But it's really hard to assume that - that's assuming true mathematical leaps and invention. Admittedly if you put enough cryptographers on the payroll they may form their own university, but they still need the air of their peers on the outside. Imagine a cosmologist today transported 30 years back and asked to attend conferences - they would gain no inspiration.
I think we put too much emphasis on the single data point of GCHQ inventing pgp early (IIRC)
But what if there are quantitatively and qualitatively more full-time, well-funded cryptographers inside the NSA (and its collaborating sibling organizations in its close allies) than outside? They may have an internal system, with geographically-distributed schools of thought, specialties, and long-running debates, as rich and open as the outside world - just completely segregated.
At least, that's how I'd do it, if I found myself a global superpower after WW2, thanks in large part to superior signals/crypto work, and didn't want any other emergent groups to surprise me from a "higher perch" of signals omniscience.
If you keep it secret, you're well-paid for cutting-edge work that's impossible to do anywhere else. And the general mission – keeping your home country's defense and political institutions the best-informed in the world – can be quite appealing. Inside, I'm sure you hear plenty about feel-good successes: lives saved and national interests protected.
On the other hand, if you reveal the programs, you lose your job, get cut off from your professional colleagues, and likely go to jail.
There are multiple data points suggesting the NSA is/was ahead of public researchers. There's the sbox changes to DES in the 70's when differential cryptanalysis wasn't publicly discovered till the 80's. The revisions between SHA-0 and SHA-1 (the attack the changes prevent weren't found for at least 5 years). The Dual EC DRBG random number generator they supplied to NIST that many people suspect of being compromisable by NSA etc.
I would count it's development and publication as another example of the NSA being a bit ahead as it very much looks like they developed an algorithm in secret with a backdoor. I would count the fact that the public found it (after a few years) a point for public crypto research.
Well, we have at least twice as many data points as that. IBM discovered differential cryptanalysis in the early 70s, and the NSA apparently knew about it before then, and nobody else found out until the late 80s.
I don't know what organization spends the most money on cryptanalysis every year, but the NSA's gotta be near the top. It's reasonable to assume they've found important results that the public won't know of for several years.
You may be thinking of the Ellis/Cocks/Williamson[1] invention of the RSA encryption and Diffie-Hellman key-exchange algorithms several years prior to their open publication.
I think we put too much emphasis on the single data point of GCHQ inventing pgp early (IIRC)