“Working in collaboration with the NSA, NIST included three sets of recommended elliptic curves in FIPS 186-2 that were generated using the algorithms in the American National Standard (ANS) X9.62 standard and Institute of Electrical and Electronics Engineers (IEEE) P1363 standards.”: What exactly is NIST’s justification for making claims regarding the method that NSA used to generate these curves? The fact that a hash matches is publicly verifiable, but the distribution of “random” inputs is not. I have heard NSA employees claiming that the “random” inputs were actually generated as hashes of English text chosen (and later forgotten) by Jerry Solinas."
https://miracl.com/blog/backdoors-in-nist-elliptic-curves/
“Working in collaboration with the NSA, NIST included three sets of recommended elliptic curves in FIPS 186-2 that were generated using the algorithms in the American National Standard (ANS) X9.62 standard and Institute of Electrical and Electronics Engineers (IEEE) P1363 standards.”: What exactly is NIST’s justification for making claims regarding the method that NSA used to generate these curves? The fact that a hash matches is publicly verifiable, but the distribution of “random” inputs is not. I have heard NSA employees claiming that the “random” inputs were actually generated as hashes of English text chosen (and later forgotten) by Jerry Solinas."
https://csrc.nist.gov/CSRC/media/Publications/sp/800-186/dra...
It's all quite public.