Before v2.0.0, bnb-chain/tss-lib used a single SHA512_256i helper for every proof challenge: Schnorr, MtA, DLN, commitments, with no tag distinguishing which protocol context a hash was produced in (source).
The fix (PR #256) introduced SHA512_256i_TAGGED, which prepends a per-session, per-proof-type tag and length-prefixes every input (source):
1// common/hash.go — bnb-chain/tss-lib v2.0.0 (fixed)
2// SHA512_256i_TAGGED prepends a session-specific tag, providing domain
3// separation between different proof types and sessions.
4func SHA512_256i_TAGGED(tag []byte, in ...*big.Int) *big.Int {
5 data := tag // unique per proof type and session
6 for _, v := range in {
7 data = append(data, v.Bytes()...)
8 data = append(data, hashInputDelimiter)
9 dataLen := make([]byte, 8)
10 binary.LittleEndian.PutUint64(dataLen, uint64(len(v.Bytes())))
11 data = append(data, dataLen...)
12 }
13 return new(big.Int).SetBytes(crypto.SHA512_256(data))
14}