musig: improve variable naming and be consistent with schnorrsig module

session_initialize -> session_init msg_is_set -> is_msg_set is_negated -> pk_parity nonce_is_negated -> nonce_parity
2019-12-17 10:10:38 +00:00 · 2019-12-17 10:10:38 +00:00 · 2117e7466a
commit 2117e7466a
parent ebc31f1f9d
5 changed files with 134 additions and 132 deletions
--- a/include/secp256k1_musig.h
+++ b/include/secp256k1_musig.h
@ -20,18 +20,18 @@ extern "C" {
 */
 /** Data structure containing auxiliary data generated in `pubkey_combine` and
- *  required for `session_*_initialize`.
+ *  required for `session_*_init`.
 *  Fields:
- *          magic: Set during initialization in `pubkey_combine` to allow
+ *        magic: Set during initialization in `pubkey_combine` to allow
- *                 detecting an uninitialized object.
+ *               detecting an uninitialized object.
- *        pk_hash: The 32-byte hash of the original public keys
+ *      pk_hash: The 32-byte hash of the original public keys
- *     is_negated: Whether the MuSig-aggregated point was negated when
+ *    pk_parity: Whether the MuSig-aggregated point was negated when
- *                 converting it to the combined xonly pubkey.
+ *               converting it to the combined xonly pubkey.
 */
 typedef struct {
    uint64_t magic;
    unsigned char pk_hash[32];
-    int is_negated;
+    int pk_parity;
 } secp256k1_musig_pre_session;
 /** Data structure containing data related to a signing session resulting in a single
@ -45,14 +45,14 @@ typedef struct {
 * structure.
 *
 * Fields:
- *            magic: Set in `musig_session_initialize` to allow detecting an
+ *            magic: Set in `musig_session_init` to allow detecting an
 *                   uninitialized object.
 *            round: Current round of the session
 *      pre_session: Auxiliary data created in `pubkey_combine`
 *      combined_pk: MuSig-computed combined xonly public key
 *        n_signers: Number of signers
 *              msg: The 32-byte message (hash) to be signed
- *       msg_is_set: Whether the above message has been set
+ *       is_msg_set: Whether the above message has been set
 *  has_secret_data: Whether this session object has a signers' secret data; if this
 *                   is `false`, it may still be used for verification purposes.
 *           seckey: If `has_secret_data`, the signer's secret key
@ -61,9 +61,8 @@ typedef struct {
 * nonce_commitments_hash: If `has_secret_data` and round >= 1, the hash of all
 *                   signers' commitments
 *   combined_nonce: If round >= 2, the summed combined public nonce
- * nonce_is_negated: If round >= 2, whether the above nonce was negated after
+ * combined_nonce_parity: If round >= 2, the parity of the Y coordinate of above
- *                   summing the participants' nonces. Needed to ensure the nonce's y
+ *                   nonce.
 *                   coordinate is even.
 */
 typedef struct {
    uint64_t magic;
@ -71,23 +70,23 @@ typedef struct {
    secp256k1_musig_pre_session pre_session;
    secp256k1_xonly_pubkey combined_pk;
    uint32_t n_signers;
    int is_msg_set;
    unsigned char msg[32];
    int msg_is_set;
    int has_secret_data;
    unsigned char seckey[32];
    unsigned char secnonce[32];
    secp256k1_pubkey nonce;
    unsigned char nonce_commitments_hash[32];
    secp256k1_pubkey combined_nonce;
-    int nonce_is_negated;
+    int combined_nonce_parity;
 } secp256k1_musig_session;
 /** Data structure containing data on all signers in a single session.
 *
 * The workflow for this structure is as follows:
 *
- * 1. This structure is initialized with `musig_session_initialize` or
+ * 1. This structure is initialized with `musig_session_init` or
- *    `musig_session_initialize_verifier`, which set the `index` field, and zero out
+ *    `musig_session_init_verifier`, which set the `index` field, and zero out
 *    all other fields. The public session is initialized with the signers'
 *    nonce_commitments.
 *
@ -129,7 +128,8 @@ typedef struct {
    unsigned char data[32];
 } secp256k1_musig_partial_signature;
-/** Computes a combined public key and the hash of the given public keys
+/** Computes a combined public key and the hash of the given public keys.
 *  Different orders of `pubkeys` result in different `combined_pk`s.
 *
 *  Returns: 1 if the public keys were successfully combined, 0 otherwise
 *  Args:        ctx: pointer to a context object initialized for verification
@ -138,7 +138,7 @@ typedef struct {
 *                    multiexponentiation. If NULL, an inefficient algorithm is used.
 *  Out: combined_pk: the MuSig-combined xonly public key (cannot be NULL)
 *       pre_session: if non-NULL, pointer to a musig_pre_session struct to be used in
- *                    `musig_session_initialize`.
+ *                    `musig_session_init`.
 *   In:     pubkeys: input array of public keys to combine. The order is important;
 *                    a different order will result in a different combined public
 *                    key (cannot be NULL)
@ -180,7 +180,7 @@ SECP256K1_API int secp256k1_musig_pubkey_combine(
 *                     than `n_signers`.
 *             seckey: the signer's 32-byte secret key (cannot be NULL)
 */
-SECP256K1_API int secp256k1_musig_session_initialize(
+SECP256K1_API int secp256k1_musig_session_init(
    const secp256k1_context* ctx,
    secp256k1_musig_session *session,
    secp256k1_musig_session_signer_data *signers,
@ -196,7 +196,7 @@ SECP256K1_API int secp256k1_musig_session_initialize(
 /** Gets the signer's public nonce given a list of all signers' data with
 *  commitments.  Called by participating signers after
- *  `secp256k1_musig_session_initialize` and after all nonce commitments have
+ *  `secp256k1_musig_session_init` and after all nonce commitments have
 *  been collected
 *
 *  Returns: 1: public nonce is written in nonce
@ -205,14 +205,14 @@ SECP256K1_API int secp256k1_musig_session_initialize(
 *  Args:        ctx: pointer to a context object (cannot be NULL)
 *           session: the signing session to get the nonce from (cannot be NULL)
 *           signers: an array of signers' data initialized with
- *                    `musig_session_initialize`. Array length must equal to
+ *                    `musig_session_init`. Array length must equal to
 *                    `n_commitments` (cannot be NULL)
 *  Out:       nonce: the nonce (cannot be NULL)
 *  In:  commitments: array of pointers to 32-byte nonce commitments (cannot be NULL)
 *     n_commitments: the length of commitments and signers array. Must be the total
 *                    number of signers participating in the MuSig.
 *             msg32: the 32-byte message to be signed. Must be NULL if already
- *                    set with `musig_session_initialize` otherwise can not be NULL.
+ *                    set with `musig_session_init` otherwise can not be NULL.
 */
 SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_session_get_public_nonce(
    const secp256k1_context* ctx,
@ -244,7 +244,7 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_session_get_publi
 *                    participating in the MuSig. Must be greater than 0 and at most
 *                    2^32 - 1.
 */
-SECP256K1_API int secp256k1_musig_session_initialize_verifier(
+SECP256K1_API int secp256k1_musig_session_init_verifier(
    const secp256k1_context* ctx,
    secp256k1_musig_session *session,
    secp256k1_musig_session_signer_data *signers,
@ -263,7 +263,7 @@ SECP256K1_API int secp256k1_musig_session_initialize_verifier(
 *  Args:      ctx: pointer to a context object (cannot be NULL)
 *          signer: pointer to the signer data to update (cannot be NULL). Must have
 *                  been used with `musig_session_get_public_nonce` or initialized
- *                  with `musig_session_initialize_verifier`.
