You're placing way more value on this than makes sense: Bitcoin makes use of good primitives, but no better than any expected familiar with the SoTA in the late 2000s would have selected for a greenfield project.
Maybe the most unusual primitive selection in Bitcoin is secp256k1 for ECDSA, instead of one of the more common NIST curves. But even that is understandable, given that Nakamoto was active in the cypherpunk community and concern around the constants used in the NIST curves was a common discussion item at the time.
As far as I know, there's no concrete evidence that the NSA has compromised the security of the NIST curves. That would be weird for them to do, since they use those curves internally to encrypt data classified at Secret and higher.
Maybe the most unusual primitive selection in Bitcoin is secp256k1 for ECDSA, instead of one of the more common NIST curves. But even that is understandable, given that Nakamoto was active in the cypherpunk community and concern around the constants used in the NIST curves was a common discussion item at the time.