Comment by dcow

Michael Palin in Monty Python's Life of Brian, "Do you find it... risible?"

https://youtu.be/kx_G2a2hL6U?t=177

(I don't have anything constructive to add to the conversation. ¯\_(ツ)_/¯ )

To quote the article:

At the risk of belaboring the obvious: An attacker won't have to say "Oops, researcher X is working in public and has just found an attack; can we suppress this somehow?" if the attacker had the common sense to hire X years earlier, meaning that X isn't working in public. People arguing that there can't be sabotage because submission teams can't be bribed are completely missing the point.

He goes on to say: I coined the phrase "post-quantum cryptography" in 2003. It's not hard to imagine that the NSA/IDA post-quantum attack team was already hard at work before that, that they're years ahead of the public in finding attacks, and that NSA has been pushing NISTPQC to select algorithms that NSA secretly knows how to break.

Does this seem unreasonable, and if so, why?

He also remarks: Could such a weakness also be exploited by other large-scale attackers? Best bet is that the answer is yes. Would this possibility stop NSA from pushing for the weakness? Of course not.

Doesn’t sound to me like he only has concerns about bribery. Corruption of the standards to NSA’s benefit is one overarching issue. It’s not the only one, he has concerns about non-American capabilities as well.

The are many methods for the NSA to achieve a win.

Ridiculing people for worrying about this is totally lame and is harmful to the community.

To suggest a few dozen humans are beyond reproach from attack by the most powerful adversaries to ever exist is extremely naive at best. However that literally isn’t even a core point as Bernstein notes clearly.