You could use aut-ct indeed, but ring signatures are fine for smallish anon sets. I think it would be worth switching to something like that if we have a use case where we want 10k-1M+ anon set over npubs. Tbh I don't really know what the planned use cases are. It would require some setup where everyone agrees on the "currently applicable set" of that 10k-1M npubs. With v. small anon sets however, you can just send them as part of the ring sig; less hassle. Btw you can get log sized proof ring signatures even sticking to basic discrete log. The fundamental problem that ring sigs have, that curve trees solve, is linear verification time.