How to use musig?

[mweichert]

Hi there! First, great work putting something like this library together.

There's an example of how to create a keypair and sign a message here:
https://docs.rs/schnorrkel/latest/schnorrkel/

Would it be possible to add an example for doing the same with musig? I can see how to create an aggregate public key, but I'm lost of what to do next.

Appreciate the help! Thanks!

[burdges]

We still plan on deprecating this musig soon and replacing it with a 2 RTT one, which I proved secure in https://eprint.iacr.org/eprint-bin/getfile.pl?entry=2020/1245&version=20201009:113646&file=1245.pdf and which concurrently the blockstream guys proved secure in their MuSig2 paper.

In fact, you could access that 2 RTT protocol from the current implementation, but it contains a lot of outdated junk, and we'll probably add thresholds too.

I'll close this in favor of #6 and #11 and others.

[burdges]

You can use the current musig of course. It'll just be hidden behind some deprecation feature gate eventually. I'll presumably make some note to lobby me to retain it if people actually use it.

As for using the code, it enforces the correct protocol using refinement types, meaning a chain of builders that disallow serialization, clones, etc. You can fast forward through the first trip to get the 2 RTT version by using the add_trusted method.