burdges
commented
4 years ago I'll ask the authors about their actual security eventually, like maybe at Eurocrypt. It's tricky to qualify what this security proof really says and how much more you'd want it to say.
We should implement the Clause Blind Schnorr signature scheme from section 5 of https://eprint.iacr.org/2019/877.pdf which provides a normal Schnorr verification. We don't need them for anything right now, but maybe someone does.