2021.09.09 14:17:18 (1435940374699151372) from Daniel J. Bernstein, replying to "mjos\dwez (@mjos_crypto)" (1435881427795599364):
NSA "actively engages the U.S. and foreign IT industries to covertly influence and/or overtly leverage their commercial products’ designs" to make them "exploitable". This goes far beyond military purchasing. See https://cr.yp.to/papers.html#dual-ec and Section 3.6 of https://cr.yp.to/papers.html#competitions.
2021.09.02 16:54:25 (1433443198534361101) from "mjos\dwez (@mjos_crypto)":
(live from ICMC) NSA Doesn't like hybrid. They're going to go with NIST PQC pretty much as-is.
2021.09.09 01:22:34 (1435745406181273603) from Daniel J. Bernstein:
Let's review. 2016-2020: NSA doesn't admit its involvement in NISTPQC. 2020.07.22 15:03: First NSA message (https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/um_1oBVCtjU/m/vhTAdxp7BgAJ). 2020.07.22 22:51: NIST announces round 3 (https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/0ieuPB-b8eg/m/Cl7Ji8TpCwAJ). NSA now says: Use lattices (https://www.nsa.gov/what-we-do/cybersecurity/post-quantum-cybersecurity-resources/) and PLEASE TURN OFF ECC. https://twitter.com/mjos_crypto/status/1433443198534361101
2021.09.09 10:23:04 (1435881427795599364) from "mjos\dwez (@mjos_crypto)":
Note that NSA makes those decisions for National Security Systems (NSS) only. Outside the classified/military setting, they do not have authority. However, defence has a large purchasing power so this will affect especially hardware offerings. It's tempting to drop ECC hardware.