Public-key based [cm/kem/]s provides sender authentication *only* if
"/kem/*/auth" field is set. "/kem/*/from" field may contain public
key's "/data/id", otherwise sender is hidden. It is not specified
how recipient should find corresponding sender's key that way --
implementation/protocol specific.

Optional "/pubs" is a list public keys, which may be used to supply
sender's public key(s). Public keys may be encrypted, to hide the
actual deanonymisation contents.