14:33:02 <br-m> <syntheticbird> mrelay.p2pool.observer/m/monero.social/jUYbmXnHjTASBvlfIjpsSrVh.png (carrotAddressGeneration.png)

ScalarDerive(x) in chart has different behavior than ScalarDerive(x) as in the markdown document

sc_reduce32 only acts on the first 32 bytes as fed to the function

while markdown specifies mod l which is the generalized form (so it can work on 64 byte input)

so specifically ScalarDerive(x) = sc_reduce32(H64(x)) will drop the low value 32 bytes of the 64-byte H64 result (little endian)

also on the non-raw file github.com/jeffro256/carrot/blob/master/carrot.md#334-private-keys

<helene:unredacted.org> DataHoarder: the endianness seems very important to clarify and specify especially when it comes to using hash functions ^^;;

yeah not just the endianness but that function specifically doesn't work there

if you are treating the ops for hashing bytes, endianness by default on all ops has been little endian

and question > "Here Hp1 and Hp2 refer to two hash-to-point functions on Ed25519."

they are two functions, but ... which are they? :)