How can we be sure that Wasabi is using Chaumian CoinJoin? Couldn't they be saying they are using Chaumian CoinJoin, but are using a different kind of coinjoin and recording which outputs belong to whom?
It does not matter what code the coordinator runs, because the client ensures it doesn't expose information.
Here's a brief explanation by gmaxwell:
> Using chaum blind signatures: The users connect and provide inputs (and change addresses) and a cryptographically-blinded version of the address they want their private coins to go to; the server signs the tokens and returns them. The users anonymously reconnect, unblind their output addresses, and return them to the server. The server can see that all the outputs were signed by it and so all the outputs had to come from valid participants. Later people reconnect and sign. -
https://bitcointalk.org/index.php?topic=279249.0Also it may be interesting to note that we'll move away from blind signatures in the future. You may have noticed that this scheme is quite limiting, so we're in the middle of researching a new protocol that isn't:
https://github.com/zkSNACKs/WabiSabi/