No crypto is trusted whether it comes from the NSA or not. Let's say SHA-3 gets preferred treatment because it was not from the NSA. Well, who can be sure that they were not involved at all? With the spy stuff going on, it's better to stick to the math.
That's an excellent point and I understand it.
The problem is that cryptography is a special kind of subject, like physics or math. There are almost no real experts and very few people who are good at it, but there are loads and loads of people who will tell you they are experts or good at it.
It is a pretty safe bet that the NSA has cash to hire the more qualified cryptographers so it seems like they might be qualified to introduce a flawed algorithm that could get past public scrutiny. Have they dfone it before? It's what they do.
The NSA has deep pockets for sure. They are the #1 employer of mathematicians in the US and their budget though classified is estimated at around 50 billion US$.
But have they managed to push a flawed encryption standard through? I don't think we can know. They were caught red handed once but it could be trick too. Get caught on a small lie so that the bigger lie goes undetected.
I see you don't want to touch the NSA with a 10-ft pole. What are the alternatives?
* You choose another hash scheme. I already said that it would be hardly possible to prove that the NSA was never involved in its development. Even if they weren't, they could still know a way to crack it.
* You choose a 'provably secure hash function'. Well - they are just as secure as another problem deemed to be hard. Then again, the NSA could have solved it.
In short, no one knows what they can do and can't do.
So, we use blind tasting.
What the community has done is to pick a few hash functions: SHA-2, RIPEMD-160 and apply them several times. Each of these functions has had ample public analysis. To keep a weakness secret, they would have to design/find a flaw that is so crafty that no other person can see it. They have many enemies in the world, therefore I think that if there was such a flaw someone else would have pointed it out.
Even if they managed, well, in bitcoin you hash the hash.
The flaw would need to be gigantic.
Much bigger than the MD-5 weakness - and in several unrelated hash functions - and somehow every mathematician in the world is part of a conspiracy of silence.
I don't trust the NSA, but I think that the fact that they were the creator of SHA-2 doesn't impact its applicability in bitcoin.
So, no - I don't think the NSA has broken bitcoin.
PS: I intentionally didn't use any jargon. I believe the concern that the OP has is not related to cryptography details.
