London, November 27, 2025
The International Association for Cryptologic Research (IACR) has voided its internal leadership election after one of three election trustees lost a private encryption key, making it impossible to decrypt and verify the results. The election cancellation and trustee resignation occurred in late 2025, prompting the organization to initiate a new election starting November 21, 2025.
Critical Key Loss Disrupts Election Integrity
During the critical vote-counting phase of IACR’s leadership election, an irreversible failure emerged when one trustee lost their private encryption key due to human error. This key was essential to decrypting the encrypted voting data. Without this key share, the election results could not be decrypted or verified, rendering the entire election invalid.
Helios Voting System and Key-Sharing Mechanism
IACR utilizes the open-source Helios voting system, which employs a security design requiring three independent trustees to hold separate key shares. This distributed cryptographic approach ensures that at least three independent parties must cooperate to decrypt election results, preventing manipulation by any two trustees. The missing key share broke this chain, making the decryption technically impossible and locking the votes permanently.
Organizational Response and Policy Changes
Faced with the unrecoverable loss of the key, IACR leadership decisively voided the election, stating this as the only responsible course of action. The affected trustee resigned from their role following the incident. Subsequently, the organization revised its election policies, reducing the required number of trustees from three to two to mitigate future risks related to key management.
A new election has been scheduled with the same candidates and electoral roll, running from November 21 through December 20, 2025, restarting the leadership selection process from scratch.
Broader Implications for Cryptographic Security
This episode reveals a substantial vulnerability even among cryptology experts: failures in critical backup and key management protocols. The incident underscores the necessity of industry-standard backup measures such as the “3-2-1” rule—maintaining three copies of data across two different media, including one offsite backup—and regular testing of backup integrity.
The IACR experience demonstrates that rigorous backup protocols and organizational safeguards remain crucial, even in environments designed for maximum cryptographic security. It serves as a cautionary example for organizations relying on secure voting or encryption systems, highlighting that technical safeguards must be complemented by strict operational discipline.
This event sends a clear message to the wider cryptographic and broader IT community about the risks inherent to key custody and the importance of comprehensive backup strategies to ensure data recoverability and trust in digital election systems.