diff --git a/libi2pd/Elligator.cpp b/libi2pd/Elligator.cpp
index 9821afa1..b9471512 100644
--- a/libi2pd/Elligator.cpp
+++ b/libi2pd/Elligator.cpp
@@ -39,7 +39,7 @@ namespace crypto
 		BN_free (u); BN_free (iu); 
 	}
 
-	bool Elligator2::Encode (const uint8_t * key, uint8_t * encoded) const
+	bool Elligator2::Encode (const uint8_t * key, uint8_t * encoded, bool highY) const
 	{
 		bool ret = true;
 		BN_CTX * ctx = BN_CTX_new ();
@@ -63,8 +63,16 @@ namespace crypto
 		if (Legendre (uxxA, ctx) != -1)
 		{		
 			BIGNUM * r = BN_CTX_get (ctx);
-			BN_mod_inverse (r, xA, p, ctx);	
-			BN_mod_mul (r, r, x, p, ctx);	
+			if (highY)
+			{
+				BN_mod_inverse (r, x, p, ctx);
+				BN_mod_mul (r, r, xA, p, ctx);	
+			}
+			else
+			{
+				BN_mod_inverse (r, xA, p, ctx);	
+				BN_mod_mul (r, r, x, p, ctx);
+			}	
 			BN_mod_mul (r, r, iu, p, ctx);	
 		
 			SquareRoot (r, r, ctx);
diff --git a/libi2pd/Elligator.h b/libi2pd/Elligator.h
index 6f9eaf2a..ca463568 100644
--- a/libi2pd/Elligator.h
+++ b/libi2pd/Elligator.h
@@ -17,7 +17,7 @@ namespace crypto
 			Elligator2 ();
 			~Elligator2 ();
 
-			bool Encode (const uint8_t * key, uint8_t * encoded) const;
+			bool Encode (const uint8_t * key, uint8_t * encoded, bool highY = false) const;
 			bool Decode (const uint8_t * encoded, uint8_t * key) const;
 
 		private:	
diff --git a/tests/test-elligator.cpp b/tests/test-elligator.cpp
index 1647c349..94798e80 100644
--- a/tests/test-elligator.cpp
+++ b/tests/test-elligator.cpp
@@ -16,6 +16,12 @@ const uint8_t encoded_key[32] =
 	0xef, 0x3a, 0xe4, 0x55, 0x33, 0xcd, 0x41, 0x0a, 0xa9, 0x1a, 0x41, 0x53, 0x31, 0xd8, 0x61, 0x2d
 };
 
+const uint8_t encoded_key_high_y[32] = 
+{
+	0x3c, 0xfb, 0x87, 0xc4, 0x6c, 0x0b, 0x45, 0x75, 0xca, 0x81, 0x75, 0xe0, 0xed, 0x1c, 0x0a, 0xe9,
+	0xda, 0xe7, 0x9d, 0xb7, 0x8d, 0xf8, 0x69, 0x97, 0xc4, 0x84, 0x7b, 0x9f, 0x20, 0xb2, 0x77, 0x18
+};
+
 const uint8_t encoded1[32] =
 {
 	0xe7, 0x35, 0x07, 0xd3, 0x8b, 0xae, 0x63, 0x99, 0x2b, 0x3f, 0x57, 0xaa, 0xc4, 0x8c, 0x0a, 0xbc,
@@ -56,10 +62,12 @@ int main ()
 {
 	uint8_t buf[32];
 	i2p::crypto::Elligator2 el;
-	// encoding test
+	// encoding tests
 	el.Encode (key, buf);
 	assert(memcmp (buf, encoded_key, 32) == 0);
-	// decoding test
+	el.Encode (key, buf, true); // with highY
+	assert(memcmp (buf, encoded_key_high_y, 32) == 0);
+	// decoding tests
 	el.Decode (encoded1, buf);
 	assert(memcmp (buf, key1, 32) == 0);
 	el.Decode (encoded2, buf);