* In 3.1.2, Access Grant:

${\cal M}$ does not need to be sent to the server

* In 3.1.3, Access Revocation:

In the last line of the revocation code, it is not necessary to send
the full keylist again to all users (${\cal K'}_{K_C}$). It is enough
(obviously) to send just the newly generated key. (And in fact, this
is what the prototype implementation does!)