I'm not sure I'd use the same words, but yeah, the argument I'm refusing to dignify is that NSA could have been successful at bribing a member of one of the PQC teams. Like, what is that bribed person going to do? Look at the teams; they're ridiculously big. It doesn't even make sense. Again: part of my dismissiveness comes from how clear it is that Bernstein is counting on his cheering section not knowing any of this, even though it's a couple of Google searches away.
One trivial example implied by the blog post: Such corruption could be involved in the non-transparent decision making process at NIST.
Regarding Dual_EC: we still lack a lot of information about how this decision was made internally at NIST. That’s a core point: transparency was promised in the wake of discovered sabotage and it hasn’t arrived.
What do you mean, "how" the decision about Dual EC was made? It's an NSA-designed backdoor. NIST standardized it because NSA told them to. I'm sure NSA told NIST a story about why it was important to standardize it. The Kremlinology isn't interesting: it is NSA's chartered job to break cryptography, and nobody should ever trust them; the only thing NSA can do to improve cryptography is to literally publish secret attacks, and they're not going to do that.
What do I mean? Iran-Contra, Watergate, or a 9/11 report style report, like levels of investigation. Given how widely read the BULLRUN stories were, it’s not credible to suggest the details aren’t important.
The American people deserve to know who picked up the phone or held a meeting to make this happen. Who was present, who at NIST knew what, and so on. Who internally had objections and indeed who set the policy in the first place. What whistleblower protections were in place and why didn’t the IG have involvement in public? Why did we have to learn about this from Snowden?
NSA has a dual mandate, on that I hope we can agree. It’s my understanding that part of their job is to secure things and that part of their job is to break stuff.
NIST has no such dual mandate, heads should roll at NIST. We probably agree that NSA probably won’t be accountable in any meaningful sense, but NIST must be - we are stuck with them. Not trusting them isn’t an option for anyone who files their taxes or banks or does any number of other regulated activities that require using NIST standards.
