diff --git a/Makefile b/Makefile
index 845208a687097703c986cc3c15ae17d7c753f432..21e195f33d8fca2e21be1ba6813d945160441c68 100644
--- a/Makefile
+++ b/Makefile
@@ -1,12 +1,13 @@
 all: figures
 	pdflatex -jobname=thesis main.tex
+	makeglossaries thesis
 	biber thesis.bcf
 	pdflatex -jobname=thesis main.tex
 	pdflatex -jobname=thesis main.tex
-	rm -f *.bbl *.blg *.log *.aux *.toc *.out *.bcf *.run.xml
+	rm -f *.bbl *.blg *.log *.aux *.toc *.out *.bcf *.run.xml *.acn *.acr *.alg *.glg *.glo *.gls *.ist
 
 clean:
-	rm -f *.bbl *.blg *.log *.aux *.toc *.out *.bcf *.run.xml
+	rm -f *.bbl *.blg *.log *.aux *.toc *.out *.bcf *.run.xml *.acn *.acr *.alg *.glg *.glo *.gls *.ist
 
 figures:
 	cd figures; . venv/bin/activate; python3 generate_figures.py
diff --git a/bibliography/bibliography.bib b/bibliography/bibliography.bib
index 034d68a2b387acb89122287c25970e4653ff1f73..15793a39d62e85de09e89fc2b001b3cf7505ddec 100644
--- a/bibliography/bibliography.bib
+++ b/bibliography/bibliography.bib
@@ -1,3 +1,19 @@
+@InProceedings{Bayer1992Improving,
+author="Bayer, Dave
+and Haber, Stuart
+and Stornetta, W. Scott",
+editor="Capocelli, Renato
+and De Santis, Alfredo
+and Vaccaro, Ugo",
+title="Improving the Efficiency and Reliability of Digital Time-Stamping",
+booktitle="Sequences II",
+year="1993",
+publisher="Springer New York",
+pages="329--334",
+abstract="To establish that a document was created after a given moment in time, it is necessary to report events that could not have been predicted before they happened. To establish that a document was created before a given moment in time, it is necessary to cause an event based on the document, which can be observed by others. Cryptographic hash functions can be used both to report events succinctly, and to cause events based on documents without revealing their contents. Haber and Stornetta have proposed two schemes for digital time-stamping which rely on these principles [HaSt 91].",
+isbn="978-1-4613-9323-8"
+}
+
 @article{Fog2008Calculation,
 author = {Agner Fog},
 title = {Calculation Methods for Wallenius' Noncentral Hypergeometric Distribution},
@@ -33,4 +49,11 @@ pages={99-111},
 abstract={The prospect of a world in which all text, audio, picture, and video documents are in digital form on easily modifiable media raises the issue of how to certify when a document was created or last changed. The problem is to time-stamp the data, not the medium. We propose computationally practical procedures for digital time-stamping of such documents so that it is infeasible for a user either to back-date or to forward-date his document, even with the collusion of a time-stamping service. Our procedures maintain complete privacy of the documents themselves, and require no record-keeping by the time-stamping service.},
 issn={1432-1378},
 doi={10.1007/BF00196791},
+}
+
+@misc{SuretyNodateWhat,
+author = {Surety LLC},
+title = {What We Do},
+howpublished = {\url{https://web.archive.org/web/20250325081455/https://www.surety.com/digital-copyright-protection/prove-ownership}},
+note = {Accessed: 25 March 2025},
 }
\ No newline at end of file
diff --git a/chapters/01_introduction.tex b/chapters/01_introduction.tex
index 3398e3c904cbda7fcfc5f92adc864dfc601579f7..547cb48bb5b7ae67a3327c292052ef7a77b535d0 100644
--- a/chapters/01_introduction.tex
+++ b/chapters/01_introduction.tex
@@ -6,46 +6,49 @@ The simplest approach to digital time-stamping relies on a trusted third party (
 If Alice wants to time-stamp a document and prove the document's existence at the time-stamp's time to Bob at some later time, she can ask a time-stamp authority (TSA) to cryptographically sign a secure hash of her document together with the current time.
 Bob accepts the TSA's signature as proof of the document's existence at the specified time.\footfullcite{Haber1991Timestamp}
 
