diff --git a/crypto/schnorr/schnorr_proof_test.go b/crypto/schnorr/schnorr_proof_test.go
index b097f93..f8a2503 100644
--- a/crypto/schnorr/schnorr_proof_test.go
+++ b/crypto/schnorr/schnorr_proof_test.go
@@ -81,7 +81,7 @@ func TestSchnorrVProofVerifyBadPartialV(t *testing.T) {
 	proof, _ := NewZKVProof(V, R, s, l)
 	res := proof.Verify(V, R)
 
-	assert.False(t, res, "verify result must be true")
+	assert.False(t, res, "verify result must be false")
 }
 
 func TestSchnorrVProofVerifyBadS(t *testing.T) {
@@ -98,5 +98,5 @@ func TestSchnorrVProofVerifyBadS(t *testing.T) {
 	proof, _ := NewZKVProof(V, R, s2, l)
 	res := proof.Verify(V, R)
 
-	assert.False(t, res, "verify result must be true")
+	assert.False(t, res, "verify result must be false")
 }
diff --git a/eddsa/signing/finalize.go b/eddsa/signing/finalize.go
index bff8dce..cf34a0b 100644
--- a/eddsa/signing/finalize.go
+++ b/eddsa/signing/finalize.go
@@ -37,11 +37,12 @@ func (round *finalization) Start() *tss.Error {
 		edwards25519.ScMulAdd(&tmpSumS, sumS, bigIntToEncodedBytes(big.NewInt(1)), sjBytes)
 		sumS = &tmpSumS
 	}
+	s := encodedBytesToBigInt(sumS)
 
 	// save the signature for final output
 	round.data.Signature = append(bigIntToEncodedBytes(round.temp.r)[:], sumS[:]...)
 	round.data.R = round.temp.r.Bytes()
-	round.data.S = sumS[:]
+	round.data.S = s.Bytes()
 	round.data.M = round.temp.m.Bytes()
 
 	pk := edwards.PublicKey{
@@ -49,7 +50,6 @@ func (round *finalization) Start() *tss.Error {
 		X:     round.key.EDDSAPub.X(),
 		Y:     round.key.EDDSAPub.Y(),
 	}
-	s := encodedBytesToBigInt(sumS)
 
 	ok := edwards.Verify(&pk, round.temp.m.Bytes(), round.temp.r, s)
 	if !ok {