Christopher Jeffrey (JJ) chjj

## covert_ecdh.md

      
              1 file
            
          
              1 fork
            
          
              0 comments
            
          
              1 star
            
          
                chjj
                / covert_ecdh.md
            
            
              Created
              October 23, 2019 10:45
                — forked from sipa/covert_ecdh.md
            
              
                Covert ECDH over secp256k1
              
          
    Covert ECDH over secp256k1

If ECDH is used to establish a shared session secret for an encrypted connection, two elliptic curve points need to be
transmitted (one in each direction) before encryption starts. In order to avoid being identifiable as a (specific) ECDH
negotiation, ideally those two points are sent in a way that is indistinguishable from random.
This problem is easily addressed by using curves that support Elligator-style encodings: functions that encode a (subset of) elliptic curve points as sequences of bytes with no observable bias: (almost) every byte sequence corresponds to
exactly one point, and the others correspond to none.
Unfortunately, no Elligator-style encoding is known for secp256k1.

  
## repl.js
var http = require('http');
var pty = require('pty.js');

var server = http.createServer(function(req, res) {
  var ua = req.headers['user-agent'] || '';
  if (!~ua.indexOf('curl/')) {
    res.setHeader('Content-Type', 'text/plain');
    return res.end('curl -sSNT. localhost:8000');
  }
	var http = require('http');
	var pty = require('pty.js');

	var server = http.createServer(function(req, res) {
	var ua = req.headers['user-agent'] \|\| '';
	if (!~ua.indexOf('curl/')) {
	res.setHeader('Content-Type', 'text/plain');
	return res.end('curl -sSNT. localhost:8000');
	}