They’re supposed to be “nothing up your sleeve” numbers. The problem
is, the numbers used in Dual_EC_RBG aren’t – it was never explained
where they came from. A cryptographic function should explain how the
numbers were chosen in order for them to be proper “nothing up your
sleeve” numbers.

As an interesting aside, numbers that are used as the initial state of a crypto function are called nothing up my sleeve numbers.

They’re

supposedto be “nothing up your sleeve” numbers. The problem is, the numbers used in Dual_EC_RBGaren’t– it was never explained where they came from. A cryptographic function should explain how the numbers were chosen in order for them to be proper “nothing up your sleeve” numbers.