Specifically, we have data sources d1, d2, d3 and data sink s1, s2.
d1 might send output 500 to s1, then after a random interval 1000 to s2, etc
d2 might send output 25 to s2, then 100 to s2,
d3 might send 700 to s2
the sinks should not be able to trace the source of their numbers, IE s1 cannot be sure d1 send 500 to it.
The data sources should not be able to claim responsibility for the numbers they either.
Currently the best I can think of is to package multiple entries coming to s1 together and cut them down to a standard size, say send 500 every time that much accumulates.
Obviously, I need to read some papers on this, however the requirements are a little different than normal anonymization. Even if the sender and receiver collaborate, they should not be able to prove where the data came from.
