Link back to the top of the thread:
bsky.app/profile/vino...

That said, I am glad that IACR is addressing this "human mistake" by making a "system design change" to a 2-of-3 quorum for the re-run.

www.iacr.org/news/item/27...

#IACR #Cryptography #KeyManagement #InfoSec #OPSEC #Elections

Devices die. Backups fail. People forget. People die. Anyone who has worked with computers (or people) knows this happens.

System design should account for this. I wish IACR took accountability for the design failure rather than blaming the human element.

I am disappointed that IACR is framing the root cause as an "unfortunate human mistake," effectively throwing a distinguished member of the community under the bus.

This is a system design issue. No critical system should have a 3-of-3 quorum requirement.

2. Security is more than cryptography.

Most secure systems fail or get compromised, not due to sophisticated cryptanalytic attacks, but due to implementation and OPSEC issues.

Few lessons to relearn here:

1. Availability is a security requirement. It is just as important as Confidentiality.

While this seems like a truism, it is not uncommon to come across system designs (or even NSA/NIST specs) that contradict this principle.

IACR used #Helios for voting. They configured it such that all 3 trustees need to be present with their share of the private key to tally results.

One trustee lost their share. Now the results are mathematically secure—forever.

The math worked. The encryption held. The process failed.

Attack outcome: If you mess with the ground-based time, you mess with GPS.

This affects everything from your car's driving directions to the guidance systems for precise missiles.

Sources:
www.theregister.com/2025/10/20/c...
www.cert.org.cn/publish/main...

2. GPS Navigation: GPS satellites need perfectly synchronized clocks. They have onboard atomic clocks but rely on ground stations (like NTSC) to correct for timing drifts.

(An interesting source of drift: Relativistic time dilation, because the sats move at ~9,000 mph!)

1. Telecommunications: Cell phone base stations must share a common clock to hand off calls. This is even more vital for low-latency 5G applications.

Attack outcome: If you disrupt the time, you can disrupt the entire communications grid.

Why target a timekeeper? It sounds mundane, but high-precision time is a critical national security asset.

Modern tech relies on nanosecond-level accuracy. If you can mess with time, you can disrupt critical infrastructure.

Here are two key examples:

Great work, Wenyi Zhang, Annie Dai, Keegan Ryan, Dave Levin, Nadia Heninger and Aaron Schulman!

satcom.sysnet.ucsd.edu/docs/dontloo...

While it is important to work on futuristic threats such as Quantum cryptanalysis, backdoors in standardized cryptographic protocols, etc. - the unfortunate reality is that the vast majority of real-world attacks happen because basic protection is not enabled. Lets not take our eyes off the basics.

- Walmart Mexico: Unencrypted corporate emails, plaintext credentials to inventory management systems, inventory records transferred and updated using FTP

- AT&T Mexico cellular backhaul: Raw user internet traffic
- TelMex VOIP on satellite backhaul: Plaintext voice calls
- U.S. military: SIP traffic exposing ship names
- Mexico government and military: Unencrypted intra-government traffic

"Almost died on the thruway today when it happened and I’m glad it didn’t cause a bigger accident with an 18-wheeler behind me being able at the last minute to shift lanes because my Jeep died, locked its hand brake and jolted so hard my face almost ended up in the steering wheel at 70mph."

Availability is not antithetical to security and privacy. A well designed security system will meet availability needs.

"The Interior Ministry explained that... the G-Drive’s structure did not allow for external backups. This vulnerability ultimately left it unprotected."

Google Threat Intelligence Group released their analysis of 2024 0-days that the group tracked:
cloud.google.com/blog/topics/...