"The number of true cryptography experts beyond [the walls of the NSA] is a dozen in the world at best"?
This kind of logic is super common on HN threads and it's incoherent. If the expertise and capabilities of the NSA with respect to basic cryptographic mathematics is so unknowable that thousands of published academic cryptographers are wasting their time, then what makes you think a random amateur Math Overflow post has somehow stumbled on a deep secret of NSA RSA subterfuge?
For whatever it's worth to you, Dan Bernstein was not sued by the US Government. Dan Bernstein sued the US Government, over export restrictions on cryptography in the 1990s; his suit was mooted by the relaxation of those restrictions.
> NSA made seemingly bening improvements to crypto standards that the academic community only discovered as valuable over a decade later.
At the same time, they negotiated DES's key length down. It was 64 bits originally, the NSA wanted only 48 bits, IBM and the NSA compromised on 56 bits.
This kind of logic is super common on HN threads and it's incoherent. If the expertise and capabilities of the NSA with respect to basic cryptographic mathematics is so unknowable that thousands of published academic cryptographers are wasting their time, then what makes you think a random amateur Math Overflow post has somehow stumbled on a deep secret of NSA RSA subterfuge?
For whatever it's worth to you, Dan Bernstein was not sued by the US Government. Dan Bernstein sued the US Government, over export restrictions on cryptography in the 1990s; his suit was mooted by the relaxation of those restrictions.