In my scenario we have the Issuer I, Verifier V and Prover P. Now the prover send some messages to I and I signs these messages with I's private key. These messages can be easily sent from P to V and be verified by V.
Now i want to bind these messages to a private key from P, so only P can use these messages. We could just add the public key to the messages and verify that P signed a particular challenge with the private key. The problem with this is that V can track P because the public key is everytime the same.
My question is if it is possible to zero knowledge proof that P owns the private key to the given public key. So that V never sees the public key (because that one would be linkable) but can be still sure that P owns the messages.
