How is Whirlpool decentralized?
I'm still blown away by the 2021 paper ( https://arxiv.org/pdf/2109.10229.pdf ), updated twice, about decentralized coinjoin, that states, to explain that it only studies Samourai and Whirlpool:
"While the role of centralized mixing services like JoinMarket, where a trusted third party matches CoinJoin participants, has been studied in the past [ 16], decentralized wallet implementations have not yet been the focus of a comprehensive measurement study."
(It takes extreme, tortuous logic to come to the conclusion that Joinmarket is centralized, but somehow this howling error remains).
More recently this came out, a new paper on address clustering:
https://arxiv.org/pdf/2107.05749.pdf
I haven't read it yet, so it may be very interesting or not at all, fair warning, but the researchers are pretty serious.
However I find this comment of interest:
" Our extraction mechanism relies on change outputs revealed by the multi-input heuristic. This heuristic is effective in practice [15] and widely used, but vulnerable to false positives from techniques like CoinJoin and PayJoin that are intentionally designed to break the heuristic (e.g., [9, 23, 24, 26]). While we take measures to detect CoinJoin transactions and pre-existing cluster collapse, some errors can remain."
Notice how they completely fail to inform the reader of the *crucial*, in this context, difference between traditional coinjoin and payjoin: with payjoin, they will not (in the general case) have *any* way to know it has happened, and therefore not have *any way* to measure whether such a measurement error has occurred, whereas with traditional coinjoin this is emphatically not the case. Disappointing; I hate it when academics gloss over the failures of their method.
Discussion
My best guess about their logic, assuming they didn't just completely misunderstand the systems, is this:
With a chaumian blinding server, you have a situation where none of the N participants know the linkages, and nor does the server. So from a privacy perspective this is decentralized, no one actor is privileged.
However even if you look at it as an academic and not a practicioner, you should see that having a central server coordinating the transaction is a very important centralization, because they can select, and control, which participants are allowed to be in what join event. (*very* relevant for e.g. sybil concerns).
So in short I agree with your question 😄
Maybe the concern would be solved if they had said something about chaumian blinding and not about "decentralization". I would say that by any human definition of "decentralization" JoinMarket is at least more decentralized than the other two.
But I think I will settle for them completely misunderstanding everything.