hi,
i'm thinking about coinjoin transactions and how they are supposed to be indistinguishable from normal transactions.
some notes:
a) the number of participants of a coinjoin transaction must be variable.
otherwise, if _all_ coinjoin transactions contain 55 inputs, then that's a pretty strong distinguisher.
b) the distinguishability of the coinjoin transaction is equal to its weakest link.
that is, if two people in a coinjoin tx use input addresses that have been reused and can be linked to their identity, then the whole coinjoin tx has been busted.
i also wonder whether building a decentralized coinjoin system is as easy as some people here believe it is.
i think it's a good idea to design it and state its threat model before standarizing coinjoin.
otherwise, we will be stuck with the centralized coinjoin variant, where anyone can join the public channels and log the mixes.
cheers!