- The proposed mitigation for Impersonation in the Passkey Entry Protocol vulnerability is to reject the peer public key in case it is identical to the local public key (E15668).
- The above is not enough because the f4 function that is used to produce the verification code only uses the X coordinate value.
- By looking at the ECDH formula, Y^2 = X^3 + aX + b there are two potential coordinates Y for every coordinate X.
- That is, if an adversary sends another point that is on the curve and has the same X coordinate instead of simply reflecting the (X,Y) coordinate, its original purpose E15668 tries to achieve will fail.
- Reject the peer public key in case it has the same X-axis value as the local public key