A group member asked me to elaborate on: > - No knowledge of which groups can be successfully authenticated is > known to the verifier
What this tries to say is that the verifier doesn't need to have a list of all authenticable groups nor can the verifier draw any conclusions about other authenticable groups based on authenticating one group. One useful application of the Katz/Sahai/Waters work is a counter to traffic analysis. One can send the same message to everyone but ensure that only a defined subset can read the message by proper key management. What is less clear is how to ensure that decrytion with the wrong key doesn't yield an understandable (and actionable) message. Cheers, Scott --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]