Hi Gernot,
From a product management perspective, we don't want to expose low-level cryptography APIs to applications because they are not present on platforms where the corresponding algorithm is not fully implemented in software, or where the cryptography happens in a separate service.
From a product maintenance perspective, we don't want to expose low-level cryptography APIs because we want the freedom to change them. In the past, preserving those APIs has made some optimizations more complicated or impossible, and has made some security improvements more complicated or inefficient.
Obviously bignum and ECP arithmetic will remain in the project, and if you really want to call those functions, you can. But we don't guarantee any stability. We won't even provide advance warning for changes since we may change those internal interfaces in a security fix.
With respect to Matter: we're going to implement SPAKE2+ in Mbed TLS, though it probably won't be ready by the time of the 4.0 release.
With respect to hostap in Zephyr: why is it exposing low-level interfaces? If you really want arithmetic APIs then you can still use Mbed TLS but we won't provide a stable API any longer, and it is incompatible with hardware acceleration and service separation.
Best regards,