+ *                  with `musig_session_init_verifier`.
 *  In:     nonce: signer's alleged public nonce (cannot be NULL)
 */
 SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_set_nonce(
@ -285,8 +285,9 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_set_nonce(
 *                    (cannot be NULL)
 *         n_signers: the length of the signers array. Must be the total number of
 *                    signers participating in the MuSig.
- *  Out: nonce_is_negated: a pointer to an integer that indicates if the combined
+ *  Out: nonce_parity: if non-NULL, a pointer to an integer that indicates the
- *                    public nonce had to be negated.
+ *                    parity of the combined public nonce. Used for adaptor
 *                    signatures.
 *           adaptor: point to add to the combined public nonce. If NULL, nothing is
 *                    added to the combined nonce.
 */
@ -295,7 +296,7 @@ SECP256K1_API int secp256k1_musig_session_combine_nonces(
    secp256k1_musig_session *session,
    const secp256k1_musig_session_signer_data *signers,
    size_t n_signers,
-    int *nonce_is_negated,
+    int *nonce_parity,
    const secp256k1_pubkey *adaptor
 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3);
@ -399,14 +400,14 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_partial_sig_combi
 *  In:   partial_sig: partial signature to tweak with secret adaptor (cannot be NULL)
 *      sec_adaptor32: 32-byte secret adaptor to add to the partial signature (cannot
 *                     be NULL)
- *   nonce_is_negated: the `nonce_is_negated` output of `musig_session_combine_nonces`
+ *       nonce_parity: the `nonce_parity` output of `musig_session_combine_nonces`
 */
 SECP256K1_API int secp256k1_musig_partial_sig_adapt(
    const secp256k1_context* ctx,
    secp256k1_musig_partial_signature *adaptor_sig,
    const secp256k1_musig_partial_signature *partial_sig,
    const unsigned char *sec_adaptor32,
-    int nonce_is_negated
+    int nonce_parity
 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
 /** Extracts a secret adaptor from a MuSig, given all parties' partial
@ -422,7 +423,7 @@ SECP256K1_API int secp256k1_musig_partial_sig_adapt(
 *  In:         sig64: complete 2-of-2 signature (cannot be NULL)
 *       partial_sigs: array of partial signatures (cannot be NULL)
 *     n_partial_sigs: number of elements in partial_sigs array
- *   nonce_is_negated: the `nonce_is_negated` output of `musig_session_combine_nonces`
+ *   nonce_parity: the `nonce_parity` output of `musig_session_combine_nonces`
 */
 SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_extract_secret_adaptor(
    const secp256k1_context* ctx,
@ -430,7 +431,7 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_extract_secret_ad
    const unsigned char *sig64,
    const secp256k1_musig_partial_signature *partial_sigs,
    size_t n_partial_sigs,
-    int nonce_is_negated
+    int nonce_parity
 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
 #ifdef __cplusplus
--- a/src/modules/musig/example.c
+++ b/src/modules/musig/example.c
@ -60,7 +60,7 @@ int sign(const secp256k1_context* ctx, unsigned char seckeys[][32], const secp25
            return 0;
        }
        /* Create random session ID. It is absolutely necessary that the session ID
-         * is unique for every call of secp256k1_musig_session_initialize. Otherwise
+         * is unique for every call of secp256k1_musig_session_init. Otherwise
         * it's trivial for an attacker to extract the secret key! */
        frand = fopen("/dev/urandom", "r");
        if(frand == NULL) {
@ -72,7 +72,7 @@ int sign(const secp256k1_context* ctx, unsigned char seckeys[][32], const secp25
        }
        fclose(frand);
        /* Initialize session */
-        if (!secp256k1_musig_session_initialize(ctx, &musig_session[i], signer_data[i], nonce_commitment[i], session_id32, msg32, &combined_pk, &pre_session, N_SIGNERS, i, seckeys[i])) {
+        if (!secp256k1_musig_session_init(ctx, &musig_session[i], signer_data[i], nonce_commitment[i], session_id32, msg32, &combined_pk, &pre_session, N_SIGNERS, i, seckeys[i])) {
            return 0;
        }
        nonce_commitment_ptr[i] = &nonce_commitment[i][0];
--- a/src/modules/musig/main_impl.h
+++ b/src/modules/musig/main_impl.h
@ -102,7 +102,7 @@ int secp256k1_musig_pubkey_combine(const secp256k1_context* ctx, secp256k1_scrat
    secp256k1_musig_pubkey_combine_ecmult_data ecmult_data;
    secp256k1_gej pkj;
    secp256k1_ge pkp;
-    int is_negated;
+    int pk_parity;
    VERIFY_CHECK(ctx != NULL);
    ARG_CHECK(combined_pk != NULL);
@ -120,20 +120,20 @@ int secp256k1_musig_pubkey_combine(const secp256k1_context* ctx, secp256k1_scrat
    }
    secp256k1_ge_set_gej(&pkp, &pkj);
    secp256k1_fe_normalize(&pkp.y);
-    is_negated = secp256k1_extrakeys_ge_even_y(&pkp);
+    pk_parity = secp256k1_extrakeys_ge_even_y(&pkp);
    secp256k1_xonly_pubkey_save(combined_pk, &pkp);
    if (pre_session != NULL) {
        pre_session->magic = pre_session_magic;
        memcpy(pre_session->pk_hash, ecmult_data.ell, 32);
-        pre_session->is_negated = is_negated;
+        pre_session->pk_parity = pk_parity;
    }
    return 1;
 }
 static const uint64_t session_magic = 0xd92e6fc1ee41b4cbUL;
-int secp256k1_musig_session_initialize(const secp256k1_context* ctx, secp256k1_musig_session *session, secp256k1_musig_session_signer_data *signers, unsigned char *nonce_commitment32, const unsigned char *session_id32, const unsigned char *msg32, const secp256k1_xonly_pubkey *combined_pk, const secp256k1_musig_pre_session *pre_session, size_t n_signers, size_t my_index, const unsigned char *seckey) {
+int secp256k1_musig_session_init(const secp256k1_context* ctx, secp256k1_musig_session *session, secp256k1_musig_session_signer_data *signers, unsigned char *nonce_commitment32, const unsigned char *session_id32, const unsigned char *msg32, const secp256k1_xonly_pubkey *combined_pk, const secp256k1_musig_pre_session *pre_session, size_t n_signers, size_t my_index, const unsigned char *seckey) {
    unsigned char combined_ser[32];
    int overflow;
    secp256k1_scalar secret;
@ -164,9 +164,9 @@ int secp256k1_musig_session_initialize(const secp256k1_context* ctx, secp256k1_m
