This adds mechanism reuse to the security analysis.
In this version we don't need to modify the PRF. The proofs issued by witnesses and proofs by participants differ in that witnesses don't include cid. Thus a witness proof will never verify as a participant proof.
dbosk
commented
6 years ago
This adds mechanism reuse to the security analysis.
In this version we don't need to modify the PRF. The proofs issued by witnesses and proofs by participants differ in that witnesses don't include cid. Thus a witness proof will never verify as a participant proof.
paper.pdf