[Cryptography] Why is ECC secure?

[Ryan Carboni]

Quite bluntly, millennia have been spent towards prime numbers.

The history of ECC is quite short. The history of post-quantum prime
is even shorter.

Prime numbers came before modern machine-assisted cryptanalysis.

The thing that really makes me nervous is AES. The biclique attack
shows that attacks can be combined. The mix columns only provide
diffusion if each byte is not equal, as a result, the weak key
schedule prevent inter-round symmetry. AES seems to have too many weak
components. And comments in the Rijndael specification that "The
cipher is fully 'self-supporting'. It does not make use of another
cryptographic component, S-boxes 'lent' from well-reputed ciphers,
bits obtained from Rand tables, digits of  π or any other such jokes."
Or that "The polynomial  m ( x  ) (‘11B’) for the multiplication in
GF(2 8 ) is the first one of the list of irreducible polynomials of
degree 8, given in [LiNi86, p. 378]."

I even find Speck to be suspicious. Even SHA-1 is a block cipher, and
it is ARX. But the NSA says that without Threefish's design of several
sequential operations, they wouldn't have developed Speck. They
certainly have the resources to bruteforce every possible ARX function
to see if it meets any tests they themselves developed. There also
seems to be a persistent insistence on having as a maximum, 128-bit
block widths.

When there is a logical contradiction, suspicions must be raised and
items looked into. Math teaches reasoning, yes?

But for Dual EC, I think it is best to use Blum Blum Shub instead.