Remember kids, in the Schnorr family of signatures nonces are *fragile* not robust. Bias them by a few bits and you're in serious danger to lattice attacks. Generating them with an algo where half the bits are public knowledge could be considered ... inadvisable 😆