MuSig / MuSig2

MuSig (Maxwell, Poelstra, Seurin, Wuille, 2018) gives a Schnorr multisignature protocol where the combined public key looks like a single public key. n-of-n multisig stops being on-chain-distinguishable from a 1-of-1: the savings in fees, and the privacy benefit, are substantial.

MuSig2 (2020) fixes a usability problem in the original MuSig: signing required three communication rounds. MuSig2 reduces this to two, allowing partial nonces to be pre-shared, which makes it practical for human-paced workflows. The math is more delicate (a subtle nonce-rerandomization step prevents Wagner's attack) but the protocol is the basis for almost all production Schnorr-multisig today.

Use cases: Lightning Taproot channels (cooperative closes look like single-sig payments), Taproot Assets, and any n-of-n setup where you want privacy. For threshold (k-of-n where k < n) you need a different construction — FROST is the leading candidate.