Monocypher

Boring crypto that simply works
CRYPTO_X25519_INVERSE(3MONOCYPHER) 3MONOCYPHER CRYPTO_X25519_INVERSE(3MONOCYPHER)

X25519 scalar multiplication with the multiplicative inverse of a scalar

#include <monocypher.h>

void
crypto_x25519_inverse(uint8_t blind_salt[32], const uint8_t private_key[32], const uint8_t curve_point[32]);

The () function performs scalar multiplication of the multiplicative inverse of a scalar for X25519. ; unless you are implementing a protocol that requires this specifically, and are probably looking for crypto_x25519() instead. Expect elliptic curve jargon on this page.

This function is used, for example, with exponential blinding in oblivious pseudo-random functions (OPRFs). The arguments are:

blind_salt
The output point.
private_key
The private key (scalar) to use. First, the value is clamped, then the clamped value's multiplicative inverse (modulo the curve order) is determined. The clamped value's multiplicative inverse then has its cofactor cleared, and that final value is then used for scalar multiplication.
curve_point
The curve point on X25519 to multiply with the multiplicative inverse (modulo the curve order) of private_key.

crypto_x25519(), intro()

The crypto_x25519_inverse() function first appeared in Monocypher 3.1.0.

February 13, 2022 Debian