It's possible to decrypt data with arbitrary public key in bitcore-ecies


I’ve encountered a strange behavior in bitcore-ecies where a public key can decrypt data encrypted with another private / public key pair, e.g.:

  1. Alice and Carol send their public key to Bob
  2. Bob sends his public key to Alice and Carol
  3. Alice encrypts data with her private key / Bob’s public key
  4. Bob able to decrypt Alice data with his private key / Carol’s public key???

As far as I understand, the ECIES/DH should not allow this, or I’m missing something?

Found the issue, I’ve used Alice mnemonics in Carol unit-test (resulting in same pair).