Elliptic Curve Diffie-Hellman (ECDH)

Elliptic Curve Diffie-Hellman (ECDH) is a key-agreement protocol that lets two parties, each holding an elliptic-curve key pair, compute an identical shared secret over an insecure channel without ever transmitting that secret. Because Bitcoin and Nostr both use the secp256k1 curve, the same keys that control coins can also bootstrap private communication.

How the shared secret is formed

If Alice has private key a and public key A = aG, and Bob has b and B = bG, then Alice computes aB and Bob computes bA. Both equal abG, the shared point; conventionally its x-coordinate becomes the symmetric key. An eavesdropper sees only the public keys A and B, and recovering the secret would require solving the Elliptic Curve Discrete Logarithm Problem, which is computationally infeasible. The derived secret is typically run through a hash or key-derivation function before use.

Where sovereign Bitcoiners meet it

Nostr's encrypted direct messages use ECDH over secp256k1 to derive a shared key, then encrypt with a symmetric cipher such as AES-256. This means a Nostr identity, a Bitcoin-style keypair, doubles as an end-to-end encryption identity. Proper public-key validation matters: invalid or small-subgroup points must be rejected to avoid leaking key information, a subtlety implementers handle at the library level.

ECDH reuses the very curve mathematics behind Bitcoin signing, so understanding it connects on-chain custody with off-chain private messaging. For related signing and aggregation topics, see MuSig2 (BIP327) and Taproot (BIP341).