You are right to point out that the updated specification now correctly models the separation of concerns, allowing for the key generation to occur outside the critical section. The new pending_keys
and keys_batch
variables effectively create a contract that ensures the race condition I previously described is avoided.
I have updated the implementation to reflect this new design.
The
keys_batch
part if non-sense, since that one is an auxiliary variable.