Hacker News

3182 readers

436 users here now

Posts from the RSS Feed of HackerNews.

The feed sometimes contains ads and posts that have been removed by the mod team at HN.

founded 1 year ago

MODERATORS

patrick@lemmy.bestiver.se

rssbot@lemmy.bestiver.se

Cryptology firm cancels elections after losing encryption key (www.bbc.com)

submitted 1 week ago by rssbot@lemmy.bestiver.se to c/hackernews@lemmy.bestiver.se

2 comments fedilink hide all child comments

Comments

you are viewing a single comment's thread
view the rest of the comments

[–] jbloggs777@discuss.tchncs.de 1 points 1 week ago* (last edited 1 week ago)

Requiring only two out of three keys leaves the system open to straightforward collusion. A threshold like three out of four, or three out of five, would raise the bar to something more like a coordinated conspiracy. There are likely additional human roles involved in the process as well (mitigating the risk), though I’m not fully familiar with the complete setup.

My assumption is that these keys are meant solely to control the timed release of the data, not to serve as the ultimate source of authority. The encrypted ballots are probably disclosed to the keyholders at the same moment the keys themselves are published.

It reminds me of a pet project I want to complete: An automated online timed release keymaster, publishing future-dated public keys, then publishing the secret keys on that date. One day soon... edit: it already exists, https://timelock.dev/