This is interesting. I have a few comments.
- @barryWhiteHat proposed a few months ago a way to use Semaphore for spam in the anonymous p2p setting. This could be combined with what you proposed in order to ensure that validators don’t end up spamming the network.
- I have previously thought of using traceable ring signatures which are an extension of linkable ring signatures in a similar fashion. However, I thought of it as a way to get privacy-preserving casper FFG since traceable ring signatures give us a way to get anonymous voting by associating a tag with a signature. Combined with your proposal, we can almost get anonymous validators (with some caveats of course!).