simplepedpop_pre_finalize needs to check its input is included in the commitments

[LLFourn]

In simplepedpop_pre_finalize you need to check that your input from simplpedpop_round1 is included in the partially aggregated commitments -- this means that you check the first coefficient matches what you contributed, otherwise a malicious coordinator can switcharoo your commitment with their own.

Perhaps this is attack is protected against elsewhere but I couldn't find it.

[real-or-random]

Thanks, good catch. We should probably also just "verify" our own PoK by simply comparing it to what we have sent.

(And we should consider reworking the VSSCommitment and VSSCommitmentExt data structures... For example, having the first commitments in the front of the list is a bit implicit, it's probably better to make a tuple... Or better, a namedtuple)