secp256k1 may not be suitable for EDCH encryption: they are susceptible to Twist Attacks

[theblockstalk]

secp256k1 keys may not be suitable for EDCH

I found out about this issue when looking into using a secp256k1 key using the well supported did-jwt library, where I found this note: https://github.com/decentralized-identity/veramo/blob/0c22cc6a79e974214500e4440b0ea2977012377d/packages/utils/src/did-utils.ts#L269

I then followed up and found secp256k1 keys are not supported due to Twist attacks. See here

• https://github.com/staking-lab/blog/blob/master/2020_05_26_secp256k1_twist_attacks/secp256k1_twist_attacks.md
• https://discord.com/channels/878293684620234752/890207307433136178/1172839857006055484

This issue is prevalent during the EDCH code found in https://github.com/wharfkit/antelope/blob/master/src/crypto/shared-secret.ts

[jnordberg]

If I don't misremember eos public keys are always compressed so would be hard for an attacker to craft a malicious public key. Wouldn't hurt to validate the point in the shared secret method though, if the elliptic library doesn't do it already.