Combined schemes for signature and encryption: The public-key and the identity-based setting

Consider a scenario in which parties use a public-key encryption scheme and a signature scheme with a single public key/private key pair—so the private key sk is used for both signing and decrypting. Such a simultaneous use of a key is in general considered poor cryptographic practice, but from an efficiency point of view looks attractive.We offer security notions to analyze such violations of key separation. For both the identity- and the non-identity-based setting, we show that—although being insecure in general—for schemes of interest the resulting combined scheme can offer strong security guarantees.