However, Musig, by being M of M, is inherently prone to loss. To prevent senders of the Gx pubkey shares from using Wagner's algorithm to attack the combined key, they should sign their messages with the associated private key share. Similarly, the Gk nonce fragments should also be signed with the pubkey shares. The concern was raised that Bitcoin releases a multisig that encourages loss, but Maxwell clarified that there is no such proposal.