Extend modular-frost to test with scaled and offset keys

The transcript transcripted the group key _plus_ the offset, when it should've
only transcripted the group key as the declared group key already had the
offset applied. This has been fixed.

crypto/frost/src/sign.rs

@@ -357,12 +357,7 @@ impl<C: Curve, A: Algorithm<C>> SignMachine<A::Signature> for AlgorithmSignMachi
 
       // Re-format into the FROST-expected rho transcript
       let mut rho_transcript = A::Transcript::new(b"FROST_rho");
-      rho_transcript.append_message(
+      rho_transcript.append_message(b"group_key", self.params.keys.group_key().to_bytes());
-        b"group_key",
-        (self.params.keys.group_key() +
-          (C::generator() * self.params.keys.current_offset().unwrap_or(C::F::ZERO)))
-        .to_bytes(),
-      );
       rho_transcript.append_message(b"message", C::hash_msg(msg));
       rho_transcript.append_message(
         b"preprocesses",

crypto/frost/src/tests/mod.rs

@@ -251,10 +251,11 @@ pub fn test_offset_schnorr<R: RngCore + CryptoRng, C: Curve, H: Hram<C>>(rng: &m
   let mut keys = key_gen(&mut *rng);
   let group_key = keys[&Participant::new(1).unwrap()].group_key();
 
+  let scalar = C::F::from(3);
   let offset = C::F::from(5);
-  let offset_key = group_key + (C::generator() * offset);
+  let offset_key = (group_key * scalar) + (C::generator() * offset);
   for keys in keys.values_mut() {
-    *keys = keys.offset(offset);
+    *keys = keys.clone().scale(scalar).unwrap().offset(offset);
     assert_eq!(keys.group_key(), offset_key);
   }