In order to verify the proof for `N` values `B_i`, this procedure should be followed:

```

- compute 'p' as SHAKE-256(c, N * lambda)

- divide 'p' into 'N' 'lambda'-sized pieces, and denote them as 't_n', starting from 't_1'

- compute 'A' as (g3 ^ v * (B_1^t_1 * B_2^t_2 * ... * B_n^t_n))^-1

- compute 'c2' as KDF(usage_proof_message_dh, A || B_1 || B_2 || ... || B_N || m, 64)

- verify that 'c' is equal to 'c2'

```

## State Machine

This is the state machine for when a client wants to publish Client Profiles,

...

...

@@ -1840,3 +2034,4 @@ storage.

4. Hamburg, M., Langley, A. and Turner, S. (2016). *Elliptic Curves for

Security*, Internet Engineering Task Force, RFC 7748. Available at:

http://www.ietf.org/rfc/rfc7748.txt

5. Henry, R (2014). *Efficient Zero-Knowledge Proofs and Applications* Available at: https://uwspace.uwaterloo.ca/bitstream/handle/10012/8621/Henry_Ryan.pdf