The privatekey -> pubkey function is “fine”. It isn’t a vector for being subjected to twist attack.
The pubkey you get back from this function will be on the curve as it’s internally munged to be. The risk is that it won’t “match” the private key that you provided.
The attack specifically requires you not to verify a pubkey you’ve been given is on the curve.
am I not using secp256k1 just because the library has a vulnerability?
Technically, yes 😂 in this case the bug is the library is not living up to its name 🤷
reply
ParsePubKey
function. But if I am not using this function but provide my own bytes, then thesecp256k1
package does not make sure. At least that's how I understand this warning for the functionPrivKeyFromBytes
.