Comment by DarkmSparks

I expect this is what they are all doing tbh, although isnt google open source? should be checkable, if the binaries the distribute match the source... oh...

"a special key" afaik is where instead of using 2 large primes for a public key, it uses 1 large prime and the other is a factor of 2 biggish primes, where 1 of the biggish is known, knowing one of the factors lets you factor any public key with a not insignificant but still more compute than most people have access to.

UK has also invested in some serious compute that would appear dedicated to exactly this task.

basically if you dont have full control over the key generation mechansim and enc/dec mechansim it is relatively trivial for states to backdoor anything they want.