Test vectors update

davxy · Jun 21, 2024 · d00355e · d00355e
1 parent 9596076
commit d00355e
Show file tree

Hide file tree

Showing 5 changed files with 83 additions and 82 deletions.
diff --git a/data/bandersnatch_ed_sha512_ell2_ietf_vectors.json b/data/bandersnatch_ed_sha512_ell2_ietf_vectors.json
@@ -1,80 +1,80 @@
 [
   {
-    "comment": "bandersnatch-ed-sha512-ell2 vector-0",
+    "comment": "Bandersnatch_SHA-512-ELL2 vector-0",
     "sk": "2bd8776e6ca6a43d51987f756be88b643ab4431b523132f675c8f0004f5d5a17",
     "pk": "76adde367eebc8b21f7ef37e327243a77e34e30f9a211fda05409b49f16f3473",
     "alpha": "",
     "ad": "",
-    "h": "4c2b0c99b741b5b7940f6443acb2b02038b1b0e6e40335f2c138d05199071ee2",
-    "gamma": "d8c15f4ab93c36069e266da9c0b0a33c01f6d8d18f417f7465b303eaa1522498",
-    "beta": "21ab0472259050f54e0c987902c2ded1558393d6ea03295cdd015846592c7b0a8ebbf9362f189dacb67f2c6b33252b94203a9323b6703606c5afddccd3a9a73d",
-    "proof_c": "feeed00d76bb3729c435daa11304a85cd1f407d1893524a6a21c5074d88cf00d",
-    "proof_s": "af40cdb6b86c75d35ea9c4ae8a571b791706ee24b9e0f03711d5ce9a07857b1b",
+    "h": "f97757cb576c524e3aa6b9aa5b5a7f8e4527948f9d5df3514fc80c8699d913ed",
+    "gamma": "e29a7df742057a69c52e12e94059034199096c3102577ef7ff1f4b483fcae639",
+    "beta": "8ce3ef07fbf17e696eb96f1a1151414e7c31624b2e84c357721a2a10956b2aee6f1c0b2ccbc8c9149b82993210740eabeca18e060aa1dbe14c2bff8068d5daa1",
+    "proof_c": "a98025556bb0c0f02de07bbd22fff4e801f8682d58146f09425687642c834112",
+    "proof_s": "36fab2875a9183ce69c36e6fb051aa02a437494129b413e1792b689cab9b2711",
     "flags": "00"
   },
   {
-    "comment": "bandersnatch-ed-sha512-ell2 vector-1",
+    "comment": "Bandersnatch_SHA-512-ELL2 vector-1",
     "sk": "3d6406500d4009fdf2604546093665911e753f2213570a29521fd88bc30ede18",
     "pk": "a1b1da71cc4682e159b7da23050d8b6261eb11a3247c89b07ef56ccd002fd38b",
     "alpha": "0a",
     "ad": "",
-    "h": "76a50def319c3e4aa0eeffa30524b1d49e18fba61bb21b5c9957d627ac6edf42",
-    "gamma": "7df30be96a67fdebbb80d383d63bb81bb6a2b2105d0dca29065f8078b4325cf1",
-    "beta": "865535979978530a6826b5d963bbf245cb45a8529b9ad1ce1e60c444286991d079ca1f2d570b34b707e33260272c25e56db2a5f09122d160b7314a5ca8ec4318",
-    "proof_c": "cca9fba0091fbdce441ac670d785c7649ce5e2b537d26a7954dc884b1f53a519",
-    "proof_s": "59c77b6d77ce767f53e7ce5ff7d308df3fc511ec9ebe99d52cd5db9963b11c09",
+    "h": "f38a000e1bd51b0564fe508320d9743508009ebc5bbb1bb636b348f7f8146458",
+    "gamma": "70e21ab3d032c8fb4cbdfad68f50049e4d83af4f1b3093ce735180953475452b",
+    "beta": "7f6163c7e031a0f814e36b28107a21310ea026bb3e18a7c8d58adf45fa517f9229aeab847f2450cbf4d5955227edb5a7be96fcb787c52fac1ad371a76af06f99",
+    "proof_c": "76bcb6ee80b1ce85ce0b3bdaa7ce65354e26002ee76da748b0b759e6832ff916",
