It is interesting to note that in this case (and the FIPS standard), P is a generator point for P-256, so if Q lies on the curve P-256 then there must exist some d such that dQ = P. In other words, for all Dual_EC implementations where P is a generator, the backdoor exists.

Hello there, Can you suggest a good python library for EC arithmetics ?

The ecdsa library should work just fine for doing EC arithmetic. $ pip install ecdsa.