Patch for previous commit

coins/monero/src/clsag/multisig.rs

@@ -143,12 +143,12 @@ impl Algorithm<Ed25519> for Multisig {
 
     let mut serialized = Vec::with_capacity(Multisig::serialized_len());
     serialized.extend((view.secret_share().0 * self.H).compress().to_bytes());
-    serialized.extend(DLEqProof::prove(rng, &view.secret_share().0, &self.H).serialize());
+    serialized.extend(DLEqProof::prove(rng, &self.H, &view.secret_share().0).serialize());
 
     serialized.extend((nonces[0].0 * self.H).compress().to_bytes());
-    serialized.extend(&DLEqProof::prove(rng, &nonces[0].0, &self.H).serialize());
+    serialized.extend(&DLEqProof::prove(rng, &self.H, &nonces[0].0).serialize());
     serialized.extend((nonces[1].0 * self.H).compress().to_bytes());
-    serialized.extend(&DLEqProof::prove(rng, &nonces[1].0, &self.H).serialize());
+    serialized.extend(&DLEqProof::prove(rng, &self.H, &nonces[1].0).serialize());
     serialized
   }
 

coins/monero/src/frost.rs

@@ -125,8 +125,8 @@ pub struct DLEqProof {
 impl DLEqProof {
   pub fn prove<R: RngCore + CryptoRng>(
     rng: &mut R,
-    secret: &DScalar,
-    H: &DPoint
+    H: &DPoint,
+    secret: &DScalar
   ) -> DLEqProof {
     let r = random_scalar(rng);
     let rG = &DTable * &r;

coins/monero/src/transaction/multisig.rs

@@ -141,7 +141,8 @@ impl StateMachine for TransactionMachine {
     let mut serialized = vec![];
     for (i, clsag) in self.clsags.iter_mut().enumerate() {
       let preprocess = clsag.preprocess(rng)?;
-      self.our_images[i] += CompressedEdwardsY(preprocess[0 .. 32].try_into().unwrap()).decompress().unwrap();
+      // First 64 bytes are FROST's commitments
+      self.our_images[i] += CompressedEdwardsY(preprocess[64 .. 96].try_into().unwrap()).decompress().unwrap();
       serialized.extend(&preprocess);
     }