Return constant from signing fn

thomaseizinger · thomaseizinger · commit 2fe0280c5c8a · 2021-05-20T16:38:07.000+10:00
This is necessary so we can build adaptor signatures on top of this.
diff --git a/src/clsag.rs b/src/clsag.rs
@@ -106,7 +106,7 @@ mod tests {
             #[allow(non_snake_case)]
             let I = signing_key * H_p_pk;
 
-            let signature = sign(
+            let (signature, _) = sign(
                 msg_to_sign,
                 signing_key,
                 signing_key_index,
diff --git a/src/clsag/sign.rs b/src/clsag/sign.rs
@@ -29,7 +29,7 @@ pub fn sign(
     L: EdwardsPoint,
     R: EdwardsPoint,
     I: EdwardsPoint,
-) -> Clsag {
+) -> (Clsag, Scalar) {
     let D = z * H_p_pk;
     let D_inv_8 = D * INV_EIGHT;
     let adjusted_commitment_ring =
@@ -97,11 +97,16 @@ pub fn sign(
         h_prev = h
     }
 
-    responses[signing_key_index] = alpha - h_prev * ((mu_P * signing_key) + (mu_C * z));
+    let stupid_constant = h_prev * mu_C * z;
 
-    Clsag {
-        s: responses.to_vec(),
-        c1: h_0,
-        D: D_inv_8,
-    }
+    responses[signing_key_index] = alpha - h_prev * mu_P * signing_key - stupid_constant;
+
+    (
+        Clsag {
+            s: responses.to_vec(),
+            c1: h_0,
+            D: D_inv_8,
+        },
+        stupid_constant,
+    )
 }
