Of course, I thought about it 
The attack won't work because the spend proof must be sent from the owner's address, not from any address.
The attack won't work because the spend proof must be sent from the owner's address, not from any address.
What is an address ? e-mail or so ?
How do others checking the block chain know that this private transaction belongs to an address and how do they find out who had send what from which address ? I think I'm missing something. If you mean an address on a P2P networks, Kademlia style, then you've undone the anonymity. Because if the address of the sender is included in the block chain, then, eh, the spending history is just as pseudonymous as bitcoin (your address is associated with all you do). And it would also mean that your coins are attached to your P2P address private key.
In the simplest case, address is a hash of the public key, or something similar.
The validators need to check one simple thing: if there are two transactions that (1) embed the same spend proof and (2) are signed by the same address (roughly equivalent to private key), it is a double-spend. Everything else is fine.