mleku @mleku - 4mo
I have got the fix for negating secret keys to ensure the pubkey is a 2 for generating ECDH shared secrets: https://github.com/nostr-protocol/nips/issues/1398 if you are maintaining a nostr library or signer please ensure that you have code in the input or generation steps that negates the secret key if it produces a 3 prefixed 33 byte compressed public key, as this will cause ECDH shared secrets to differ between two key pairs and break DMs #devstr #secp256k1 #bip340 #golang #cgo
this inversion can be done to any key that has wrong Y coordinate without impacting their public key, and ensure they will never encounter a problem with others being unable to encrypt messages to them i don't know how many key generators do it wrong but any key generator that doesn't perform the negation has a 50% chance of producing a wrong key and this is almost certainly going to impact user adoption as DMs are a crucial part of a social media system
