I apologize for my naivete, but I'm trying to understand the attack. My algorithm sends the short version of the nonce point (x plus parity) so the attacker sending an invalid nonce means the attacker sends an x that's past p but less than 2^256. Say the receiver has a broken program that doesn't check the nonce and gets a garbage message. What would the receiver do at this point to inform the attacker? Here is the message I got?
Right, imagine the receiver that takes the form of network reachable service, and you can send it messages and it tells you what it decoded or just tells you if the checksum passed. You can now blast candidate messages (e.g. sweeping the checksum) at it and learn data derived from secret*(twist point), with all that indirection actually compromising something that would be impressive, but its clearly gone far outside of the realm of being able to make solid statements about the security by that point.