For a group of the world’s top cryptology researchers, it was the kind of election you would expect. It was a secret digital ballot whose final tally could be decoded only by using three keys split among select election trustees.
So secure was the annual contest to fill three director and four officer positions that when one trustee lost his cryptographic key to unlock the results, the error made it impossible.
The group, the International Association of Cryptologic Research, or I.A.C.R., was left with no choice but to throw out the vote and call a new election.
“Regrettably, we have encountered a fatal technical problem that prevents us from concluding the election and accessing the final tally,” the group said in a memo on Friday. “We are deeply sorry for this failure and for the disruption it has caused.”
The association said that in order to avoid the issue in the future, it would loosen its requirements, adopting a “2-out-of-3 threshold” for use of the decryption keys and circulating clear, written procedures for trustees to follow.
The association, headquartered in Bellevue, Wash., works to advance research in cryptology, the science of securing information through ciphers and codes. With thousands of members around the world — including regular, student and senior members — it publishes some of the top research in the field.
The association held elections for various leadership posts including the presidency from Oct. 17 to Nov. 16. As it has for years, it used an electronic voting system called Helios, which is designed to be verifiable and less vulnerable than other methods to collusion and interference. The system encrypts each vote and is “voter verifiable,” allowing people to track their ballots.
After this year’s vote, two out of the three trustees responsible for decrypting the results provided their secret keys, but one, Moti Yung, a cryptographer and research scientist at Google, did not, according to the group’s public election page.
In its apologetic memo, the association said the election snafu had been an “honest but unfortunate human mistake,” which arose from “the strict cryptographic requirements of the system itself.” The lost key, the group added, was irretrievable, and so were the election results.
Mr. Yung, the association said in its statement, has since resigned from his position as trustee for this year’s election. The group did not specify if the resignation had to do with the problem with this year’s election. Neither the group nor Mr. Yung immediately responded to requests for comment.
A new round of voting will take place from Nov. 21 to Dec. 20, the association’s statement said.
Ben Adida, a software engineer who created Helios, said in a phone interview that the three keys required to decode the results were delivered in files to be downloaded onto computers. In this case, he said, the missing file was most likely “misplaced or mistakenly deleted.”
Ronald Rivest, a cryptography expert and professor at the Massaschussetts Institute of Technology, said he was pleased that the cryptologic group was taking steps to fix the problem.
“I think it’s unfortunate that this happened,” he said. “Redoing the election is really costly. I think the big takeaway is you don’t want to have these kinds of errors to happen in a real system.”
Though errors are rare in Helios’s work with the cryptology group, said Mr. Adida, the software engineer, the case showed that there can be trade-offs in designing and using hyper-secure systems.
“It turns out that managing keys and managing secret keys is the hardest part of this — even among the world’s best cryptographers,” he said.
Pranav Baskar is an international reporter and a member of the 2025-26 Times Fellowship class, a program for journalists early in their careers.
The post Cryptographers Held an Election. They Can’t Decrypt the Results. appeared first on New York Times.
