The randomness comes from RandNum in this expression:
(x1, y1) = RandNum * GenPoint
The random number is selected between 1 and the order of the generator point - 1. It's used in such a way that you don't need to know the random number's value when verifying the message.
Wikipedia has this for the last stage of the signing algorithm:
Select a cryptographically secure random integer k from [1,n-1].
Calculate the curve point (x1 , y1) = k × G
Calculate r = x1 mod n. If r = 0, go back to step 3.
Calculate s = k−1(z + r dA) mod n. If s=0, go back to step 3.
The signature is the pair (r, s). (And (r , −s mod n) is also a valid signature.)
To verify the signature:
Calculate u1 = z s−1 mod n and u2 = r s−1 mod n.
Calculate the curve point (x1 , y1) = u1 × G + u2 × Q A . If (x1 , y1) = O then the signature is invalid.
The signature is valid if r ≡ x1 (mod n), invalid otherwise.
z is the left bits of a hash of the message.
k−1(z + r dA) mod n is not a reversible operation, because of the mod. That's why the verification algorithm can't rely on the value of
k and it has to take a detour by calculating
s−1 mod n using the r and z values.
