deletions | additions       diff --git a/untitled.tex b/untitled.tex  index 0e05e1c..e3b6741 100644  --- a/untitled.tex  +++ b/untitled.tex 
...
\item Compute $s = u_4u(z + rd)$ (where $z$, $r$ and $d$ have the normal meanings for ECDSA; $z$ is the hash, $r$ is the x-coordinate computed previously, and $d$ is the ECDSA private key).  \end{itemize}  If you go through this procedure, it should be clear that this is effectively the ECDSA signature algorithm (with $k = a+b \bmod n$), and n$). It should also be clear  that the value of $k$ chosen is unbiased, and that  internal bits of all the intermediate values are uncorrelated to the bits of $k$, $k$ (in fact, except for $t_5$, the value of all intermediates are distributed independently of $k$),  hence we have achieved blinding against first order side channel attacks. In addition, the operations that we have added over the straight-forward ECDSA signature generation with Coron blinding (generating $2\log{n}$ additional random bits, three additional multiplications, one additional binary addition, one addition in base-48, and two base conversions) are relatively cheap (say, compared to computing the multiplicative inverse), and so we haven't increased the expense significantly. \section{Summary} 
...