LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

True or false: "After an EC-DH key exchange, both parties should use both the x- AND y-coordinate of the shared point as the symmetric key."

False — only the x-coordinate is used as the shared symmetric key. Using the y-coordinate would leak information and is explicitly discouraged.

Why only the x-coordinate:

  • For any x-coordinate on the curve, there are at most two possible y-values: $y$ and $p - y$
  • If an attacker somehow learns the y-coordinate, they immediately know the x-coordinate too (since they're related by the curve equation)
  • Using only $x$ provides a clean, well-defined shared secret
  • The y-coordinate adds no additional entropy — knowing $x$ narrows $y$ to two values

In practice:

  • The shared point $K = a \cdot B = b \cdot A$ has coordinates $(x_K, y_K)$
  • The symmetric key is derived from $x_K$ only (typically through a key derivation function like HKDF)
  • This is specified in standards like X25519, where the output is always just the x-coordinate

Common mistake: Students sometimes assume the entire point should be used as key material. In fact, only the x-coordinate is used as key material.

Go deeper:

From Quiz: KRYPTOG / Elliptic Curve Cryptography | Updated: Jul 14, 2026