fix clamping thx bfix

1 files changed, 8 insertions, 7 deletions

diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
index b439b7b..10c95d0 100644
--- a/draft-schanzen-gns.xml
+++ b/draft-schanzen-gns.xml
@@ -665,10 +665,10 @@ NONCE := HKDF-Expand (PRK_n, label, 32 / 8)
 zk := a * G
 PRK_h := HKDF-Extract ("key-derivation", zk)
 h := HKDF-Expand (PRK_h, label | "gns", 512 / 8)
-h[0] &= 248;
-h[31] &= 127;
-h[31] |= 64;
 a' := h * a mod L
+a'[0] &= 248;
+a'[31] &= 127;
+a'[31] |= 64;
            ]]></artwork>
          <t>
            Equally, given a label, the output of the HDKD-Public function is
@@ -677,10 +677,11 @@ a' := h * a mod L
          <artwork name="" type="" align="left" alt=""><![CDATA[
 PRK_h := HKDF-Extract ("key-derivation", zk)
 h := HKDF-Expand (PRK_h, label | "gns", 512 / 8)
-h[0] &= 248;
-h[31] &= 127;
-h[31] |= 64;
-zk' := h mod L * zk
+a' = h mod L
+a'[0] &= 248;
+a'[31] &= 127;
+a'[31] |= 64;
+zk' := a' * zk
          ]]></artwork>
          <t>
            The EDKEY cryptosystem uses a