Worked on some multisig stuff today, and I have a working proof-of-concept for MPC inversion, albeit under very weak security guarantees

Downside is the Paillier encryption stuff adds complexity and a separate static key per player (can be reused between signatures)

Right now I assume honest-but-curious players, who follow the MPC correctly but may be interested to learn other players' secrets

Some very initial draft code on the MPC inversion, of poor quality (should not be used anywhere): github.com/SarangNoether/skunkworks/blob/inverse-mpc/inverse.py

For a group of players holding additive shares of a secret scalar field element `x`, it collaboratively computes `1/x*U` for a fixed group element `U`

(this is the key image format for Triptych, RCT3, and one version of Omniring)