Reducing the double spend window at redemption

[e271828-]

The current design of Privacy Pass allows double spends unless a record of each token redeemed is kept and checked at redemption.

In typical use, tokens issued may be reasonably expected to survive for multiple days. This creates an obligation for services to maintain globally consistent records for a long period of time to prevent abuse.

We can propose possible solutions, but want to first call this out as an issue for wider adoption in case others are thinking about the same issue.

There are at least two separate issues to address:

1. This request is not simply a replay
2. This redemption is not simply a replay

An ideal solution would allow fast evaluation of these properties while requiring a minimum of shared state.