This adds mechanism reuse to the security analysis.
In this version we don't need to modify the PRF. The proofs issued by witnesses and proofs by participants differ in that witnesses don't include cid. Thus a witness proof will never verify as a participant proof.
This adds mechanism reuse to the security analysis.
In this version we don't need to modify the PRF. The proofs issued by witnesses and proofs by participants differ in that witnesses don't include cid. Thus a witness proof will never verify as a participant proof.
paper.pdf