In generateChallengeScalar for Banderwagon Frs, using a transcript state, we earlier did a normal scalar_deserialize which internally validated whether the scalar existed within the scalar field of Banderwagon or not. However, as challenge scalars are often generated from strings represented as byte arrays, there can be often cases where the scalar may overflow in it's natural representation, hence, the idea is to deserialize the scalar directly to it's Montgomery residue form, and generate a challenge scalar from it.
Further, it's a good practice test the algorithm with a few cross-client test cases.
In
generateChallengeScalarfor Banderwagon Frs, using a transcript state, we earlier did anormalscalar_deserialize which internally validated whether the scalar existed within the scalar field of Banderwagon or not. However, as challenge scalars are often generated from strings represented as byte arrays, there can be often cases where the scalar may overflow in it'snatural representation, hence, the idea is to deserialize the scalar directly to it's Montgomery residue form, and generate a challenge scalar from it.Further, it's a good practice test the algorithm with a few cross-client test cases.