Oddbean new post about | logout
 huh, but it has the pubkey, why wouldnt it be able to know its even or odd when computing shared secret?  im missing something here.. 
 it's not possible for the sender to know the extra bit, they pick the wrong one, the receiver at best could send back a reply "wrong bit" 
 damn 🌋🌊 
 I think it's time to hopefully ask @fiatjaf and maybe @JeffG 

Something seems really wrong. This is nothing that's come up in my tests before. Were all missing something?? This is a huge deal! I beleive this would be part of an EC twist vulnerability... 
 CC @@Magister Michael Dilger M.Sc. @Vitor Pamplona  
 i wasn't aware of what this exactly means, it's not a vulnerability, it's a bug that surely is killing nostr adoption because everyon expects DMs to work, but they obviously can't work without that extra bit

if my dm partners are mostly different sign keys to me, we can't use it