Great to see an implementation of the idea.

Maybe I misunderstand, but isn't there a vulnerability of denial of service here?

A user who registers one input will receive the round secret identifier, and this is all the information required for output registration. However, that malicious user can now register multiple outputs, providing the same secret, and nobody can link the malicious outputs to any specific input. Therefor there cannot be a blame round where the malicious input is removed, and thus there can be a ongoing free denial of service attack without attribution or defense.

Skol
Max