I think this is a nice idea and it works. There’s one problem though, which is that it has a DOS vector because a malicious actor can send invalid data and the services are not able to discard it until the end of the day. This means that the attacker could be sending lots of commitment_to_x_0, random_x_i
to the nodes causing them to use more memory and eventually get their process killed because of the memory usage.
This comes with very similar guarantee as the scheme I described here, 2nd image where you can have N “obfuscators” in sequence which is that it works if at least one service is honest. Mine is actually a bit worse in guarantees and uses a bit more bandwidth+verification time. In your scheme, it is impossible for a single service to be evil and just broadcast the transaction, but it comes at the cost of making it impossible to validate the “coinswap transactions” before the end of the day which allows for the DOS I mentioned. My scheme provides transaction validation at each step, but a rogue service could broadcast early - though this could be easily identified from the wallets because while you would get the swap, you wouldn’t get the output you expected.
I think I just found a way to improve my scheme by guaranteeing that either all aggregators happen or just the first one - will update the other topic.
I wonder if it would be possible to have some form of blinded validation in your version that happens more frequently to avoid this DOS attack? Like offset the computation for some x*G
in some way