I think you can use curve trees, something like nostr:nprofile1qqsxwkuyle67y94tj378gw8w2xw2wa6nwmwlqhddlwnz0z7sztsaw2qpz9mhxue69uhkummnw3ezuamfdejj7nxasma's auct-ct? It's got log size proofs
What can you do with Monero style ring signatures for Nostr ?
You can build an Anonymous Voting platform using Nostr identities to vote.
Thanks to the Back's Linkable Spontaneous Anonymous Group, you can detect double voting without leaking identities.
Check Ringable demo 👇
A client-side anonymous voting platform using Nostr-compatible ring signatures.
Ringable allows users to create proposals and vote anonymously as part of a predefined group (a "ring" of public keys). It leverages the cryptographic power of bLSAG ring signatures to ensure that while votes are verified as coming from a valid member of the ring, the specific voter's identity remains hidden.
The cryptographic functions are powered by the Nostringer Rust library, compiled to WebAssembly (WASM) for use in the browser.
Live demo: https://ringable.starknetonbitcoin.com
Ringable rep: https://github.com/AbdelStark/ringable
Nostringer: https://github.com/AbdelStark/nostringer-rs
Discussion
You could use aut-ct indeed, but ring signatures are fine for smallish anon sets. I think it would be worth switching to something like that if we have a use case where we want 10k-1M+ anon set over npubs. Tbh I don't really know what the planned use cases are. It would require some setup where everyone agrees on the "currently applicable set" of that 10k-1M npubs. With v. small anon sets however, you can just send them as part of the ring sig; less hassle.
Btw you can get log sized proof ring signatures even sticking to basic discrete log. The fundamental problem that ring sigs have, that curve trees solve, is linear verification time.