I'm not convinced requirements 3 and 4 are actually needed.
3) make internal state not useful to the attacker.
4) assuming the ciphertexts won't leak seems silly. Might as well hand them out.
Which leads to what they call "trial decryption" to be a better solution. If you are that worried about the scalability of your whistleblower protocol at that level, we are trying to solve the wrong problem.
> Bitmessage is in need of an independent audit to verify its security. If you are a researcher capable of reviewing the source code, please email the lead developer. You will be helping to create a great privacy option for people everywhere!
Oh I don't recommend using bitmessage. It's a huge illegal content hazard. But it's design is the right set of tradeoffs for the situation this article describes.
3) make internal state not useful to the attacker.
4) assuming the ciphertexts won't leak seems silly. Might as well hand them out.
Which leads to what they call "trial decryption" to be a better solution. If you are that worried about the scalability of your whistleblower protocol at that level, we are trying to solve the wrong problem.