Abandon the reserve window approach in favor of a single-transaction proof UI. The new proving logic entails deriving a private key that will then be used to sign a payload specific to the prover; if anyone tampers with the payload, then the signature will be invalidated.