will break down this into multiple posts this week

This is what I needed!

Still reading this:

https://hrf.org/latest/cisa-research-paper/

forgot to include this important info in the first post 😬 here it is:

from https://hrf.org/latest/cisa-research-paper/

![](https://m.stacker.news/83952)

bitcoin_devs

will this be the next implementation or are we fine with taproot?

LibertasBR

Butterfinger

bitcoin

# CISA (Cross-Input Signature Aggregation) Explained

![CISA Overview](https://m.stacker.news/83885)

---

**CISA**  is a way to combine multiple signature from a transaction into one

![Signature Aggregation](https://m.stacker.news/83886)

This is made possible thanks to the **linearity** property of **Schnorr signatures**, which enables aggregation of multiple signatures into a single one.

Originally, CISA was considered for inclusion in **Taproot**, but the idea was abandoned to keep Taproot simple and manageable.

---

> ⚠️ Don’t confuse **CISA** with protocols like **MuSig** or **FROST**  
> **Signature aggregation ≠ Key aggregation**

---

## CISA vs Key Aggregation

### Difference #1: 

![CISA vs Key Aggregation](https://m.stacker.news/83882)

---

### Difference #2:

- **Key Aggregation**: The verifier only needs the aggregated public key and a single message.  
- **CISA**: The verifier needs all the individual public keys and their corresponding messages.

![Verifier Differences](https://m.stacker.news/83883)

---

### Difference #3:

- **CISA** is used during **transaction signing**  
- **MuSig** is used during **address creation**

---

There are two types of CISA: 

- **Half-Agg**
- **Full-Agg**

🧵 *We’ll explain them in upcoming posts.*

![Half-Agg vs Full-Agg](https://m.stacker.news/83884)


---

## More Resources

- [CISA Research](https://cisaresearch.org)  
- [HRF CISA Research Paper](https://hrf.org/latest/cisa-research-paper)  
- [Blockstream CISA GitHub](https://github.com/BlockstreamResearch/cross-input-aggregation)