-This scheme requires complete trust of both Alice and Bob in the impartiality of the TSA.
-Bob needs to trust the TSA to keep its private key secure and to never produce time-stamps for the past (an attack which I will refer to as "backdating").
-Alice needs to trust the availability of the time-stamping service provided by the TSA whenever she wants to time-stamp a document. 
+From now on, I will refer to the Alice, the party requesting a time-stamp from the TSA, as the \emph{document owner}.
+Bob, the party who wants to verify a time-stamp's validity, will be called the \emph{verifier}.
+
+The scheme outlined above requires complete trust of both the document owner and the verifier in the impartiality of the TSA.
+The verifier needs to trust the TSA to keep its private key secure and to never produce time-stamps for the past (an attack which I will refer to as \emph{backdating}).
+The document owner needs to trust the availability of the time-stamping service provided by the TSA whenever she wants to time-stamp a document. 
 
 This trust in a single authority can be problematic in practice.
-Even if we could assume complete impartiality of the TSA with regard to Alice and Bob, what happens if the party responsible for running the TSA wants to time-stamp a document of their own?
+Even if we could assume complete impartiality of the TSA with regard to the document owner and the verifier, what happens if the party responsible for running the TSA wants to time-stamp a document of their own?
 Clearly, to ensure impartiality, another TSA would need to be used.
 But now what if neither of our TSAs can be assumed to be impartial with regard to yet another party who wants to time-stamp a document?
 Manually keeping track of which TSA can be trusted under which circumstances quickly becomes impractical.
 The notion of distributed trust will simplify matters considerably. 
 
-\subsection{Distributed trust}
+\subsection{\label{section::distributed_trust}Distributed trust}
 
-\subsubsection{Building trust through publication}
+\subsubsection{\label{section::building_trust}Building trust through publication}
 
 Trusted time-stamping requires complete trust in the time-stamp authority.
 This does not mean, however, that the TSA is actually \emph{trustworthy}.
 We can decrease the amount of trust that we need to put in any single party by distributing trust across multiple parties.
 
 In the context of time-stamping, we can achieve this by requiring the TSA to \emph{publish} its time-stamps to a large number of \emph{witnesses}.
-The publication can be implemented in many different ways, which we will take a look at in more detail later.
+The publication can be implemented in many different ways, which we will take a detailed look at in Section~\ref{section::publication}.
 For now, the reader may imagine that the TSA publishes its time-stamps in a newspaper.
-The time-stamping company \emph{Surety} actually employed this method of publication in practice. (Citation needed)
+The time-stamping company \emph{Surety} actually employed this method of publication in practice.\footnote{``As an extra measure, Surety publishes a weekly summary hash value in The New York Times. This `widely-witnessed' value provides an anchor for the security of the whole system.'' \fullcite{SuretyNodateWhat}}
 
 Witnesses keep a record of the time-stamps issued by the TSA.
 They do not accept time-stamps issued too far in the past.
 Staying with the example of time-stamps published in a newspaper, the newspaper archives of public libraries can act as witnesses.
 To prevent backdating attacks, a library only archives a newspaper which it receives on the printed date of publication.
 
-When a client wants to verify the validity of a time-stamp, they can now ask a selection of witnesses for confirmation.
-Using our example of newspaper archives, a client visits a handful of library archives and confirms that the time-stamp in question is actually printed in the archived newspapers of that date.
-Clients only accept time-stamps for which they find a sufficient number of witnesses.
+When a verifier wants to confirm the validity of a time-stamp, she can now ask a selection of witnesses for confirmation.
+Using our example of newspaper archives, a verifier visits a handful of library archives and confirms that the time-stamp in question is actually printed in the archived newspapers of that date.
+Verifiers only accept time-stamps for which they find a sufficient number of witnesses.
 
