From 8bc42a26732fb9b42f758dfdd64495de2135107c Mon Sep 17 00:00:00 2001
From: Oliver Gugger <gugger@gmail.com>
Date: Sat, 28 Dec 2024 15:58:08 +0100
Subject: [PATCH 1/2] bip-0374: fix challenge generation, use correct G

Both generating and verifying a proof allows for specifying a custom
generator point G. But that custom generator point was not passed into
the dleq_challenge function, resulting in the default (secp256k1)
generator point to be used. This lead to the test vectors being
incorrect.
---
 bip-0374/reference.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/bip-0374/reference.py b/bip-0374/reference.py
index edb7efda..b541a945 100644
--- a/bip-0374/reference.py
+++ b/bip-0374/reference.py
@@ -64,7 +64,7 @@ def dleq_generate_proof(
         return None
     R1 = k * G
     R2 = k * B
-    e = dleq_challenge(A, B, C, R1, R2, m)
+    e = dleq_challenge(A, B, C, R1, R2, m, G=G)
     s = (k + e * a) % GE.ORDER
     proof = e.to_bytes(32, "big") + s.to_bytes(32, "big")
     if not dleq_verify_proof(A, B, C, proof, G=G, m=m):
@@ -89,7 +89,7 @@ def dleq_verify_proof(
     R2 = s * B + (-e * C)
     if R2.infinity:
         return False
-    if e != dleq_challenge(A, B, C, R1, R2, m):
+    if e != dleq_challenge(A, B, C, R1, R2, m, G=G):
         return False
     return True
 

From e141b9501d6f0602c603ad044dfde06c9cb3613e Mon Sep 17 00:00:00 2001
From: Oliver Gugger <gugger@gmail.com>
Date: Sat, 28 Dec 2024 21:42:07 +0100
Subject: [PATCH 2/2] bip-0374: remove default value for G in dleq_challenge

To avoid the mistake fixed in the previous commit, we remove the default
value from the G parameter of dleq_challenge.
---
 bip-0374/reference.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/bip-0374/reference.py b/bip-0374/reference.py
index b541a945..e375bd72 100644
--- a/bip-0374/reference.py
+++ b/bip-0374/reference.py
@@ -25,7 +25,7 @@ def xor_bytes(lhs: bytes, rhs: bytes) -> bytes:
 
 
 def dleq_challenge(
-    A: GE, B: GE, C: GE, R1: GE, R2: GE, m: bytes | None, G: GE = G,
+    A: GE, B: GE, C: GE, R1: GE, R2: GE, m: bytes | None, G: GE,
 ) -> int:
     if m is not None:
         assert len(m) == 32
@@ -64,7 +64,7 @@ def dleq_generate_proof(
         return None
     R1 = k * G
     R2 = k * B
-    e = dleq_challenge(A, B, C, R1, R2, m, G=G)
+    e = dleq_challenge(A, B, C, R1, R2, m, G)
     s = (k + e * a) % GE.ORDER
     proof = e.to_bytes(32, "big") + s.to_bytes(32, "big")
     if not dleq_verify_proof(A, B, C, proof, G=G, m=m):
@@ -89,7 +89,7 @@ def dleq_verify_proof(
     R2 = s * B + (-e * C)
     if R2.infinity:
         return False
-    if e != dleq_challenge(A, B, C, R1, R2, m, G=G):
+    if e != dleq_challenge(A, B, C, R1, R2, m, G):
         return False
     return True