If a relay published a white list as a bloom filter, is it possible for clients to prove their user is inside of the list without revealing the pubkey to the relay?

It would be nice to evolve nip42 auth in a way that doesn't require exposing the user signing in.