diff --git a/include/secp256k1_musig.h b/include/secp256k1_musig.h
index d580b8df..f3e4d9ee 100644
--- a/include/secp256k1_musig.h
+++ b/include/secp256k1_musig.h
@@ -77,7 +77,7 @@ typedef struct {
     unsigned char secnonce[32];
     secp256k1_pubkey nonce;
     unsigned char nonce_commitments_hash[32];
-    secp256k1_pubkey combined_nonce;
+    secp256k1_xonly_pubkey combined_nonce;
     int combined_nonce_parity;
 } secp256k1_musig_session;
 
diff --git a/src/modules/musig/main_impl.h b/src/modules/musig/main_impl.h
index 36791566..5353ebbd 100644
--- a/src/modules/musig/main_impl.h
+++ b/src/modules/musig/main_impl.h
@@ -376,18 +376,15 @@ int secp256k1_musig_session_combine_nonces(const secp256k1_context* ctx, secp256
         secp256k1_pubkey_load(ctx, &noncep, adaptor);
         secp256k1_gej_add_ge_var(&combined_noncej, &combined_noncej, &noncep, NULL);
     }
+
+    /* Negate nonce if Y coordinate is not square */
     secp256k1_ge_set_gej(&combined_noncep, &combined_noncej);
-    secp256k1_fe_normalize(&combined_noncep.y);
-    if (!secp256k1_fe_is_odd(&combined_noncep.y)) {
-        session->combined_nonce_parity = 0;
-    } else {
-        session->combined_nonce_parity = 1;
-        secp256k1_ge_neg(&combined_noncep, &combined_noncep);
-    }
+    secp256k1_fe_normalize_var(&combined_noncep.y);
+    session->combined_nonce_parity = secp256k1_extrakeys_ge_even_y(&combined_noncep);
     if (nonce_parity != NULL) {
         *nonce_parity = session->combined_nonce_parity;
     }
-    secp256k1_pubkey_save(&session->combined_nonce, &combined_noncep);
+    secp256k1_xonly_pubkey_save(&session->combined_nonce, &combined_noncep);
     session->round = 2;
     return 1;
 }
@@ -417,7 +414,7 @@ static void secp256k1_musig_compute_messagehash(const secp256k1_context *ctx, un
     VERIFY_CHECK(session->round >= 2);
 
     secp256k1_schnorrsig_sha256_tagged(&sha);
-    secp256k1_pubkey_load(ctx, &rp, &session->combined_nonce);
+    secp256k1_xonly_pubkey_load(ctx, &rp, &session->combined_nonce);
     secp256k1_fe_get_b32(buf, &rp.x);
     secp256k1_sha256_write(&sha, buf, 32);
 
@@ -498,7 +495,7 @@ int secp256k1_musig_partial_sig_combine(const secp256k1_context* ctx, const secp
         secp256k1_scalar_add(&s, &s, &term);
     }
 
-    secp256k1_pubkey_load(ctx, &noncep, &session->combined_nonce);
+    secp256k1_xonly_pubkey_load(ctx, &noncep, &session->combined_nonce);
     VERIFY_CHECK(!secp256k1_fe_is_odd(&noncep.y));
     secp256k1_fe_normalize(&noncep.x);
     secp256k1_fe_get_b32(&sig64[0], &noncep.x);