diff --git a/common/internship.sty b/common/internship.sty
index 55184ff..215aae5 100644
--- a/common/internship.sty
+++ b/common/internship.sty
@@ -7,3 +7,10 @@
 \newcommand{\clsl}{\ll_0}
 \newcommand{\clsr}{\gg_{0, \text{l}}}
 \newcommand{\casr}{\gg_{0, \text{a}}}
+
+\newcommand{\xor}{\oplus}
+
+%\newcommand{\path}[1]{\texttt{#1}}
+
+\newcommand{\sigconst}[1]{\mathcal{SC}_{#1}}
+\newcommand{\sigop}{\mathfrak{h}}
diff --git a/report/report.tex b/report/report.tex
index a52a981..0d9d105 100644
--- a/report/report.tex
+++ b/report/report.tex
@@ -8,6 +8,7 @@
 \usepackage{indentfirst}
 \usepackage{enumerate}
 \usepackage{caption}
+\usepackage{algorithmicx}
 \usepackage[backend=biber,style=trad-alpha]{biblatex}
 \usepackage[left=2cm,right=2cm,top=2cm,bottom=2cm]{geometry}
 
@@ -60,6 +61,8 @@
 
 \tableofcontents
 
+\todo{Talk of the repo, somewhere}
+
 \pagebreak
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
@@ -239,7 +242,7 @@ three main parts.
 
 \paragraph{Signatures.} The initial idea to make the computation fast is to
 aggregate the inner data of a gate --- be it a leaf gate or a group --- in a
-kind of hash, a 32 bits unsigned integer. This approach is directly inspired
+kind of hash, a 64 bits unsigned integer. This approach is directly inspired
 from what was done in fl, back at Intel. This hash must be easy to compute,
 and must be based only on the structure of the graph --- that is, must be
 entirely oblivious of the labels given, the order in which the circuit is
@@ -274,7 +277,33 @@ this problem, that uses the specificities of the graph to be a little faster.
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \section{Signatures}
-\todo{}
+
+The signature is computed as a simple hash of the element, and is defined for
+every type of expression and circuit. It could probably be enhanced with a bit
+more work to cover more uniformly the hash space, but no collision was observed
+on the examples tested.
+
+\paragraph{Signature constants.} Signature constants are used all around the
+signing process, and is a 5-tuple $\sigconst{} = (a, x_l, x_h, d_l, d_h)$ of 32
+bits unsigned numbers. All of $x_l$, $x_h$, $d_l$ and $d_h$ are picked as prime
+numbers between $10^8$ and $10^9$ (which just fits in a 32 bits unsigned
+integer); while $a$ is a random integer uniformly picked between $2^{16}$ and
+$2^{32}$.  These constants are generated by a small python script,
+\path{util/primegen/pickPrimes.py}.
+
+Those constants are used to produce a 64 bits unsigned value out of another 64
+bits unsigned value, called $v$ thereafter, through an operator $\sigop$,
+computed as follows.
+
+\begin{algorithmic}
+    \Function{$\sigop$}{$\sigconst{}, v$}
+        \State{} $out1 \gets (v + a) \cdot x_l$
+        \State{} $v_h \gets (v \lsr 32) \xor (out1 \lsr 32)$
+        \State{} $low \gets out1 \,\%\, d_l$
+        \State{} $high \gets \left((v_h + a) \cdot x_h \right) \%\, d_h$
+        \State{} \Return{} $low + 2^{32} \cdot high$
+    \EndFunction{}
+\end{algorithmic}
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \section{Group equality}