NOS-01-001 is a weakness related to naive secp256k1 implementations. The recommendation includes adding test vectors to avoid accepting uncompressed keys, mitigating "twist attacks."
Compromise of Private Keys: If an attacker can trick a victim into using an invalid public key (one that lies on the twist curve) for cryptographic operations like encrypting a message, it could potentially lead to the exposure or compromise of the victim's private key.
Specific Attack Vectors: This could occur in scenarios where the victim is encrypting data to be sent to what they believe is a legitimate recipient. The invalid public key provided by the attacker could facilitate operations on the twist curve, leading to potential vulnerabilities.
NOS-01-001 is a weakness related to naive secp256k1 implementations. The recommendation includes adding test vectors to avoid accepting uncompressed keys, mitigating "twist attacks."