Boring crypto that simply works


generation of Curve25519 points with a low-order component #include <monocypher.h>
crypto_x25519_dirty_fast(uint8_t pk[32], const uint8_t sk[32]);
crypto_x25519_dirty_small(uint8_t pk[32], const uint8_t sk[32]);


These functions are used in public key generation for crypto_curve_to_hidden(). This is a highly advanced feature; unless you are reading this because you were referred here from crypto_curve_to_hidden(), you likely have no reason to be using these functions and are probably looking for crypto_key_exchange() or crypto_x25519() instead. Expect elliptic curve jargon on this page.
Both functions generate a Curve25519 public key pk from the given secret key sk; the public keys are on the whole curve, rather than just the main prime-order subgroup. Both do the same with different code size and memory characteristics: crypto_x25519_dirty_fast() uses multiple large temporary variables and uses functions that are normally used internally for crypto_sign(); accordingly, it uses both more memory (for the temporary variables) and more code size (unless the signing code is already compiled in elsewhere). crypto_x25519_dirty_small() yields the same result, but does so using less code and memory at a large performance penalty compared to crypto_x25519_dirty_fast().
The resulting public keys are to be used with crypto_x25519() or crypto_key_exchange(), which clear the cofactor.


These functions have no return value. They cannot fail.


crypto_curve_to_hidden(), crypto_key_exchange_public_key(), crypto_x25519_public_key(), intro()


The crypto_x25519_dirty_fast() and crypto_x25519_dirty_small() functions first appeared in Monocypher 3.1.0.


The slow variant is approximately an entire two times slower than the fast variant. When considering that, on average, two calls to this function will be required for obtaining a valid key pair for crypto_curve_to_hidden(), this adds up to an average effective slowdown for key pair generation of a factor of four.
March 24, 2020 Linux 4.15.0-99-generic