Comment by josh2600
3 years ago
Let me ask this another way. I know how we determined noise was a good standard and that was talking to a lot of people who had built sophisticated crypto systems and then doing the research ourselves, but that’s only because we had the people on staff who had the capacity to evaluate such systems.
If we didn’t have those people, how would you suggest figuring out which system to implement?
Peer review is a good start. Noise, and systems derived from it like WireGuard, are peer reviewed (check scholar.google.com for starters), and NIST had nothing at all to do with it.
It is incredibly hard to get a good grasp of the consensus in a literature as a non-expert just by searching Google Scholar. People spend years in graduate school to learn to do that.
Are there reputable journals or conference proceedings that you specifically recommend reading for high-quality literature reviews?
There's nothing you're going to read, with or without trustworthy standards, that is going to enable you to design safe novel applications of cryptography. Encrypting a file, setting up a secure transport, and (if you're extraordinarily careful and do a lot of reading) exchanging secure messages are all within reach without anything resembling postgraduate education.
I got a lot of mileage out of attending IACR in person. Lots of amazing content there every time. A lot of it is addressable even if you aren't going to do the math.