@Alexander Mozeika came up with the following points that need to be discussed. I think all of those are important for the security of the mixnet. Some of them should be analyzed theoretically or by simulation. Meanwhile, some points need to be discussed in terms of incentivization.
Actually, this is the point mentioned by @Álvaro Castro-Castilla in Discord, but I’m summarizing more details here discussed with Alexander.
Let’s say only $n$ nodes in the network of $N$ nodes generate cover traffic, and the set of $n$ nodes changes from time to time. Then, at a certain timing when a new block needs to be proposed (e.g. when a new slot is started), there will be at least $n+1$ nodes (including the leader) sending a message to someone.
If an adversary observes the network for a long time and calculates the intersection of the sets of $n+1$ nodes who emitted messages at the start of each slot, it’s highly likely that a high-stake node (who has been selected as a leader multiple times) is included in the intersection. Then, the probability that the adversary will be able to identify the high-stake node from the intersection will be high, if $n$ is very small.
Therefore, $n$ should be large enough. How many?
Of course, the size of intersection will probably be larger than we expect in practice because we’re going to use gossiping. Because of gossiping, some nodes will emit messages that aren’t created by themselves. However, we cannot expect that these message forwarding will happen at the timing when a new block will be proposed. The adversary will probably ignore (cover) messages emitted at the middle or end of slot, for example.
In our new design, each message sender (block proposer) chooses $k$ mix nodes randomly for each message that he wants to send. There is no longer the concept of fixed layers that we adopted from Loopix for our first mixnet design.
Let’s imagine a node A who receives only one message from a node who is either a block proposer or a previous mix node. This can happen if there are so many nodes in the network and if all sets of $k$ nodes selected by each leader at a specific time are too different from each other. Then, the node A has no message to be mixed with the message he received. Even if the node A adds a random delay for the message, an adversary who is observing the node A particularly can link the output message to the input message so easily.
Of course, the node A will probably receive more input messages from other nodes in practice if we use gossiping. Then, the number of messages that the node A will receive depends on how the gossiping is designed and the density of network connections that the node A has.
This is about incentivization. We’re thinking about including incentivization transactions in a Sphinx packet to motivate mix nodes to forward the message to the next mix node. But, if they have nothing to loss, they could just not follow the protocol. This will cause the failure of message delivery.
Also, it’s the same in the point 1 above. Even if $n$ is large enough and if we devise an incentivization for cover traffic, the nodes can refuse generating cover traffic if they have nothing to loss. This can cause the anonymity failure in the end.