Allowing Duplicate Keys in BIP 390 musig() Expressions

In a recent inquiry directed towards Ava Chow within the Bitcoin Development Mailing List, a concern was raised about the safety implications of allowing multiple participants to use the same public key in cryptographic operations, specifically within the context of Bitcoin's development. The query emphasized potential issues arising from employing deterministic nonce generation methods. These methods calculate each participant's nonce by considering the message, the aggregated public keys, and the individual's private key. The apprehension revolves around the scenario where duplicate public keys result in identical nonces. Although the duplication of nonces might not directly compromise the private key or the integrity of the message being signed—given that the same message is signed and the extraction of the private key is unlikely—it introduces a layer of risk. This risk stems from the unforeseen consequences that identical nonces could entail. Moreover, there's an underlying uncertainty regarding whether all security assumptions remain intact under these conditions. The communication seeks to understand the ramifications of such a setup and whether the standard security assurances offered by unique nonces are compromised when duplicates occur.