CBDC からコンプライアンス保持ステーブルコインへ — ジェネアロジー調査 (2016–2025)
チャレンジ: give users プライバシー保持デジタルマネー while keeping レギュレーターが執行できる AML/KYC/サンクション・ルール. つの基本的なアプローチが並行して進化: the CBDC 軸 (中央銀行 oversight as a design parameter) and the Permissionless DeFi 軸 (クリーン性の自発的証明).
RSCoin established CBDC architecture vocabulary. PRCash posed the trilemma: speed + privacy + レギュレーション simultaneously.
PEReDi (Coconut 閾値 + UTXO) and Platypus (アカウント-based + split trust) represent two competing design philosophies published at the same venue.
PARScoin extended to private stablecoins. DART extended to any tokenized asset. FAST added async consensus with privacy + AML.
プライバシー Pools (Buterin et al.) introduced Association Set Providers — voluntary, curator-based compliance without central authority. Deployed on Ethereum mainnet March 2025.
The first paper to explicitly design a system where "中央銀行 runs monetary policy, scaling delegated to ミントettes." RSCoin established the architectural vocabulary for all subsequent CBDC research — though privacy was not its focus.
G. Danezis, S. Meiklejohn. "Centrally Banked Cryptocurrencies." NDSS 2016.PRCash was the first paper to explicitly state all three requirements simultaneously: speed + privacy + レギュレーション. It enforces per-Tx limits, total 残高 limits, and KYC credential checks using ZK proofs. PRCash directly inspired both PEReDi and Platypus at CCS 2022.
Two papers appeared simultaneously at CCS 2022, representing two competing design philosophies for privacy-preserving regulated デジタル通貨.
Privacy-Enhancing Regulatable Digital Currency. Uses Coconut 閾値 credentials + UTXO-style トランザクションs. An issuer committee of 5-of-10 members collectively manages de-anonymization authority.
A. Kiayias, M. Kohlweiss, A. Sarencheh. "PEReDi: Privacy-Enhanced, Regulated and Distributed Central Bank Digital Currencies." CCS 2022.Account-based e-cash style unlinkable 転送s. Splits trust between 中央銀行 AND regulatory authority — both must cooperate for de-anonymization. Stronger 強要耐性.
K. Wüst, M. Kostiainen, G. Karame, S. Capkun. "Platypus: A Central Bank Digital Currency with Unlinkable Transactions and Privacy-Preserving Regulation." CCS 2022.After the CCSP22 twin papers established rigorous CBDC architectures, the Edinburgh group (same authors as PEReDi) extended the framework to private stablecoins and general tokenized assets.
The first paper to explicitly state all three simultaneously: privacy, 監査可能性, and レギュレーション for stablecoins. Extends PEReDi from a central-bank-issued CBDC to a private stablecoin model (e.g. Circle, Tether).
DART (Distributed Asset Registration and 転送) extends PARScoin to any tokenized asset — securities, real estate, tokenized funds. This is the first paper in the lineage to target the full RWA (Real World Asset) tokenization use case.
FAST combines FastPay-like asynchronous consensus (no full consensus needed for individual payments) with privacy and AML compliance. Payments finalize without waiting for global consensus — dramatically reducing latency.
Systematic evaluation of cryptographic technologies for CBDC privacy requirements. Identified technology-requirement pairings and unsolved problems.
| Technology | CBDC Requirement Addressed | Key Limitation |
|---|---|---|
| ZKP | トランザクション unlinkability, 残高 privacy, limit proofs | Proof size / verification cost |
| MPC | Distributed issuance, 閾値 de-anonymization | Communication overhead |
| FHE | Encrypted state computation, regulatory queries on ciphertext | Performance (improving) |
| DP | Aggregate statistics without individual disclosure | Accuracy-privacy tradeoff |
| TEE | Secure computation enclaves, offline execution | Hardware trust assumption |
Parallel to the CBDC research line, a DeFi-native approach emerged: voluntary compliance proofs without any central authority. プライバシー Pools (Buterin et al.) is the canonical example.
プライバシー Pools is NOT a CBDC — it is a permissionless protocol where compliance is voluntary. Users prove they belong to a "clean" subset of depositors without revealing which specific depositor they are. The key innovation is the Association Set Provider (ASP).
US policy paper arguing that ZK proofs can satisfy both privacy AND regulatory requirements simultaneously — challenging the assumption that these goals are in tension. Led directly to the プライバシー Pools implementation.
| プロパティ | CBDC Approach (PEReDi / Platypus) | Permissionless (Privacy Pools) |
|---|---|---|
| Who issues | Central 銀行委員会 | No issuer — deposit-based |
| Who supervises | Central bank + regulator | ASP curator (0xbow) |
| コンプライアンス enforcement | Mandatory (built into protocol) | Voluntary (user proves cleanliness) |
| De-anonymization | Threshold authority (Platypus: multi-party) | Impossible — only set exclusion |
| レギュレーション acceptance | Higher (explicit legal authority) | Lower (curator アカウントability unclear) |
| Censorship resistance | Low (authority can exclude users) | Higher (ASP inclusion is voluntary) |
| Deployment status | Research only | Mainnet (0xbow, Mar 2025) |
When designing a regulated payments system, five orthogonal design axes must be chosen. The combination determines the system's regulatory acceptance, privacy strength, and practical deployability.
