Consider a hypothetical CoinJoin transaction with several inputs and two outputs, A and B.

Output A is 5.21875 BTC and Output B is 3.4375.

In order for an attacker to break the mixing he must answer the question, "which combination of inputs add up to each output", and that question could likely have only one solution. If there is only one solution, the mixing has no value other than forcing the attacker to spend a bit of CPU power on it.

If the participants in the mix instead choose to only use integer powers of 2, they can break their desired outputs down like this:

Output A can be broken down as follows:

1 x 2^{2}

1 x 2^{0}

1 x 2^{-3}

1 x 2^{-4}

1 x 2^{-5}

Output B can be broken down as follows:

1 x 2^{1}

1 x 2^{0}

1 x 2^{-2}

1 x 2^{-3}

1 x 2^{-4}

So now the transaction has 10 outputs: 4 BTC, 1 BTC, 1 BTC, 250 mBTC, 125 mBTC, 125 mBTC, 62.5 mBTC, 62.5 mBTC, 31.25 mBTC.

The odds of finding an unambiguous mapping of inputs to outputs should be far lower in the second case.

Hmm. It might simplify things by "approximating" powers of 2: 1, 2, 5, 10, 25, 50, 100, 250, 500, etc. Similarly, 0.5, 0.2, 0.1, 0.05, 0.02, 0.01, etc.

The downside is there's somewhat more risk of analysis matching inputs to outputs, but I would think the increased risk is very slight.

Among the benefits is that the math is simpler, allowing other ideas to be easily implemented (such as a cutoff value: everything under 0.000x BTC is lumped into one output. If a small, random transaction fee is also included, this avoids dust outputs but is still resistant to analysis.)

For example, your above outputs, after removing small transactions fees, might break down to

A) 5.21872289 (prior output after removing a randomized 0.00002711 txn fee) =

5 + 0.2 + 0.01 + 0.005 + 0.002 + 0.001 + 0.0005 + 0.0002 + 0.0002289 BTC

B) 3.43742991 (prior output after removing a randomized 0.00007039 txn fee) =

2 + 1 + 0.2 + 0.2 + .02 + 0.01 + 0.005 + 0.002 + 0.0002 + 0.0002 + 0.00002991 BTC

Almost all of the privacy, and the coins are less noticeable (as opposed to values like 0.03125 BTC) even just sitting in the wallet. And this would be a much better result too for those of us managing coins in paper wallets who need to determine how many change addresses to grab to spend X bitcoins.

Just a thought.