レギュレーション対応決済 × DeFi

CBDC からコンプライアンス保持ステーブルコインへ — ジェネアロジー調査 (2016–2025)

Genealogy タイムライン 2016–2025

チャレンジ: give users プライバシー保持デジタルマネー while keeping レギュレーターが執行できる AML/KYC/サンクション・ルール. つの基本的なアプローチが並行して進化: the CBDC 軸 (中央銀行 oversight as a design parameter) and the Permissionless DeFi 軸 (クリーン性の自発的証明).

ジェネレーション 1 スケーラビリティ + 中央銀行 ジェネレーション 2 CCSP22 のペア ジェネレーション 3 ステーブルコイン + トークン化 DEFI 軸 Permissionless コンプライアンス RSCoin NDSSP16 Danezis & Meiklejohn ミンテット・シャーディング PRCash FCP19 Wüst, Matetic et al. Speed + プライバシー + Regulation PEReDi CCSP22 Kiayias, Kohlweiss, Sarencheh Coconut 閾値 + UTXO Platypus CCSP22 Wüst, Kostiainen, Karame Account-based + split trust TWIN PAPERS PARScoin Sarencheh, Kohlweiss, Kiayias CBDC → ステーブルコイン + FATF DART ePrintP25 Sarencheh et al. Regulation-Friendly Tokenization FAST AFTP25 Async consensus + privacy + AML a16z Policy Report Burleson, Korver, Boneh プライバシー Pools Buterin et al.P23 Association Set Provider ✓ Deployed mainnet 2025-03 BoC CBDC Survey Bank of CanadaP25 ZKP/MPC/FHE/DP/TEE evaluation
第 1 世代 (2016–2019)
Foundation papers

RSCoin established CBDC architecture vocabulary. PRCash posed the trilemma: speed + privacy + レギュレーション simultaneously.

第 2 世代 (CCS 2022)
The Twin Papers

PEReDi (Coconut 閾値 + UTXO) and Platypus (アカウント-based + split trust) represent two competing design philosophies published at the same venue.

第 3 世代 (2023–2025)
Beyond CBDC

PARScoin extended to private stablecoins. DART extended to any tokenized asset. FAST added async consensus with privacy + AML.

DeFi Axis (2022–2025)
Permissionless コンプライアンス

プライバシー Pools (Buterin et al.) introduced Association Set Providers — voluntary, curator-based compliance without central authority. Deployed on Ethereum mainnet March 2025.

Generation 1: RSCoin & PRCash

RSCoin (NDSS 2016)
George Danezis & Sarah Meiklejohn — University College London
NDSSP16 リサーチ

The first paper to explicitly design a system where "中央銀行 runs monetary policy, scaling delegated to ミントettes." RSCoin established the architectural vocabulary for all subsequent CBDC research — though privacy was not its focus.

G. Danezis, S. Meiklejohn. "Centrally Banked Cryptocurrencies." NDSS 2016.

RSCoin Architecture: Mintette Sharding

Central Bank Monetary policy, periodic audit Mintettes (semi-trusted validators, sharded) Mintette 1 Handles UTXO shard A Mintette 2 Handles UTXO shard B Mintette 3 Handles UTXO shard C Mintette 4 Handles UTXO shard D Users U₁ U₂ U₃ U₄ U₅ ← CB: periodic audit only | Mintettes: per-TX validation | No CT — minimal privacy →
PRCash (Financial Cryptography 2019)
Karl Wüst, Sinisa Matetic, Moritz Kostiainen, Andrew Miller, Srdjan Capkun — ETH Zurich / UIUC
FCP19 リサーチ

PRCash was the first paper to explicitly state all three requirements simultaneously: speed + privacy + レギュレーション. It enforces per-Tx limits, total 残高 limits, and KYC credential checks using ZK proofs. PRCash directly inspired both PEReDi and Platypus at CCS 2022.

K. Wüst, S. Matetic, M. Kostiainen, A. Miller, S. Capkun. "PRCash: Fast, Private and Regulated Transactions for Digital Currencies." FC 2019.
Historical Significance: RSCoin gave CBDC research its architectural vocabulary (ミントette, 中央銀行 separation). PRCash gave it the three-requirement framework that every subsequent paper cites as its starting point.

Generation 2: The CCSP22 Twin Papers

Two papers appeared simultaneously at CCS 2022, representing two competing design philosophies for privacy-preserving regulated デジタル通貨.

PEReDi (CCS 2022)
Aggelos Kiayias, Markulf Kohlweiss, Amirreza Sarencheh — University of Edinburgh
CCSP22 リサーチ

Privacy-Enhancing Regulatable Digital Currency. Uses Coconut 閾値 credentials + UTXO-style トランザクションs. An issuer committee of 5-of-10 members collectively manages de-anonymization authority.

A. Kiayias, M. Kohlweiss, A. Sarencheh. "PEReDi: Privacy-Enhanced, Regulated and Distributed Central Bank Digital Currencies." CCS 2022.
Platypus (CCS 2022)
Karl Wüst, Moritz Kostiainen, Ghassan Karame, Srdjan Capkun — ETH Zurich
CCSP22 リサーチ

Account-based e-cash style unlinkable 転送s. Splits trust between 中央銀行 AND regulatory authority — both must cooperate for de-anonymization. Stronger 強要耐性.

