Why Is the NSA Moving Away from Elliptic Curve Cryptography?
In August, I wrote about the NSA’s plans to move to quantum-resistant algorithms for its own cryptographic needs.
Cryptographers Neal Koblitz and Alfred Menezes just published a long paper speculating as to the government’s real motives for doing this. They range from some new cryptanalysis of ECC to a political need after the DUAL_EC_PRNG disaster — to the stated reason of quantum computing fears.
Read the whole paper. (Feel free to skip over the math if it gets too hard, but keep going until the end.)
EDITED TO ADD (11/15): A commentary and critique of the paper by Matthew Green.