You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
…sandvesta} and \cite{ID-hashtocurve}.
The zero padding in expand_message_xmd should be 128 bytes (matching the input block size of
BLAKE2b), rather than 64 bytes.
See also zcash/pasta#2 and zcash/pasta_curves#7
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
As pointed out by NCC, it should be the length of an input block for the hash, which is 128 bytes for BLAKE2b-512.
The text was updated successfully, but these errors were encountered: