Hi Ethan >> It is important to include the cipher-type into the symmetric cipher key to avoid weak-cipher-attacks. > > the cipher-type here refers to the ECDH negotiation parameters? No. Not to the ECDH negotiation. BIP151 specifies a flexible symmetric key cipher type negotiation, although, BIP151 only specifies chacha20-poly1305@openssh.com. Lets assume someone adds another symmetric cipher type after BIP151 has been deployed which has less strong security properties then chacha20-poly1305. If we don't include the ciphersuite-type in the key derivation HMAC, an attacker/MITM could in theory force both nodes to use the weaker symmetric cipher type.