PROTOCOL DEMO FLOWS
Ephemeral session key + qFold proof + replay protection. Wallet derives IdentityCommit, generates SessionKeyPair, builds proof binding to challenge transcript. Per-verifier nullifiers.
Replay sub-demo: resend the same payload (steps 17-18). Nullifier collision rejects immediately.
Nullifier scope: per-verifier (MVP Option A). aud is inside the nullifier hash.