It is known that BLS signatures support non-interactive aggregation: given $n$ $(\operatorname{message}, \operatorname{public\_key}, \operatorname{signature})$ tuples, an $\mathcal{O}(1)$-sized aggregate signature can be produced, without interaction with the signers, which can convince a verifier who knows all $n$ messages and public keys that the $n$ users all signed their messages.
Within the realm of discrete logarithm schemes, but without a pairing assumption, only $\mathcal{O}(1)$-sized interactively aggregated signature schemes are known, where the signers have to interact to produce the aggregate signature. If the $\mathcal{O}(1)$ requirement is dropped, a solution can easily be constructed from $\mathcal{O}(\log{n})$-sized ZKPoK schemes (prove you ran a verifier on all $n$ individual signatures).
Thus, so far, it seems that no $\mathcal{O}(1)$-sized secure non-interactive signature scheme is known based on just discrete logarithm hardness (as well as related assumptions like CDH or DDH, and ROM), but without pairing assumptions. My question is: is it possible to prove that no such scheme can exist?
Related: Non interactive threshold signature without bilinear pairing (is it possible)?, though the answers there do not seem to address the "is it possible?" aspect.