 Using such a publication scheme, a malicious TSA can no longer carry out a backdating attack all by itself.
-Instead, it would require the active cooperation of a sufficiently large number of witnesses in order to convince a client of the validity of a backdated time-stamp.
-The client's trust is thus \emph{distributed} over the TSA, the publication process and the witnesses.
+Instead, it would require the active cooperation of a sufficiently large number of witnesses in order to convince a verifier of the validity of a backdated time-stamp.
+The verifier's trust is thus \emph{distributed} over the TSA, the publication process and the witnesses.
 
 \subsubsection{Quantifying distributed trust}
 
-Let us now introduce a mathematical model for the publication scheme outlined in the previous section.
+Let us now introduce a mathematical model for the publication scheme outlined in Section~\ref{section::building_trust}.
 Say the TSA publishes its time-stamps to $N$ witnesses.
 It should be emphasized that a witness is required to keep a record of time-stamps.
 Going back to our example of time-stamps published in a newspaper, $N$ does \emph{not} correspond to the number of copies printed.
@@ -53,13 +56,13 @@ Instead, $N$ refers to the number of places that keep archives of the newspaper.
 
 We assume that there exist a number $K$ of malicious witnesses that collude together with the TSA in an attempt to backdate time-stamps.
 
-Finally, a client consults a number $n$ of witnesses to verify a time-stamp.
-The client only accepts the time-stamp if all $n$ selected witnesses confirm its existence at the given time.
+Finally, a verifier consults a number $n$ of witnesses to verify a time-stamp.
+The verifier only accepts the time-stamp if all $n$ selected witnesses confirm its existence at the given time.
 
-Let $k$ be the number of maliciously colluding witnesses selected by the client.
-Evidently, a successful backdating attack occurs when the client selects only colluding witnesses, so when $k=n$.
+Let $k$ be the number of maliciously colluding witnesses selected by the verifier.
+Evidently, a successful backdating attack occurs when the verifier selects only colluding witnesses, so when $k=n$.
 
-Let us now further assume that the client selects its $n$ witnesses from the total number of witnesses $N$ completely at random.
+Let us now further assume that the verifier selects its $n$ witnesses from the total number of witnesses $N$ at random with a uniform distribution.
 Our problem is now equivalent to the urn problem when ``drawing without replacement''.
 $k$ thus follows the hypergeometric distribution\footfullcite[pp.~117-119]{Forbes2010Statistical} with the probability mass function:
 
@@ -79,32 +82,32 @@ The probability of a successful backdating attack is then given by the equation:
     Probability of a successful backdating attack according to the hypergeometric distribution.
     $N=30$ witnesses keep records of the time-stamps issued by the TSA.
     Of these witnesses, a number $K$ (plotted on the x-axis) maliciously collude with the TSA in order to backdate time-stamps.
-    To check a time-stamp's validity, a client consults $n$ randomly selected witnesses.
+    To check a time-stamp's validity, a verifier consults $n$ randomly selected witnesses.
     The backdating attack is successful if all $n$ selected witnesses are malicious.
     As expected, the probability of a successful backdating attack increases with an increasing number of colluding witnesses $K$, reaching 1 when $N=K$.
-    The client can decrease the likelihood of a successful backdating attack by consulting more witnesses, as can be observed from the different graph lines.
+    The verifier can decrease the likelihood of a successful backdating attack by consulting more witnesses, as can be observed from the different graph lines.
   }
 \end{figure}
 
 Figure~\ref{figure::backdating_probability_hypergeometric} graphs this probability as a function of $K$ for different values of $n$.
 
 In practice, the selection of witnesses may not be truly random.
-Sticking to our example of newspaper archives, a client will likely prefer libraries which are geographically close to them.
+Sticking to our example of newspaper archives, a verifier might prefer libraries which are geographically close to them.
 A network protocol for distributed trust may also favor witnesses with small round-trip times in order to increase performance.
 
 An attacker may be able to leverage this by placing colluding witnesses at favorable locations.
-We can model this by introducing a weight parameter $\omega$, where a malicious witness is $\omega$ times more likely to be selected than an honest witness.
+We can model this by introducing a weight parameter $\omega$, where a verifier is $\omega$ times more likely to select a malicious witness than an honest witness.
 $k$ then follows a noncentral hypergeometric distribution.
 
