Security when providing membership oracles for exponentially many subspaces

Establish the collision-resistance of the hash function H in the OSS construction when membership oracles are provided for the exponentially many subspaces S_{y,m}^⊥ associated with arbitrary orders of bit corrections (i.e., for all m in {0,1}^ℓ), or otherwise develop an analysis proving security under this richer oracle access.

Background

To enable efficient parallel signing, the authors design a careful set of subspace membership oracles (e.g., for S_{y,0}, S_{y,00}, S_{y,000}, ...) whose intersections simulate needed projections without having to release exponentially many oracles. They discuss a seemingly simpler approach of giving membership for all relevant subspaces corresponding to arbitrary orders of bit corrections.

They explicitly note that while such an approach may be fine, they do not know how to analyze or prove security if exponentially many subspaces are released. Proving security in this stronger oracle model would simplify the signing structure and potentially broaden applicability.