Add a privacy consideration around revealed message indicies

[tplooker]

Each message that is signed when producing a signature is associated to a specific generator. This relationship has to persist for revealed messages in any derived proofs, which means the following pieces of information are known to a verifier when verifying a proof.

1) The total number of messages that were originally signed (even if only a subset are actually revealed). 2) What index each of the revealed messages in a generated proof occupied in the originally signed set. 3) By process of elimination the indicies for all the messages that were not revealed in a derived proof.

We should add a privacy consideration that describes this so that implementations can be aware in case it leads to revealing information unintentionally to a verifier.

[Wind4Greg]

Can we also include impacts on "linkability", i.e., fingerprinting type attacks that can result in tracking across verifiers in this privacy section? On the last call some mitigation mechanisms were also discussed, e.g., breaking a long set of messages into smaller batches, etc... Cheers

[tplooker]

Yes I think link-ability is a consequence that generally fits as impacting on privacy, I will try capture some text to this effect.