When a customer wants to change her secret, she has to send previously
used information with a new secret. We suggest a way of revocation and update
of secrets: the customer sends a nonce 
with
C to the bank, then the bank sends back 
.
The customer checks 
, if it is valid, she requests to update
her shared information by sending
,
where 
is the new secret.
It the customer wants to change p as well, she can do it in the same
procedure, but does not have to.
When 
is correct, the bank changes the
customer's information. Similarly, the customer can change her information
in a merchant by using 
and
,
where 
is a nonce and 
is the new secret.
If the customer cannot remember her previous information, the information
cannot be revoked on-line, and the revocation should be done in off-line
communication with both the bank and the merchant.
