canceled revealing its leadership election results because one trustee lost their piece of the decryption key. Cue the internet’s chorus: you had one job. The official mea culpa is here: iacr.org/news/item/27138, and the community instantly split. One top quip praised honesty over hacks: “Better than finding a workaround,” while security legend Bruce Schneier reminded everyone that fancy math still trips over human mistakes. A link to the previous drama-filled thread kept receipts: HN.

Then came the camps. The paper ballot gang shouted that cardboard boxes beat browsers every time, with a Swiss commenter flexing that they get national results in hours and warning against “verschlimmbessern” — improving something so much you break it. The tech defenders pointed out Helios is open source and IACR is adding safeguards: a new “2-out-of-3” key setup and written procedures so one lost key won’t brick democracy next time. Meanwhile, semantic warriors asked why IACR says “cryptology” instead of “cryptography,” sparking a mini language war while memes flew: forgot password energy, Ctrl+Z for democracy. For context: votes were encrypted, three trustees held parts of the key, one lost theirs, results became unrecoverable, and the election is being rerun through Dec 20.

Key Points

  • IACR canceled its leadership election after a trustee irretrievably lost a private key share required to decrypt results.
  • The election used the Helios open-source electronic voting system, which encrypts votes and required three trustee shares to reveal results.
  • Two trustees uploaded their shares, but the third did not, making decryption technically impossible.
  • IACR will rerun the election, now scheduled to run until 20 December, and has replaced the trustee who lost the key.
  • New safeguards include adopting a 2-out-of-3 key threshold and a clear written procedure for trustee key management.

Hottest takes

"Better than losing the key and finding a 'workaround' I guess" — potato3732842
"Some things just work, like paper ballots" — sschueller
"Why does the IACR use the term 'cryptology' rather than 'cryptography'?" — pxeger1

Save News

Made with <3 by @siedrix and @shesho from CDMX. Powered by Forge&Hive.