X25519 scalar multiplication with the
multiplicative inverse of a scalar
#include
<monocypher.h>
void
crypto_x25519_inverse(
uint8_t
blind_salt[32],
const uint8_t
private_key[32],
const uint8_t
curve_point[32]);
The
crypto_x25519_inverse() function performs
scalar multiplication of the multiplicative inverse of a scalar for X25519.
This is a highly advanced, specialized feature;
unless you are implementing a protocol that requires this specifically,
you likely have no reason to be using these
functions and are probably looking for
crypto_key_exchange()
or
crypto_x25519()
instead. Expect elliptic curve jargon on this page.
This function is used, for example, with exponential blinding in oblivious
pseudo-random functions (OPRFs). The arguments are:
- blind_salt
- The output point.
- private_key
- The private key (scalar) to use. First, the value is
clamped; then the clamped value's multiplicative inverse (modulo the curve
order) is determined; the clamped value's multiplicative inverse then has
its cofactor cleared, and that final value is then used for scalar
multiplication.
- curve_point
- The curve point on X25519 to multiply with the
multiplicative inverse (modulo the curve order) of
private_key.
crypto_x25519(),
intro()
The
crypto_x25519_inverse() function first appeared
in Monocypher 3.1.0.
