From 8b09d9d698a0ad7df6587fa26aa04cef72d8564a Mon Sep 17 00:00:00 2001
From: Deirdre Connolly <durumcrustulum@gmail.com>
Date: Thu, 22 Jun 2023 05:27:02 -0400
Subject: [PATCH] =?UTF-8?q?Add=20a=20comment=20about=20why=20we=20hash=20t?=
 =?UTF-8?q?he=20message=20and=20the=20set=20of=20nonce=20comm=E2=80=A6=20(?=
 =?UTF-8?q?#407)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Add a comment about why we hash the message and the set of nonce commitments as part of creating the preimage for the binding factor
---
 frost-core/src/frost.rs | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/frost-core/src/frost.rs b/frost-core/src/frost.rs
index 72a200d2..cd39ba8c 100644
--- a/frost-core/src/frost.rs
+++ b/frost-core/src/frost.rs
@@ -242,6 +242,9 @@ where
     ) -> Vec<(Identifier<C>, Vec<u8>)> {
         let mut binding_factor_input_prefix = vec![];
 
+        // The message is hashed with H4 to force the variable-length message
+        // into a fixed-length byte string, same for hashing the variable-sized
+        // (between runs of the protocol) set of group commitments, but with H5.
         binding_factor_input_prefix.extend_from_slice(C::H4(self.message.as_slice()).as_ref());
         binding_factor_input_prefix.extend_from_slice(
             C::H5(&round1::encode_group_commitments(self.signing_commitments())[..]).as_ref(),