Fixed one typo in the Order assumption and updated the Low Order assumption to an almost exponentially weaker variant of the original Low Order assumption. It is still sufficient for breaking the soundness of Pietrzak's proof of exponentiation in groups of unknown order. It would be interesting to establish a sufficient AND necessary assumption for breaking the soundness of Pietrzak's protocol as even the current one is non-necessary...
Fixed one typo in the Order assumption and updated the Low Order assumption to an almost exponentially weaker variant of the original Low Order assumption. It is still sufficient for breaking the soundness of Pietrzak's proof of exponentiation in groups of unknown order. It would be interesting to establish a sufficient AND necessary assumption for breaking the soundness of Pietrzak's protocol as even the current one is non-necessary...