CRYPTO_X25519_INVERSE(3MONOCYPHER) | 3MONOCYPHER | CRYPTO_X25519_INVERSE(3MONOCYPHER) |

# NAME

X25519 scalar multiplication with the multiplicative inverse of a scalar```
#include
<monocypher.h>
```

`void`

`crypto_x25519_inverse`

(`uint8_t
blind_salt[32]`, `const uint8_t private_key[32]`,
`const uint8_t curve_point[32]`);

# DESCRIPTION

The
`crypto_x25519_inverse`

()
function performs scalar multiplication of the multiplicative inverse of a
scalar for X25519.
**This is a highly
advanced, specialized feature**; unless you are implementing a
protocol that requires this specifically,
**you likely have no
reason to be using these functions** and are probably looking for
crypto_x25519() instead.
Expect elliptic curve jargon on this page.

This function is used, for example, with exponential blinding in oblivious pseudo-random functions (OPRFs). The arguments are:

`blind_salt`- The output point.
`private_key`- The private key (scalar) to use. First, the value is clamped, then the clamped value's multiplicative inverse (modulo the curve order) is determined. The clamped value's multiplicative inverse then has its cofactor cleared, and that final value is then used for scalar multiplication.
`curve_point`- The curve point on X25519 to multiply with the multiplicative inverse
(modulo the curve order) of
`private_key`.

# SEE ALSO

# HISTORY

The `crypto_x25519_inverse`

() function first
appeared in Monocypher 3.1.0.

February 13, 2022 | Debian |