I am designing my implementation with an "admission fee" system where the coordinator charges people money to get into the pool. In this design, I think reputation is important. Nothing stops a coordinator from charging 100 people $1 to get into the pool and then running off with the money without ever actually letting them in. In order to allow coordinators to grow a reputation for honesty, I think it is important that they be *pseudonymous,* rather than *anonymous.*

I did think of a way to do the admission fee atomically (i.e. so that users don't pay unless they get into the pool), which would allow for full anonymity because in this alternate model, the coordinator is not even trusted with a single sat. But the way I thought of requires each user to broadcast a base layer transaction in the "sad path."

For example, if a troll joins the signing ceremony and then refuses to sign anything, that would force each user to use the sad path to recover their admission fee, and thus do a base layer transaction. I suspect a typical base layer mining fee will cost more than $1 in the majority of cases where a coinpool might be desirable, so doing the funding transaction atomically (at least the way I thought of doing it) would give trolls the ability to cause asymmetric misery in a pool of e.g. 100 people. Namely, it would only cost them 1 uneconomical base layer transaction to make 100 people do an uneconomical base layer transaction or lose their money.

I thought that was an unreasonable tradeoff, especially when the admission fee is likely to be a low amount: any coordinator who charges a *large* admission fee is likely to be dispreferred by users, who will likely gravitate toward coordinators with three characteristics: (1) they charge a low admission fee (2) they have a good reputation concerning "not stealing the admission fee" (3) they have a good reputation concerning uptime