List of Changes:
- Initialize all Fiat-Shamir transcripts with a domain separator
- Initialize the 1-of-many proof transcript with a hash of the input anonymity set, and with all spent serial numbers
- Initialize the Schnorr proof transcript with all statement group elements
- Added Schnorr representation proofs for the
Q_kto properly argue the polynomial cancellation needed for showing balance - Initialize the range proof transcript with all input commitments
- Do not use a separate transcript for range proof inner products
- Check for number of serials/proofs mismatch
- Check serial not to be 0 in scalar randomize()
- Include public keys into 1-of-many proof transcript
- Include version number into 1-of-many proof transcript and range proof transcripts
- Include data from 1-of-many proof also in balance proof transcript
- Use Hash256 instead of Shas256, which is more secure, it does sha256(sha256(m)), and don’t use length extension
- Added check to verify that n-th power is not returning 1
- Removed unused functions in SigmaExtendedProver/Verifier