Recently I have been reading this paper by Dan Boneh et al., where the authors are going to use a general form of forking lemma, to prove the security of their Schnorr multi-signature.
As I understood, this general form of forking lemma is about having several crucial points, rather than a single point (by crucial I mean the point that we rewind the adversary).
When you go to the security proof (pp 21-22), what they are using is just rewinding to a single point.
So I was wondering what is the reason for using this general forking lemma?
