Yes. Sorry for delayed response, been away from the site last couple of days.
So right, these values are scalars in the group of integers modulo N. And yes the value of s has to be calculated there (in s = k + e * x) modulo N. Apologies for not making it 100% clear.
If it helps: remember these are numbers we are using as scalar multipliers on elliptic curve points. So e.g. 100G mean s take generator G and add it 100 times: G + G + ... 100 times.
(100+N)G = 100G +NG = 100G
... because NG gives the "point at infinity" (sometimes written O), which is the additive identity for the elliptic curve group, i.e. G + (-G) = 0.
So effectively these scalars are all implicitly mod N, in code yeah for sure you should apply mod N to avoid any confusing scenarios.
@waxwing No problem, thanks for the clarification.
Your paper is pretty clear even for profane like me, I'm basically turning it into a jupyter notebook to break down all the cryptography in CT, which I found very confusing at first.
@Sosthene i wrote commented python code at the time, here: https://github.com/AdamISZ/borring/blob/master/borring.py (I think i referenced it somewhere). I actually took out the bitcoin backend signing/keys code but the algo is still there, in case that helps.
@waxwing Thanks Adam!
I just made my toy code to work, it seems it didn't work because I didn't mod N the dummy sigs that I was generating, looks better now
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!