each person creates a priv/pub keypair and only sends each other the public keys to generate a new multisig public key.
(keep the privkeys a secret, obviously)
they both put funds into the multisig
and then both create the transaction to "spend" the inputs.. and ofcourse both sign it..
obviously if they both dont sign it they both cant spend it.
if you dont see your getting the amount you want. then ofcourse you dont sign it. meaning the other person cant get what they want either.
by both signing it means they both agree to the transaction.
but with that said. its stupid to think swapping/mixing coins needs to be complex or that swapping/mixing coins makes you invisible/anonymous
Isn't the problem here, "they both put funds into the multisig"
Bob puts his 1BTC into the multisig.
Alice claims she is putting it in but doesn't.
Now Alice can hold the Bob's 1BTC ransom, she could demand 50% or she won't sign.
So, how can you guarantee the atomicity of the "they both put funds into the multisig"? or that Bob can remove his coins if Alice doesn't transfer.