This is the biggest upgrade to Bitcoin since last year's Segwit upgrade
https://www.coindesk.com/schnorr-is-looking-poised-to-become-bitcoins-biggest-change-since-segwit/
"Estimates are that this upgrade would reduce the use of storage and bandwidth by at least 25%. To point out the obvious: that is a huge efficiency gain."
https://medium.com/@SDWouters/why-schnorr-signatures-will-help-solve-2-of-bitcoins-biggest-problems-today-9b7718e7861c
"This document proposes a standard for 64-byte Schnorr signatures over the elliptic curve secp256k1."
https://github.com/sipa/bips/blob/bip-schnorr/bip-schnorr.mediawiki
Bitcoin has traditionally used ECDSA signatures over the secp256k1 curve for authenticating transactions. These are standardized, but have a number of downsides compared to Schnorr signatures over the same curve:
Security proof: The security of Schnorr signatures is easily provable in the random oracle model assuming the elliptic curve discrete logarithm problem (ECDLP) is hard. Such a proof does not exist for ECDSA.
Non-malleability: ECDSA signatures are inherently malleable; a third party without access to the private key can alter an existing valid signature for a given public key and message into another signature that is valid for the same key and message. This issue is discussed in BIP62. On the other hand, Schnorr signatures are provably non-malleable.
Linearity: Schnorr signatures have the remarkable property that multiple parties can collaborate to produce a signature that is valid for the sum of their public keys. This is the building block for various higher-level constructions that improve efficiency and privacy, such as multisignatures and others (see Applications below).
For all these advantages, there are virtually no disadvantages, apart from not being standardized. This document seeks to change that. As we propose a new standard, a number of improvements not specific to Schnorr signatures can be made:
Signature encoding: Instead of DER-encoding for signatures (which are variable size, and up to 72 bytes), we can use a simple fixed 64-byte format.
Batch validation: The specific formulation of ECDSA signatures that is standardized cannot be validated more efficiently in batch compared to individually, unless additional witness data is added. Changing the signature scheme offers an opportunity to avoid this."
https://github.com/sipa/bips/blob/bip-schnorr/bip-schnorr.mediawiki