QUESTION:

In RSA, you can send an encrypted message to someone cold without any prior interaction, as long as you have their public key.

In elliptic curve cryptosystems, you cannot send somebody an encrypted message cold. In order to send someone an encrypted message you first have to both generate ephemeral keypairs and exchange them (and compute a shared secret with them). And these ephemeral keys must only be used once.

secp256k1 seems to have a way of sending encrypted messages cold (NIP-44) with a non-ephemeral shared point. I'm wondering

* Is this somehow special about secp256k1 that doesn't apply to ed25519? Or,

* Could you also do this in ed25519 but also suffer similar security consequences?