Reading the "Simple Schnorr Multi-Signatures with Applications to Bitcoin" by Gregory Maxwell, Andrew Poelstra, Yannick Seurin, and Pieter Wuille

.pdf link. I have some questions about some notations. I am generating a signature but the verification doesn't pass which leads me to believe I am misunderstanding some stuff here.

in

`a`_{i} = H_{agg}(L,X_{i}) what do we hash? Is it the all public keys (L) "concatenated" together then public key i "concatenated" at the end?

Don't think this makes a difference if consistency is kept but are pub keys in compressed form or uncompressed?

For example with 2 keys is it calculated like this (so hash of a 99 byte long array: 3*(1+32

_{compressed}))?:

`a`_{1}=Hash(pub1 || pub2 || pub1)`a`_{2}=Hash(pub1 || pub2 || pub2)Similarly for calculation of 'c' is it again concatenation of bytes, also are the points (X

^{~} and R) in their compressed form or uncompressed (again I don't think it makes a difference but want to make sure)?

`c = H`_{sig}(X^{~} ,R,m)Also I am assuming H

_{sig}, H

_{agg},.. are all the same hash function like SHA256.

And finally in verification step shouldn't it be

`R + X`^{~} in the following equation since they are both points, multiplication doesn't make any sense?