leftover-blinding-demo.diff

diff --git a/discrete/discrete.py b/discrete/discrete.py
index e8cd187..e1cfbb6 100644
--- a/discrete/discrete.py
+++ b/discrete/discrete.py
@@ -105,6 +105,7 @@ def prove(x):
         temp_s += dumb448.Scalar(2)**i*s[i]
     if not temp_r == dumb25519.Scalar(0) or not temp_s == dumb448.Scalar(0):
         raise ArithmeticError('Blinder sum check failed!')
+    r[0] += dumb25519.Scalar(1)
 
     # generators
     G = dumb25519.G
@@ -125,8 +126,8 @@ def prove(x):
     for i in range(len(b)):
         temp_C_G += dumb25519.Scalar(2)**i*C_G[i]
         temp_C_H += dumb448.Scalar(2)**i*C_H[i]
-    if not temp_C_G == dumb25519.Scalar(x)*G1 or not temp_C_H == dumb448.Scalar(x)*H1:
-        raise ArithmeticError('Bit construction check failed!')
+    #if not temp_C_G == dumb25519.Scalar(x)*G1 or not temp_C_H == dumb448.Scalar(x)*H1:
+    #    raise ArithmeticError('Bit construction check failed!')
 
     # proof elements
     e0_G = dumb25519.ScalarVector([])
@@ -170,7 +171,7 @@ def prove(x):
         else:
             raise ArithmeticError('Bit decomposition must be 0 or 1!')
 
-    return Proof(dumb25519.Scalar(x)*G1,dumb448.Scalar(x)*H1,C_G,C_H,e0_G,e0_H,a0,a1,b0,b1)
+    return Proof(dumb25519.Scalar(x)*G1 + G,dumb448.Scalar(x)*H1,C_G,C_H,e0_G,e0_H,a0,a1,b0,b1)
 
 # Verify a proof
 #