From 869cf129cc966384db02acf550a087a77f792227 Mon Sep 17 00:00:00 2001
From: Tim Ruffing <crypto@timruffing.de>
Date: Tue, 9 Oct 2018 15:35:17 +0200
Subject: [PATCH] Use a hash to seed the CSPRNG for batch verification

---
 bip-schnorr.mediawiki | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bip-schnorr.mediawiki b/bip-schnorr.mediawiki
index 1ea31e5d9b..577ed95555 100644
--- a/bip-schnorr.mediawiki
+++ b/bip-schnorr.mediawiki
@@ -112,7 +112,7 @@ Input:
 * The public keys ''P<sub>1...u</sub>'': ''u'' points
 * The messages ''m<sub>1...u</sub>'': ''u'' 32 byte arrays.
 * The signatures ''sig<sub>1...u</sub>'': ''u'' 64 byte arrays.
-* Random numbers ''a<sub>2...u</sub>'' in the range ''1...n-1'': ''u-1'' integers. These can either be generated deterministically using a [https://en.wikipedia.org/wiki/Cryptographically_secure_pseudorandom_number_generator CSPRNG] seeded by all the other inputs, or be randomly generated independently for each batch of verifications.
+* Random numbers ''a<sub>2...u</sub>'' in the range ''1...n-1'': ''u-1'' integers. These can either be generated deterministically using a [https://en.wikipedia.org/wiki/Cryptographically_secure_pseudorandom_number_generator CSPRNG] seeded by a cryptographic hash (e.g., SHA256) of all the other inputs, or be randomly generated independently for each batch of verifications.
 
 All provided signatures are valid if and only if the algorithm below does not fail.
 * For ''i = 1 .. u'':