* dkg-gencrs: use EDCF to generate CRS by coin-flips of all participants
* dkg-tools: protect h-generation protocol with EDCF to avoid ROM
* provide proactive security (program dkg-refresh) [HJJKY97]
+ provide interactive and distributed (multiparty DZKP) versions for
  bootstrapping non-interactive protocols of VTMF, i.e., key generation
  (for applications that cannot rely on the random oracle assumption or
   the h-generation protocol as building block of ASTC [JL00])
+ VTMF: add interactive versions of Chaum-Pedersen PoK of dlog equality
+ DZKP also called "Simultaneous Zero-Knowledge Proofs of Knowledge" [JL00]
+ DKG, ASTC: transform protocols into variants without aiou->Send() [BH92]
+ move to event-driven architecture and state-based protocol representation
+ improve oracle function g() by including a second hash function (SHA3)
+ add a generic group abstraction layer, e.g. for future use of ECC groups
+ use secure memory allocation and erasing from libgcrypt
+ provide a byzantine consensus protocol for agreement on values
+ implement asynchronous VSS [CKLS02] for DKG and other applications

- implement the exotic card and stack operations of the toolbox; there are
  some obstacles, e.g. that the prover does not know all used randomizers,
  for the subset and superset protocols; general protocols for private
  set operations are also not useful, because they do not provide the link
  from the shuffled deck to individual set operations on private cards