+    "proof_s": "f8ab45e83de97f3eed06bc55a68c7a1a630b8d986164bebe13149fe1e6e2b708",
     "flags": "00"
   },
   {
-    "comment": "bandersnatch-ed-sha512-ell2 vector-2",
+    "comment": "Bandersnatch_SHA-512-ELL2 vector-2",
     "sk": "8b9063872331dda4c3c282f7d813fb3c13e7339b7dc9635fdc764e32cc57cb15",
     "pk": "5ebfe047f421e1a3e1d9bbb163839812657bbb3e4ffe9856a725b2b405844cf3",
     "alpha": "",
     "ad": "0b8c",
-    "h": "86e5951f8fbfa4b5589cc12a5b9b696d2ab621e094f399978116ceb6a4fdae25",
-    "gamma": "34a792a9667b684dedb1039ea9cde933a6b90239b2bf0d3c974b2574e8f54e8a",
-    "beta": "53fb95bfb362577563e4c9ce9cd674af5d4ccdaebbf7f1fe777b0d6b9fb179d518f6ae61cfc9d365e05194a07c83ce8ca7875f33163e734bfc76ae8439b6fa93",
-    "proof_c": "df620c5667b0af721c542de05aa6c5bb1cc3867fd1887059f7587157ea94741c",
-    "proof_s": "56c26dd2bbe92e71dbd47a1fdd98254ac50969783f5b7dbe1cabe06914a6a905",
+    "h": "5b1f261cc76c5b0059e9e07b272b55e556ddc6ab5839e086d394ab6180827de2",
+    "gamma": "f82715287a944dbbddeb827f698bb802f0d042c9313b6c6c8780c8be945223c6",
+    "beta": "99b843e00d1abb39ac4261b69d67e148a23f75f3967dec827deb2764c4b26b941075561e55c6314fa86e7c07bf9bd0b87332b593e66da6614a7445d756388021",
+    "proof_c": "87002bcba59ed9fa384cc39b02294fa466e5f5ed428ee029a9d465213d8ede0c",
+    "proof_s": "24d6bed9fbd456b0b195a92e05905ea2fc26b212b2e3a6f528438a0daee20308",
     "flags": "00"
   },
   {
-    "comment": "bandersnatch-ed-sha512-ell2 vector-3",
+    "comment": "Bandersnatch_SHA-512-ELL2 vector-3",
     "sk": "6db187202f69e627e432296ae1d0f166ae6ac3c1222585b6ceae80ea07670b14",
     "pk": "9d97151298a5339866ddd3539d16696e19e6b68ac731562c807fe63a1ca49506",
     "alpha": "73616d706c65",
     "ad": "",
-    "h": "a0bd1c7976aeb45313e14fcb5c15b74fff30a5326ac7252225606239038535ce",
-    "gamma": "c9dd8c8b33ec9749ca3aae6670953702888241860e408b9e9ab51f0e49d2fd2e",
-    "beta": "a61da4005b5efcff4c1d6cf0319a3484c4f6aa1c98c45b6247a46e7af5989f13c0def11def0e07e13925bb597fc89a0e1f86573259c55e338c957e0f8254efbc",
-    "proof_c": "cc37725450b79edb25ddc4fb02a3191f9c35ec49f7ebebea7c83e892edbb211a",
-    "proof_s": "ea76e909915f792e20b327a4abbb3a3ba50f274a7bf6b1b3e20eb76594927a1a",
+    "h": "51ab71cc2b3d9d03ee469ae4598ab5f3d6c7552f6807171a98869d32f8df1bba",
+    "gamma": "75f15fe0414cdcbb310df970131d74f47386b360c6fa9f26c9feaa19cf761fd1",
+    "beta": "77de063f826fd3a4713cbf74c7c42f64624b58b6d962621929b459f2625b3cada5cd5cf26f3412f211ebf2e679b4ee21ff23da27b71635e89eca0c5a94792d69",
+    "proof_c": "3f8d9ae92eafc0c153fdbc7255e40c1329b9cdc88b3e4f1f8e0730e630135102",
+    "proof_s": "da7afc126fb5c6a96674e353f995d260b2f91bf855ec5f32b3ef40d089588905",
     "flags": "00"
   },
   {
-    "comment": "bandersnatch-ed-sha512-ell2 vector-4",
+    "comment": "Bandersnatch_SHA-512-ELL2 vector-4",
