blsag: math fixes

content/blog/blsag.md

@@ -39,7 +39,7 @@ The signature $\sigma(m)$ of a message $m$, by the secret key $k_\pi$ of which t
 * $\tilde K_\pi = k_\pi H(K_\pi) \in E$ Alice's key image
 * $r_1,\ldots,r_{\pi-1},\alpha,r_{\pi+1},\ldots,r_n$ random numbers in $\mathbb{Z}/l\mathbb{Z}$
 * $c_{\pi+1} = H(m \mathbin\Vert \alpha G \mathbin\Vert \alpha H(K_\pi))$
-* $\forall i \in \\\{\pi+1,\ldots,n,1,\ldots,\pi-1\\\},\ c_{i+1[n]} = H(m \mathbin\Vert r_i G + c_i K_i \mathbin\Vert r_i H(K_i) + c_i \tilde K_\pi)$
+* $\forall i \in \\\{\pi+1,\ldots,n,1,\ldots,\pi-1\\\},\ c_{(i+1)[n]} = H(m \mathbin\Vert r_i G + c_i K_i \mathbin\Vert r_i H(K_i) + c_i \tilde K_\pi)$
 * $r_\pi = \alpha - c_\pi k_\pi$
 * $\sigma(m) = (\mathcal{R}, \tilde K_\pi, c_1, (r_1, \ldots, r_n))$
 
@@ -61,7 +61,7 @@ Let's show that the verification algorithm is correct. First we recall the follo
 * $K_\pi = G k_\pi$ Alice's public key
 * $\tilde K_\pi = k_\pi H(K_\pi)$ Alice's key image
 * $c_{\pi+1} = H(m \mathbin\Vert \alpha G \mathbin\Vert \alpha H(K_\pi))$
-* $\forall i \in \\\{\pi+1,\ldots,n,1,\ldots,\pi-1\\\},\ c_{i+1[n]} = H(m \mathbin\Vert r_i G + c_i K_i \mathbin\Vert r_i H(K_i) + c_i \tilde K_\pi)$
+* $\forall i \in \\\{\pi+1,\ldots,n,1,\ldots,\pi-1\\\},\ c_{(i+1)[n]} = H(m \mathbin\Vert r_i G + c_i K_i \mathbin\Vert r_i H(K_i) + c_i \tilde K_\pi)$
 * $r_\pi = \alpha - c_\pi k_\pi$
 
 Our aim is to successively build the $c_i'$ and find $c_1=c_{n+1}'$ iff the signature is authentic.