Replying to Avatar ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ

why i hate C

read through the code of github.com/bitcoin-core/secp256k1

find me the part where i can convert an x-only key to a standard 33 byte 257 bit EC key with sign bit

been digging at this for a few hours now

C coders don't think logically, they think bureaucratically

i would have less trouble understanding what is happening in Assembler than this shit
Avatar
ChipTuner 1y ago

https://github.com/VnUgE/noscrypt/blob/51d0aff9166ddaa3c74dbc2d7c1dcbdefa8405e1/src/noscrypt.c#L127

Reply to this note

Please Login to reply.

Discussion

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago

the question is this:

ECDH is done using a 257 bit (33 byte) pubkey, to derive a secret

if you just stick a 02 in front, then you are wrong 50% of the time when the actual pubkey is 03

i kinda mistakenly believed that BIP-340 solved this problem by just making all keys even but it seems i am wrong about that

gonna keep researching this, but the problem i'm having writing a test for ECDH is that the 32 byte key is missing the sign/oddness bit and thus deriving the correct decryption secret is a coinflip

Avatar
ChipTuner 1y ago

That's not an issue I have run into with the vector tests. Maybe i need to do more research on this, I though only the positive (0x02) value was valid for nostr according to nip01. Happy to be wrong right now though.

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago

yeah, that's what i thought!

so i've b0rked something here

no, i seriously had this understanding until today and then encounter ECDH not working correctly, i must be doing something wrong with a pubkey somewhere

Avatar
ChipTuner 1y ago

If I'm not mistaken this is the basis for the twist vulnerability.