     "sk": "b56cc204f1b6c2323709012cb16c72f3021035ce935fbe69b600a88d842c7407",
     "pk": "dc2de7312c2850a9f6c103289c64fbd76e2ebd2fa8b5734708eb2c76c0fb2d99",
     "alpha": "42616e646572736e6174636820766563746f72",
     "ad": "",
-    "h": "50061468c7e6fb8725e51428e2fbfaf69cc8a9fbfd0986f611ba67b98b767d99",
-    "gamma": "376762d2bbd3e26603563272b43fede3fcae6dcad7417ad8d5090cde0ea2dbc2",
-    "beta": "c57b6442fbb7a8311dd0caf0372ec4305c028529393873d6bb7527e999a4c72e0ccc4126319aa66070e531ed20ad966e5de04bca9686c91c3e5c3eca5cbac7da",
-    "proof_c": "406ef4b1af07fae3eae8a117e0e01798c415ea7891ecb04a115d3653fa052812",
-    "proof_s": "b11b0dc855e9efbff15d677e8567491569e40971fe75f62623dae39bc9fc8f0d",
+    "h": "344112e8501d209b2c6e7de2c5c092904a6af0a6ba019427f86782eb3ebcb9f3",
+    "gamma": "fc2fe302d09aaf6e27e22528a28848a17b5b7ddaf69a55859ff89ad3175fa215",
+    "beta": "f8ef36133d13b7228a31d5fc59bc5aa441f7417c9741f7268154f80776103c29a80a7b6f2e6758270e1b85e11c72e69f896a5ef6d6cea11099be95fa66a68730",
+    "proof_c": "8dbfca2aaa014986e6ffe84ee6f2ade3d5646a147186c2dcdc06ce01564d0d06",
+    "proof_s": "6a819c7a6c8b618ca5795c61e84ef105a8c422ceae7e74321f97885fcc321203",
     "flags": "00"
   },
   {
-    "comment": "bandersnatch-ed-sha512-ell2 vector-5",
+    "comment": "Bandersnatch_SHA-512-ELL2 vector-5",
     "sk": "da36359bf1bfd1694d3ed359e7340bd02a6a5e54827d94db1384df29f5bdd302",
     "pk": "decb0151cbeb49f76f10419ab6a96242bdc87baac8a474e5161123de4304ac29",
     "alpha": "42616e646572736e6174636820766563746f72",
     "ad": "73616d706c65",
-    "h": "4e54f52208d720246302cf1040d6f3f6e87cf98916e5ba7555fdb962886dbb80",
-    "gamma": "e1803195eeb2db7ea55fb247fd8ab0a4d8f6d86a8dd1c17d3cfc3be490baac37",
-    "beta": "2a6ce84d317370d1ede73df305ede5209d6587cd77b16d1d3fd321c28e4337a7843130d4b7ded1e15831d938b834b2afe78e6f024fa43f9619ec8d9bc2d4c84a",
-    "proof_c": "b0f0b01f607e79c7a65cb0926c85c8f28c706bcaa1693443bf5e875c80ff4f03",
-    "proof_s": "9ce7cc56b6339e7f6c4aa7f4722ee92eae64140d35c08f6e307f9d90583a2416",
+    "h": "48e93b8d25ed26083ba8263736d6aeb501ea0f16dc90e80eff3979bd62f125d0",
+    "gamma": "ea7fde3b940ea295ee0da6d963f6d744d8884f5825602a627652f5e0ec81f630",
+    "beta": "d7134f9b6627a36f04eea4881c8a8af58388092c19a6e91edb338950329430a5e66a0958cd4ce744a8a3630b4670fa64941af1382e0e832fbc63ec3eb94904fb",
+    "proof_c": "b8392d27f7e0c9069d4069b5048e7ecac600f15e683d7fba9c8cddcf3492e512",
+    "proof_s": "cc4338eb40642052a91b54f1bb4ba0c5bdf387b61db264802101b586f38e1210",
     "flags": "00"
   }
 ]
diff --git a/data/bandersnatch_sw_sha512_tai_ietf_vectors.json b/data/bandersnatch_sw_sha512_tai_ietf_vectors.json
@@ -1,80 +1,80 @@
 [
   {
-    "comment": "bandersnatch-sw-sha512-tai vector-0",
+    "comment": "Bandersnatch_SW_SHA-512_TAI vector-0",
