> the angle I was focusing on is the demonstrated interest and willingness to spend time and credibility on it
Ah, fair enough. My point was that it's at least not demonstated, if not not true, that you need a lot of adversarial research to prevent something like Dual_EC_DRBG (specifically) being submitted in bad faith - you just need to actually bother to read the crypto specification you're considering adopting, and have the bare minimum competence to notice that there's no benefit to a number-theoretic design besides the ability to prove security relative to some presumed-hard task, and that there is no such proof.
Ah, fair enough. My point was that it's at least not demonstated, if not not true, that you need a lot of adversarial research to prevent something like Dual_EC_DRBG (specifically) being submitted in bad faith - you just need to actually bother to read the crypto specification you're considering adopting, and have the bare minimum competence to notice that there's no benefit to a number-theoretic design besides the ability to prove security relative to some presumed-hard task, and that there is no such proof.