I heard a rumor that NSA suggested changes to DES encryption that strengthened it from differential cryptanalysis attacks that the public cryptologists weren't aware of yet.

Reminds me of when I wrote a lightweight blockchain from scratch including the Lamport OTS (quantum resistant) signature scheme and then most of the leaders from my crypto community at the time turned against me for no reason.

The signature scheme I implemented was thoroughly tested. Implemented from reading the Lamport and Merkel academic papers and under 1000 lines of code in total so pretty easy to audit... Nobody found an issue with it in 5 years. But the suppression was suspicious. The narrative of "Don't roll your own crypto" is suspicious... Is it really better to use the same library as hundreds of thousands of other projects? Is that really lower risk? Didn't we learn from the Axios hack that popularity doesn't provide security.