    session->magic = session_magic;
    if (msg32 != NULL) {
        memcpy(session->msg, msg32, 32);
-        session->msg_is_set = 1;
+        session->is_msg_set = 1;
    } else {
-        session->msg_is_set = 0;
+        session->is_msg_set = 0;
    }
    memcpy(&session->combined_pk, combined_pk, sizeof(*combined_pk));
    session->pre_session = *pre_session;
@ -182,10 +182,10 @@ int secp256k1_musig_session_initialize(const secp256k1_context* ctx, secp256k1_m
    }
    secp256k1_musig_coefficient(&mu, session->pre_session.pk_hash, (uint32_t) my_index);
    /* Compute the signers public key point and determine if the secret needs to
-     * be negated before signing. If the signer's pubkey is negated XOR the
+     * be negated before signing. If the signer's pubkey has an odd Y coordinate
-     * MuSig-combined pubkey is negated the secret has to be negated. This can
+     * XOR the MuSig-combined pubkey has an odd Y coordinate, the secret has to
-     * be seen by looking at the secret key belonging to `combined_pk`. Let's
+     * be negated. This can be seen by looking at the secret key belonging to
-     * define
+     * `combined_pk`. Let's define
     * P' := mu_0*|P_0| + ... + mu_n*|P_n| where P_i is the i-th public key
     * point x_i*G, mu_i is the i-th musig coefficient and |.| is a function
     * that normalizes a point to an even Y by negating if necessary similar to
@ -196,7 +196,7 @@ int secp256k1_musig_session_initialize(const secp256k1_context* ctx, secp256k1_m
    secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &pj, &secret);
    secp256k1_ge_set_gej(&p, &pj);
    secp256k1_fe_normalize(&p.y);
-    if (secp256k1_fe_is_odd(&p.y) != session->pre_session.is_negated) {
+    if (secp256k1_fe_is_odd(&p.y) != session->pre_session.pk_parity) {
        secp256k1_scalar_negate(&secret, &secret);
    }
    secp256k1_scalar_mul(&secret, &secret, &mu);
@ -205,7 +205,7 @@ int secp256k1_musig_session_initialize(const secp256k1_context* ctx, secp256k1_m
    /* Compute secret nonce */
    secp256k1_sha256_initialize(&sha);
    secp256k1_sha256_write(&sha, session_id32, 32);
-    if (session->msg_is_set) {
+    if (session->is_msg_set) {
        secp256k1_sha256_write(&sha, msg32, 32);
    }
    secp256k1_xonly_pubkey_serialize(ctx, combined_ser, combined_pk);
@ -248,9 +248,9 @@ int secp256k1_musig_session_get_public_nonce(const secp256k1_context* ctx, secp2
    ARG_CHECK(session->round == 0);
    /* If the message was not set during initialization it must be set now. */
-    ARG_CHECK(!(!session->msg_is_set && msg32 == NULL));
+    ARG_CHECK(!(!session->is_msg_set && msg32 == NULL));
    /* The message can only be set once. */
-    ARG_CHECK(!(session->msg_is_set && msg32 != NULL));
+    ARG_CHECK(!(session->is_msg_set && msg32 != NULL));
    ARG_CHECK(session->has_secret_data);
    ARG_CHECK(n_commitments == session->n_signers);
    for (i = 0; i < n_commitments; i++) {
@ -259,7 +259,7 @@ int secp256k1_musig_session_get_public_nonce(const secp256k1_context* ctx, secp2
    if (msg32 != NULL) {
        memcpy(session->msg, msg32, 32);
-        session->msg_is_set = 1;
+        session->is_msg_set = 1;
    }
    secp256k1_sha256_initialize(&sha);
    for (i = 0; i < n_commitments; i++) {
@ -273,7 +273,7 @@ int secp256k1_musig_session_get_public_nonce(const secp256k1_context* ctx, secp2
    return 1;
 }
-int secp256k1_musig_session_initialize_verifier(const secp256k1_context* ctx, secp256k1_musig_session *session, secp256k1_musig_session_signer_data *signers, const unsigned char *msg32, const secp256k1_xonly_pubkey *combined_pk, const secp256k1_musig_pre_session *pre_session, const unsigned char *const *commitments, size_t n_signers) {
+int secp256k1_musig_session_init_verifier(const secp256k1_context* ctx, secp256k1_musig_session *session, secp256k1_musig_session_signer_data *signers, const unsigned char *msg32, const secp256k1_xonly_pubkey *combined_pk, const secp256k1_musig_pre_session *pre_session, const unsigned char *const *commitments, size_t n_signers) {
    size_t i;
    VERIFY_CHECK(ctx != NULL);
@ -302,7 +302,7 @@ int secp256k1_musig_session_initialize_verifier(const secp256k1_context* ctx, se
    secp256k1_musig_signers_init(signers, session->n_signers);
    session->pre_session = *pre_session;
-    session->msg_is_set = 1;
+    session->is_msg_set = 1;
    memcpy(session->msg, msg32, 32);
    session->has_secret_data = 0;
@ -335,7 +335,7 @@ int secp256k1_musig_set_nonce(const secp256k1_context* ctx, secp256k1_musig_sess
    return 1;
 }
-int secp256k1_musig_session_combine_nonces(const secp256k1_context* ctx, secp256k1_musig_session *session, const secp256k1_musig_session_signer_data *signers, size_t n_signers, int *nonce_is_negated, const secp256k1_pubkey *adaptor) {
+int secp256k1_musig_session_combine_nonces(const secp256k1_context* ctx, secp256k1_musig_session *session, const secp256k1_musig_session_signer_data *signers, size_t n_signers, int *nonce_parity, const secp256k1_pubkey *adaptor) {
    secp256k1_gej combined_noncej;
    secp256k1_ge combined_noncep;
    secp256k1_ge noncep;
@ -379,13 +379,13 @@ int secp256k1_musig_session_combine_nonces(const secp256k1_context* ctx, secp256
    secp256k1_ge_set_gej(&combined_noncep, &combined_noncej);
    secp256k1_fe_normalize(&combined_noncep.y);
    if (!secp256k1_fe_is_odd(&combined_noncep.y)) {
-        session->nonce_is_negated = 0;
+        session->combined_nonce_parity = 0;
    } else {
-        session->nonce_is_negated = 1;
+        session->combined_nonce_parity = 1;
        secp256k1_ge_neg(&combined_noncep, &combined_noncep);
    }
-    if (nonce_is_negated != NULL) {
+    if (nonce_parity != NULL) {
-        *nonce_is_negated = session->nonce_is_negated;
+        *nonce_parity = session->combined_nonce_parity;
    }
    secp256k1_pubkey_save(&session->combined_nonce, &combined_noncep);
    session->round = 2;
@ -456,7 +456,7 @@ int secp256k1_musig_partial_sign(const secp256k1_context* ctx, const secp256k1_m
        secp256k1_scalar_clear(&k);
        return 0;
    }
-    if (session->nonce_is_negated) {
+    if (session->combined_nonce_parity) {
        secp256k1_scalar_negate(&k, &k);
