A future feature that would allow a person to 'withdraw' a particular public/private keypair from their wallet.dat and use that as cash directly has been discussed. The problem is only when the receiver doesn't trust the sender. Bitbills are based upon this concept. This is also somewhat how an online wallet service such as Mybitcoin.com works, as the funds sent to your receiving address are almost certainly not going to be used by yourself. Thus, an online wallet service adds to the anonimity of the group. The problem with such online wallet services is that, because this kind of service requires a large group to contribute meaningfully to anonimity, the wallet service then becomes a primary target for government leverage to be applied. But what if such a wallet service were to pop up that was, itself, anonymous. Such as on Tor as a hidden service, with no connections to real world individuals. Well, the trust level would necessarily be lower, due to the fact that if someone were to steal the coins, including the site owner, there would be even less recourse for users to pursue the thief than there is with regard to MtGox. Still, I could imagine myself putting small sums into such a service, risk of theft would still be a limiting factor.
I had an idea of how this could work effectively with no trust needed, no risk of theft, only minimal trust required that the person running the anonymizer won't "out" you.
Suppose 100 people wanted all their coins anonymized at a pre-determined time next Saturday, and ran an open-source anonymizer client that could peek in their wallet.dat and sign transactions proposed by the server.
The server's job is to coordinate all 100 of these clients to simultaneously mix-in and mix-out their coins into a single gigantic transaction.
Come that time on Saturday, each of those 100 clients identifies, to the server, the transaction inputs they intend to anonymize. Each of those 100 clients also generates a bunch of spare receiving addresses so they can get their coins back, and sends those to the server too. (No private keys nor signatures are shared).
The server constructs one HUGE transaction that combines all the funds from everybody seeking anonymity. It then, in random order and in the same transaction, spends the funds back out to the spare addresses provided by the clients, always in fixed denominations example: (50 BTC, 25, 10, 5, 1, .5, .1, .05, .01 etc), and only one output per address. Now the catch is, the server doesn't have any private keys and can't sign this transaction, it can only propose it to the clients.
So the server proposes this monster transaction to each of those 100 clients. The clients automatically look at it and make sure they are not being cheated, that every spend they are authorizing is balanced by incoming coins to the spare addresses. When all clients concur, they all produce the signatures needed. If all of the clients sign off on the transaction, the server packages it into a complete transaction and it's sent to the p2p network and block chain and the Saturday party is then over.
If not all the clients sign off (e.g. suppose 3 of them got disconnected), then the transaction is forgotten and the process is repeated with the remaining 97 clients. Importantly, new destination addresses are selected and the outputs rescrambled so as to minimize any attack advantages from comparing the proposals. If the server is unable to get signatures from all clients, the offending clients are removed and the proposal process repeats in a loop until eventually a full consensus of signatures is achieved on the remaining activity.
Once done, anonymized funds can clearly be traced back to the anonymizing transaction, but no further.
It would be impossible for anyone to connect the input amounts with the outputs. For example, someone sending 444.13 BTC into the anonymizer would receive outputs of 50, 50, 50, 50, 50, 50, 50, 50, 25, 10, 5, 1, 1, 1, 1, .1, .01, .01, .01... to nineteen different addresses... all of which would be randomly jumbled up with hundreds or thousands of other outputs in the exact same denominations.
If these anonymizing transactions were only done once every Saturday, they would result in a significantly large pot, as compared with daily frequency or greater. When mixed, all coins coming out of the pot are completely indistinguishable from one another, perhaps almost as good as freshly mined coins if the pot is large enough.