The algorithm that used to be described here is broken.
A better alternative is described here: https://github.com/sipa/writeups/tree/main/elligator-square-for-bn
Last active
January 4, 2023 10:31
-
-
Save sipa/29118d3fcfac69f9930d57433316c039 to your computer and use it in GitHub Desktop.
Covert ECDH over secp256k1
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Nice -- I was looking around to see if a covert ephemeral ECDH was possible and found this. It's unfortunate that such contortions need to be done to get a covert diffie hellman on secp256k1, and I guess that in the end, most protocol designers won't want to use such a scheme. Still, thanks very much for writing it up!