I discovered a trick that avoids the separate individual and batchable VRFProof types, which we'll adopt in the ring VRF crate, so maybe the correct solution would be adopting that here via some VRF2 proof/signature type that requires a PoK. We'd maybe remove VRFProofBatchable from the older VRF design.
I believe VRF2 simplifies doing #5 with some pre-signing abstraction for witness creation, so we'd eventually generalize the multi-signatures to cover VRF2 after doing #6 and #11
I've closed paritytech/polkadot#26 in favor of this. It's different functionality but if you go too far that direction you need bulletproofs really, and the little step never materialized.
I discovered a trick that avoids the separate individual and batchable VRFProof types, which we'll adopt in the ring VRF crate, so maybe the correct solution would be adopting that here via some VRF2 proof/signature type that requires a PoK. We'd maybe remove VRFProofBatchable from the older VRF design.
I believe VRF2 simplifies doing #5 with some pre-signing abstraction for witness creation, so we'd eventually generalize the multi-signatures to cover VRF2 after doing #6 and #11
I've closed paritytech/polkadot#26 in favor of this. It's different functionality but if you go too far that direction you need bulletproofs really, and the little step never materialized.