Lucas has shared another method that can be used by the coordinator to link inputs and outputs::
https://njump.me/nevent1qqsqqqpslx5y7asqkckk92d2vfcat535t5r5k4pt7xy0ynmcepd4lcgpz4mhxue69uhkummnw3ezummcw3ezuer9wchsygy7xr55qguvm847h33js9md6ngsnqfp99zz72nv8pe8l3n05l4fpgpsgqqqqqqsqg4s4v String mixId = confirmInputMixStatusNotification.mixId;
this.bordereau = ClientUtils.generateBordereau();
String blindedBordereau64 =
WhirlpoolProtocol.encodeBytes(
clientCryptoService.blind(this.bordereau, blindingParams));
String userHash = premixHandler.computeUserHash(mixId);
ConfirmInputRequest confirmInputRequest =
new ConfirmInputRequest(mixId, blindedBordereau64, userHash);
The coordinator can use different mixid for each input. At this point it wouldn't be wrong to say that zerolink protocol (as implemented in whirlpool) has multiple vulnerabilities that could be exploited by the coordinator. I do not expect Ashigaru team or the delusional cult to ever acknowledge and fix these vulnerabilities.