    }
@ -544,10 +544,10 @@ int secp256k1_musig_partial_sig_verify(const secp256k1_context* ctx, const secp2
    if (!secp256k1_pubkey_load(ctx, &rp, &signer->nonce)) {
        return 0;
    }
-    /* If the MuSig-combined point is negated, the signers will sign for the
+    /* If the MuSig-combined point has an odd Y coordinate, the signers will
-     * negation of their individual xonly public key such that the combined
+     * sign for the negation of their individual xonly public key such that the
-     * signature is valid for the MuSig aggregated xonly key. */
+     * combined signature is valid for the MuSig aggregated xonly key. */
-    if (session->pre_session.is_negated) {
+    if (session->pre_session.pk_parity) {
        secp256k1_scalar_negate(&e, &e);
    }
@ -559,7 +559,7 @@ int secp256k1_musig_partial_sig_verify(const secp256k1_context* ctx, const secp2
    secp256k1_gej_set_ge(&pkj, &pkp);
    secp256k1_ecmult(&ctx->ecmult_ctx, &rj, &pkj, &e, &s);
-    if (!session->nonce_is_negated) {
+    if (!session->combined_nonce_parity) {
        secp256k1_ge_neg(&rp, &rp);
    }
    secp256k1_gej_add_ge_var(&rj, &rj, &rp, NULL);
@ -567,7 +567,7 @@ int secp256k1_musig_partial_sig_verify(const secp256k1_context* ctx, const secp2
    return secp256k1_gej_is_infinity(&rj);
 }
-int secp256k1_musig_partial_sig_adapt(const secp256k1_context* ctx, secp256k1_musig_partial_signature *adaptor_sig, const secp256k1_musig_partial_signature *partial_sig, const unsigned char *sec_adaptor32, int nonce_is_negated) {
+int secp256k1_musig_partial_sig_adapt(const secp256k1_context* ctx, secp256k1_musig_partial_signature *adaptor_sig, const secp256k1_musig_partial_signature *partial_sig, const unsigned char *sec_adaptor32, int nonce_parity) {
    secp256k1_scalar s;
    secp256k1_scalar t;
    int overflow;
@ -588,7 +588,7 @@ int secp256k1_musig_partial_sig_adapt(const secp256k1_context* ctx, secp256k1_mu
        return 0;
    }
-    if (nonce_is_negated) {
+    if (nonce_parity) {
        secp256k1_scalar_negate(&t, &t);
    }
@ -598,7 +598,7 @@ int secp256k1_musig_partial_sig_adapt(const secp256k1_context* ctx, secp256k1_mu
    return 1;
 }
-int secp256k1_musig_extract_secret_adaptor(const secp256k1_context* ctx, unsigned char *sec_adaptor32, const unsigned char *sig64, const secp256k1_musig_partial_signature *partial_sigs, size_t n_partial_sigs, int nonce_is_negated) {
+int secp256k1_musig_extract_secret_adaptor(const secp256k1_context* ctx, unsigned char *sec_adaptor32, const unsigned char *sig64, const secp256k1_musig_partial_signature *partial_sigs, size_t n_partial_sigs, int nonce_parity) {
    secp256k1_scalar t;
    secp256k1_scalar s;
    int overflow;
@ -625,7 +625,7 @@ int secp256k1_musig_extract_secret_adaptor(const secp256k1_context* ctx, unsigne
        secp256k1_scalar_add(&t, &t, &s);
    }
-    if (!nonce_is_negated) {
+    if (!nonce_parity) {
        secp256k1_scalar_negate(&t, &t);
    }
    secp256k1_scalar_get_b32(sec_adaptor32, &t);
--- a/src/modules/musig/musig.md
+++ b/src/modules/musig/musig.md
@ -74,7 +74,7 @@ signature process, which is also a supported mode) acts as follows.
 ### Signing Participant
-1. The signer starts the session by calling `secp256k1_musig_session_initialize`.
+1. The signer starts the session by calling `secp256k1_musig_session_init`.
   This function outputs
   - an initialized session state in the out-pointer `session`
   - an array of initialized signer data in the out-pointer `signers`
@ -91,7 +91,7 @@ signature process, which is also a supported mode) acts as follows.
   length-32 byte arrays which can be communicated however is communicated.
 3. Once all signers nonce commitments have been received, the signer records
   these commitments with the function `secp256k1_musig_session_get_public_nonce`.
-   If the signer did not provide a message to `secp256k1_musig_session_initialize`,
+   If the signer did not provide a message to `secp256k1_musig_session_init`,
   a message must be provided now.
   This function updates in place
   - the session state `session`
@ -133,8 +133,8 @@ A participant who wants to verify the signing process, i.e. check that nonce com
 are consistent and partial signatures are correct without contributing a partial signature,
 may do so using the above instructions except for the following changes:
-1. A signing session should be produced using `musig_session_initialize_verifier`
+1. A signing session should be produced using `musig_session_init_verifier`
-   rather than `musig_session_initialize`; this function takes no secret data or
+   rather than `musig_session_init`; this function takes no secret data or
   signer index.
 2. The participant receives nonce commitments, public nonces and partial signatures,
   but does not produce these values. Therefore `secp256k1_musig_session_get_public_nonce`
--- a/src/modules/musig/tests_impl.h
+++ b/src/modules/musig/tests_impl.h
@ -45,8 +45,8 @@ void musig_simple_test(secp256k1_scratch_space *scratch) {
    CHECK(secp256k1_xonly_pubkey_create(&pk[1], sk[1]) == 1);
    CHECK(secp256k1_musig_pubkey_combine(ctx, scratch, &combined_pk, &pre_session, pk, 2) == 1);
-    CHECK(secp256k1_musig_session_initialize(ctx, &session[1], signer1, nonce_commitment[1], session_id[1], msg, &combined_pk, &pre_session, 2, 1, sk[1]) == 1);
+    CHECK(secp256k1_musig_session_init(ctx, &session[1], signer1, nonce_commitment[1], session_id[1], msg, &combined_pk, &pre_session, 2, 1, sk[1]) == 1);
-    CHECK(secp256k1_musig_session_initialize(ctx, &session[0], signer0, nonce_commitment[0], session_id[0], msg, &combined_pk, &pre_session, 2, 0, sk[0]) == 1);
+    CHECK(secp256k1_musig_session_init(ctx, &session[0], signer0, nonce_commitment[0], session_id[0], msg, &combined_pk, &pre_session, 2, 0, sk[0]) == 1);
    ncs[0] = nonce_commitment[0];
    ncs[1] = nonce_commitment[1];
@ -91,7 +91,7 @@ void musig_api_tests(secp256k1_scratch_space *scratch) {
    unsigned char ones[32];
    unsigned char session_id[2][32];
    unsigned char nonce_commitment[2][32];
-    int nonce_is_negated;
+    int combined_nonce_parity;
    const unsigned char *ncs[2];
    unsigned char msg[32];
    secp256k1_xonly_pubkey combined_pk;
