My read is that you asked what is the secret key with the implication that if they have it they should reveal it. No one who has it would do that to settle an argument. Well maybe someone would but it seems like an unreasonable ask. Absence of evidence isn’t evidence of absence (of the theft of the secret key for the q parameter for Dual EC), right?
If Dual EC didn’t have a backdoor, no could steal the secret key that NSA uses to exploit it. One is more secure than the other, and I take your comment as requiring the secret key for the corresponding Q to leak for that design to be a bad idea that is insecure. Again, I don’t think that is a reasonable standard of evidence. We know people steal stuff from NSA and we cannot expect that they will drop the secret key on hacker news to decide that it was a bad idea in the first place.
NOBUS is a fantasy idea - is there even a reasonable proposal that isn’t less secure than the same system without a backdoor? Even with ECDLP in play, if a CRQC is really in our future, Dual EC isn’t a forever NOBUS backdoor. If we knew how to do public key cryptography that could last 100+ years and we thought it was also post-quantum, maybe a backdoor wouldn’t weaken the system overall. But that’s a lot of maybes…
NSA isn’t trying to (only) make NOBUS backdoors where the NOBUS is forever. If it isn’t forever, it’s not secure in the “Nobody but US(A)” sense implied by NOBUS as thrown around.
NOBUS is a fantasy of a very large security claim because even with a PKRNG, the keys can be stolen. However in the Dual EC case the current PKRNG again will also fall to a CRQC in addition to key theft. Both cases are strictly worse than a purely CSPRNG without a backdoor. The damage done by this kind of sabotage is hard to measure.
The evidence about backdoors points to NSA malfeasance and not towards NSA wanting something that is never insecure as is very strongly implied by the common framing of NOBUS as a concept.
