Multisignature: multiple public keys, same message (or transaction)
Aggregate signatures: multiple public keys, different messages (or transactions)
This talk looks at different ways to implement aggregate signatures and some of the challenges to doing so.
It's a handy idea for bitcoin because any time you spend more than one utxo you have more than one public key and if you could aggregate those signatures, it would make spending a whole bunch of utxos not much more expensive than spending just one utxo.
But even more cool is the idea that you could aggregate your signatures with other people who want to spend their utxos around the same time and now you have something that looks a lot like a coinjoin.
Note: most (perhaps all) schemes for signature aggregation involve a fork to Bitcoin.
Ruffing also provides a very nice explanation of Taproot transaction keypath spending versus script path spending. With the concerns around quantum computers, there is a feeling that the keypath spending in Taproot was a somewhat reckless design choice, but Ruffing shows that it does serve a purpose: the ability to simply spend your coins without any complicated path (even though you may also want them to have a complicated path available).
🔗 Privacy-friendly: https://inv.nadeko.net/watch?v=ir7U-_iyu0Y