The Crypto Wars continue.
According to mathematician Daniel Bernstein at U Illinois Chicago, the NSA appears to be deliberately weakening NIST standards for post-quantum cryptography (PQC).
Specifically, NIST’s calculations for Kyber512 are “glaringly wrong,” making it seem more secure than it really is. Bernstein has submitted FOIA requests and taken NIST to court to discover the NSA’s level of involvement in formulating PQC standards. Unsurprisingly, the NIST “PQC Team” includes many NSA members.
The NSA, like other standards bodies (for example, the European Telecommunications Standards Institute) has a long history of deliberately weakening encryption standards. A 2013 New York Times report documented that the Agency had a budget of $250M to do so. There is no reason to believe that next-generation encryption standards will be immune to tampering by states eager to break encryption.