@ -172,68 +172,68 @@ void musig_api_tests(secp256k1_scratch_space *scratch) {
    /** Session creation **/
    ecount = 0;
-    CHECK(secp256k1_musig_session_initialize(none, &session[0], signer0, nonce_commitment[0], session_id[0], msg, &combined_pk, &pre_session, 2, 0, sk[0]) == 0);
+    CHECK(secp256k1_musig_session_init(none, &session[0], signer0, nonce_commitment[0], session_id[0], msg, &combined_pk, &pre_session, 2, 0, sk[0]) == 0);
    CHECK(ecount == 1);
-    CHECK(secp256k1_musig_session_initialize(vrfy, &session[0], signer0, nonce_commitment[0], session_id[0], msg, &combined_pk, &pre_session, 2, 0, sk[0]) == 0);
+    CHECK(secp256k1_musig_session_init(vrfy, &session[0], signer0, nonce_commitment[0], session_id[0], msg, &combined_pk, &pre_session, 2, 0, sk[0]) == 0);
    CHECK(ecount == 2);
-    CHECK(secp256k1_musig_session_initialize(sign, &session[0], signer0, nonce_commitment[0], session_id[0], msg, &combined_pk, &pre_session, 2, 0, sk[0]) == 1);
+    CHECK(secp256k1_musig_session_init(sign, &session[0], signer0, nonce_commitment[0], session_id[0], msg, &combined_pk, &pre_session, 2, 0, sk[0]) == 1);
    CHECK(ecount == 2);
-    CHECK(secp256k1_musig_session_initialize(sign, NULL, signer0, nonce_commitment[0], session_id[0], msg, &combined_pk, &pre_session, 2, 0, sk[0]) == 0);
+    CHECK(secp256k1_musig_session_init(sign, NULL, signer0, nonce_commitment[0], session_id[0], msg, &combined_pk, &pre_session, 2, 0, sk[0]) == 0);
    CHECK(ecount == 3);
-    CHECK(secp256k1_musig_session_initialize(sign, &session[0], NULL, nonce_commitment[0], session_id[0], msg, &combined_pk, &pre_session, 2, 0, sk[0]) == 0);
+    CHECK(secp256k1_musig_session_init(sign, &session[0], NULL, nonce_commitment[0], session_id[0], msg, &combined_pk, &pre_session, 2, 0, sk[0]) == 0);
    CHECK(ecount == 4);
-    CHECK(secp256k1_musig_session_initialize(sign, &session[0], signer0, NULL, session_id[0], msg, &combined_pk, &pre_session, 2, 0, sk[0]) == 0);
+    CHECK(secp256k1_musig_session_init(sign, &session[0], signer0, NULL, session_id[0], msg, &combined_pk, &pre_session, 2, 0, sk[0]) == 0);
    CHECK(ecount == 5);
-    CHECK(secp256k1_musig_session_initialize(sign, &session[0], signer0, nonce_commitment[0], NULL, msg, &combined_pk, &pre_session, 2, 0, sk[0]) == 0);
+    CHECK(secp256k1_musig_session_init(sign, &session[0], signer0, nonce_commitment[0], NULL, msg, &combined_pk, &pre_session, 2, 0, sk[0]) == 0);
    CHECK(ecount == 6);
-    CHECK(secp256k1_musig_session_initialize(sign, &session[0], signer0, nonce_commitment[0], session_id[0], NULL, &combined_pk, &pre_session, 2, 0, sk[0]) == 1);
+    CHECK(secp256k1_musig_session_init(sign, &session[0], signer0, nonce_commitment[0], session_id[0], NULL, &combined_pk, &pre_session, 2, 0, sk[0]) == 1);
    CHECK(ecount == 6);
-    CHECK(secp256k1_musig_session_initialize(sign, &session[0], signer0, nonce_commitment[0], session_id[0], msg, NULL, &pre_session, 2, 0, sk[0]) == 0);
+    CHECK(secp256k1_musig_session_init(sign, &session[0], signer0, nonce_commitment[0], session_id[0], msg, NULL, &pre_session, 2, 0, sk[0]) == 0);
    CHECK(ecount == 7);
-    CHECK(secp256k1_musig_session_initialize(sign, &session[0], signer0, nonce_commitment[0], session_id[0], msg, &combined_pk, NULL, 2, 0, sk[0]) == 0);
+    CHECK(secp256k1_musig_session_init(sign, &session[0], signer0, nonce_commitment[0], session_id[0], msg, &combined_pk, NULL, 2, 0, sk[0]) == 0);
    CHECK(ecount == 8);
    /* Uninitialized pre_session */
-    CHECK(secp256k1_musig_session_initialize(sign, &session[0], signer0, nonce_commitment[0], session_id[0], msg, &combined_pk, &pre_session_uninitialized, 2, 0, sk[0]) == 0);
+    CHECK(secp256k1_musig_session_init(sign, &session[0], signer0, nonce_commitment[0], session_id[0], msg, &combined_pk, &pre_session_uninitialized, 2, 0, sk[0]) == 0);
    CHECK(ecount == 9);
-    CHECK(secp256k1_musig_session_initialize(sign, &session[0], signer0, nonce_commitment[0], session_id[0], msg, &combined_pk, &pre_session, 0, 0, sk[0]) == 0);
+    CHECK(secp256k1_musig_session_init(sign, &session[0], signer0, nonce_commitment[0], session_id[0], msg, &combined_pk, &pre_session, 0, 0, sk[0]) == 0);
    CHECK(ecount == 10);
-    /* If more than UINT32_MAX fits in a size_t, test that session_initialize
+    /* If more than UINT32_MAX fits in a size_t, test that session_init
     * rejects n_signers that high. */
    if (SIZE_MAX > UINT32_MAX) {
-        CHECK(secp256k1_musig_session_initialize(sign, &session[0], signer0, nonce_commitment[0], session_id[0], msg, &combined_pk, &pre_session, ((size_t) UINT32_MAX) + 2, 0, sk[0]) == 0);
+        CHECK(secp256k1_musig_session_init(sign, &session[0], signer0, nonce_commitment[0], session_id[0], msg, &combined_pk, &pre_session, ((size_t) UINT32_MAX) + 2, 0, sk[0]) == 0);
    }
    CHECK(ecount == 11);
-    CHECK(secp256k1_musig_session_initialize(sign, &session[0], signer0, nonce_commitment[0], session_id[0], msg, &combined_pk, &pre_session, 2, 0, NULL) == 0);
+    CHECK(secp256k1_musig_session_init(sign, &session[0], signer0, nonce_commitment[0], session_id[0], msg, &combined_pk, &pre_session, 2, 0, NULL) == 0);
    CHECK(ecount == 12);
    /* secret key overflows */
-    CHECK(secp256k1_musig_session_initialize(sign, &session[0], signer0, nonce_commitment[0], session_id[0], msg, &combined_pk, &pre_session, 2, 0, ones) == 0);
+    CHECK(secp256k1_musig_session_init(sign, &session[0], signer0, nonce_commitment[0], session_id[0], msg, &combined_pk, &pre_session, 2, 0, ones) == 0);
    CHECK(ecount == 12);
-    CHECK(secp256k1_musig_session_initialize(sign, &session[0], signer0, nonce_commitment[0], session_id[0], msg, &combined_pk, &pre_session, 2, 0, sk[0]) == 1);
+    CHECK(secp256k1_musig_session_init(sign, &session[0], signer0, nonce_commitment[0], session_id[0], msg, &combined_pk, &pre_session, 2, 0, sk[0]) == 1);
-    CHECK(secp256k1_musig_session_initialize(sign, &session[1], signer1, nonce_commitment[1], session_id[1], msg, &combined_pk, &pre_session, 2, 1, sk[1]) == 1);
+    CHECK(secp256k1_musig_session_init(sign, &session[1], signer1, nonce_commitment[1], session_id[1], msg, &combined_pk, &pre_session, 2, 1, sk[1]) == 1);
    ncs[0] = nonce_commitment[0];
