Cross-Input Signature Aggregation (CISA)

Cross-Input Signature Aggregation (CISA) is a proposed Bitcoin protocol upgrade that would let a transaction combine the separate signatures from all of its inputs into a single aggregate signature covering the whole transaction. Today each input carries its own 64-byte Schnorr signature; CISA collapses that redundancy, reducing transaction weight and therefore the fees a multi-input spend incurs.

Half-aggregation versus full aggregation

Two flavors are studied. Full aggregation would interactively merge all input signatures into one 64-byte signature, but requires the signers to coordinate. Half-aggregation is non-interactive — any third party can compress a set of BIP 340 signatures into a combined signature roughly half the size of the originals, without involving the signers at all. The half-aggregation security proof reduces to the security of Schnorr signatures themselves, giving it a solid cryptographic footing.

Realistic savings

The benefit is meaningful but bounded: signatures are only part of an input's data. Even with aggregation, each input still carries its 36-byte outpoint and other fields, so CISA offers a modest per-transaction reduction that grows with input count — most valuable for consolidations, CoinJoins, and batched payments. The idea traces to block-wide aggregation discussions from 2017 and remains an active research track rather than a deployed soft fork.

CISA builds directly on the Schnorr signature scheme that OP_CHECKSIG already validates under Tapscript, and shares the batch-verification ethos behind OP_CHECKSIGADD.