     "sk": "2bd8776e6ca6a43d51987f756be88b643ab4431b523132f675c8f0004f5d5a17",
     "pk": "f55a48e6befa22dc42007ec6d5bf83620d8f794901f42b18c10a4f7a6176985280",
     "alpha": "",
     "ad": "",
-    "h": "85272ebeec7fa7aefe4435bcaf4ee4b166869c009f1c20a913a11dbc9619565280",
-    "gamma": "e5bca62ac9db1ce84de97075e90f4201ab64ed78f4350715b9cebdae229f830700",
-    "beta": "66adefba8fe54119cd479aa123d21fbbd808eb6cd1fb45f121cb8f436363fc110d88f4d08c2950ddf011b5e3ec8acc116add49fcb4e6c92b1f19e1886fe0f2b7",
-    "proof_c": "c10bd80dfa29828c3b70afaa4724a39d835b4e0384393fc675b07dc5b582860f",
-    "proof_s": "b26a49471359eb3582b26a7d60b24994a08f16721f9be25b12a6590e1762800b",
+    "h": "4b47d0c639c8c7b00ed5409caf2f1fc946c4e554537ea5775e86de30dd05170480",
+    "gamma": "5f3c9b5f8a80679b1bd335c46cfd35686750291704811d581f9e9a4904f8401b00",
+    "beta": "5f66fe722cb411ce93c415a8f5bf6ae9e8c95acd90762e11ebddba2727c3fa41813005dc6ce72078e0e9d0f4702b5fe0a7debfaf1e64c638c8a098b384ac4b69",
+    "proof_c": "48a36c67b1bb86ca1d603be702bf2499206425ba88213a15fca5c25e37304a07",
+    "proof_s": "c05e6568ece7e8409f86962e48594546fcaf7d338ca9938c77db863b1d294f11",
     "flags": "00"
   },
   {
-    "comment": "bandersnatch-sw-sha512-tai vector-1",
+    "comment": "Bandersnatch_SW_SHA-512_TAI vector-1",
     "sk": "3d6406500d4009fdf2604546093665911e753f2213570a29521fd88bc30ede18",
     "pk": "fd72a90d1eeba6733824e76bb31991b8108d6562756b85f244333e3c7205225200",
     "alpha": "0a",
     "ad": "",
-    "h": "492f668985986ce552f2e482cac001a1451ce9bf75d0a9b0f51a504c4112a95c80",
-    "gamma": "1103f401f9e892209618f6a839d8083987552aad2ac43c81c8e725fb2a062f4f00",
-    "beta": "7c1469f05cdbac14d5d99c51b0943850b65bdf78e32e7d8643fdf87f4d0ac741eb8f5f6c3d3c55f905038c7fd61df4280b142cbbfdb0d11ddf7bfd0552ab1f8f",
-    "proof_c": "7e14e28e305195027a265fb3df3316e37b6dabea999fc4615ab9e3c74a5ac41c",
-    "proof_s": "e0cc13063ab0dfc68b593067287112acb169547942380604accc9842691af017",
+    "h": "4bbd395c9760dd34c8a430b5f1949168218bd4004a79de863f1d1c8e80df630780",
+    "gamma": "60031e90dc2998241e5ae73e0237d08fe1aaca59431adb7c5e54fcf64e3e7c0080",
+    "beta": "333ce15eec798c112a1cee57484d66877e1001ba20537dd2bf6153e122d0851728a7c26e0201cbae348d9205a71d8846c4cd3e148b7ff50c484e1f1894e289e1",
+    "proof_c": "fb6e25405a7481613d17f661dfc06939749b06b1406521a894d089acf8f0c812",
+    "proof_s": "56c0c71dc0250b3b8e51b66e8c2794e76974840f0d3176db4bb2207cf080db1c",
     "flags": "00"
   },
   {
-    "comment": "bandersnatch-sw-sha512-tai vector-2",
+    "comment": "Bandersnatch_SW_SHA-512_TAI vector-2",
     "sk": "8b9063872331dda4c3c282f7d813fb3c13e7339b7dc9635fdc764e32cc57cb15",
     "pk": "e30eae606d21dff460cdaecfc9bfcd2e319628ccc0242f3ca21f2d5c940ba41680",
     "alpha": "",
