Bounty offered for secret NSA seeds behind NIST elliptic curves algo

[grarpamp]

Things that are chosen in private seem as good as snake oil
when there is any potential that the algorithm they plug into
is vulnerable to a chosen attack therein.
Consideration to algorithm analysis, and use of things
that do not reduce intended bitstrength equivalency.

https://bada55.cr.yp.to/bada55-20150927.pdf
https://tools.ietf.org/html/draft-black-rpgecc-01
https://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html
What about P-521 and that family of NIST curves?
Are these magic numbers a legitimate cause of concern?
"I personally am concerned about any constant whose origins I don’t
personally trust."

If an algorithm is thought to be vulnerable to poorly or suspiciously
chosen things, then one can severely question it first on that front itself.
And upon what happens when the "nice" number or function everyone
agreed to choose as safe turns out to have generated an exploitable
situation later on.

A strong algo may moot, a die roll could be done openly in public,
by the public, and witnessed, recorded, and published by the public.
Or a nice "pi" or such.

Related, as controversially used in Zcash-ZEC MPC is what some
perhaps better named a "mutually adversarial distrust (MAD) setup" [1],
whereby all die rollers must collude against you for the setup to fail,
or equivalently, that you only need to trust that one participant out of many
was honest (or was on your side, or was you) for the setup to succeed.

Some implementation firsts...
https://www.youtube.com/watch?v=YbJw8_liYyo ZK MPC's

Many ongoing developments...
https://www.youtube.com/watch?v=dTBy661ubgg ZK MPC's

[1] Competitors to ZEC (and to other MPC ZK coins) seem to
misunderstood and or intentionally mislabled MAD as being
an unmitigated "Trusted Setup", which is different.
And some competitors fans continue that seeming mis-* re MPC's,
even though newer MPC setups have advanced even further, which
some coins have even adopted.

> We reserve the right to veto charity choices dramatically
> incompatible with our values

Suppressing maths subject to particular politic... classic
Galileo levels of funk and cancel culture there.
State's towers produced and foisted many broken cryptos,
and waged countless malicious attacks to maintain power too.

Cpunks will accept all submissions and leaks, and
won't censor any choice of charitable words "Dedicated-To:"
that you wish to remark in the frontmatter of your work.

> If the bounty is being cancelled or lowered
> ... or legally allowed ... to send money

So much for lead by example of cryptocurrency,
smart contracts, NYKNYC, proof of keys, non-debt based,
commitment finality, handoff to DAO multisig guarantors
of execution, prediction markets, lawfare proof, privacy coins,
anon networks, nyms, and unconfiscatable uncensorable
freedom to spend. Many seem eager to make OG a
conveniently disposable meme these days.

Cpunks hereby declare a prediction market for release of
such secret numbers. Rat might volunteer as manager.
Trust it or not ;)