I am studying the MuSig protocol and I have problems to capture certain segments. This is my understanding so far:
In the current Bitcoin CHECKMULTISIG format, the size of the signature grows linearly with the number of additional "m" signers. The way in which CHECKMULTISIG works is that each signer produces its own independent signature, and we incorporate all these individual values in the scriptsig. Therefore, a 3 of 5 unlock script could read [sig 1][sig 2][sig 5]… for simplicity, I will call this compilation of all individual sig values the "group signature". In the given example, this signature field would be 3 times the length of a standard P2PKH.
In a "naive" Schnorr multiple signature scheme, instead of eliminating all potential public keys and [much larger] By signing the group in the block chain for the verifier calculation, we can make the signers interactively add their individual public keys in a pre-admission phase to obtain a single "aggregate" key, which is read as a synonym for a key traditional public An external member could send BTC to this aggregated key, where it would be controlled by the group members. For the group to spend, each party will create a partial signature with their unique personal keys and interactively add all these signature values to create a group signature. At this point, we are left with a group signature (which is the size of a basic P2PKH signature) and an aggregate public key that is added to the block chain, which gives us great space savings. However, this scheme is insecure unless it operates under a KOSK model. We turn to another variant of Schnorr, MuSig, which can offer key aggregation securely while operating in the context of a simple public key.
The publication of the Blockstream blog of 2018 says:
Instead of limiting ourselves to one signature per entry, we can obtain a signature for the entire transaction. The aggregation of keys can not be used through multiple entries, since the outputs are committed to public keys, and can be spent independently.
I'm having trouble understanding this paragraph. I suppose you should refer to each key added in scriptsig, since the scriptpubkey of the previous sender would have required tests to unlock the tax. I'm struggling to understand how the added signature is achieved in various ticket parts.