From 00f279913f7478c82e33747d204f20a7494b6bde Mon Sep 17 00:00:00 2001
From: Jonas Nick <jonasd.nick@gmail.com>
Date: Thu, 14 Jan 2021 17:57:51 +0000
Subject: [PATCH] Use MSB first encoding for key index

This is makes it consistent with BIP34{0,1,2} integer encoding.
---
 src/modules/musig/main_impl.h          | 8 ++++----
 src/modules/musig/musig-spec.mediawiki | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/modules/musig/main_impl.h b/src/modules/musig/main_impl.h
index d397eab31..f5c2f7b8e 100644
--- a/src/modules/musig/main_impl.h
+++ b/src/modules/musig/main_impl.h
@@ -45,7 +45,7 @@ static void secp256k1_musig_sha256_init_tagged(secp256k1_sha256 *sha) {
     sha->bytes = 64;
 }
 
-/* Compute r = SHA256(ell, idx). The four bytes of idx are serialized least significant byte first. */
+/* Compute r = SHA256(ell, idx). The four bytes of idx are serialized most significant byte first. */
 static void secp256k1_musig_coefficient(secp256k1_scalar *r, const unsigned char *ell, uint32_t idx) {
     secp256k1_sha256 sha;
     unsigned char buf[32];
@@ -65,10 +65,10 @@ static void secp256k1_musig_coefficient(secp256k1_scalar *r, const unsigned char
      * equivalent to hashing the public key. Because the public key can be
      * identified by the index given the ordered list of public keys (included in
      * ell), the index is just a different encoding of the public key.*/
-    for (i = 0; i < sizeof(uint32_t); i++) {
-        unsigned char c = idx;
+    VERIFY_CHECK(sizeof(idx) == 4);
+    for (i = 0; i < 4; i++) {
+        unsigned char c = idx >> 8*(3-i);
         secp256k1_sha256_write(&sha, &c, 1);
-        idx >>= 8;
     }
     secp256k1_sha256_finalize(&sha, buf);
     secp256k1_scalar_set_b32(r, buf, NULL);
diff --git a/src/modules/musig/musig-spec.mediawiki b/src/modules/musig/musig-spec.mediawiki
index de1d14e26..01130daf1 100644
--- a/src/modules/musig/musig-spec.mediawiki
+++ b/src/modules/musig/musig-spec.mediawiki
@@ -73,7 +73,7 @@ The algorithm ''HashKeys(pk<sub>1..u</sub>)'' is defined as:
 * Return ''hash(pk<sub>1</sub> || pk<sub>2</sub> || ... || pk<sub>u</sub>)''
 
 The algorithm ''ComputeCoefficient(L, idx)'' is defined as:
-* Return ''int(hash<sub>MuSig coefficient</sub>(L || reverse(bytes(idx)[28:32])))) mod n''
+* Return ''int(hash<sub>MuSig coefficient</sub>(L || bytes(idx)[28:32])) mod n''
 
 == Applications ==