In a nutshell the authors of the paper were able to reuse some theory from the '90s and introduce a backdoor into a 1024 prime such that:
1. it would be feasible for the creator of the backdoor to calculate discrete log
2. it would be impossible for anybody else to prove that this particular number was actually backdoored!
As we said at the begin of the post, RFC5114 violates the Nothing up my sleeve principle making it a possible backdoor candidate (but here is where the speculations start).
Back in January I posed a question "to the Internet": What the heck is RFC 5114? It looks like a lot happened since then around it. I would...
