The Internet of Broken Protocols: Showcase #7

(complete list of showcases: Showcase #6 was taken down because the protocol is not public)

I think I figured out the answer to this new challenge, but I haven't verified it yet. So be aware that it may be unsolvable.

Update: Without one more modification, the challenge is unsolvable AFAICT. The modification is: the public keys are sent as SubjectPublicKey.

The challenge is the Bluetooth ECDHE protocol with a twist: the public keys are now validated as valid points on curve. Everything else is kept the same. Can you break it?

The Bluetooth ECDHE protocol been found vulnerable to an elegant invalid curve attack. The full paper can be found here. I summarized the attack in this tweet. Tal Be'ery wrote a longer explanation.