     "ad": "0b8c",
-    "h": "096924b8b4c5724fdc4dc329438e1a5499fb4a3a8ba25043f4177bd4e289863300",
-    "gamma": "931e57555925b989c7abb1a207b343540476752bd21b83e804d1c537e65b403380",
-    "beta": "3029f5d8c557b3280fc3291e5754fc8568bbc93bce4abdbb7ca894cf7f3b30847352e63fb024dc78deb8f7ac86a748b4765dba53d4d572db2e02fe99ea17b6b3",
-    "proof_c": "a74c63aed576402560995b2c975fb20e8d0524f1067e2904baf1e2951ce14c19",
-    "proof_s": "730ac4fa5a8a42c2dba06b51313b97f44f56f77f8b795ce46576c45f4e1aa507",
+    "h": "1c7ee438bdc9a0fa33d7466cecb2b34b3584453567de9c14aa85c7de7948e84480",
+    "gamma": "718f7ea6e99c70dd9a54f6493ece5d27cfcdeb13d5629d10568ceb3096d6a93100",
+    "beta": "664617a664c598dc8b3513338d9fdcfee2b04f8bc77bb7225fd49258e2098f220d9ad054c74fa2cdd6e9f762ecaee89a08ab0957d21dfc8873fe1c39ffc300e5",
+    "proof_c": "1366457ac5194e3bf3ad79f4589e8e9a44ab29bcc9bc1a6148856b97be5ae810",
+    "proof_s": "70a744c46a4e72826de234deebcb6e826e23e4375f5233fd78ed0a4353b6c508",
     "flags": "00"
   },
   {
-    "comment": "bandersnatch-sw-sha512-tai vector-3",
+    "comment": "Bandersnatch_SW_SHA-512_TAI vector-3",
     "sk": "6db187202f69e627e432296ae1d0f166ae6ac3c1222585b6ceae80ea07670b14",
     "pk": "2a00e5a32e2f097858a1a4a73cf5c2fb4e6d375a4ea4cc3ae3e91660eade850c80",
     "alpha": "73616d706c65",
     "ad": "",
-    "h": "97f561b890b2afbc021a365d03cadf685817f0925cc5933136af74550145786a80",
-    "gamma": "1566ad669e90a78024902eb2aaea5faec0820440221705459080c1765763b04f80",
-    "beta": "742890b8a77bd3d0ae6356d79d746b4866b3e394e2a410f110bbb1ceed8b55eb397550e59cb407dca5adb9e4f64a613b5b36515aeba2bfee60edee6f3216ddcf",
-    "proof_c": "48363053f320928a90d63b4b83f9ff6d51d115cea0d186c47b22c837265db016",
-    "proof_s": "c0fd167be7b0a16bc1a8ef1e8d4811c916a6d0e81c8c83d27f207e6791beae0f",
+    "h": "9e689f17e75a53527cba47be2c005e1866635ea6b4df50d66d71fd15ca78310780",
+    "gamma": "f9522a47aaf42c87bb3981ab51be6be878c6212a13e788f5b5716ed630221c2b80",
+    "beta": "25178372616cc2632cac6c79d2af0dec6998ee6bba60aa7138fdb225590e68da81d2681e3c9d0e38b2ee7cd50ef7acf87b8a572b616edfbb3fe159301df5555b",
+    "proof_c": "22cbf0b63d4f0117e870a7a4c66f114b014a70eb4f3614ef5987d196f7683404",
+    "proof_s": "85c6fc7354bd6a2e52aa5b5e25269d9cba3c21b34f8f80c596a56f62d8fa911c",
     "flags": "00"
   },
   {
-    "comment": "bandersnatch-sw-sha512-tai vector-4",
+    "comment": "Bandersnatch_SW_SHA-512_TAI vector-4",
     "sk": "b56cc204f1b6c2323709012cb16c72f3021035ce935fbe69b600a88d842c7407",
     "pk": "4f29d79a27b9545d7223431eb6a63776949454b16e2ac0b7a959304ce3e52b6a00",
     "alpha": "42616e646572736e6174636820766563746f72",
     "ad": "",
-    "h": "529c294b62f91f06adf94c1136f3be9712de81d1c27b0cbfbaec03550597fc5380",
-    "gamma": "89bbae24c8b83734de8fe6b42857d691bd372636e75be310012b4d27871c923680",
