Proposed BIP for MuSig2 PSBT Fields

The email discusses the topic of anti-exfil and libwally's protocol for ecdsa signatures. The protocol is described in detail at the following links:

• https://wally.readthedocs.io/en/release_0.8.9/anti_exfil_protocol/
• https://github.com/BlockstreamResearch/secp256k1-zkp/blob/master/include/secp256k1_ecdsa_s2c.h

The suggestion is made that in order to implement this protocol, a PSBT_IN_S2C_DATA_COMMITMENT item should be provided before filling in MUSIG2_PUB_NONCE, followed by providing PSBT_IN_S2C_DATA and PSBT_IN_NONCE_TWEAK. It is emphasized that these items need to have specific relationships in order to ensure security.

The author expresses the desire for musig capable signers to also be able to handle s2c/anti-exfil and tweaks/adaptor-sigs immediately, instead of having to wait for the next release. They believe that for signers who do not care about these features, the only difference would be adding the tweak to the musig nonces before hashing/signing, which is straightforward. Therefore, if it were specified, it would be an easy win. However, it is acknowledged that this should not be a blocker.

Additionally, the author provides another idea for formatting the tables, which can be found at the following link: https://github.com/ajtowns/bips/blob/d8a90cff616d6e5839748a1b2a50d32947f30850/bip-musig2-psbt.mediawiki

The email concludes with a farewell message from "aj".