diff --git a/configure.ac b/configure.ac
index 13b4e56915..88ca8dfa58 100644
--- a/configure.ac
+++ b/configure.ac
@@ -223,7 +223,8 @@ case $set_bignum in
 gmp)
   AC_DEFINE(HAVE_LIBGMP,1,[Define this symbol if libgmp is installed])
   AC_DEFINE(USE_NUM_GMP, 1, [Define this symbol to use the gmp implementation])
-  AC_DEFINE(USE_FIELD_INV_NUM, 1, [Define this symbol to use the USE_FIELD_INV_NUM implementation])
+  AC_DEFINE(USE_FIELD_INV_NUM, 1, [Define this symbol to use the num-based field inverse implementation])
+  AC_DEFINE(USE_SCALAR_INV_NUM, 1, [Define this symbol to use the num-based scalar inverse implementation])
   ;;
 *)
   AC_MSG_ERROR([invalid bignum implementation])
diff --git a/src/scalar.h b/src/scalar.h
index a69a4cc9d4..eae727cb9d 100644
--- a/src/scalar.h
+++ b/src/scalar.h
@@ -54,6 +54,9 @@ static void secp256k1_scalar_sqr(secp256k1_scalar_t *r, const secp256k1_scalar_t
 /** Compute the inverse of a scalar (modulo the group order). */
 static void secp256k1_scalar_inverse(secp256k1_scalar_t *r, const secp256k1_scalar_t *a);
 
+/** Compute the inverse of a scalar (modulo the group order), without constant-time guarantee. */
+static void secp256k1_scalar_inverse_var(secp256k1_scalar_t *r, const secp256k1_scalar_t *a);
+
 /** Compute the complement of a scalar (modulo the group order). */
 static void secp256k1_scalar_negate(secp256k1_scalar_t *r, const secp256k1_scalar_t *a);
 
diff --git a/src/scalar_impl.h b/src/scalar_impl.h
index ddc5061c76..8624f44db3 100644
--- a/src/scalar_impl.h
+++ b/src/scalar_impl.h
@@ -9,6 +9,7 @@
 
 #include <string.h>
 
+#include "group.h"
 #include "scalar.h"
 
 #if defined HAVE_CONFIG_H
@@ -181,4 +182,20 @@ static void secp256k1_scalar_inverse(secp256k1_scalar_t *r, const secp256k1_scal
     secp256k1_scalar_mul(r, t, &x6); /* 111111 */
 }
 
+static void secp256k1_scalar_inverse_var(secp256k1_scalar_t *r, const secp256k1_scalar_t *x) {
+#if defined(USE_SCALAR_INV_BUILTIN)
+    secp256k1_scalar_inverse(r, x);
+#elif defined(USE_SCALAR_INV_NUM)
+    unsigned char b[32];
+    secp256k1_scalar_get_b32(b, x);
+    secp256k1_num_t n;
+    secp256k1_num_set_bin(&n, b, 32);
+    secp256k1_num_mod_inverse(&n, &n, &secp256k1_ge_consts->order);
+    secp256k1_num_get_bin(b, 32, &n);
+    secp256k1_scalar_set_b32(r, b, NULL);
+#else
+#error "Please select scalar inverse implementation"
+#endif
+}
+
 #endif