Schnorr Signatures

Schnorr signatures were invented by Claus-Peter Schnorr in 1989. Patent restrictions kept them out of standards until 2008. They're simpler than ECDSA: the security proof is straightforward, signatures are deterministic without RFC 6979 hacks, and signatures are linear — meaning you can add public keys and signatures from multiple parties to produce a single combined signature indistinguishable from a single-party one.

BIP-340 (2021) adopted Schnorr for Taproot. The 64-byte Schnorr signature replaced the variable-length DER-encoded ECDSA. More importantly, n-of-n multisig now looks on-chain like a single signature — both cheaper to verify and more private.

MuSig2 builds on top: two or more signers run an interactive protocol, then sign the same hash with a combined key. To the chain, it's indistinguishable from one person signing. Lightning's Taproot channels (still rolling out as of 2025) use exactly this to make cooperative closes invisible to outside observers.