So when a user wants to consolidate his many mixed inputs into an output, does he spend them in a WabiSabi coinjoin where other users can consolidate and coinjoin simultaneously?
If a user is going to consolidate anyway (regardless of whether their inputs are already mixed or not), then doing so in a WabiSabi coinjoin is strictly a privacy benefit. I'm not sure what nuance you are trying to discover here, so I'll provide more context:
- Consolidation within a coinjoin by whales is inherently limited by the number of UTXOs or size of their UTXOs. Different clients that implement the WabiSabi protocol have different limits on the number of UTXOs you can consolidate in a single round. With Wasabi, it's 10, with Trezor, it's 20, and with BTCPay Server, you can register up to 30 inputs using "Coinsolidation mode".
- Consolidating mixed WabiSabi inputs is generally not harmful to your privacy even outside of a coinjoin transaction,
a whale consolidated 207 inputs in this extreme case (about 205 of these inputs are WabiSabi coinjoin outputs, I saw 2 inputs that weren't coinjoined just by glancing), but there's no link established as to which inputs originally created these mixed outputs that were consolidated.
- Consolidating mixed Whirlpool inputs without sufficient remixing is different and does hurt your privacy because the tx0 premix transaction shows all of the coinjoin rounds you entered initially. When a user consolidates many outputs from all these linked coinjoin rounds, it provides little obfuscation as to which premix transaction led to that postmix payment:
The first is the fee to Whirlpool itself, which is a flat fee depending on the pool you are joining.
The flat pool entry fee structure is designed to incentivize worst privacy practices. Since fees are not collected directly based on volume, it is cheaper to participate in a smaller pool and create more outputs than participate in a larger pool and create less outputs. Additionally, it incentivizes revealing common inputs ownership of premix UTXOs since it is cheaper to consolidate them to enter the pool once than to enter the pool with each UTXO individually. Samourai has never explained why they purposely chose a fee structure that heavily penalizes the most private usage of their protocol.
Because of this backwards design, you can easily link premix inputs to postmix outputs in many cases. Notice how this Whirlpool tx0 premix creates 70 outputs for 0.05 BTC -
https://mempool.space/tx/63679c9ec82f246811acbab0c04cc0fc77ba050e1b6c23661d78afcfc13cf8aaNotice how every single input of this Whirlpool exit transaction is a direct descendant of rounds created by the aforementioned premix transaction:
https://mempool.space/tx/ce2f84f7c5ff74fb1da103acb7b279bd34f02f5e9e3a2e1b6417ce8b9b7392dbWhen many inputs used in the postmix exit transaction are created directly from a round that the premix transaction entered, it makes it trivial to trace the user through Whirlpool. Fortunately, the user abandoned Whirlpool and upgraded to using the WabiSabi coinjoin protocol instead, which made him completely untraceable:
https://mempool.space/address/bc1qjjw5gaglkycu2lm5fskl7qhktk0hec4a5me3da^The difference with WabiSabi is there is no tx0 premix, so an observer tracking your input can only watch it go directly into a single WabiSabi coinjoin, whereas an observer tracking a Whirlpool input can watch it enter up to 70 Whirlpool coinjoins.