    ncs[1] = nonce_commitment[1];
    ecount = 0;
-    CHECK(secp256k1_musig_session_initialize_verifier(none, &verifier_session, verifier_signer_data, msg, &combined_pk, &pre_session, ncs, 2) == 1);
+    CHECK(secp256k1_musig_session_init_verifier(none, &verifier_session, verifier_signer_data, msg, &combined_pk, &pre_session, ncs, 2) == 1);
    CHECK(ecount == 0);
-    CHECK(secp256k1_musig_session_initialize_verifier(none, NULL, verifier_signer_data, msg, &combined_pk, &pre_session, ncs, 2) == 0);
+    CHECK(secp256k1_musig_session_init_verifier(none, NULL, verifier_signer_data, msg, &combined_pk, &pre_session, ncs, 2) == 0);
    CHECK(ecount == 1);
-    CHECK(secp256k1_musig_session_initialize_verifier(none, &verifier_session, verifier_signer_data, NULL, &combined_pk, &pre_session, ncs, 2) == 0);
+    CHECK(secp256k1_musig_session_init_verifier(none, &verifier_session, verifier_signer_data, NULL, &combined_pk, &pre_session, ncs, 2) == 0);
    CHECK(ecount == 2);
-    CHECK(secp256k1_musig_session_initialize_verifier(none, &verifier_session, verifier_signer_data, msg, NULL, &pre_session, ncs, 2) == 0);
+    CHECK(secp256k1_musig_session_init_verifier(none, &verifier_session, verifier_signer_data, msg, NULL, &pre_session, ncs, 2) == 0);
    CHECK(ecount == 3);
-    CHECK(secp256k1_musig_session_initialize_verifier(none, &verifier_session, verifier_signer_data, msg, &combined_pk, NULL, ncs, 2) == 0);
+    CHECK(secp256k1_musig_session_init_verifier(none, &verifier_session, verifier_signer_data, msg, &combined_pk, NULL, ncs, 2) == 0);
    CHECK(ecount == 4);
-    CHECK(secp256k1_musig_session_initialize_verifier(none, &verifier_session, verifier_signer_data, msg, &combined_pk, &pre_session, NULL, 2) == 0);
+    CHECK(secp256k1_musig_session_init_verifier(none, &verifier_session, verifier_signer_data, msg, &combined_pk, &pre_session, NULL, 2) == 0);
    CHECK(ecount == 5);
-    CHECK(secp256k1_musig_session_initialize_verifier(none, &verifier_session, verifier_signer_data, msg, &combined_pk, &pre_session, ncs, 0) == 0);
+    CHECK(secp256k1_musig_session_init_verifier(none, &verifier_session, verifier_signer_data, msg, &combined_pk, &pre_session, ncs, 0) == 0);
    CHECK(ecount == 6);
    if (SIZE_MAX > UINT32_MAX) {
-        CHECK(secp256k1_musig_session_initialize_verifier(none, &verifier_session, verifier_signer_data, msg, &combined_pk, &pre_session, ncs, ((size_t) UINT32_MAX) + 2) == 0);
+        CHECK(secp256k1_musig_session_init_verifier(none, &verifier_session, verifier_signer_data, msg, &combined_pk, &pre_session, ncs, ((size_t) UINT32_MAX) + 2) == 0);
    }
    CHECK(ecount == 7);
-    CHECK(secp256k1_musig_session_initialize_verifier(none, &verifier_session, verifier_signer_data, msg, &combined_pk, &pre_session, ncs, 2) == 1);
+    CHECK(secp256k1_musig_session_init_verifier(none, &verifier_session, verifier_signer_data, msg, &combined_pk, &pre_session, ncs, 2) == 1);
    /** Signing step 0 -- exchange nonce commitments */
    ecount = 0;
@ -296,26 +296,26 @@ void musig_api_tests(secp256k1_scratch_space *scratch) {
        ecount = 0;
        memcpy(&session_0_tmp, &session[0], sizeof(session_0_tmp));
-        CHECK(secp256k1_musig_session_combine_nonces(none, &session_0_tmp, signer0, 2, &nonce_is_negated, &adaptor) == 1);
+        CHECK(secp256k1_musig_session_combine_nonces(none, &session_0_tmp, signer0, 2, &combined_nonce_parity, &adaptor) == 1);
        memcpy(&session_0_tmp, &session[0], sizeof(session_0_tmp));
-        CHECK(secp256k1_musig_session_combine_nonces(none, NULL, signer0, 2, &nonce_is_negated, &adaptor) == 0);
+        CHECK(secp256k1_musig_session_combine_nonces(none, NULL, signer0, 2, &combined_nonce_parity, &adaptor) == 0);
        CHECK(ecount == 1);
        /* Uninitialized session */
-        CHECK(secp256k1_musig_session_combine_nonces(none, &session_uninitialized, signer0, 2, &nonce_is_negated, &adaptor) == 0);
+        CHECK(secp256k1_musig_session_combine_nonces(none, &session_uninitialized, signer0, 2, &combined_nonce_parity, &adaptor) == 0);
        CHECK(ecount == 2);
-        CHECK(secp256k1_musig_session_combine_nonces(none, &session_0_tmp, NULL, 2, &nonce_is_negated, &adaptor) == 0);
+        CHECK(secp256k1_musig_session_combine_nonces(none, &session_0_tmp, NULL, 2, &combined_nonce_parity, &adaptor) == 0);
        CHECK(ecount == 3);
        /* Number of signers differs from number during intialization */
-        CHECK(secp256k1_musig_session_combine_nonces(none, &session_0_tmp, signer0, 1, &nonce_is_negated, &adaptor) == 0);
+        CHECK(secp256k1_musig_session_combine_nonces(none, &session_0_tmp, signer0, 1, &combined_nonce_parity, &adaptor) == 0);
        CHECK(ecount == 4);
        CHECK(secp256k1_musig_session_combine_nonces(none, &session_0_tmp, signer0, 2, NULL, &adaptor) == 1);
        CHECK(ecount == 4);
        memcpy(&session_0_tmp, &session[0], sizeof(session_0_tmp));
-        CHECK(secp256k1_musig_session_combine_nonces(none, &session_0_tmp, signer0, 2, &nonce_is_negated, NULL) == 1);
+        CHECK(secp256k1_musig_session_combine_nonces(none, &session_0_tmp, signer0, 2, &combined_nonce_parity, NULL) == 1);
-        CHECK(secp256k1_musig_session_combine_nonces(none, &session[0], signer0, 2, &nonce_is_negated, &adaptor) == 1);
+        CHECK(secp256k1_musig_session_combine_nonces(none, &session[0], signer0, 2, &combined_nonce_parity, &adaptor) == 1);
-        CHECK(secp256k1_musig_session_combine_nonces(none, &session[1], signer0, 2, &nonce_is_negated, &adaptor) == 1);
+        CHECK(secp256k1_musig_session_combine_nonces(none, &session[1], signer0, 2, &combined_nonce_parity, &adaptor) == 1);
-        CHECK(secp256k1_musig_session_combine_nonces(none, &verifier_session, verifier_signer_data, 2, &nonce_is_negated, &adaptor) == 1);
+        CHECK(secp256k1_musig_session_combine_nonces(none, &verifier_session, verifier_signer_data, 2, &combined_nonce_parity, &adaptor) == 1);
    }
    /** Signing step 2 -- partial signatures */
@ -384,16 +384,16 @@ void musig_api_tests(secp256k1_scratch_space *scratch) {
    /** Adaptor signature verification */
    memcpy(&partial_sig_adapted[1], &partial_sig[1], sizeof(partial_sig_adapted[1]));
    ecount = 0;