 Two distinct noncentral hypergeometric distributions exist in the literature.
-They are frequently confused, because their difference is subtle and both are regularly referred to as ``the'' noncentral hypergeometric distribution.\footfullcite{Fog2008Calculation}
+They are frequently confused, as the difference between them is subtle and both are regularly referred to as ``the'' noncentral hypergeometric distribution.\footfullcite{Fog2008Calculation}
 Fisher's noncentral hypergeometric distribution models the case where multiple balls are drawn from the urn at once and thus the probability of drawing one item is independent of the other items that are drawn.
-The precise sample size $n$ can not be known in advance in this case.
+The sample size $n$ can not be known in advance in this case, as this would introduce a dependence between draws.
 Wallenius' noncentral hypergeometric distribution, on the other hand, models the case of sequentially drawing balls from the urn, for a total number of $n$ draws that has been determined in advance.\footnote{For a detailed discussion on the distinction between Wallenius' and Fisher's noncentral hypergeometric distribution, see: \fullcite{Fog2008Calculation}}
 
-As the client in our model determines the number $n$ of witnesses to consult in advance, $k$ follows Wallenius' noncentral hypergeometric distribution.
-The client selects witnesses in rounds.
-$k_\nu$ describes how many malicious witnesses have been selected after the completion of round $\nu$.
+As the verifier in our model determines the number $n$ of witnesses to consult in advance, $k$ follows Wallenius' noncentral hypergeometric distribution.
+The verifier selects witnesses in rounds.
+$k_\nu$ describes how many malicious witnesses she selects after the completion of round $\nu$.
 The probability of selecting a malicious witness in round $\nu+1$ corresponds to the weight ratio of the remaining witnesses:
 
 \begin{equation}
@@ -130,8 +133,8 @@ The probability of a successful backdating attack is then:
     Probability of a successful backdating attack according to Wallenius' noncentral hypergeometric distribution.
     $N=30$ witnesses keep records of the time-stamps issued by the TSA.
     Of these witnesses, a number $K$ (plotted on the x-axis) maliciously collude with the TSA in order to backdate time-stamps.
-    To check a time-stamp's validity, a client consults $n=8$ randomly selected witnesses.
-    A malicious witness is $\omega$ times more likely to be selected than an honest witness.
+    To check a time-stamp's validity, a verifier consults $n=8$ randomly selected witnesses.
+    The verifier is $\omega$ times more likely to select a malicious witness than an honest witness.
     The backdating attack is successful if all $n$ selected witnesses are malicious.
     As expected, the probability of a successful backdating attack increases with an increasing number of colluding witnesses $K$, reaching 1 when $N=K$.
     Increasing values of $\omega$ increase the chances of a successful backdating attack, as can be observed from the different graph lines.
@@ -143,7 +146,7 @@ The probability of a successful backdating attack is then:
 Figure~\ref{figure::backdating_probability_noncentral} graphs this probability as a function of $K$ for different values of $\omega$.
 
 Note that the noncentral hypergeometric distribution is equivalent to the regular hypergeomtric distribution when $\omega=1$.
-When an attacker can ensure that the client will only select malicious witnesses, $\omega$ approaches infinity.
+When an attacker can ensure that the verifier will only select malicious witnesses, $\omega$ approaches infinity.
 In this case, the probability of a successful backdating attack approaches a step function with the step at $n=K$.
 
 \begin{equation}
@@ -156,14 +159,14 @@ In this case, the probability of a successful backdating attack approaches a ste
 
 \subsubsection{Increasing availability}
 
-In a real distributed service, we can not assume that a client can always reach any witness it desires.
+In a real distributed service, we can not assume that a verifier can always reach any witness she desires.
 Network partitions or denial of service attacks may render witnesses temporarily unavailable.
 We include a new parameter $n'$ into our model to accomodate this possibility.
-While the client still asks $n$ randomly selected witnesses to verify a time-stamp, it accepts the time-stamp as soon as it receives $n'$ valid responses from the witnesses, with $n'<n$.
+While the verifier still asks $n$ randomly selected witnesses to verify a time-stamp, she accepts the time-stamp as soon as she receives $n'$ valid responses from the witnesses, with $n'<n$.
 
