From 51948f8286915b79254e10aab2e689c45f3acb17 Mon Sep 17 00:00:00 2001
From: Franck Royer <franck@status.im>
Date: Tue, 29 Jun 2021 16:49:39 +1000
Subject: [PATCH 1/2] Do not derive Eth-DM Key from Ethereum Key

---
 content/docs/rfcs/20/README.md | 22 ++++------------------
 1 file changed, 4 insertions(+), 18 deletions(-)

diff --git a/content/docs/rfcs/20/README.md b/content/docs/rfcs/20/README.md
index 9e379e2d6..c98f84e2f 100644
--- a/content/docs/rfcs/20/README.md
+++ b/content/docs/rfcs/20/README.md
@@ -63,26 +63,12 @@ or verify her identity.
 
 ## Eth-DM Key Generation
 
-First, Bob needs to generate an Eth-DM keypair.
-To avoid Bob having to save an additional private key or recovery phrase for Eth-DM purposes,
-we generate the Eth-DM keypair using Bob's Ethereum account.
-This will allow Bob to recover his Eth-DM private key as long as he has access to his Ethereum private key. 
+First, Bob MUST generate a new Ethereum private key, `B'`.
+This private key will be used as the Eth-DM encryption key.
 
+This key pair is like any other Ethereum key pair apart that it will not be used to store assets.
 
-To generate his Eth-DM keypair, Bob MUST use his Ethereum private key 'b' to sign the Eth-DM salt message:
-   `Salt for Eth-Dm, do not share a signature of this message or others could decrypt your messages`.
-
-The resulting signature 's' is then concatenated with itself once and hashed using keccak256.
-The resulting hash is Bob's Eth-DM private key `b'`:
-
-```
-b' = keccak256(s + s)
-```
-
-The signature process is as per the current Ethereum best practice:
-
-1. Convert the salt message to a byte array using utf-8 encoding,
-2. Use [`eth_sign`](https://eth.wiki/json-rpc/API#eth_sign) Ethereum JSON-RPC command or equivalent.
+The application MAY provide a way for the user to securely backup this key pair for future usage.
 
 # Eth-DM Public Key Broadcast
 

From c443f18078676623308c7c9d78e9a5a6367d7102 Mon Sep 17 00:00:00 2001
From: Franck Royer <franck@status.im>
Date: Wed, 30 Jun 2021 14:01:45 +1000
Subject: [PATCH 2/2] Attempt to clarify cryptography used

---
 content/docs/rfcs/20/README.md | 17 +++++++----------
 1 file changed, 7 insertions(+), 10 deletions(-)

diff --git a/content/docs/rfcs/20/README.md b/content/docs/rfcs/20/README.md
index c98f84e2f..41a032736 100644
--- a/content/docs/rfcs/20/README.md
+++ b/content/docs/rfcs/20/README.md
@@ -45,10 +45,6 @@ The proposed protocol MUST adhere to the following design requirements:
 1. Bob SHOULD be able to get `M` using [10/WAKU2](/spec/13),
 1. Participants only have access to their Ethereum Wallet via the Web3 API,
 1. Carole MUST NOT be able to read `M`'s content even if she is storing it or relaying it,
-1. ECDSA Elliptic curve cryptography is used,
-1. [eth-crypto](https://www.npmjs.com/package/eth-crypto),
-   which uses [eccrypto](https://www.npmjs.com/package/eccrypto),
-   is used for encryption and decryption purposes.
 
 ## Limitations
 
@@ -63,17 +59,16 @@ or verify her identity.
 
 ## Eth-DM Key Generation
 
-First, Bob MUST generate a new Ethereum private key, `B'`.
-This private key will be used as the Eth-DM encryption key.
+The Eth-DM keypair MUST be a secp256k1 keypair.
 
-This key pair is like any other Ethereum key pair apart that it will not be used to store assets.
+First, Bob MUST generate a new Eth-DM private key, `b'` and compute the associated public key `B'`.
 
 The application MAY provide a way for the user to securely backup this key pair for future usage.
 
 # Eth-DM Public Key Broadcast
 
 For Bob to be reachable, he SHOULD broadcast his Eth-DM Public Key `B'`.
-To prove that he is indeed the owner of his Ethereum account `B`, he MUST sign his Eth-DM Public Key.
+To prove that he is indeed the owner of his Ethereum account `B`, he MUST sign his Eth-DM Public Key `B'`.
 
 To do so, Bob MUST format his Public Key to lower case hex (no prefix) in a JSON Object on the property `ethDmPublicKey`, e.g.:
 
@@ -112,10 +107,12 @@ She SHOULD drop any message without a signature or with an invalid signature.
 
 Using Bob's Eth-DM Public Key, retrieved via [10/WAKU2](/spec/13), Alice MAY now send an encrypted message to Bob.
 
-If she wishes to do so, Alice MUST encrypt her message `M` using Bob's Eth-DM Public Key `B'`.
+If she wishes to do so, Alice MUST encrypt her message `M` using Bob's Eth-DM Public Key `B'`
+using ECIES (secp256k1, AES-256-CBC, HMAC-SHA256).
 
 The result of the encryption is as follows
-(see [eth-crypto's encryptWithPublicKey](https://www.npmjs.com/package/eth-crypto#encryptwithpublickey)):
+(see [eth-crypto's encryptWithPublicKey](https://www.npmjs.com/package/eth-crypto#encryptwithpublickey)),
+all properties are hex strings:
 
 ```json
 {