why not AES256 with CTR ?

[jcmartins]

Advantages of CTR are: easier to decrypt from a certain offset within the ciphertext no randomness requirements for the nonce nonce can be calculated, e.g. be a simple counter nonce can be a message identifier E=D : encryption is the same as decryption, which means only encryption or decryption required from the block cipher less logic required

no padding overhead or mechanism required key stream can be pre-calculated (latency advantages)