Alice wishes to donate to Bob anonymously.Alice wishes to create a bitcoin "stealth" address for Bob (which cannot be associated to Bob on the blockchain explorer).Alice has Bob's Schnorr PublicKey1 from his website.Alice produces on her laptop a new (privateKey2, publicKey2) pair.Alice creates aggregated PubKey1 + PubKey2 using Schnorr's aggregated public keys feature.Alice sends bitcoins to the aggregated PubKey1 + PubKey2.Alice shares the privKey2 with Bob via a secure end-to-end channel.Later, Bob logs in and retrieves the PrivKey2 that Alice shared.Bob then calculates aggregated PrivKey1 + PrivKey2 and spends the unspent transaction.I was able to achieve PubKey1 + PubKey2 with the Musig2 aggregation function.import * as musig2 from '@scure/btc-signer/musig2.js'import {randomBytes} from "@noble/ciphers/utils.js"import {schnorr} from "@noble/curves/secp256k1.js"//alice pairprivateKey2 = randomBytes(32)publicKey2 = musig2.IndividualPubkey(privateKey1)const individualsPublicKeys = [publicKey1, publicKey2]; // Collect all individual public keysconst sortedPublicKeys = musig2.sortKeys(individualsPublicKeys); // Sort public keys lexicographically (as required by MuSig2)const aggregatePublicKey = musig2.keyAggregate(sortedPublicKeys).aggPublicKey.toBytes(true) // Extract aggregate public key (33 bytes)console.log(aggregatePublicKey)//PublicKey1 + PublicKey2//...//Alice send coins to address(aggregatePublicKey)//...how to compute aggregate privateKey1 + privateKey2 to spend the coins ?signature = schnorr.sign(msg, aggregatePrivateKey)schnorr.verify(signature, msg, aggregatePublicKey);But how does Bob compute the aggregated private key in JavaScript using the @scure/btc-signer @noble/curves/secp256k1 libraries? Is there a vulnerability while computing the aggregated private key? Bob distrusts Alice because she could be an awful adversary who could try to steal Bob's private key.I know Bob can implement musig2 partial signature, but my whole code already uses musig2 partial signature, thus this would result in a two-step recursion. In this scenario, I am unsure how to use musig2 partial signature.