bitcoin/bips
1
0
Fork 0
mirror of https://github.com/bitcoin/bips.git synced 2025-05-12 12:03:29 +00:00
Code Issues Releases Wiki Activity

Merge pull request #1814 from leopardracer/patch-1

Browse Source 
BIP-0374: fix typo
This commit is contained in:
Mark "Murch" Erhardt 2025-04-07 13:03:00 -07:00 committed by GitHub
commit 1163f3ab69
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
bip-0374.mediawiki
View File

@ -74,7 +74,7 @@ The algorithm ''GenerateProof(a, B, r, G, m)'' is defined as:
* Let ''C = a⋅B''.
* Let ''t'' be the byte-wise xor of ''bytes(32, a)'' and ''hash<sub>BIP0374/aux</sub>(r)''.
* Let ''m' = m if m is provided, otherwise an empty byte array''.
* Let ''rand = hash<sub>BIP0374/nonce</sub>(t || cbytes(A) || cbytes(C) || m')''.<ref name="why_include_m_in_rand"> ''' Why include the message in the rand computation?''' Not including the message in the rand compution could leak ''a'' if two proofs were constructed for the same ''a'', ''B'', and ''G'' but a different message ''m'' and an all-zero ''r''.</ref>
* Let ''rand = hash<sub>BIP0374/nonce</sub>(t || cbytes(A) || cbytes(C) || m')''.<ref name="why_include_m_in_rand"> ''' Why include the message in the rand computation?''' Not including the message in the rand computation could leak ''a'' if two proofs were constructed for the same ''a'', ''B'', and ''G'' but a different message ''m'' and an all-zero ''r''.</ref>
* Let ''k = int(rand) mod n''.
* Fail if ''k = 0''.
* Let ''R<sub>1</sub> = k⋅G''.