From d1ead6560d0a392272c31e834be4ed8a3b82e36c Mon Sep 17 00:00:00 2001
From: Daira Hopwood <daira@jacaranda.org>
Date: Mon, 12 Feb 2018 13:02:40 +0000
Subject: [PATCH] Correct an error in the Pedersen hash specification.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
---
 protocol/protocol.tex | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/protocol/protocol.tex b/protocol/protocol.tex
index 2b29bc7c..52f5ecd3 100644
--- a/protocol/protocol.tex
+++ b/protocol/protocol.tex
@@ -3670,7 +3670,7 @@ Define $\PedersenHash(D \typecolon \byteseq{8}, M \typecolon \bitseqs)$ as follo
   \item Split $M'$ into $n$ \quotedterm{windows} $M_{\barerange{1}{n}}$ each of length $3$ bits,
         so that $M' = \concatbits(M_{\barerange{1}{n}})$.
   \item Write each $M_i$ as $[\si{0}, \si{1}, \si{2}]$, and let
-        $m_i = (1 - 2 \smult \si{2}) \mult (\si{0} + 2 \smult \si{1})$.
+        $m_i = (1 - 2 \smult \si{2}) \mult (1 + \si{0} + 2 \smult \si{1})$.
   \item Let $R = \vsum{i=1}{n} \scalarmult{m_i}{\PedersenGen{D}{i}}$.
   \item Return $\ItoLEBSP{255}(\ExtractJ(R))$.
 \end{formulae}