Include:

• Generate scalars ala eddsa (clamping, etc).
• Prior to generate a contribution value, multiply the point by the cofactor.
• Aways check that is generated in the right group and it is a valid point.
• Clarify the encoding and the generation of the scalars.

Must be nice to also check #173 as part of this.

@DrWhax @giovaneliberato

Here some of the docs:

• The Eddsa RFC: https://tools.ietf.org/html/rfc8032
• Ed448 Goldilocks: https://eprint.iacr.org/2015/625.pdf

Let's have a call to talk about this?

@claucece @giovaneliberato hey thanks! sounds good!

Clamping: https://moderncrypto.org/mail-archive/curves/2017/000858.html

Ok, it looks good so far to me :) I just did some refactorings. What is missing is to:

• Check if the x or y 'secret information' needs pruning as well: 90% sure that yes
• Check that all generated points are valid