Another question from me.
In your paper there's content as following:
A locked transaction with one input UTXO will contains up to 2N+1 signatures, and almost every transactions are locked using this service.
Then miners need to verify this? if yes, then how they can do? How miner can know/verfiy a tnx containing correct and enough signatures as the output result of rejection sampling?