First of all I know that "implementing your own cryptography is bad". However, at some point, one does stumble upon a use-case that is not (well) covered by existing tools.<p>Now, assuming one has already done his due-diligence and has read (and hopefully understood at least the main ideas of) cryptography related RFC's / papers / articles / posts / etc. (especially in the area pertaining to what one wants to build), and thus we can assume one is not a complete newbie in this mater, however, nor is he an expert. Basically we can assume he is an "amateur".<p>Where would one go with his design to ask for feedback about it, in the hope to at least eliminate some weaknesses that one (as a non expert) might have overlooked. (I'm not speaking here about "proofs" or "audits".)<p>----<p>More specifically ---- but please let's not get into this right now, this being just an example ---- I'm trying to implement something similar to `scrypt` (the encryption utility, that uses the `scrypt` PBKDF, <https://github.com/Tarsnap/scrypt>) or `age` (<https://github.com/FiloSottile/age>), as a replacement to my current solution that relies on GnuPG.
It's been my experience that most people, including those experienced, qualified, &/or published, are generally receptive to cold emails within their field(s) of work or interest.<p>My format is typically a ~3 line email: first, I mention how I came across them, which is often "I was reading __ and saw your comment," and usually where I found their contact info. Next, I intersect my work with theirs; in the case of comments, often that is already contextual "you mentioned X and Y, and I'm working on Y and Z." Last, I'll present a simple structure of what I'm trying to learn, how I think they could help, and ask if they're interested. In your case that could read something like "I'm looking for a critical review of my design, because I might have missed something obvious. Would you be interested in helping? I think {small amount of time} would really keep me in the right direction. We could {preferred communication method, like video call} or {alternative communication method, 'or I can email you the design'}"<p>I consistently receive replies from >80% and more than half of those conversations yield incredible value to my efforts. These days, I like to offer some form of compensation in my cold contact, out of respect and for efficiency, but it's not required. Often this gesture is welcomed but unnecessary!<p>Being thoughtful, curious, and organized in your outreach are the key components for this strategy. Best of luck!
IMO, "don't implement your own crypto" is more about the bits that actually _do_ the encryption. Use a battle tested library for that (e.g. libsodium). Wiring it up is a little different. You can misuse a library, but it's a lot easier for some random person to point out how you're misusing a library than it is for them to e.g. prove that you reimplemented some KDF correctly.
A few years ago I used to follow a few mailing lists about this topic, and as a last resort I think I'll send an email there with my design:<p>* boring-crypto@list.cr.yp.to<p>* cryptography@metzdowd.com<p>* cryptography@randombit.net<p>* crypto@securityfocus.com<p>* cypherpunks@cpunks.org
you shouldn't use your own crypto, but that doesn't mean you shouldn't do it! :)<p>just like any product it should be reviewed by security experts of their respective field, for you - cryptography experts. if it is based on some new mathematical concepts then perhaps you need a whitepaper and have it peer-reviewed. otherwise pay for a security audit.