-    "beta": "3e333815f0e6db54c00be6429cebde30994a5c55a11a8c101865dc009b6feef51b7496250590d0f583d0aacaaaf1abe841dbe2425f956eb0797d11f63fcc45ce",
-    "proof_c": "a7aff0044ddce0a444ea63732b2619635733282b5370813adcd86e49d1747218",
-    "proof_s": "573d79b286d98023a6493c95bacd2c81d9576befbff8d6eb7004ce13c537201a",
+    "h": "771e6bc0f01e01f4fbd38ab93ec61c35ada53c426dcf55bed039f7ada10aed6500",
+    "gamma": "47aa1025c292656b2ca74854033b8c92a48b02ad72271b642998a4384752af6080",
+    "beta": "f08a4e95ca4e9351a3f83f9921aabfa0771983cb6194fdfb22cf85128645ee0e3df03f7ec7e3b47e06dc602cce8d282672b4fcde522b69fc85e04f1300288bf8",
+    "proof_c": "279c376a958bed339298a05177d2af316870fb0a07747691a4ca73e8b0293e0a",
+    "proof_s": "a228daebff3f0c261bd6382d4e0be4f043ee687704a6596f72c626bc52b31418",
     "flags": "00"
   },
   {
-    "comment": "bandersnatch-sw-sha512-tai vector-5",
+    "comment": "Bandersnatch_SW_SHA-512_TAI vector-5",
     "sk": "da36359bf1bfd1694d3ed359e7340bd02a6a5e54827d94db1384df29f5bdd302",
     "pk": "e58e8ba2e99035fb7ae11fa14e2a609d6d13679278dac63ebee64ca8612ffa1480",
     "alpha": "42616e646572736e6174636820766563746f72",
     "ad": "73616d706c65",
-    "h": "c02032eced6c8fec4c72eb676665d6ad3afaf4cc1dba3ad4c23781698e85123080",
-    "gamma": "ee0c2b6fd9e85e113d98c673cc9a4197fafece02fbfa69c00a363f69c32d0b0680",
-    "beta": "bc6d2d66625a223ad83f72d18564a028f0685b634f394c137f391eac89931c8ebf1ed008c3e46980fe3d441869501a1d3a6f94e2dc536ed022245315bca3f99d",
-    "proof_c": "ff329fba1b22b2632fd2c118f1bb2df27d0905f619875cf6c322ada99dabf70d",
-    "proof_s": "1a7e8b6656cc59c865a63e2b5352de0e8020051a3e8149b831fb46a46310ec0f",
+    "h": "dc4276ab164a69cc584b2b8fd3da54531649e075ca2e26688eece1ca9fdc230680",
+    "gamma": "aacbf066133024064dd8923da69ae3fc52b2fb8b2b1a2508621472392e99e00b80",
+    "beta": "a67a122a8423aabb806342b4b3f8f652de250acf964339d8975f07052015ca993b97a96cfc07ed2f07bc8b596eb88f561724d376f25846337af88edf5c86f602",
+    "proof_c": "e7c9fd3972dcaa9e4003215c76f5b8c4b92b39de476e4d6644cd036fb3f2ed18",
+    "proof_s": "fd212be9e5b38e392737cb11f9d2380e4e3e1323c535bb89b7cf0f76ab936a01",
     "flags": "00"
   }
 ]
diff --git a/src/pedersen.rs b/src/pedersen.rs
@@ -51,8 +51,8 @@ impl<S: PedersenSuite> Prover<S> for Secret<S> {
     ) -> (Proof<S>, ScalarField<S>) {
         // Construct the nonces
         let k = S::nonce(&self.scalar, input);
-        let b = S::nonce(&k, input);
-        let kb = S::nonce(&b, input);
+        let kb = S::nonce(&k, input);
+        let b = S::nonce(&kb, input);
 
         // Yb = x*G + b*B
         let pk_blind = (S::Affine::generator() * self.scalar + S::BLINDING_BASE * b).into_affine();
@@ -99,12 +99,12 @@ impl<S: PedersenSuite> Verifier<S> for Public<S> {
