fix issues of Pseudo-Key Reveal Fail in Abort2 of presign

[zzyalbert]

It seems that the algorithm implemented in presign.Abort2 dosen't match the one described in the original paper

As shown above, we should use ElGamalChi instead of ElGamalK.

Also in the implemention code below, we have calculated Ŷⱼ + kⱼ⋅Xⱼ+ ∑ₗ (α̂ⱼₗ⋅G + kₗ⋅Xⱼ- α̂ₗⱼ⋅G),

which is Ŷⱼ+ ( kⱼ⋅xⱼ⋅G+ ∑ₗ (α̂ⱼₗ + kₗ⋅xⱼ- α̂ₗⱼ)⋅G) = Ŷⱼ+ χᵢ⋅G.

That's the ElGamal commitment of χᵢ (known as ElGamalChi) in code.

[zzyalbert]

@adr1anh Could you please review this PR?

[adr1anh]

Will review this week. Thanks a lot for catching this and the other bug in the abort procedure!

[adr1anh]

Sorry about the delay, and thanks again for finding this. It's a sneaky bug, since it looks like there is a mistake in the paper. If I am not mistaken, $b_i$ should actually be $\hat{b}_i$. The former is indeed ElGamalKNonce while the latter would be ElGamalChiNonce. The changes look good to me!