- Update ECDH output to use SHA512 instead of SHA256

- Specify HMAC_DRBG security strength

bip-0075.mediawiki

@@ -308,13 +308,14 @@ For the following we assume the Sender already knows the Receiver's public key,
 
 ===ECDH Point Generation and AES-256 (GCM Mode) Setup===
 '''NOTE''': AES-256-GCM is used because it provides authenticated encryption facilities, thus negating the need for a separate message hash for authentication.
-* Generate the '''secret point''' using [https://en.wikipedia.org/wiki/Elliptic_curve_Diffie–Hellman ECDH] using the local entity's private key and the remote entity's public key as inputs.
 
-* Initialize [http://csrc.nist.gov/publications/nistpubs/800-90A/SP800-90A.pdf HMAC_DRBG] 
-** Use '''SHA256(secret point's X value)''' for Entropy
+* Generate the '''secret point''' using [https://en.wikipedia.org/wiki/Elliptic_curve_Diffie–Hellman ECDH] using the local entity's private key and the remote entity's public key as inputs
+* Initialize [http://csrc.nist.gov/publications/nistpubs/800-90A/SP800-90A.pdf HMAC_DRBG]
+** Use '''SHA512(secret point's X value in Big-Endian bytes)''' for Entropy
 ** Use the given message's '''nonce''' field for Nonce
 
 * Initialize AES-256 in GCM Mode
+** Initialize HMAC_DRBG with Security Strength of 256 bits
 ** Use HMAC_DRBG.GENERATE(32) as the Encryption Key (256 bits)
 ** Use HMAC_DRBG.GENERATE(12) as the Initialization Vector (IV) (96 bits)
 
@@ -380,3 +381,4 @@ The following diagram shows a sample flow in which one mobile client is sending
 * [https://tools.ietf.org/html/rfc6979 RFC6979]
 * [https://en.bitcoin.it/wiki/Address_reuse Address Reuse]
 * [http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf FIPS 180-4 (Secure Hash Standard)]
+* [https://github.com/bitcoin-core/secp256k1/blob/master/src/modules/ecdh/main_impl.h libsecp256k1 ECDH Implementation]