I appreciate the responses so far. I realize my initial question wasn’t detailed enough, so I’d like to expand and clarify. I’m working with Schnorr signatures, specifically in the context of multisignatures.

Assume the following setup:

• A publicly known message (it could be any message, or even empty).
• The message is signed by 100 private/public key pairs, each using a deterministic nonce value.
• The signatures are aggregated into a single aggregated signature.
• The public keys are aggregated into a single aggregated public key.
• All information is public except for the complete set of private/public key pairs that contributed to the aggregated signature and aggregated public key.

The question is: Given the available public information, is it possible to verify whether a specific private/public key pair contributed to the aggregated signature or whether a private/public key pair contributed to the aggregated public key?

If this verification is possible, how can I achieve it using the secp256k1 library?

From an earlier suggestion, it seems I might need to extract the s value from the 64-byte aggregated signature (which includes both R and s) and modify it appropriately. Additionally, I would need to remove the contribution of the specific public key (noting that the corresponding private key and nonce are known) from the aggregated public key, and then verify against the modified aggregated signature and the modified aggregated public key. Or is there a better method using the secp256k1 library? Any guidance would be greatly appreciated.