CRYPTO_X25519_DIRTY_FAST(3monocypher) 3monocypher CRYPTO_X25519_DIRTY_FAST(3monocypher)

crypto_x25519_dirty_fast, crypto_x25519_dirty_small
generation of Curve25519 points with a low-order component

#include <monocypher.h>

void
crypto_x25519_dirty_fast(uint8_t pk[32], const uint8_t sk[32]);

void
crypto_x25519_dirty_small(uint8_t pk[32], const uint8_t sk[32]);

These functions are used in public key generation for crypto_curve_to_hidden(3monocypher). This is a highly advanced feature; unless you are reading this because you were referred here from crypto_curve_to_hidden(3monocypher), you likely have no reason to be using these functions and are probably looking for crypto_x25519(3monocypher) instead. Expect elliptic curve jargon on this page.

Both functions generate a Curve25519 public key pk from the given secret key sk. The public keys are on the whole curve, rather than just the main prime-order subgroup. Both do the same with different code size and memory characteristics: crypto_x25519_dirty_fast() uses multiple large temporary variables and functions that are normally used internally for crypto_sign(3monocypher). Accordingly, it uses both more memory (for the temporary variables) and more code size (unless the signing code is already compiled in elsewhere). crypto_x25519_dirty_small() yields the same result with less code, less memory, and more time than crypto_x25519_dirty_fast().

The resulting public keys are to be used with crypto_x25519(3monocypher), which clears the cofactor.

These functions have no return value. They cannot fail.

crypto_curve_to_hidden(3monocypher), crypto_x25519_public_key(3monocypher), intro(3monocypher)

The crypto_x25519_dirty_fast() and crypto_x25519_dirty_small() functions first appeared in Monocypher 3.1.0.

The slow variant is approximately an entire two times slower than the fast variant. When considering that, on average, two calls to this function will be required for obtaining a valid key pair for crypto_curve_to_hidden(3monocypher), this adds up to an average effective slowdown for key pair generation of a factor of four.
February 13, 2022 Debian