Schnorr Signatures … How To Sign and Merge Public Keys (with Multiple Signers)
In Feb 1989, Claus Schnorr submitted a patent which was assigned to no one. It has 11 claims, and allowed digital signatures to be merged for multiple signers [here]:
This method has the great advantage that we can have multiple signers to a message or a transaction, and end up with a single signature for all the signers. It is now being used in Bitcoin transactions so that we have an efficient signature for a transaction that involves multiple entities.
The signature
With the Schnorr signature, we create a signature (R,s) for a hash of the message (m). Initially, Peggy (the prover) has a private key r, and her public key will then be:
U=r×G
and where G is the base point on the curve. She then generates random nonce (r_t) for the signing of a message and defines a commitment to this value:
U_t=r_t×G
Next, with a message (m), she computes a challenge (c) with a hash function of:
c=H(m,U_t)