If I understand it right, you want a way to prove, given a list $\{A, B, C, D, \cdots\}$ of public keys, that some given key $K$ is "the tag" corresponding to a pair of key from this list, without revealing which one. Let me call this a "valid tag".
For simplicity, suppose that $K$ is the tag of Alice and Bob. Either Alice or Bob can prove that $K$ is a valid tag, using standard zero-knowledge proof techniques. The intuition is as follows:
(1) If the pair $(A,B)$ was not supposed to stay hidden, then Bob could just perform a zero-knowledge proof that $(G,A,B,K)$ is a Diffie-Hellman tuple, using his witness $b$ (such that $G^b = B$ and $A^b = K$). There are standard zero-knowledge proofs for this relation, see for example my answer here.
(2) To keep the pair hidden, we change the statement: instead of proving "$(G,A,B,K)$ is a Diffie-Hellman tuple", Bob proves the statement "$(G,A,B,K)$ is a Diffie-Hellman tuple, OR $(G,A,C,K)$ is a Diffie-Hellman tuple, OR $(G,A,D,K)$ is a Diffie-Hellman tuple..." and so on (for each pair of distinct public keys). Then, using the CDS OR-trick, we can convert the zero-knowledge proof for the Diffie-Hellman relation into a zero-knowledge proof for an OR of many Diffie-Hellman relation (in particular, the resulting proof will not reveal which of the statements in the OR is the true one).
The above is the simplest, most direct solution. Of course, it is expensive: the cost of the proof grows as $n\cdot(n-1)/2$ times the cost of a single Diffie-Hellman proof (or $n$ times if we can leak the identity of one of the two parties involved in the tag $K$). There exists solutions to reduce the cost, but they use significantly more advanced cryptographic techniques. A good example are one-out-of-many proofs which enable precisely this kind of OR-proofs, but with logarithmic communication in the number of OR clauses.
Last thing: if you want everyone to check the proof and do not want to re-do the proof with everyone, then you can make the proof non-interactive in the random oracle model using the Fiat-Shamir transform; this way, it becomes publicly verifiable. Also, note that when a party sends this proof, this will always leak information: e.g. the fact that Bob sends the proof that $K$ is a valid tag always reveals that Bob could check that himself in the first place, which means that Bob's public key is one of the keys involved. It might be ok in your scenario, but you must be clear with that.