And should have been obvious to anyone who has implemented the cryptosystem too,  if k didn't have to be secret/unique you could just make it a parameter of the system and eliminate r and halve the size of the signatures.