From 057958167028e5c1d116396b8a7383a13ed1209b Mon Sep 17 00:00:00 2001
From: Loup Vaillant <loup@loup-vaillant.fr>
Date: Sat, 9 Sep 2017 13:02:27 +0200
Subject: [PATCH] Clarified why we need to hash the message twice in EdDSA

The code isn't crystal clear about the fact we reuse the result of the
first hash in the second hash.  A little comment makes sure reviewers
don't miss it.
---
 src/monocypher.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/monocypher.c b/src/monocypher.c
index aaf2b00..2a096df 100644
--- a/src/monocypher.c
+++ b/src/monocypher.c
@@ -1536,6 +1536,8 @@ void crypto_sign(u8        signature[64],
     ge_scalarmult_base(&R, r);
     ge_tobytes(signature, &R);
 
+    // Hash R, the public key, and the message together.
+    // It cannot be done in paralell with the first hash.
     u8 h_ram[64];
     hash_ram(h_ram, signature, pk, message, message_size);
 
-- 
2.47.3