K. Wüst, M. Kostiainen, G. Karame, S. Capkun. "Platypus: A Central Bank Digital Currency with Unlinkable Transactions and Privacy-Preserving Regulation." CCS 2022.

PEReDi vs Platypus: Side-by-Side 比較

プロパティ PEReDi Platypus Architecture UTXO + 閾値 credential Account-based + e-cash Issuer model 5-of-10 committee CB + regulator (split trust) Unlinkability ✓ Yes ✓✓ Stronger Limit enforcement Per-TX + cumulative Per-TX only Disclosure authority Threshold committee vote Multi-authority consensus Coercion resistance Moderate Strong Inspired by Coconut (NDSS 2019) PRCash (FC 2019)

Coconut Threshold Credential Issuance (used by PEReDi)

n Issuer Nodes (e.g. 10-node committee) Issuer 1 partial sig σ₁ Issuer 2 partial sig σ₂ Issuer 3 partial sig σ₃ Issuer t partial sig σₜ Threshold t-of-n partial 署名s gathered Aggregate σ = aggregate(σ₁, …, σₜ) Coconut Credential Randomizable, unlinkable, threshold-issued ZK Show Protocol Prove credential valid without revealing which credential or 残高
Key difference — Coercion Resistance: In PEReDi, if a state actor controls t members of the committee, they can force de-anonymization. In Platypus, since 中央銀行 and regulator are legally separate entities in different jurisdictions, coercion requires compromising both — stronger protection against authoritarian disclosure.

Generation 3: Beyond CBDC — Stablecoins and Tokenization

After the CCSP22 twin papers established rigorous CBDC architectures, the Edinburgh group (same authors as PEReDi) extended the framework to private stablecoins and general tokenized assets.

PARScoin (2023)
Amirreza Sarencheh, Markulf Kohlweiss, Aggelos Kiayias — University of Edinburgh
ResearchP23

The first paper to explicitly state all three simultaneously: privacy, 監査可能性, and レギュレーション for stablecoins. Extends PEReDi from a central-bank-issued CBDC to a private stablecoin model (e.g. Circle, Tether).

A. Sarencheh, M. Kohlweiss, A. Kiayias. "PARScoin: A Privacy-preserving, Auditable, Regulation-compatible Stablecoin." 2023.
DART: Regulation-Friendly Tokenization (ePrint 2025)
Sarencheh et al. — IACR ePrintP25
ePrintP25

DART (Distributed Asset Registration and 転送) extends PARScoin to any tokenized asset — securities, real estate, tokenized funds. This is the first paper in the lineage to target the full RWA (Real World Asset) tokenization use case.

A. Sarencheh et al. "DART: Regulation-Friendly Tokenization." IACR ePrint 2025.
FAST (AFT 2025)
Brugeres et al. — AFTP25
AFTP25

FAST combines FastPay-like asynchronous consensus (no full consensus needed for individual payments) with privacy and AML compliance. Payments finalize without waiting for global consensus — dramatically reducing latency.

Brugeres et al. "FAST: Asynchronous, Private and Regulated Digital Payments." AFT 2025.

Extension: From CBDC to Broader Asset Classes

PEReDi CBDC only Central bank issued CCSP22 extends PARScoin + Private stablecoins + FATF Travel Rule extends DART + Any tokenized asset + RWA (securities, RE) ePrintP25 Scope: CBDC only Scope: + Private stablecoins Scope: All digital assets FAST Async consensus + プライバシー + AML AFTP25
Bank of Canada CBDC プライバシー Survey (2025)
Bank of Canada Research — Cross-Technology Evaluation
PolicyP25

Systematic evaluation of cryptographic technologies for CBDC privacy requirements. Identified technology-requirement pairings and unsolved problems.

TechnologyCBDC Requirement AddressedKey Limitation
ZKPトランザクション unlinkability, 残高 privacy, limit proofsProof size / verification cost
MPCDistributed issuance, 閾値 de-anonymizationCommunication overhead
FHEEncrypted state computation, regulatory queries on ciphertextPerformance (improving)
DPAggregate statistics without individual disclosureAccuracy-privacy tradeoff
TEESecure computation enclaves, offline executionHardware trust assumption
Unsolved: Offline CBDC with regulatory 監督 — no technology currently solves this. Offline payments (airplane, rural) with post-hoc AML enforcement remains an open research problem.

DeFi コンプライアンス Axis: Permissionless Approaches

Parallel to the CBDC research line, a DeFi-native approach emerged: voluntary compliance proofs without any central authority. プライバシー Pools (Buterin et al.) is the canonical example.

プライバシー Pools (2023)
Vitalik Buterin, Jacob Illum, Matthias Nadler, Fabian Schar, Arnold Schuldiner
Deployed Mainnet MarP25 ResearchP23

プライバシー Pools is NOT a CBDC — it is a permissionless protocol where compliance is voluntary. Users prove they belong to a "clean" subset of depositors without revealing which specific depositor they are. The key innovation is the Association Set Provider (ASP).