 Let $U$ be the total number of witnesses that are unavailable or refuse to confirm a legitimate time-stamp upon a client's request.
-Let $u$ be the number of unavailable witnesses included in the $n$ witnesses that were randomly selected by the client.
-A client will then not accept a legitimate time-stamp if $u>n-n'$.
+Let $u$ be the number of unavailable witnesses included in the $n$ witnesses that the verifier randomly selected.
+The verifier will then not accept a legitimate time-stamp if $u>n-n'$.
 The probability of this happening according to the hypergeometric distribution is:
 
 \begin{equation}
@@ -173,19 +176,19 @@ The probability of this happening according to the hypergeometric distribution i
 \begin{figure}
   \includegraphics{figures/dos_hypergeometric.pdf}
   \caption{\label{figure::dos_hypergeometric}
-    Probability of a client failing to accept a legitimate time-stamp in the face of witness unavailability.
+    Probability of a verifier failing to accept a legitimate time-stamp in the face of witness unavailability.
     $N=30$ witnesses keep records of the time-stamps issued by the TSA.
     Of these witnesses, a number $U$ (plotted on the x-axis) is unavailable due to a network partition, a denial of service attack, a crash failure or some other reason.
-    To check a time-stamp's validity, a client consults $n=8$ randomly selected witnesses.
-    It accepts the time-stamp if it receives valid responses from $n'$ witnesses.
-    The client will fail to accept a legitimate time-stamp if more than $n-n'$ of the selected witnesses are unavailable.
+    To check a time-stamp's validity, a verifier consults $n=8$ randomly selected witnesses.
+    She accepts the time-stamp if she receives valid responses from $n'$ witnesses.
+    The verifier will fail to accept a legitimate time-stamp if more than $n-n'$ of the selected witnesses are unavailable.
     Decreasing values of $n'$ protect against this happening, as can be observed from the different graph lines.
   }
 \end{figure}
 
 Figure~\ref{figure::dos_hypergeometric} graphs this probability as a function of $U$ for different values of $n'$.
 
-If a client is more likely to select certain witnesses over others and we assume that an attacker can carry out a targeted denial of service attack on these witnesses, we need to model the probability of a successful DoS attack using Wallenius' noncentral hypergeometric distribution:
+If a verifier is more likely to select certain witnesses over others and we assume that an attacker can carry out a targeted denial of service attack on these witnesses, we need to model the probability of a successful DoS attack using Wallenius' noncentral hypergeometric distribution:
 
