I understand I can sign a message Y to prove I own an address X that produces a hash Z. However is there a way to sign/verify to prove ownership of X without revealing X? This would be for purposes of establishing ownership in documentation now in case of audit later. I imagine in said document you could simply reveal Y & Z but in theory, an attacker could then cycle thru known addresses until one hash matches, so was looking to avoid this. Is the simplest method to just hash the revealed components one more time, withholding one of the inputs?
Do you mean verify the sign message without including the wallet address? If that can be done, how can a signature be proof that you own the address if you don't provide the address? privatkey has a long combination and makes it have a very high probability that it is almost impossible to hack.
So in my opinion it's impossible to do, because you want to prove something but without revealing it, and without revealing it you can't prove anything. It's like you want to prove your name but you never say your own name, then how do we know your name if you don't want to say it?