suppose I have a packet of data and that I am sending the data to 10 users. I want to add an attribute to this data, something like a digital signature. Each of the 10 users would have a different "key". When they apply their key to this special signature on the data packet it returns either true or false. However they cannot determine, using their key, whether or not the other users are true or false.
Assuming the data packet is small:
Encrypt the data with the public keys of the users that you want to be "True". Encrypt it with more random keys, so that the total number adds up to ten. The "True" users will be able to read the file. "False" users will not. All users will only see that it has been encrypted to ten users, including (maybe) themselves.
If the data packet is large, encrypt it with a symmetric scheme, and just treat the password for that encryption in the above fashion.
If the data packet only contains the information true or false, you may also just encrypt this value (and a short salt to randomize the results) with the key of the recipient. In that case, all recipients will be able to decrypt something - True or False.
Even if the data packet is large:
Hash the data in the packet. Encrypt the hash using each user's key and attach the encrypted versions to the message.
Each user hashes the original packet (without the signatures), then validates that the hash matches their decrypted chunk.
This works for both symmetric and public-private algorithms.
You can not send less than n bits over the channel to achieve this where n is number of users.
Every user generates own HMAC(DATA,HIS_KEY)
Since you know all keys you can send only one bit for each user and user has to xor that whit first bit in str in his HMAC.
So here it goes
DATA=random(128)
result = DATA
For each user:
bit= MSB(HMAC(DATA,user["key"]))
bit= bit xor user["true/flase"]
result.append(bit)