When you build your own programming language or database or network protocol, you can kinda tell what you did wrong—it’s clunky, or generates obviously bad code, or just doesn’t work. So it’s easy to be humble. With crypto, you’re not trying to address functional bugs, but active attacks by people who must be assumed not only to be much smarter and wealthier than you, but to be continually trying to break your system after you’ve moved on to other things.
When your crypto doesn’t work, you may need a Ph.D. to even recognize the fact. Even with the Ph.D. it may not become apparent for 10 years that you actually failed.
I’m interested in brain surgery but I don’t have the time or inclination to study hard enough to feel like I can do brain surgery.
Ideally, we should be able to specify crypto properties and verify that those invariants are upheld, using tools such as Cryptol. This is different from brain surgery: if I do a bad job, people should be able to see that the guarantees aren’t being upheld, then not use it.
Is this ideal unobtainable?
Maybe, but you still need the brain surgeons to specify the invariants (and discover and specify new ones). Also, some invariants aren’t simply logical assertions (e.g., cache and timing attacks). Can Cryptol prevent Rowhammer?