 \begin{align}
   \begin{split}
@@ -198,13 +201,13 @@ If a client is more likely to select certain witnesses over others and we assume
 \begin{figure}
   \includegraphics{figures/dos_noncentral.pdf}
   \caption{\label{figure::dos_noncentral}
-    Probability of a client failing to accept a legitimate time-stamp in the face of a targeted denial of service attack.
+    Probability of a verifier failing to accept a legitimate time-stamp in the face of a targeted denial of service attack.
     $N=30$ witnesses keep records of the time-stamps issued by the TSA.
     Of these witnesses, a number $U$ (plotted on the x-axis) is unavailable due to a targeted DoS attack.
-    To check a time-stamp's validity, a client consults $n=8$ randomly selected witnesses.
-    The client is $\omega=10$ times more likely to select an unavailable witness than an available witness.
-    It accepts the time-stamp if it receives valid responses from $n'$ witnesses.
-    The client will fail to accept a legitimate time-stamp if more than $n-n'$ of the selected witnesses are unavailable.
+    To check a time-stamp's validity, a verifier consults $n=8$ randomly selected witnesses.
+    The verifier is $\omega=10$ times more likely to select an unavailable witness than an available witness.
+    She accepts the time-stamp if she receives valid responses from $n'$ witnesses.
+    The verifier will fail to accept a legitimate time-stamp if more than $n-n'$ of the selected witnesses are unavailable.
     Decreasing values of $n'$ protect against DoS attacks, as can be observed from the different graph lines.
   }
 \end{figure}
@@ -226,8 +229,8 @@ In the case of the hypergeometric distribution, this leaves us with the followin
     Probability of a successful backdating attack according to the hypergeometric distribution when allowing witness unavailability.
     $N=30$ witnesses keep records of the time-stamps issued by the TSA.
     Of these witnesses, a number $K$ (plotted on the x-axis) maliciously collude with the TSA in order to backdate time-stamps.
-    To check a time-stamp's validity, a client consults $n=8$ randomly selected witnesses.
-    It accepts the time-stamp if it receives valid responses from $n'$ witnesses.
+    To check a time-stamp's validity, a verifier consults $n=8$ randomly selected witnesses.
+    She accepts the time-stamp if she receives valid responses from $n'$ witnesses.
     The backdating attack is successful if at least $n'$ of the selected witnesses are malicious.
     Decreasing values of $n'$ increase the chances of a successful backdating attack, as can be observed from the different graph lines.
   }
@@ -248,9 +251,9 @@ The probability of a successful backdating attack according to Wallenius' distri
     Probability of a successful backdating attack according to Wallenius' noncentral hypergeometric distribution when allowing witness unavailability.
     $N=30$ witnesses keep records of the time-stamps issued by the TSA.
     Of these witnesses, a number $K$ (plotted on the x-axis) maliciously collude with the TSA in order to backdate time-stamps.
-    To check a time-stamp's validity, a client consults $n=8$ randomly selected witnesses.
-    It accepts the time-stamp if it receives valid responses from $n'$ witnesses.
-    A malicious witness is $\omega=10$ times more likely to be selected than an honest witness.
+    To check a time-stamp's validity, a verifier consults $n=8$ randomly selected witnesses.
+    She accepts the time-stamp if she receives valid responses from $n'$ witnesses.
+    The verifier is $\omega=10$ times more likely to select a malicious witness than an honest witness.
     The backdating attack is successful if at least $n'$ of the selected witnesses are malicious.
     Decreasing values of $n'$ increase the chances of a successful backdating attack, as can be observed from the different graph lines.
   }
@@ -258,14 +261,16 @@ The probability of a successful backdating attack according to Wallenius' distri
 
 Figure~\ref{figure::backdating_probability_noncentral_available} graphs this probability as a function of $K$ for different values of $n'$.
 
-\subsubsection{Protecting against Byzantine failures}
+\subsubsection{\label{section::byzantine}Protecting against Byzantine failures}
 
 We can regard both witness unavailability and the malicious collusion of witnesses for a backdating attack as types of Byzantine failures.
 Let $B$ be the number of Byzantine witnesses.
 Full protection against backdating as well as denial of service attacks is provided by the system if and only if:
 
 \begin{align}
+  \label{equation::backdating_protection}
   n'>B &\quad\text{(Protection against backdating)}\\
+  \label{equation::dos_protection}
   n\geq n'+B > 2B &\quad\text{(Protection against DoS)}
 \end{align}
 
@@ -273,5 +278,38 @@ If $n\leq 2B$, it is impossible to guarantee protection against both failure mod
 In this case, there exists a fundamental trade-off concerning the choice of $n'$.
 Higher values provide better protection against backdating attacks, while lower values better protect against DoS.
 
