Please help me better understand exactly how CoinShuffle improves upon what already can be achieved with Coinjoin
The whitepaper mentions a weakness of CoinJoin and fails to point out that a more viable solution was proposed. The whitepaper states speaking of CoinJoin:
The mixing server still needs to be trusted to ensure anonymity, because it learns which coins belong to which user. To tackle this problem, Maxwell mentions the possibility to use secure multi-party computation (SMPC) with CoinJoin to perform the mixing in an oblivious manner.
Then you go on to describe how unviable SMPC is.
While I agree that SMPC may be unviable, you seem to fail to mention another solution from the OP in CoinJoin thread:
in FAQ
Don't the users learn which inputs match up to which outputs?
...
More complicated implementations are possible where even the server doesn't learn the mapping.
E.g. Using chaum blind signatures:
Having established the fact that a centralized CoinJoin server will not learn the input/output mappings, is my assessment correct that the only advantage of CoinShuffle over CoinJoin is that
CoinShuffle can be implemented in a fully DEcentralized manner and still identify the DOSing party,
whereas CoinJoin can identify the DOSing party only when implemented with a CEntralized server?