Add a comment about why we hash the message and the set of nonce comm… (

#407) Add a comment about why we hash the message and the set of nonce commitments as part of creating the preimage for the binding factor
ZcashFoundation · Jun 22, 2023 · 8b09d9d · 8b09d9d
1 parent 8defd2c
commit 8b09d9d
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/frost-core/src/frost.rs b/frost-core/src/frost.rs
@@ -242,6 +242,9 @@ where
     ) -> Vec<(Identifier<C>, Vec<u8>)> {
         let mut binding_factor_input_prefix = vec![];
 
+        // The message is hashed with H4 to force the variable-length message
+        // into a fixed-length byte string, same for hashing the variable-sized
+        // (between runs of the protocol) set of group commitments, but with H5.
         binding_factor_input_prefix.extend_from_slice(C::H4(self.message.as_slice()).as_ref());
         binding_factor_input_prefix.extend_from_slice(
             C::H5(&round1::encode_group_commitments(self.signing_commitments())[..]).as_ref(),