For generators T, U, V, W, K = x T + y U + z V, prove knowledge of the witness and legitimacy of a claimed L = (z / y) W.
Provide K, L.
Form a Generalized Schnorr Protocol statement of
Matrix:
[
[T, U, V],
[0, L, -W],
]
Witness:
[x, y, z]
Output:
[
K,
0,
]
This is a more efficient Seraphis composition proof in 2 points, 3 scalars AFAICT. The proposed composition proof uses 3 points, 4 scalars. This proof clearly falls back to the security proofs in the 2009 GSP work, due to being an instance of its statement. The proof within Seraphis-0-0-18.pdf would need a new security proof. While I did briefly consider writing the Seraphis proof as a GSP instance, the bounds on the scalars makes that non-trivial (the witness isn't x, y, z yet x/y, z/y, 1/y).
My one concern is using identity as an output point. I don't believe that's invalid due to the s values in the proof being per witness element and all witness elements being verified with the opening of K (which is weighted cK, ensuring the challenge is applied, where as c0 does nothing).