spot-the-bug/stream-ciphers/monocypher-3.1.1/doc/man/man3/crypto_x25519_inverse.3monocypher

.\" This file is dual-licensed.  Choose whichever you want.
.\"
.\" The first licence is a regular 2-clause BSD licence.  The second licence
.\" is the CC-0 from Creative Commons. It is intended to release Monocypher
.\" to the public domain.  The BSD licence serves as a fallback option.
.\"
.\" SPDX-License-Identifier: BSD-2-Clause OR CC0-1.0
.\"
.\" ----------------------------------------------------------------------------
.\"
.\" Copyright (c) 2020 Fabio Scotoni
.\" All rights reserved.
.\"
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions are
.\" met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the
.\"    distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
.\" "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
.\" A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
.\" HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
.\" OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" ----------------------------------------------------------------------------
.\"
.\" Written in 2020 by Fabio Scotoni
.\"
.\" To the extent possible under law, the author(s) have dedicated all copyright
.\" and related neighboring rights to this software to the public domain
.\" worldwide.  This software is distributed without any warranty.
.\"
.\" You should have received a copy of the CC0 Public Domain Dedication along
.\" with this software.  If not, see
.\" <https://creativecommons.org/publicdomain/zero/1.0/>
.\"
.Dd March 24, 2020
.Dt CRYPTO_X25519_INVERSE 3MONOCYPHER
.Os
.Sh NAME
.Nm crypto_x25519_inverse
.Nd X25519 scalar multiplication with the multiplicative inverse of a scalar
.Sh SYNOPSIS
.In monocypher.h
.Ft void
.Fo crypto_x25519_inverse
.Fa "uint8_t blind_salt[32]"
.Fa "const uint8_t private_key[32]"
.Fa "const uint8_t curve_point"
.Fc
.Sh DESCRIPTION
The
.Fn crypto_x25519_inverse
function performs scalar multiplication of the multiplicative inverse
of a scalar for X25519.
.Sy This is a highly advanced, specialized feature ;
unless you are implementing a protocol that requires this specifically,
.Sy you likely have no reason to be using these functions
and are probably looking for
.Xr crypto_key_exchange 3monocypher
or
.Xr crypto_x25519 3monocypher
instead.
Expect elliptic curve jargon on this page.
.Pp
This function is used, for example, with exponential blinding in
oblivious pseudo-random functions (OPRFs).
The arguments are:
.Bl -tag -width Ds
.It Fa blind_salt
The output point.
.It Fa private_key
The private key (scalar) to use.
First, the value is clamped;
then the clamped value's multiplicative inverse (modulo the curve order)
is determined;
the clamped value's multiplicative inverse then has its cofactor
cleared,
and that final value is then used for scalar multiplication.
.It Fa curve_point
The curve point on X25519 to multiply with the multiplicative inverse
(modulo the curve order) of
.Fa private_key .
.El
.Sh SEE ALSO
.Xr crypto_x25519 3monocypher ,
.Xr intro 3monocypher
.Sh HISTORY
The
.Fn crypto_x25519_inverse
function first appeared in Monocypher 3.1.0.