They don't have to (and shouldn't) retain highly skilled mathematicians. Nobody is suggesting that everyone design their own ciphers, authenticated key exchanges, signature schemes, and secure transports. Peer review is good; vital; an absolute requirement. Committee-based selection processes are what's problematic.

Where does the non-cryptographer public find out about the current consensus of the literature? Genuine question.

I guess if I saw what FAANG companies were using to secure their own data that could be an indicator. Though they could be compromised.

I'm just saying, you're speaking as an expert in the field. Let's say you don't want to do design any of that stuff but you need some parts of those systems for the thing you're building. How do you decide what you can or can't trust without having deep knowledge of the subject matter?

Maybe that's it, maybe you can't?

How do you know that Noise is a good design and that a cipher cascade isn't? Whatever (correctly) told you that, apply it to other cryptographic problems.

I see. So maybe what you’re really saying is “why are you writing a system that has cryptographic primitives if you’re not a cryptographer/mathematician?”

No, that is not at all what I am saying.

Let me ask this another way. I know how we determined noise was a good standard and that was talking to a lot of people who had built sophisticated crypto systems and then doing the research ourselves, but that’s only because we had the people on staff who had the capacity to evaluate such systems.

If we didn’t have those people, how would you suggest figuring out which system to implement?

Peer review is a good start. Noise, and systems derived from it like WireGuard, are peer reviewed (check scholar.google.com for starters), and NIST had nothing at all to do with it.

It is incredibly hard to get a good grasp of the consensus in a literature as a non-expert just by searching Google Scholar. People spend years in graduate school to learn to do that.

Are there reputable journals or conference proceedings that you specifically recommend reading for high-quality literature reviews?

There's nothing you're going to read, with or without trustworthy standards, that is going to enable you to design safe novel applications of cryptography. Encrypting a file, setting up a secure transport, and (if you're extraordinarily careful and do a lot of reading) exchanging secure messages are all within reach without anything resembling postgraduate education.

I got a lot of mileage out of attending IACR in person. Lots of amazing content there every time. A lot of it is addressable even if you aren't going to do the math.