David Hopwood wrote: > > Yes. The corresponding cryptographic property is "recipient-hiding encryption", > where a ciphertext does not leak information about which public key was used to > encrypt it. Isn't it called "Key-Privacy" now? http://www-cse.ucsd.edu/users/mihir/papers/anonenc.html Regards, Zooko