Once in a while I will browse through IACR papers and read through interesting ones. Today I've encoutered this
https://eprint.iacr.org/2018/417.pdf Okamoto Beats Schnorr: On the Provable Security of Multi-SignaturesThe authors claim they found a hole in security proof of MuSig:
Our first result essentially shows that the CoSi and MuSig schemes cannot be proved secure. (This obviously contradicts the security proof of MuSig [21], but we point out that the proof is flawed.) More precisely, we prove that if the OMDL problem is hard, then there cannot exist an algebraic black-box reduction that proves CoSi or MuSig secure under the DL or OMDL assumption.
I'm reading through it but it goes over my head. Anyone more knowledgeable care to comment on the MuSig security proof flaw?