Comment by aleph_minus_one

> You're making an assumption that the NSA cares about the efficacy of cryptography for other people. Why would they care about that?

Hypothesis 1: because the NSA sees evidence that more efficient cryptographic algorithms are easier to crack for them.

To give some weak evidence for this: if you need brute force to crack the cipher (or hash function), a more efficient algorithm need less computation power to crack.

Hypothesis 2: A more efficient algorithm is likely to become applied in more areas than a less efficient one (think of smartcards or microcontrollers). So if the NSA finds a weakness or is capable of introducing a backdoor in it, it can decrypt a lot more data from more areas.