From 76a6ff46be2f246b87e79f2adcb0343f6572ee22 Mon Sep 17 00:00:00 2001
From: Luke Parker <lukeparker5132@gmail.com>
Date: Fri, 22 Apr 2022 22:26:08 -0400
Subject: [PATCH] Include the scalar offset in the calculation of p

---
 sign/frost/src/sign.rs | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/sign/frost/src/sign.rs b/sign/frost/src/sign.rs
index dc1b785d..58adcfdc 100644
--- a/sign/frost/src/sign.rs
+++ b/sign/frost/src/sign.rs
@@ -241,6 +241,11 @@ fn sign_with_share<C: Curve, A: Algorithm<C>>(
     b.extend(&commitments[0 .. commit_len]);
   }
 
+  let offset = if params.keys.offset.is_some() {
+    C::F_to_le_bytes(&params.keys.offset.unwrap())
+  } else {
+    vec![]
+  };
   let context = params.algorithm.context();
   let mut p = Vec::with_capacity(multisig_params.t);
   let mut pi = C::F::zero();
@@ -251,6 +256,7 @@ fn sign_with_share<C: Curve, A: Algorithm<C>>(
           .chain(BINDING_DST)
           .chain(u64::try_from(*l).unwrap().to_le_bytes())
           .chain(Blake2b::new().chain(BINDING_MESSAGE_DST).chain(msg).finalize())
+          .chain(&offset)
           .chain(&context)
           .chain(&b)
           .finalize()