Merging Public Keys — Aggregated Signing with Schnorr

We live in a fake digital world, and where we have basically scaled wet signatures into a digital world with scribbles on an electronic document. The most trusted method is to sign for a message with a private key and to prove with the associated public key. But what happens when we have many signers, we would have to add the signature for each person on the document and provide each of their public keys. This might take some time to check. So can we merge the signatures into one signature, and also merge the public keys, so that someone can check the merged signature against the merged public keys? Well, yes, we can … with the Schnorr signature method. So, let’s take a simple example, and show how it can work.

To sign a message, Bob takes his private key, a random value (r_i) and a message (msg), and produces a signature: (R,s). Initially, Bob generates a private key of x_1 and a public key of:

X_1=x_1 G

and where G is the base point on the curve. Alice will generate her private key (x_2) and a public key of:

X_2=x_2 G

Now we can merge their public keys to give:

X=X_1+X_2

For Bob’s signature, he generates a random value r_1 and computes: