I've learnt in the university course that using BLS, one can generate an aggregate signature using public keys of a given parties. We can then use a given party's public key to verify his participation in the aggregated signature.
But... does BLS or any other scheme allow us to encrypt a message with the aggregated signature of public keys $A,B,C$ for example and then decrypt the message with the private key of one of the parties?
