Possible simplification of `CapsuleFrag.verify()`

[fjarri]

At the moment, we check three equations:

let correct_reencryption_of_e = &e * &z3 == &e2 + &(&e1 * &h);
let correct_reencryption_of_v = &v * &z3 == &v2 + &(&v1 * &h);
let correct_rk_commitment = &u * &z3 == &u2 + &(&u1 * &h);

h here is a hash containing all the other values used (except u which is a constant). So it would seem that the equalities are either all true, or all false, and we can only check one of them. This is especially impactful for running verification as a part of an Ethereum contract.

Can it be proven?