-    CHECK(secp256k1_musig_partial_sig_adapt(none, &partial_sig_adapted[0], &partial_sig[0], sec_adaptor, nonce_is_negated) == 1);
+    CHECK(secp256k1_musig_partial_sig_adapt(none, &partial_sig_adapted[0], &partial_sig[0], sec_adaptor, combined_nonce_parity) == 1);
    CHECK(secp256k1_musig_partial_sig_adapt(none, NULL, &partial_sig[0], sec_adaptor, 0) == 0);
    CHECK(ecount == 1);
    CHECK(secp256k1_musig_partial_sig_adapt(none, &partial_sig_adapted[0], NULL, sec_adaptor, 0) == 0);
    CHECK(ecount == 2);
-    CHECK(secp256k1_musig_partial_sig_adapt(none, &partial_sig_adapted[0], &partial_sig_overflow, sec_adaptor, nonce_is_negated) == 0);
+    CHECK(secp256k1_musig_partial_sig_adapt(none, &partial_sig_adapted[0], &partial_sig_overflow, sec_adaptor, combined_nonce_parity) == 0);
    CHECK(ecount == 2);
    CHECK(secp256k1_musig_partial_sig_adapt(none, &partial_sig_adapted[0], &partial_sig[0], NULL, 0) == 0);
    CHECK(ecount == 3);
-    CHECK(secp256k1_musig_partial_sig_adapt(none, &partial_sig_adapted[0], &partial_sig[0], ones, nonce_is_negated) == 0);
+    CHECK(secp256k1_musig_partial_sig_adapt(none, &partial_sig_adapted[0], &partial_sig[0], ones, combined_nonce_parity) == 0);
    CHECK(ecount == 3);
    /** Signing combining and verification */
@ -430,7 +430,7 @@ void musig_api_tests(secp256k1_scratch_space *scratch) {
    /** Secret adaptor can be extracted from signature */
    ecount = 0;
-    CHECK(secp256k1_musig_extract_secret_adaptor(none, sec_adaptor1, final_sig, partial_sig, 2, nonce_is_negated) == 1);
+    CHECK(secp256k1_musig_extract_secret_adaptor(none, sec_adaptor1, final_sig, partial_sig, 2, combined_nonce_parity) == 1);
    CHECK(memcmp(sec_adaptor, sec_adaptor1, 32) == 0);
    CHECK(secp256k1_musig_extract_secret_adaptor(none, NULL, final_sig, partial_sig, 2, 0) == 0);
    CHECK(ecount == 1);
@ -440,7 +440,7 @@ void musig_api_tests(secp256k1_scratch_space *scratch) {
        unsigned char final_sig_tmp[64];
        memcpy(final_sig_tmp, final_sig, sizeof(final_sig_tmp));
        memcpy(&final_sig_tmp[32], ones, 32);
-        CHECK(secp256k1_musig_extract_secret_adaptor(none, sec_adaptor1, final_sig_tmp, partial_sig, 2, nonce_is_negated) == 0);
+        CHECK(secp256k1_musig_extract_secret_adaptor(none, sec_adaptor1, final_sig_tmp, partial_sig, 2, combined_nonce_parity) == 0);
    }
    CHECK(ecount == 2);
    CHECK(secp256k1_musig_extract_secret_adaptor(none, sec_adaptor1, final_sig, NULL, 2, 0) == 0);
@ -449,7 +449,7 @@ void musig_api_tests(secp256k1_scratch_space *scratch) {
        secp256k1_musig_partial_signature partial_sig_tmp[2];
        partial_sig_tmp[0] = partial_sig[0];
        partial_sig_tmp[1] = partial_sig_overflow;
-        CHECK(secp256k1_musig_extract_secret_adaptor(none, sec_adaptor1, final_sig, partial_sig_tmp, 2, nonce_is_negated) == 0);
+        CHECK(secp256k1_musig_extract_secret_adaptor(none, sec_adaptor1, final_sig, partial_sig_tmp, 2, combined_nonce_parity) == 0);
    }
    CHECK(ecount == 3);
    CHECK(secp256k1_musig_extract_secret_adaptor(none, sec_adaptor1, final_sig, partial_sig, 0, 0) == 1);
@ -486,9 +486,9 @@ void musig_state_machine_diff_signer_msghash_test(unsigned char *msghash, secp25
    pks_tmp[0] = pks[0];
    CHECK(secp256k1_xonly_pubkey_create(&pks_tmp[1], sk_dummy) == 1);
    CHECK(secp256k1_musig_pubkey_combine(ctx, NULL, &combined_pk_tmp, &pre_session_tmp, pks_tmp, 2) == 1);
-    CHECK(secp256k1_musig_session_initialize(ctx, &session_tmp, signers_tmp, nonce_commitment, session_id, msg, &combined_pk_tmp, &pre_session_tmp, 2, 1, sk_dummy) == 1);
+    CHECK(secp256k1_musig_session_init(ctx, &session_tmp, signers_tmp, nonce_commitment, session_id, msg, &combined_pk_tmp, &pre_session_tmp, 2, 1, sk_dummy) == 1);
-    CHECK(secp256k1_musig_session_initialize(ctx, &session, signers, nonce_commitment, session_id, msg, combined_pk, pre_session, 2, 0, sk) == 1);
+    CHECK(secp256k1_musig_session_init(ctx, &session, signers, nonce_commitment, session_id, msg, combined_pk, pre_session, 2, 0, sk) == 1);
    CHECK(memcmp(nonce_commitment, nonce_commitments[1], 32) == 0);
    /* Call get_public_nonce with different signers than the signers the session was
     * initialized with. */
@ -517,7 +517,7 @@ int musig_state_machine_diff_signers_combine_nonce_test(secp256k1_xonly_pubkey *
    /* Initialize new signers */
    secp256k1_testrand256(session_id);
-    CHECK(secp256k1_musig_session_initialize(ctx, &session, signers, nonce_commitment, session_id, msg, combined_pk, pre_session, 2, 1, sk) == 1);
+    CHECK(secp256k1_musig_session_init(ctx, &session, signers, nonce_commitment, session_id, msg, combined_pk, pre_session, 2, 1, sk) == 1);
    ncs[0] = nonce_commitment_other;
    ncs[1] = nonce_commitment;
    CHECK(secp256k1_musig_session_get_public_nonce(ctx, &session, signers, &nonce, ncs, 2, NULL) == 1);
@ -549,7 +549,7 @@ void musig_state_machine_late_msg_test(secp256k1_xonly_pubkey *pks, secp256k1_xo
    secp256k1_musig_partial_signature partial_sig;
    secp256k1_context_set_illegal_callback(ctx_tmp, counting_illegal_callback_fn, &ecount);
-    CHECK(secp256k1_musig_session_initialize(ctx, &session, signers, nonce_commitment, session_id, NULL, combined_pk, pre_session, 2, 1, sk) == 1);
+    CHECK(secp256k1_musig_session_init(ctx, &session, signers, nonce_commitment, session_id, NULL, combined_pk, pre_session, 2, 1, sk) == 1);
    ncs[0] = nonce_commitment_other;
    ncs[1] = nonce_commitment;
@ -609,8 +609,8 @@ void musig_state_machine_tests(secp256k1_scratch_space *scratch) {
        CHECK(secp256k1_xonly_pubkey_create(&pk[0], sk[0]) == 1);
        CHECK(secp256k1_xonly_pubkey_create(&pk[1], sk[1]) == 1);
        CHECK(secp256k1_musig_pubkey_combine(ctx, scratch, &combined_pk, &pre_session, pk, 2) == 1);
-        CHECK(secp256k1_musig_session_initialize(ctx, &session[0], signers0, nonce_commitment[0], session_id[0], msg, &combined_pk, &pre_session, 2, 0, sk[0]) == 1);
+        CHECK(secp256k1_musig_session_init(ctx, &session[0], signers0, nonce_commitment[0], session_id[0], msg, &combined_pk, &pre_session, 2, 0, sk[0]) == 1);
-        CHECK(secp256k1_musig_session_initialize(ctx, &session[1], signers1, nonce_commitment[1], session_id[1], msg, &combined_pk, &pre_session, 2, 1, sk[1]) == 1);
