Alternative for crypto_core_ed25519_scalar_invert

[li0ard]

Is there any way to invert a scalar like the crypto_core_ed25519_scalar_invert method does in libsodium

[paulmillr]

import { ed25519 } from '@noble/curves/ed25519';
import { Field } from '@noble/curves/abstract/modular';

const Fn = Field(ed25519.CURVE.n); // create finite field over ed scalar
const inverted = Fn.inv(1238591829n); // invert value within the field
// 325201530887118780669252250777832982124283878931670096979534483829543322257n

[li0ard]

Unfortunately it doesn't work for me

Scalar: 0x7866d7873b9ca2ffe35ba0e05321f3786da8e3c9049bb6821ee1463a32304509
noble: 0x79c2f385d647b76977e49bc8ba9a5cf3402dc1c4b5a84eb256d7f6f5c8d924c
sodium: 0x86f02c4cbd00d6418c438d871540de6f18eec9fe590a5b9134fa4d532ab10100

[paulmillr]

Try it with CURVE.Fp.inv() instead.

[li0ard]

Also doesn't work

[paulmillr]

25519 field is little-endian, a bit painful

So, the scalars you're seeing are actually swapped:

import { ed25519 } from '@noble/curves/ed25519';
import { Field } from '@noble/curves/abstract/modular';

// Convert bigint to hex, pad with up to 64 zeros (32-byte)
function toHex(scalar) {
  return scalar.toString(16).padStart(64, '0');
}
// Swap big endian to little endian
// 0xbeef => 0xefbe
function swap_endianness_BE_LE(scalar) {
  const swapped = toHex(scalar).match(/\w{2}/g).reverse().join('');
  return BigInt('0x' + swapped);
}

const scalar = swap_endianness_BE_LE(0x7866d7873b9ca2ffe35ba0e05321f3786da8e3c9049bb6821ee1463a32304509n);
const Fn = Field(ed25519.CURVE.n);
const inverted = Fn.inv(scalar); // invert value within the field
console.log('expected', '86..00')
console.log(toHex(swap_endianness_BE_LE(inverted)));

[li0ard]

Oh, I didn't realize it was little-endian. Thank you. Also could you please tell me if there is a possibility to reduce a 64 byte scalar?

[paulmillr]

The technique should work with 64-byte scalars. Fn.inv will accept bigint of any size. Maybe adjust padStart "64" to "128" or something like that.

[li0ard]

Yes, it works. Thank you