Using an AOS ring signature only works when you know the pubkeys, which you don't for most coins in the Bitcoin UTXO set.

In any case, the ring signature used to construct the CT range proof is just the AOS scheme when not used with any AND,  so thats implement in secp256k1-zkp.

To avoid the proof size-- you're off in snark land-- e.g. the statement you prove "I know a private key for an adequate coin belonging to a utxo set with this hashroot". I previously suggested a scheme that lets you avoid doing 99% of the EC math inside a snark, so this could get a small under 400 byte proof and be implementable. I think it was in a forum post... I'll have to look. But the basic process have the snark instead prove "Pubkey P is a blinding of a pubkey that is member of this tree", and then you also prove you know P's discrete log externally to the snark. The verification of the blinding can be done with a single point addition in the prover.