Erm. What exactly is stopping an attacker from doing the same math between the pubkey of each input and the list of known public keys to recover all of the transactions?
A, B and C are all publicly known, which means that d is known, which means that E is known. The attacker still can't spend them because b is unknown, but he can sure see them.
P.S. Diffie-Hellman is an online protocol. It requires (bidirectional) active participation from both parties.
To compute
d an attacker would need to know either
a or
c. None of them is public.
I define
d=
A*
c=
C*
a. The fact that it's hard to compute
d from
A and
C is the basis of DiffieHellman key agreement protocol.