Merge pull request bitcoin#15 from real-or-random/patch-2

Use a hash to seed the CSPRNG for batch verification
real-or-random · Oct 13, 2018 · ce9fda8 · ce9fda8
2 parents e16217c + 869cf12
commit ce9fda8
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/bip-schnorr.mediawiki b/bip-schnorr.mediawiki
@@ -112,7 +112,7 @@ Input:
 * The public keys ''P<sub>1...u</sub>'': ''u'' points
 * The messages ''m<sub>1...u</sub>'': ''u'' 32 byte arrays.
 * The signatures ''sig<sub>1...u</sub>'': ''u'' 64 byte arrays.
-* Random numbers ''a<sub>2...u</sub>'' in the range ''1...n-1'': ''u-1'' integers. These can either be generated deterministically using a [https://en.wikipedia.org/wiki/Cryptographically_secure_pseudorandom_number_generator CSPRNG] seeded by all the other inputs, or be randomly generated independently for each batch of verifications.
+* Random numbers ''a<sub>2...u</sub>'' in the range ''1...n-1'': ''u-1'' integers. These can either be generated deterministically using a [https://en.wikipedia.org/wiki/Cryptographically_secure_pseudorandom_number_generator CSPRNG] seeded by a cryptographic hash (e.g., SHA256) of all the other inputs, or be randomly generated independently for each batch of verifications.
 
 All provided signatures are valid if and only if the algorithm below does not fail.
 * For ''i = 1 .. u'':