Suppose you create an 8 of 10 multisig address and send a coin to it.
Can you now:
With any 8 of the 10 private keys digitally sign some text as proof of ownership?
What public key(s) need to be made public to do so?
Can you prove you have just one of these 10 keys?
OK leaving the current BIP as I understand it for now, is there some way a number of keys (say 20) could go into a signature in such a way that the 20 key holders do not know if theirs was one of the 8 ones which make the signature valid for the ownership of the coin?
There are two ways to do multisig right now, Conventional and P2SH.
In a conventional multisig, you provide a list of public keys and a count of how many signatures are required for the transaction. As soon as you transmit that transaction, the entire network knows the list of public keys.
In P2SH, you create that list, but you don't send it to the network. You hash it, and send that hash instead. Now the entire network knows that there is a transaction, and they will be able to verify that the right keys are signing it later, but until that transaction is redeemed, they won't know what any of the keys are.
All of the public keys are revealed at the same time. If you want to prove ownership of a P2SH transaction without redeeming it, you can provide the script and people can verify the hash. Obviously, you'd need to provide the
whole script for that, and that would have all of the public keys in it.
You can sign arbitrary messages using any/all of the private keys, and people would be able to confirm that you did indeed possess whichever keys you used in this way. How many of them you'd need to use to convince them is up to them. 1 would prove that you are involved. 8 would prove capability of spending. 10 should strongly suggest that you created it in the first place.