         // c = Hash(Yb, I, O, R, Ok, ad)
         let c = S::challenge(&[pk_blind, &input.0, &output.0, r, ok], ad.as_ref());
 
-        // z1 = Ok + c*O - s*I
+        // Ok + c*O = s*I
         if output.0 * c + ok != input.0 * s {
             return Err(Error::VerificationFailure);
         }
 
-        // z2 = R + c*Yb - s*G  - sb*B
+        // R + c*Yb = s*G + sb*B
         if *pk_blind * c + r != S::Affine::generator() * s + S::BLINDING_BASE * sb {
             return Err(Error::VerificationFailure);
         }

diff --git a/src/suites/bandersnatch.rs b/src/suites/bandersnatch.rs
@@ -2,8 +2,8 @@
 //!
 //! Configuration:
 //!
-//! *  `suite_string` = b"bandersnatch-sha512-tai-sw for Short Weierstrass form.
-//! *  `suite_string` = b"bandersnatch-sha512-tai-ed for Twisted Edwards form.
+//! *  `suite_string` = b"Bandersnatch-sha512-tai-sw for Short Weierstrass form.
+//! *  `suite_string` = b"Bandersnatch-sha512-tai-ed for Twisted Edwards form.
 //!
 //! *  The EC group G is the Bandersnatch elliptic curve, in Short Weierstrass or
 //!    Twisted Edwards form, with the finite field and curve parameters as specified
@@ -65,7 +65,7 @@ pub mod weierstrass {
     suite_types!(BandersnatchSha512Tai);
 
     impl Suite for BandersnatchSha512Tai {
-        const SUITE_ID: &'static [u8] = b"bandersnatch-sw-sha512-tai";
+        const SUITE_ID: &'static [u8] = b"Bandersnatch_SW_SHA-512_TAI";
         const CHALLENGE_LEN: usize = 32;
 
         type Affine = ark_ed_on_bls12_381_bandersnatch::SWAffine;
@@ -126,7 +126,7 @@ pub mod edwards {
     suite_types!(BandersnatchSha512Ell2);
 
     impl Suite for BandersnatchSha512Ell2 {
-        const SUITE_ID: &'static [u8] = b"bandersnatch-ed-sha512-ell2";
+        const SUITE_ID: &'static [u8] = b"Bandersnatch_SHA-512-ELL2";
         const CHALLENGE_LEN: usize = 32;
 
         type Affine = ark_ed_on_bls12_381_bandersnatch::EdwardsAffine;
@@ -136,7 +136,8 @@ pub mod edwards {
         fn data_to_point(data: &[u8]) -> Option<AffinePoint> {
             // "XMD" for expand_message_xmd (Section 5.3.1).
             // "RO" for random oracle (Section 3 - hash_to_curve method)
-            let h2c_suite_id = b"bandersnatch_XMD:SHA-512_ELL2_RO_";
+            // TODO: prepend `encode_to_curve_salt` (i.e. pk)
+            let h2c_suite_id = b"Bandersnatch_XMD:SHA-512_ELL2_RO_";
             utils::hash_to_curve_ell2_rfc_9380::<Self>(data, h2c_suite_id)
         }
     }

diff --git a/src/utils.rs b/src/utils.rs
@@ -127,7 +127,7 @@ where
     // Domain Separation Tag := "ECVRF_" || h2c_suite_ID_string || suite_string
     let dst: Vec<_> = b"ECVRF_"
         .iter()
-        .chain(h2c_suite_id.iter())
+        .chain(h2c_suite_id)
         .chain(S::SUITE_ID)
         .cloned()
         .collect();