there is two valid 33 byte keys for any given 32 byte key

when you derive ECDH you have to have the correct 33 byte key

otherwise, essentially there is two secrets that can come out of the ECDH, the odd, and the even one... the information is literally elided from the pubkey, so this means that i have to generate two secrets, one from your npub as even, one as odd, and one of them will be correct

and the only way i would be able to know that, is if there is a sentinel in the ciphertext that i can use to determine, preferably, quickly, that it's odd or even

it sorta seems to me like an ECDH protocol has to use 33 bytes, no matter what