Section 7.2, line 2 and step 3: it should be “Client Key pk_sign” instead of “Client Key pk_blind”
Section 6 has a step 4 which says “Concatenate the values of aad, enc and ct, yielding an Encapsulated Request enc_request”
This is the first and only mention of enc_request
This does not match what is done in the pseudocode below. In particular, the aad is not concatenated (and is reconstructed by the issuer) and the result is not enc_request but encrypted_origin_name.
Section 5.4. The first two sentences from the second paragraph are about steps the attester would do before contacting the issuer. It seems that they should be included with the similar steps in the previous section instead.