Design B: Users provide inputs, outputs and collateral at once. In this case the master node knows who is sending money to who, but later it can tell who didnt sign.
Ive chosen to use design B (users will add inputs and outputs at the same time) because its the only design that cant be attacked in the way youre saying.
Okay he has confirmed that you are not anonymous to the master node, as I wrote upthread would be the case if he associates the collateral transaction with both input and output stages of the CoinJoin.
eduffield I would like to say that is not acceptable because for the same reason I don't want to use mixer or laundry website, I can't know if the master node is an NSA honeypot.
I would like to suggest you think about my divide-and-conquer idea as another electable option for users.
If there is failed stage, then divide the inputs into two groups. Then ask for outputs again. Divide and conquer as necessary, then the join will complete.
Not ideal, but at least you don't break anonymity and require trust of the master node.
Best of luck with it.