Security Cryptography Whatever The IACR Can't Decrypt with Matt Bernhard
Dec 31, 2025
In this episode, Matt Bernhard, a researcher in secure voting systems, dives into the hilarious debacle of the IACR Helios election, where key decryption material went missing, rendering the election results unusable. He explains the complexities of Helios's homomorphic encryption and discusses its limitations and verifiability concerns. Additionally, Matt highlights the practical challenges of internet voting, contrasts digital systems with paper ballots, and introduces ElectionGuard, a modern solution aimed at enhancing election integrity.
AI Snips
Chapters
Transcript
Episode notes
Crypto Society Lost Its Election Key
- The IACR ran an election with Helios and couldn't decrypt results because a trustee lost the key file or USB stick.
- The organizers abandoned the tally and called a new election due to the missing decryption material.
ElGamal Enables Homomorphic Tallying
- Helios uses ElGamal (finite-field) ballots which let you homomorphically combine ciphertexts to tally privately.
- Decryption requires the election secret, and this deployment used full shares so losing one share blocked decryption.
Missing Threshold Creates Single Point Of Failure
- Threshold cryptography (T-of-N) would allow decryption even if some trustees lose shares.
- The IACR Helios deployment lacked proper thresholding and required all shares, creating a single-point-of-failure.