The so-called Dual_EC_DRBG pseudorandom generator (PRG) operates in the following simplified manner in order to incrementally generate blocks of pseudorandom bits r1,r2, : - The PRG is initiated by randomly selecting two (2-dim) points P,Q in a given elliptic curve over a given prime field size p, so that for any integer t the points Pt,Qt are well-defined. - Starting from an initial random seed s0 in order to generate the k-th pseudorandom block rk : - the PRG's internal secret state sk is updated to the x-coordinate of point Psk1; and - the PRG's k-th output rk is the x-coordinate of point Qsk1, appropriately truncated to a smaller bit-string. Yet, if the points P,Q are known to be related in the form of Qe=P, or if the output truncation rate is more than 1/2, then this PRG is known to be insecure - that is, a brute-force type of attack is likely to reveal the PRG's internal state sk. The rest is history... Read about the Dual_EC_DRBG design, standardization, implementation, adoption and abandonment from its Wikipedia entry and Matt Green's blog entry, and answer the following questions. (1) Describe briefly the controversy related to Dual_EC_DRBG. To get full credit you must identify all main stakeholders (organizations or companies rather than individuals), their involvement in the events, and their possibly conflicted goals