From 714b8ef9ee93135d518139f19adb90834c7b20ce Mon Sep 17 00:00:00 2001
From: KonradStaniec <konrad.staniec@gmail.com>
Date: Thu, 16 Jan 2025 08:57:33 +0100
Subject: [PATCH] Backpot: fix R verification (#413) (#415)

closes: https://github.com/babylonlabs-io/pm/issues/157
---
 CHANGELOG.md                                   | 2 ++
 crypto/schnorr-adaptor-signature/sign_utils.go | 6 ++----
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index ca68a0fd9..41b18b33d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -43,6 +43,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
   0.50.11
 - [#404](https://github.com/babylonlabs-io/babylon/pull/404) Improve adaptor
 signature nonce generation to match reference implementation
+- [#413](https://github.com/babylonlabs-io/babylon/pull/413) Fix adaptor
+signature R verification
 
 ## v1.0.0-rc3
 
diff --git a/crypto/schnorr-adaptor-signature/sign_utils.go b/crypto/schnorr-adaptor-signature/sign_utils.go
index 6ce1d984e..dd9201de2 100644
--- a/crypto/schnorr-adaptor-signature/sign_utils.go
+++ b/crypto/schnorr-adaptor-signature/sign_utils.go
@@ -126,11 +126,9 @@ func encVerify(
 
 	expRHat.ToAffine()
 
-	// fail if expected R'.y is odd
-	if expRHat.Y.IsOdd() {
-		return fmt.Errorf("expected R'.y is odd")
+	if R.Y.IsOdd() {
+		return fmt.Errorf("expected R.y is odd")
 	}
-
 	// ensure R' is same as the expected R' = s'*G - e*P
 	if !expRHat.X.Equals(&RHat.X) {
 		return fmt.Errorf("expected R' = s'*G - e*P is different from the actual R'")