-If the choice of $n$ does not guarantee protection against Byzantine failures, it is important that the client randomly selects witnesses without bias.
-If the client favors certain witnesses ($\omega>1$), this can vastly increase the chances of a successful attack, as can be observed by comparing Figure~\ref{figure::dos_hypergeometric} with Figure~\ref{figure::dos_noncentral}, or Figure~\ref{figure::backdating_probability_hypergeometric_available} with Figure~\ref{figure::backdating_probability_noncentral_available}.
+If the choice of $n$ does not guarantee protection against Byzantine failures, it is important that the verifier randomly selects witnesses without bias.
+If the verifier favors certain witnesses ($\omega>1$), this can vastly increase the chances of a successful attack, as can be observed by comparing Figure~\ref{figure::dos_hypergeometric} with Figure~\ref{figure::dos_noncentral}, or Figure~\ref{figure::backdating_probability_hypergeometric_available} with Figure~\ref{figure::backdating_probability_noncentral_available}.
+
+\subsection{\label{section::publication}Implementations of time-stamp publication}
+
+\subsubsection{Witness signatures}
+
+In Section~\ref{section::distributed_trust}, we have modeled time-stamp publication in a rather tradtional way.
+In our model, the TSA publishes its time-stamps to $N$ witnesses, of which a verifier later consults a nuber $n$ to confirm the validity of a time-stamp.
+Time-stamps need to be published to all $N$ participating witnesses, who are required to keep records of all valid time-stamps they encounter.
+Such a scheme can even be implemented by publishing time-stamps in a newspaper.
+
+We can improve the scheme by having witnesses cryptographically sign the time-stamp to confirm its validity.\footfullcite{Bayer1992Improving}
+The signature serves as a verifiable record of the witnessing.
+Witnesses can send the signed time-stamp to the document owner, which frees them from the responsibility of keeping records.
+After all, it is sensible that the party requesting a time-stamp should be responsible for storing the time-stamp and the information necessary for verification.
+This scheme has the additional advantage of reducing the communication cost for time-stamp verification.
+When a verifier wants to confirm a time-stamp, she only needs to communicate with the document owner, when before she had to exchange messages with $n$ witnesses.
+
+These modifications don't influence the statistical models described in Section~\ref{section::distributed_trust}.
+All equations of this section are still applicable.
+
+We can also reduce the communication cost of time-stamp publication by only asking $n$ witnesses for signatures instead of publishing the time-stamp to all $N$ participating witnesses.
+This still offers full protection against backdating and denial of service attacks if $n$ and $n'$ are chosen according to Equations~\eqref{equation::backdating_protection} and \eqref{equation::dos_protection}.
+
+If $n\leq 2B$, some mechanism should be used to ensure that witnesses are chosen randomly with uniform distribution ($\omega=1$).
+As explained in Section~\ref{section::byzantine}, this minimizes the probability of a successful backdating or denial of service attack.
+Section~\ref{section::random_witness} describes one such mechanism.
+
+Finally, it should be noted that witness signatures are really just time-stamps.
+This allows us to get rid of the TSA altogether.
+A document owner can directly send her document hash and the current time to $n$ witnesses and collect the returning signatures.
+By sending $n'$ witness signatures to a verifier, the document owner can prove the validity of her time-stamp.
+
+\subsubsection{\label{section::random_witness}Random-witness time-stamping}
diff --git a/figures/backdating_probability_hypergeometric.pdf b/figures/backdating_probability_hypergeometric.pdf
index 79b2ee1d29b5e756356a2a105ab340492a4b07f4..bbd524fb547587f656f4e05ff3bd7dda15f78b9c 100644
Binary files a/figures/backdating_probability_hypergeometric.pdf and b/figures/backdating_probability_hypergeometric.pdf differ
diff --git a/figures/backdating_probability_hypergeometric_available.pdf b/figures/backdating_probability_hypergeometric_available.pdf
