About MuSig2

[ozankaymak]

Proposal Description

The current MuSig2 functionality implementations are working; however, there are two main problems:

• We have to do conversions everywhere due to type incompatibility,
• We are unable to use XOnlyPublicKeys directly, so we have to use PublicKeys.

[ozankaymak]

Apparently, we have to use the original public keys directly. The best explanation I could come up with is this:
At the first round, when the verifiers are aggregating their public keys, they also commit their exact public keys as they are. If we try to use them as their x-only public key counterparts, and take their parities to be even (as it is in here) by default, then while committing to the public keys for the generation of the aggregated public key, hash operations will produce different outputs, hence the failure in the spending of the UTXO with the final signature, since the final signature would be given for a wrong aggregated public key.
Therefore, for now, we have to use public keys directly for MuSig2 operations.

[ozankaymak]

A possible but IMO infeasible solution would be to enforce all the verifiers to use public keys that have even parities by default. But this is in general inconvenient and does not seem to be a good practice.

[ozankaymak]

Regarding the type conversions, I think it is the best to use secp256k1 crate and its functions in general, since it is for general-purpose use.

[ekrembal]

Closed in favor of #339