Is it safe to derive secret from alice's private key and alice's public key?

Question

I'm using secp256k1; in normal scenario alice.privateKey and bob.publicKey (or vice versa) is used to derive the same secret.

Is it safe to use alice.privateKey and alice.publicKey to derive secret as a key for encryption for alice's personal information - where alice.publicKey and encrypted blob is publicly available?

score 3 · Accepted Answer · answered Dec 01 '17 at 20:51

Yes, recovering the computed secret is as hard as doing it for conventional Diffie-Hellman and thus infeasible for any secure groups.

This is known as Square-Diffie-Hellman problem, the reduction to the computational Diffie-Hellman problem (CDH) can be found in this Q&A.

Is it safe to derive secret from alice's private key and alice's public key?

1 Answers1