Monocypher

Boring crypto that simply works
CRYPTO_X25519_INVERSE(3MONOCYPHER) 3MONOCYPHER CRYPTO_X25519_INVERSE(3MONOCYPHER)

NAME

X25519 scalar multiplication with the multiplicative inverse of a scalar #include <monocypher.h>
void
crypto_x25519_inverse(uint8_t blind_salt[32], const uint8_t private_key[32], const uint8_t curve_point);

DESCRIPTION

The crypto_x25519_inverse() function performs scalar multiplication of the multiplicative inverse of a scalar for X25519. This is a highly advanced, specialized feature; unless you are implementing a protocol that requires this specifically, you likely have no reason to be using these functions and are probably looking for crypto_key_exchange() or crypto_x25519() instead. Expect elliptic curve jargon on this page.
This function is used, for example, with exponential blinding in oblivious pseudo-random functions (OPRFs). The arguments are:
blind_salt
The output point.
private_key
The private key (scalar) to use. First, the value is clamped; then the clamped value's multiplicative inverse (modulo the curve order) is determined; the clamped value's multiplicative inverse then has its cofactor cleared, and that final value is then used for scalar multiplication.
curve_point
The curve point on X25519 to multiply with the multiplicative inverse (modulo the curve order) of private_key.

SEE ALSO

crypto_x25519(), intro()

HISTORY

The crypto_x25519_inverse() function first appeared in Monocypher 3.1.0.
March 24, 2020 Linux 4.15.0-112-generic