It’s all good. I take it respectfully. Let me try again and I mean this entirely in good faith. I don’t think you’re an NSA shill as I think my other comments were taken by random readers. I do think you’re just mistaken and like many Americans (myself included) we want to believe in our institutions. You seem like a reasonable person, and I meant no slight towards you.
My read is that you asked what is the secret key with the implication that if they have it they should reveal it. No one who has it would do that to settle an argument. Well maybe someone would but it seems like an unreasonable ask. Absence of evidence isn’t evidence of absence (of the theft of the secret key for the q parameter for Dual EC), right?
If Dual EC didn’t have a backdoor, no could steal the secret key that NSA uses to exploit it. One is more secure than the other, and I take your comment as requiring the secret key for the corresponding Q to leak for that design to be a bad idea that is insecure. Again, I don’t think that is a reasonable standard of evidence. We know people steal stuff from NSA and we cannot expect that they will drop the secret key on hacker news to decide that it was a bad idea in the first place.
NOBUS is a fantasy idea - is there even a reasonable proposal that isn’t less secure than the same system without a backdoor? Even with ECDLP in play, if a CRQC is really in our future, Dual EC isn’t a forever NOBUS backdoor. If we knew how to do public key cryptography that could last 100+ years and we thought it was also post-quantum, maybe a backdoor wouldn’t weaken the system overall. But that’s a lot of maybes…
The argument you're making doesn't even cohere. If quantum computers break conventional cryptography, they moot backdoors in conventional public key cryptography. But they can simply be re-established in PQ public key cryptography. The idea behind a PKRNG backdoor is simple!
Huh, okay. I will try to clarify, apologies if I’m being incoherent. The argument I’m making is that the evidence doesn’t support your original claim or your follow up ask for a secret key.
NSA isn’t trying to (only) make NOBUS backdoors where the NOBUS is forever. If it isn’t forever, it’s not secure in the “Nobody but US(A)” sense implied by NOBUS as thrown around.
NOBUS is a fantasy of a very large security claim because even with a PKRNG, the keys can be stolen. However in the Dual EC case the current PKRNG again will also fall to a CRQC in addition to key theft. Both cases are strictly worse than a purely CSPRNG without a backdoor. The damage done by this kind of sabotage is hard to measure.
The evidence about backdoors points to NSA malfeasance and not towards NSA wanting something that is never insecure as is very strongly implied by the common framing of NOBUS as a concept.
