Add comments about changes in coin validity due to blockchain evolution.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>

protocol/protocol.tex

@@ -74,6 +74,7 @@
 \newcommand{\script}{\term{script}}
 \newcommand{\serialNumber}{\term{serial number}}
 \newcommand{\serialNumbers}{\term{serial numbers}}
+\newcommand{\spentSerials}{\term{spent serial number set}}
 % Daira: This doesn't adequately distinguish between zk stuff and transparent stuff
 \newcommand{\paymentAddress}{\term{payment address}}
 \newcommand{\paymentAddresses}{\term{payment addresses}}
@@ -511,6 +512,16 @@ will attempt to decrypt that ciphertext component as follows:
 }
 \end{itemize}
 
+To test whether a \coin is unspent in a particular \blockchainview also requires
+the \authKeypair private key $\AuthPrivate$; the coin is unspent if and only if
+$\sn = \PRFsn{\AuthPrivate}(\CoinAddressRand)$ is not in the \spentSerials
+for that \blockchainview.
+
+Note that a coin may change from being unspent to spent on a given \blockchainview,
+as transactions are added to that view. Also, blockchain reorganisations may cause
+the transaction in which a coin was output to no longer be on the consensus
+blockchain.
+
 \changed{
 Similarly, let $\DiscloseKey$ be a \viewingKey holder's \discloseKey.
 Then for each \PourDescription in its \blockchainview, the \viewingKey holder