From 085d95d07bbd080cca6a57be930419fb5624c775 Mon Sep 17 00:00:00 2001
From: Lucas Soriano del Pino <l.soriano.del.pino@gmail.com>
Date: Thu, 15 Apr 2021 16:35:13 +1000
Subject: [PATCH] Compute h_0 correctly on Bob's side

---
 monero-adaptor/src/lib.rs | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/monero-adaptor/src/lib.rs b/monero-adaptor/src/lib.rs
index a649b872..5b332451 100644
--- a/monero-adaptor/src/lib.rs
+++ b/monero-adaptor/src/lib.rs
@@ -361,7 +361,15 @@ impl Bob1 {
             .verify(RISTRETTO_BASEPOINT_POINT, T_a, self.H_p_pk, I_hat_a)?;
 
         let h_0 = {
+            let ring = self
+                .ring
+                .iter()
+                .flat_map(|pk| pk.compress().as_bytes().to_vec())
+                .collect::<Vec<u8>>();
+
             let h_0 = Sha512::new()
+                .chain("CLSAG_0".to_string())
+                .chain(ring)
                 .chain(self.msg)
                 .chain((T_a + self.T_b + self.R_a).compress().as_bytes())
                 .chain(