Proposed BIP for MuSig2 PSBT Fields

The email discusses the absence of adaptor signatures in BIP 327 ("MuSig2"). The decision to exclude adaptor signatures was made because the BIP was already long and complex, and it was deemed more modular to propose a separate adaptor signature BIP. The author mentions that there is no security proof for adaptor signatures, except for a sketch they wrote a few years ago. Additionally, at the time, there seemed to be a higher demand for single-signer adaptor signatures.Despite the lack of specification, adaptor signatures were added to the libsecp256k1-zkp MuSig2 module for experimentation purposes. However, it is important to note that alternative designs to the implementation in the libsecp256k1-zkp module exist. One such design is the current libsecp256k1-zkp PR for (single-signer) Schnorr adaptor signatures, where the point is extracted from an adaptor signature. This design simplifies the API and reduces communication but makes batch verification of multiple adaptor signatures impossible.It is worth mentioning that the email includes a link [0] to a sketch by the author, which provides some information on the security proof of adaptor signatures.