The secp256k1 schnorr implementations use compressed keys, as do the ECDSA signatures, the difference being the schnorr has an unconventional modification where the LSB must be even (0) or the entire secret key value is inverted (xor with itself or bitwise NOT) and the 257th bit of the compressed pubkey is omitted for a neat 32 bytes.

I've yet to read the rest of this audit report but it seems a little ott.

Tldr?

your stream is cool