A cryptography research body held an election and they can't decrypt the results

 (nytimes.com)

45 points | by FabHK 3 hours ago

5 comments

  • cube00 2 hours ago
    we have encountered a fatal technical problem that prevents us from concluding the election and accessing the final tally, [1]

    How is someone losing their key a "technical problem"? Is that hard to own up and put the actual reason in the summary? It's not like they have stockholders to placate.

    we will adopt a 2-out-of-3 threshold mechanism for the management of private keys [1]

    The trustee responsible has resigned so why weaken security going forward?

    I would have thought cryptography experts losing keys would be pretty rare, like a fire at a Sea Parks.

    [1]: https://www.iacr.org/news/item/27138

    [-]
    • kube-system 2 hours ago
      It sounds like the technical problem is that they spent more time thinking about cryptography itself than they did about the prudent application of it.

      Confidentiality that undermines availability might be good cryptography but it violates basic tenets of information security.

      [-]
      • tbrownaw 55 minutes ago
        > spent more time thinking about cryptography itself than they did about the prudent application

        "Your Scientists Were So Preoccupied With Whether Or Not They Could, They Didn’t Stop To Think If They Should"

    • woodruffw 2 hours ago
      > How is someone losing their key a "technical problem"?

      The human half of the problem is the loss of the key; the technical half of the problem is being unable to decrypt the election results.

      > The trustee responsible has resigned so why weaken security going forward?

      I don't think there's a scenario in which a 2-of-3 threshold is a significant risk to IACR.

      [-]
      • themafia 42 minutes ago
        There's physical loss and data loss as well. Key storage devices are not perfect. You even have to account for HSM failures.

        I believe the DNSSEC uses a 5 of 7 approach.

    • gpjt 1 hour ago
      Thanks for the reminder of a brilliant IT crowd moment!
  • FabHK 3 hours ago
    https://archive.is/NOnfx
  • generalizations 2 hours ago
    Nerds do tend to forget that people make procedural errors.
  • tptacek 1 hour ago
    I'd make a joke about NSA conspiracies here but I'm 95% sure some kind of Foucault's Pendulum / QAnon thing would happen and 6 years from now I'd be the contrarian on a bunch of threads about how the IACR had been suborned to suppress cryptanalysis of MLKEM.
  • gattis 2 hours ago
    in other words, someone didnt like the election results
    [-]
    • tptacek 1 hour ago
      "When you definitely know what an IACR director does."