Reading the "Simple Schnorr Multi-Signatures with Applications to Bitcoin" by Gregory Maxwell, Andrew Poelstra, Yannick Seurin, and Pieter Wuille .pdf link. I have some questions about some notations. I am generating a signature but the verification doesn't pass which leads me to believe I am misunderstanding some stuff here.

in a_i = H_agg(L,X_i) what do we hash? Is it the all public keys (L) "concatenated" together then public key i "concatenated" at the end?
Don't think this makes a difference if consistency is kept but are pub keys in compressed form or uncompressed?
For example with 2 keys is it calculated like this (so hash of a 99 byte long array: 3*(1+32_compressed))?:
a₁=Hash(pub1 || pub2 || pub1)
a₂=Hash(pub1 || pub2 || pub2)


Similarly for calculation of 'c' is it again concatenation of bytes, also are the points (X^~ and R) in their compressed form or uncompressed (again I don't think it makes a difference but want to make sure)?
c = H_sig(X^~ ,R,m)

Also I am assuming H_sig, H_agg,.. are all the same hash function like SHA256.


And finally in verification step shouldn't it be R + X^~ in the following equation since they are both points, multiplication doesn't make any sense?