Using the `buf' encodings of group elements leaks length information.
Use the `raw' encoding instead. I suspect that this really is a bad
security property to have; certainly the security proof for the key
exchange protocol depends on all encodings having the same length.