So the intended scope as I understand it is to build an anonymous, encrypted file-sharing protocol.

Questions:

• Is the intent to describe the protocol and then build at least one functioning client and one functioning server and use them? 
  
• Are timing attacks within the scope of the problem (if someone has full control of your single upstream router can you still insure anonymity?)
• Is the bureaucracy of "key escrow" beyond the scope of this project?  Or is part of the project to build software that gives a user friendly interface to key management?
  
• What level of "trust" is implicit in the system?  If a malicious person (or government) obtains an account, what information is exposed to that person?
• Scalability -- client/server is somewhat limiting (if there are millions of users participating, it seems improbable that a single server could handle that load).  Will any kind of "load balancing hooks" be built into the protocol (that would enable a pool of servers to act as a single server)?
• Is some minimum number of participants needed to insure true privacy?  If this number is greater than 2, that's probably OK, but the spec should clearly state this (and it should be made clear that this solution needs some "group" in order to get started).