index 2663a9b567c664b7d22f218e97b73924645e96ab..66df23ac43cc2726a0957dcc68ee741570a400c1 100644
Binary files a/figures/backdating_probability_hypergeometric_available.pdf and b/figures/backdating_probability_hypergeometric_available.pdf differ
diff --git a/figures/backdating_probability_noncentral.pdf b/figures/backdating_probability_noncentral.pdf
index 4c3d73fb3a1e309db16017e6f8c6fbfd9383bb3c..7c145beac548d730f99e71bc0c6f39a544476683 100644
Binary files a/figures/backdating_probability_noncentral.pdf and b/figures/backdating_probability_noncentral.pdf differ
diff --git a/figures/backdating_probability_noncentral_available.pdf b/figures/backdating_probability_noncentral_available.pdf
index 189001041fb181f5fe0e5ca1888abcad30c551de..9977583f3fc05bb614e90bdb59b2c7906ece9cd9 100644
Binary files a/figures/backdating_probability_noncentral_available.pdf and b/figures/backdating_probability_noncentral_available.pdf differ
diff --git a/figures/dos_hypergeometric.pdf b/figures/dos_hypergeometric.pdf
index def597134d75a785887551066fcb95367a136630..0ea5d6ca971264393931493dfa8980945ef92789 100644
Binary files a/figures/dos_hypergeometric.pdf and b/figures/dos_hypergeometric.pdf differ
diff --git a/figures/dos_noncentral.pdf b/figures/dos_noncentral.pdf
index 0c23eb5c97da846f6aafb6a7ca8cfd3d180c869d..84a3cd1d770285542e1b4b0e923e9486c9d32f91 100644
Binary files a/figures/dos_noncentral.pdf and b/figures/dos_noncentral.pdf differ
diff --git a/glossary.tex b/glossary.tex
new file mode 100644
index 0000000000000000000000000000000000000000..dac3917d66773be45c081506967a87455e62794c
--- /dev/null
+++ b/glossary.tex
@@ -0,0 +1,31 @@
+\makeglossaries
+
+\newglossaryentry{backdating}
+{
+        name={Backdating},
+        description={An attack trying to forge time-stamps dated in the past}
+}
+\newglossaryentry{docowner}
+{
+        name={Document Owner},
+        description={The party owning the document for which they request a time-stamp}
+}
+\newglossaryentry{timestampauthority}
+{
+        name={Time-Stamp Authority},
+        description={A trusted third party in the context of time-stamping}
+}
+\newglossaryentry{verifier}
+{
+        name={Verifier},
+        description={The party who wants to confirm the validity of a time-stamp}
+}
+\newglossaryentry{witness}
+{
+        name={Witness},
+        description={An entity who witnessed a timestamp at the time of its creation}
+}
+
+\newacronym{dos}{DoS}{Denial of Service}
+\newacronym{tsa}{TSA}{Time-Stamp Authority}
+\newacronym{ttp}{TTP}{Trusted Third Party}
diff --git a/main.tex b/main.tex
index 956b23de7f74fbf0b4924654e66fb71c475b888b..9a21d043427beac070d42ddc72351c394d66cc1d 100644
--- a/main.tex
+++ b/main.tex
@@ -25,6 +25,7 @@
 \usepackage{graphicx}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%_YOUR_PACKAGES_%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 % UTILITY PACKAGES
+\usepackage[acronym]{glossaries-extra}
 \usepackage[style=authoryear]{biblatex}
 \addbibresource{bibliography/bibliography.bib}
 %\usepackage{cite}
@@ -45,6 +46,9 @@
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%_TITLE_PAGE_%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \usepackage[sc]{mathpazo}
 \usepackage{sourcesanspro}
+
+\input{glossary}
+
 \begin{document}
 
 % Beispielhafte Nutzung der Vorlage für die Titelseite (bitte anpassen):
@@ -82,12 +86,13 @@
 % create your bibliography based on your files in library/...
 % remember to edit \addbibresource in the TEMPLATE_PACKAGSES area above!
 \newpage
-\pagenumbering{roman} % start roman page numbers from here (optional)
-\printbibliography
+\printbibliography[heading=bibintoc]
+\printunsrtglossaries
 %\bibliographystyle{abbrv}
 %\bibliography{bibliography/bibliography.bib}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%_APPENDIX_%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \newpage
+\pagenumbering{roman} % start roman page numbers from here (optional)
 \section*{Appendix} \label{Appendix}
 \addcontentsline{toc}{section}{Appendix}    % adds entry to table of contents
 \selbstaendigkeitserklaerung{\today}
diff --git a/thesis.pdf b/thesis.pdf
index 82ae99afbea914cfd1bec6308683e97917ae02a4..490bb8f38e930f403eac7d480245b16bd15f143b 100644
Binary files a/thesis.pdf and b/thesis.pdf differ