Maximum regulatory acceptance. Full sovereign backing. Requires 中央銀行 participation in protocol design. Not suitable for permissionless DeFi.
Private company (Circle, Tether) issues with same cryptographic guarantees as CBDC. More deployable; FATF Travel Rule applies.
Users deposit existing assets. No issuance authority. Maximum censorship resistance. Voluntary compliance only.
| Model | 例 | Coercion Resistance | レギュレーション Clarity |
|---|---|---|---|
| Single authority | Early CBDC proposals | None | High |
| Threshold committee (t-of-n) | PEReDi (5-of-10) | Moderate | High |
| Multi-authority split trust | Platypus (CB + regulator) | Strong | High |
| ASP curator | プライバシー Pools (0xbow) | Very strong | Unclear |
| Self-certification | User-generated proofs | Max | None |
| Scheme | Used In | Properties | Post-Quantum? |
|---|---|---|---|
| PS-署名s (Pointcheval-Sanders) | PEReDi, PARScoin | Randomizable, efficient show | No (pairing) |
| Coconut 閾値 credentials | PEReDi | t-of-n issuance, unlinkable | No (pairing) |
| KVAC (keyed-verification anonymous credentials) | Platypus | Account-model, efficient | No (DL-based) |
| ZK Membership Proof | プライバシー Pools | Prove set membership without ID | Partial (STARK-based) |
| zk-SNARKs (Groth16/PLONK) | PRCash, DART | Succinct proofs, flexible | No (pairing) |
How to enforce multiple countries' KYC/AML/sanction requirements simultaneously on the same トランザクション. A payment crossing 3 jurisdictions may need to satisfy 3 different regulatory regimes. No current system handles this natively.
Even multi-authority disclosure (Platypus model) is vulnerable if both authorities are in the same jurisdiction or controlled by the same government. Designing multi-sig de-anonymization that resists coordinated state coercion is unsolved.
Identified by Bank of Canada (2025) as unsolved for ALL technologies (ZKP, MPC, FHE, DP, TEE). Offline payments (no network access) with post-hoc AML enforcement require either hardware trust (TEE) or deferred proofs — both have fundamental limitations.
PS-署名s, Coconut, and most pairing-based ZK systems are vulnerable to quantum computers. The entire CBDC cryptographic stack needs migration to lattice-based or ハッシュ-based alternatives — without known equivalents for randomizable 閾値 credentials.
How do CBDCs connect to permissionless DEX / AMM / lending protocols? A CBDC UTXO has strong privacy guarantees that break down the moment it touches a public AMM. DART begins to address this but DeFi composability with regulated payment tokens is fundamentally unsolved.
Use Platypus architecture for stronger 強要耐性. Split authority between CB and independent regulatory body. Consider Coconut 閾値 for issuer decentralization. Defer DeFi integration to v2.
PEReDi / Platypus lineageUse PARScoin framework for FATF Travel Rule compliance. Account-based model (DART) better fits existing financial infrastructure than UTXO. Plan for cross-jurisdiction credential verification.
PARScoin / DART lineageUse プライバシー Pools model — voluntary compliance via association sets. Curator アカウントability is the key unsolved governance question. Consider post-hoc proofs (prove compliance after the fact) for latency-sensitive applications.
プライバシー Pools / a16zStart with DART アカウント-based model. Add IBC or CCTP-style message passing for cross-chain KYC credential portability. Expect regulatory fragmentation — design for multi-jurisdiction credential sets from day one.
DART lineage| Paper | Venue | Year | Key Contribution | ステータス |
|---|---|---|---|---|
| RSCoin | NDSS | CBDC architecture vocabulary, ミンテット sharding | リサーチ | |
| PRCash | FC | Speed + privacy + レギュレーション trilemma | リサーチ | |
| PEReDi | CCS | Coconut 閾値 + UTXO CBDC | リサーチ | |
| Platypus | CCS | Account-based + split trust CBDC | リサーチ | |
| a16z Report | Policy | ZKP satisfies both privacy + レギュレーション | Theoretical | |
| プライバシー Pools | Research + Deploy | Association Set Provider, voluntary compliance | Deployed (0xbow) | |
| PARScoin | リサーチ | CBDC framework → private stablecoins + FATF | リサーチ | |
| DART | ePrint | Regulation-friendly tokenization for any asset | リサーチ | |
| FAST | AFT | Async consensus + privacy + AML | リサーチ | |
| BoC Survey | Bank of Canada | Cross-technology CBDC privacy evaluation | Policy |