I believe the paper specifies the challenge from the merchant as possibly random or based on the merchant's identity. Random most likely means that n becomes a bit-security parameter that has to become reasonably large so the chance of collision is extremely low (as I think the spender can always walk away after receiving the challenge).
I think setting n = log_2(maximumNumberOfMerchants) and hardcoding which merchants ask for which pieces is a straightforward way of preventing all unpunished double spends while keeping n relatively small. BTW, with general progress of zero-knowledge techniques I'd be surprised if there weren't a more modern and concise paper in the same vein.
I think setting n = log_2(maximumNumberOfMerchants) and hardcoding which merchants ask for which pieces is a straightforward way of preventing all unpunished double spends while keeping n relatively small. BTW, with general progress of zero-knowledge techniques I'd be surprised if there weren't a more modern and concise paper in the same vein.