https://eprint.iacr.org/2018/417.pdf Okamoto Beats Schnorr: On the Provable Security of Multi-Signatures
The authors claim they found a hole in security proof of MuSig:
Quote
Our first result essentially shows that the CoSi and MuSig schemes cannot be proved secure. (This obviously contradicts the security proof of MuSig [21], but we point out that the proof is flawed.) More precisely, we prove that if the OMDL problem is hard, then there cannot exist an algebraic black-box reduction that proves CoSi or MuSig secure under the DL or OMDL assumption.
I'm reading through it but it goes over my head. Anyone more knowledgeable care to comment on the MuSig security proof flaw?