The reference code and the implementation both have discrepancies in several places. The "Let k = int(hash(bytes(d) || m)) mod n" line is found in several places but the reference code does not have a modulo. There was also confusion around the 'bytes(x(R)) || bytes(k + ex mod n)' signature as x is not defined, apparently being the private key. The jacobi function is said to be great at exposing bugs due to the full 256 bit exponent which might be worth mentioning. The "bytes" notation is not consistent for integers and points and could be confusing, so it might be helpful to name them differently. Lastly, it was suggested that having a larger set of test vectors in a JSON or CSV file covering all edge cases would be beneficial.