From b67fc1b5ac321ae05c75a7c2ada7d5c7fc6e8d83 Mon Sep 17 00:00:00 2001
From: Craig Everett <zxq9@zxq9.com>
Date: Fri, 29 May 2026 17:03:48 +0900
Subject: [PATCH] WIP

---
 src/shake.erl | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/shake.erl b/src/shake.erl
index 685a1f3..c7c0003 100644
--- a/src/shake.erl
+++ b/src/shake.erl
@@ -58,17 +58,17 @@ p() -> 16#7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFED.
 
 ed25519_pk_to_x25519(<<ED25519_PK:32/binary>>) ->
     <<CompressedInt:256/little-integer>> = ED25519_PK,
-    %% Clear the sign bit (MSB) to get the raw y-coordinate
+    % Clear the sign bit (MSB) to get the raw y-coordinate
     Y = CompressedInt band ((1 bsl 255) - 1),
     
-    %% Compute u = (1 + y) / (1 - y) mod P
+    % Compute u = (1 + y) / (1 - y) mod P
     Num = (1 + Y) rem p(),
     Den = (1 - Y + p()) rem p(),
-    
     case Den =:= 0 of
         true -> 
             % If y == 1, the point maps to the point at infinity.
             % On X25519, this translates to u = 0.
+            % TODO: Ask Peter whether this case should actually fail...?
             <<0:256/little-integer>>;
         false ->
             U = (Num * mod_inv(Den, p())) rem p(),