+        CHECK(secp256k1_musig_session_init(ctx, &session[1], signers1, nonce_commitment[1], session_id[1], msg, &combined_pk, &pre_session, 2, 1, sk[1]) == 1);
        /* Can't combine nonces unless we're through round 1 already */
        ecount = 0;
        CHECK(secp256k1_musig_session_combine_nonces(ctx_tmp, &session[0], signers0, 2, NULL, NULL) == 0);
@ -708,8 +708,8 @@ void scriptless_atomic_swap(secp256k1_scratch_space *scratch) {
    const unsigned char *noncommit_b_ptr[2];
    secp256k1_pubkey pubnon_a[2];
    secp256k1_pubkey pubnon_b[2];
-    int nonce_is_negated_a;
+    int combined_nonce_parity_a;
-    int nonce_is_negated_b;
+    int combined_nonce_parity_b;
    secp256k1_musig_session_signer_data data_a[2];
    secp256k1_musig_session_signer_data data_b[2];
@ -733,13 +733,13 @@ void scriptless_atomic_swap(secp256k1_scratch_space *scratch) {
    CHECK(secp256k1_musig_pubkey_combine(ctx, scratch, &combined_pk_a, &pre_session_a, pk_a, 2));
    CHECK(secp256k1_musig_pubkey_combine(ctx, scratch, &combined_pk_b, &pre_session_b, pk_b, 2));
-    CHECK(secp256k1_musig_session_initialize(ctx, &musig_session_a[0], data_a, noncommit_a[0], seed, msg32_a, &combined_pk_a, &pre_session_a, 2, 0, seckey_a[0]));
+    CHECK(secp256k1_musig_session_init(ctx, &musig_session_a[0], data_a, noncommit_a[0], seed, msg32_a, &combined_pk_a, &pre_session_a, 2, 0, seckey_a[0]));
-    CHECK(secp256k1_musig_session_initialize(ctx, &musig_session_a[1], data_a, noncommit_a[1], seed, msg32_a, &combined_pk_a, &pre_session_a, 2, 1, seckey_a[1]));
+    CHECK(secp256k1_musig_session_init(ctx, &musig_session_a[1], data_a, noncommit_a[1], seed, msg32_a, &combined_pk_a, &pre_session_a, 2, 1, seckey_a[1]));
    noncommit_a_ptr[0] = noncommit_a[0];
    noncommit_a_ptr[1] = noncommit_a[1];
-    CHECK(secp256k1_musig_session_initialize(ctx, &musig_session_b[0], data_b, noncommit_b[0], seed, msg32_b, &combined_pk_b, &pre_session_b, 2, 0, seckey_b[0]));
+    CHECK(secp256k1_musig_session_init(ctx, &musig_session_b[0], data_b, noncommit_b[0], seed, msg32_b, &combined_pk_b, &pre_session_b, 2, 0, seckey_b[0]));
-    CHECK(secp256k1_musig_session_initialize(ctx, &musig_session_b[1], data_b, noncommit_b[1], seed, msg32_b, &combined_pk_b, &pre_session_b, 2, 1, seckey_b[1]));
+    CHECK(secp256k1_musig_session_init(ctx, &musig_session_b[1], data_b, noncommit_b[1], seed, msg32_b, &combined_pk_b, &pre_session_b, 2, 1, seckey_b[1]));
    noncommit_b_ptr[0] = noncommit_b[0];
    noncommit_b_ptr[1] = noncommit_b[1];
@ -752,9 +752,9 @@ void scriptless_atomic_swap(secp256k1_scratch_space *scratch) {
    CHECK(secp256k1_musig_set_nonce(ctx, &data_a[1], &pubnon_a[1]));
    CHECK(secp256k1_musig_set_nonce(ctx, &data_b[0], &pubnon_b[0]));
    CHECK(secp256k1_musig_set_nonce(ctx, &data_b[1], &pubnon_b[1]));
-    CHECK(secp256k1_musig_session_combine_nonces(ctx, &musig_session_a[0], data_a, 2, &nonce_is_negated_a, &pub_adaptor));
+    CHECK(secp256k1_musig_session_combine_nonces(ctx, &musig_session_a[0], data_a, 2, &combined_nonce_parity_a, &pub_adaptor));
    CHECK(secp256k1_musig_session_combine_nonces(ctx, &musig_session_a[1], data_a, 2, NULL, &pub_adaptor));
-    CHECK(secp256k1_musig_session_combine_nonces(ctx, &musig_session_b[0], data_b, 2, &nonce_is_negated_b, &pub_adaptor));
+    CHECK(secp256k1_musig_session_combine_nonces(ctx, &musig_session_b[0], data_b, 2, &combined_nonce_parity_b, &pub_adaptor));
    CHECK(secp256k1_musig_session_combine_nonces(ctx, &musig_session_b[1], data_b, 2, NULL, &pub_adaptor));
    /* Step 3: Signer 0 produces partial signatures for both chains. */
@ -770,16 +770,16 @@ void scriptless_atomic_swap(secp256k1_scratch_space *scratch) {
    /* Step 5: Signer 0 adapts its own partial signature and combines it with the
     * partial signature from signer 1. This results in a complete signature which
     * is broadcasted by signer 0 to take B-coins. */
-    CHECK(secp256k1_musig_partial_sig_adapt(ctx, &partial_sig_b_adapted[0], &partial_sig_b[0], sec_adaptor, nonce_is_negated_b));
+    CHECK(secp256k1_musig_partial_sig_adapt(ctx, &partial_sig_b_adapted[0], &partial_sig_b[0], sec_adaptor, combined_nonce_parity_b));
    memcpy(&partial_sig_b_adapted[1], &partial_sig_b[1], sizeof(partial_sig_b_adapted[1]));
    CHECK(secp256k1_musig_partial_sig_combine(ctx, &musig_session_b[0], final_sig_b, partial_sig_b_adapted, 2) == 1);
    CHECK(secp256k1_schnorrsig_verify(ctx, final_sig_b, msg32_b, &combined_pk_b) == 1);
    /* Step 6: Signer 1 extracts adaptor from the published signature, applies it to
     * other partial signature, and takes A-coins. */
-    CHECK(secp256k1_musig_extract_secret_adaptor(ctx, sec_adaptor_extracted, final_sig_b, partial_sig_b, 2, nonce_is_negated_b) == 1);
+    CHECK(secp256k1_musig_extract_secret_adaptor(ctx, sec_adaptor_extracted, final_sig_b, partial_sig_b, 2, combined_nonce_parity_b) == 1);
    CHECK(memcmp(sec_adaptor_extracted, sec_adaptor, sizeof(sec_adaptor)) == 0); /* in real life we couldn't check this, of course */
-    CHECK(secp256k1_musig_partial_sig_adapt(ctx, &partial_sig_a[0], &partial_sig_a[0], sec_adaptor_extracted, nonce_is_negated_a));
+    CHECK(secp256k1_musig_partial_sig_adapt(ctx, &partial_sig_a[0], &partial_sig_a[0], sec_adaptor_extracted, combined_nonce_parity_a));
    CHECK(secp256k1_musig_partial_sign(ctx, &musig_session_a[1], &partial_sig_a[1]));
    CHECK(secp256k1_musig_partial_sig_combine(ctx, &musig_session_a[1], final_sig_a, partial_sig_a, 2) == 1);
    CHECK(secp256k1_schnorrsig_verify(ctx, final_sig_a, msg32_a, &combined_pk_a) == 1);
@ -818,6 +818,7 @@ void sha256_tag_test(void) {
    CHECK(memcmp(buf, buf2, 32) == 0);
 }
 void run_musig_tests(void) {
    int i;
    secp256k1_scratch_space *scratch = secp256k1_scratch_space_create(ctx, 1024 * 1024);
@ -828,7 +829,7 @@ void run_musig_tests(void) {
    musig_api_tests(scratch);
    musig_state_machine_tests(scratch);
    for (i = 0; i < count; i++) {
-        /* Run multiple times to ensure that the nonce is negated in some tests */
+        /* Run multiple times to ensure that the nonce has different y parities */
        scriptless_atomic_swap(scratch);
    }
    sha256_tag_test();