From ed7f4d10e9f892a652645a2fac2ea906025d5e3c Mon Sep 17 00:00:00 2001
From: Greg Tonoski <111286121+GregTonoski@users.noreply.github.com>
Date: Fri, 25 Oct 2024 10:29:16 +0200
Subject: [PATCH] minor comment about "byte"

---
 Comments:BIP-0340.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/Comments:BIP-0340.md b/Comments:BIP-0340.md
index 18ce13a..dfc31b4 100644
--- a/Comments:BIP-0340.md
+++ b/Comments:BIP-0340.md
@@ -3,4 +3,6 @@ Removed a wall of [misinformation](https://github.com/bitcoin/bips/wiki/Comments
 
 ----
 
-The comments above appear to be misinformed. Nearly all ECDSA implementations today, including all the ones used in Bitcoin software that I know about, already use derandomized RFC6979 nonce generation for secp256k1. BIP340 too specifies such a nonce generation algorithm - one that is inspired by Ed25519's in fact. It permits adding randomness as research has shown this improves resistance to certain fault & side-channel attacks, but the randomness is not critical for security (it is purely additive). Lastly, the entire nonce generation concern is an implementation aspect that's orthogonal for the signature scheme - it can be done well, or badly, either with ECDSA or Schnorr/BIP340. BIP340 chooses to specify it, in the hope that implementations adopt it as a best practice, but circumstances may call for alternative nonce generation algorithms too. -- Pieter Wuille, 2021 Mar 07.
\ No newline at end of file
+The comments above appear to be misinformed. Nearly all ECDSA implementations today, including all the ones used in Bitcoin software that I know about, already use derandomized RFC6979 nonce generation for secp256k1. BIP340 too specifies such a nonce generation algorithm - one that is inspired by Ed25519's in fact. It permits adding randomness as research has shown this improves resistance to certain fault & side-channel attacks, but the randomness is not critical for security (it is purely additive). Lastly, the entire nonce generation concern is an implementation aspect that's orthogonal for the signature scheme - it can be done well, or badly, either with ECDSA or Schnorr/BIP340. BIP340 chooses to specify it, in the hope that implementations adopt it as a best practice, but circumstances may call for alternative nonce generation algorithms too. -- Pieter Wuille, 2021 Mar 07.
+
+2024-Oct-25 minor comment: "byte" is used in the specification without definition and the one from C does not suit well in this context. I would suggest either defining bytes as consecutive groups of 8 bits or not using it at all (e.g. 512 bits instead of "64-byte[s]") for clarity.
\ No newline at end of file