--- Day changed Wed Sep 13 2017
04:29 -!- SopaXorzTaker [~SopaXorzT@unaffiliated/sopaxorztaker] has joined #secp256k1     
06:19 -!- afk11 [~afk11@gateway/tor-sasl/afk11] has joined #secp256k1     
07:08 -!- luke-jr [~luke-jr@unaffiliated/luke-jr] has joined #secp256k1     
07:58 -!- ofek [~Ofekmeist@pool-68-134-46-22.bltmmd.fios.verizon.net] has joined #secp256k1     
08:01 < ofek> sipa, luke-jr, is ecdh stable? I think I have it producing an unexpected result
08:12 < andytoshi> i think it's still --enable-experimental gated but it's de facto stable. can you say more?
08:17 < ofek> andytoshi, secret 332143e9629eedff7d142d741f896258f5a1bfab54dab2121d3ec5000093d74b and public 04f0d2b97981bd0d415a843b5dfe8ab77a30300daab3658c578f2340308a2da1a07f0821367332598b6aa4e180a41e92f4ebbae3518da847f0b1c0bbfe20bcf4e1
08:18 < ofek> andytoshi, when exchanged should yield ee1418607c2fcfb57fda40380e885a707f49000a5dda056d828b7d9bd1f29a08
08:20 < ofek> andytoshi, I'm getting (I think) 4533fcea257316cbd175776522a75d11ffe53caa1af72eb1afbbf8c3ce41bfdf
08:23 -!- SopaXorzTaker is now known as Xanukkah     
08:24 < ofek> andytoshi, are you able to confirm?
08:45 < andytoshi> ofek: the ee141 thing you expect is the actual x coordinate
08:45 < andytoshi> secp256k1_ecdh returns a hash
08:47 < andytoshi> the 4533fc... thing you posted isn't even the x coordinate of a point on secp256k1
08:47 -!- GAit [~GAit@unaffiliated/gait] has quit [Quit: WeeChat 1.0.1]     
08:48 -!- GAit [~GAit@unaffiliated/gait] has joined #secp256k1     
08:51 < ofek> andytoshi, so the 4533fc... is a hash?
08:53 < ofek> andytoshi, b/c openssl returns the ee1418...
08:57 -!- arubi [~ese168@gateway/tor-sasl/ese168] has joined #secp256k1     
09:07 < ofek> andytoshi, unless my binding is doing something odd, but I think not. I swear libsecp256k1 is producing 4533fcea257316cbd175776522a75d11ffe53caa1af72eb1afbbf8c3ce41bfdf
09:13 < andytoshi> presumably it's a hash, yes
09:13 < andytoshi> maybe openssl returns the x coordinate, that's not what we do
09:13 < andytoshi> it would encourage unsafe usage
09:14 < andytoshi> we have an open bug about this https://github.com/bitcoin-core/secp256k1/issues/352
09:17 -!- luke-jr [~luke-jr@unaffiliated/luke-jr] has quit [Ping timeout: 246 seconds]     
09:24 < ofek> andytoshi, ah, ok I see. thanks! I was worried my binding was botched https://github.com/ofek/coincurve/issues/9
09:30 < ofek> andytoshi, if openssl does just return the x coordinate, it would be hard to have those users switch to using this ecdh right?
09:36 < andytoshi> yes, they have an inherent malleability that we don't want to support
09:39 < ofek> andytoshi, could you please shortly tell about that or comment in that PR? I want to give that user an explanation
09:40 < ofek> *tell me
09:44 -!- luke-jr [~luke-jr@unaffiliated/luke-jr] has joined #secp256k1     
09:46 < andytoshi> ofek: there are two points that correspond to every x value, so the openssl shared secret is not a 1-1 mapping of pubkeys (given a specific secret key)
09:47 < andytoshi> this might trip people up in some applications, so we ensured it was not possible in our design
09:48 < ofek> andytoshi, thanks so much!
09:49 < andytoshi> to be clear, this isn't a problem for the usual "two parties establishing a shared secret" use case, but ECDH is often used as a small part of larger cryptosystems
09:50 < andytoshi> like ECDSA has a similar sign ambiguity which led to a form of witness malleability in bitcoin
09:51 < ofek> andytoshi, and libsecp256k1 ecdh is sha256(x|y) right?
09:52 < andytoshi> if i remember right, yes
09:52 < andytoshi> it might have the 04 prefix as well
09:53 -!- luke-jr [~luke-jr@unaffiliated/luke-jr] has quit [Ping timeout: 246 seconds]     
10:18 < arubi> w.. that can't be right
10:18 < arubi> it's sha256([02|03]|x)
10:29 < andytoshi> oh, thanks for checking
10:29 < andytoshi> that does make more sense
11:24 -!- afk11 [~afk11@gateway/tor-sasl/afk11] has quit [Remote host closed the connection]     
11:24 -!- afk11 [~afk11@gateway/tor-sasl/afk11] has joined #secp256k1     
11:33 -!- Xanukkah [~SopaXorzT@unaffiliated/sopaxorztaker] has quit [Quit: Leaving]     
11:33 -!- SopaXorzTaker [~SopaXorzT@unaffiliated/sopaxorztaker] has joined #secp256k1     
11:43 -!- SopaXorzTaker [~SopaXorzT@unaffiliated/sopaxorztaker] has quit [Remote host closed the connection]     
14:19 -!- roconnor [~roconnor@host-45-78-192-102.dyn.295.ca] has joined #secp256k1     
15:16 -!- ofek [~Ofekmeist@pool-68-134-46-22.bltmmd.fios.verizon.net] has left #secp256k1 ["Leaving"]     
18:15 -!- luke-jr [~luke-jr@unaffiliated/luke-jr] has joined #secp256k1     
20:01 -!- afk11 [~afk11@gateway/tor-sasl/afk11] has quit [Remote host closed the connection]     
20:01 -!- afk11 [~afk11@gateway/tor-sasl/afk11] has joined #secp256k1     
20:55 -!- arubi [~ese168@gateway/tor-sasl/ese168] has quit [Remote host closed the connection]     
20:56 -!- arubi [~ese168@gateway/tor-sasl/ese168] has joined #secp256k1