I've finally finished reading that document. My congratulations on all those involved. It's nice to see the motivation to build a truly untraceable cryptocurrency.

I have just one small question, concerning this recommendation:

> use one and only one input for every transaction, and output one and only one output to the recipient.

Why the second part, concerning the outputs? As long as the receiver doesn't mix these outputs in any compromising way, it's not a problem for them to be credited in the same transaction. Actually, in the very example given in the document, the sender ends up crediting two outputs of his as change in the same transaction. Why is that a problem to the receiver and not to the sender?

It seems easier to me trying to stick only to the first part of the recommendation, and forget the second, unless I'm not seeing something.