V. Buterin, J. Illum, M. Nadler, F. Schar, A. Schuldiner. "Blockchain プライバシー and レギュレーション Compliance: Towards a Practical Equilibrium." 2023.
a16z Policy Report (2022)
Kwame Baffour Burleson, Edlyn Teske Korver, Dan Boneh — a16z Crypto Policy
PolicyP22

US policy paper arguing that ZK proofs can satisfy both privacy AND regulatory requirements simultaneously — challenging the assumption that these goals are in tension. Led directly to the プライバシー Pools implementation.

CBDC vs Permissionless: Side-by-Side Architecture

CBDC Approach (PEReDi / Platypus) Central Bank Issues CBDC Regulator Enforcement authority User Holds Coconut credential トランザクション ZK proof: limit ✓, KYC ✓, unlinkable Forced de-anonymization via 閾値 vote Permissionless (Privacy Pools) Deposit Pool No issuer (deposit-based) ASP (0xbow) Curates clean subsets User Deposits ETH, gets note Withdraw ZK: member of clean subset OR just valid note Cannot deanonymize — only exclude from clean set

CBDC vs Permissionless 比較 Table

プロパティ CBDC Approach (PEReDi / Platypus) Permissionless (Privacy Pools)
Who issues Central 銀行委員会 No issuer — deposit-based
Who supervises Central bank + regulator ASP curator (0xbow)
コンプライアンス enforcement Mandatory (built into protocol) Voluntary (user proves cleanliness)
De-anonymization Threshold authority (Platypus: multi-party) Impossible — only set exclusion
レギュレーション acceptance Higher (explicit legal authority) Lower (curator アカウントability unclear)
Censorship resistance Low (authority can exclude users) Higher (ASP inclusion is voluntary)
Deployment status Research only Mainnet (0xbow, Mar 2025)
0xbow Deployment (March 2025): プライバシー Pools is live on Ethereum mainnet via 0xbow.io. Users deposit ETH and prove membership in a curated "clean" association set maintained by 0xbow. This is the first deployed production system combining ZKP privacy with voluntary compliance in a permissionless DeFi context.

Design Guide: 5 Axes for Regulated Payments

When designing a regulated payments system, five orthogonal design axes must be chosen. The combination determines the system's regulatory acceptance, privacy strength, and practical deployability.

1

Who Issues?

Central Bank
RSCoin / PEReDi / Platypus

Maximum regulatory acceptance. Full sovereign backing. Requires 中央銀行 participation in protocol design. Not suitable for permissionless DeFi.

Private ステーブルコイン
PARScoin / DART

Private company (Circle, Tether) issues with same cryptographic guarantees as CBDC. More deployable; FATF Travel Rule applies.

Deposit-Based (No Issuer)
プライバシー Pools

Users deposit existing assets. No issuance authority. Maximum censorship resistance. Voluntary compliance only.

2

Who Supervises?

ModelCoercion Resistanceレギュレーション Clarity
Single authorityEarly CBDC proposalsNoneHigh
Threshold committee (t-of-n)PEReDi (5-of-10)ModerateHigh
Multi-authority split trustPlatypus (CB + regulator)StrongHigh
ASP curatorプライバシー Pools (0xbow)Very strongUnclear
Self-certificationUser-generated proofsMaxNone
3

What Is Limited?

  • Per-TX limit: maximum single トランザクション amount — all systems support this (PRCash, PEReDi, Platypus)
  • Cumulative limit: maximum spending per period (day/month) — supported by PEReDi, PRCash via accumulator
  • Receiver whitelist: restrict to KYC'd counterparties — PARScoin (FATF Travel Rule model)
  • Source provenance: prove funds originated from clean source — プライバシー Pools (association set)
4

Forced Disclosure Authority

Design tradeoff: The stronger the disclosure authority, the weaker the privacy guarantees. The weaker the disclosure authority, the less regulatory acceptance.
  • Single entity disclosure: weakest privacy — one authority can force de-anonymization at will
  • Multi-authority consensus (Platypus): both CB and regulator must agree — stronger against coercion
  • Threshold committee (PEReDi): t-of-n must agree — moderate protection
  • Legal trigger only: disclosure only upon court order — requires jurisdiction-specific design
  • No disclosure path (Privacy Pools): system cannot de-anonymize — only exclusion from clean set
5

Cryptographic Basis

SchemeUsed InPropertiesPost-Quantum?
PS-署名s (Pointcheval-Sanders)PEReDi, PARScoinRandomizable, efficient showNo (pairing)
Coconut 閾値 credentialsPEReDit-of-n issuance, unlinkableNo (pairing)
KVAC (keyed-verification anonymous credentials)PlatypusAccount-model, efficientNo (DL-based)
ZK Membership Proofプライバシー PoolsProve set membership without IDPartial (STARK-based)
zk-SNARKs (Groth16/PLONK)PRCash, DARTSuccinct proofs, flexibleNo (pairing)

オープン課題

Cross-Jurisdiction CBDC

How to enforce multiple countries' KYC/AML/sanction requirements simultaneously on the same トランザクション. A payment crossing 3 jurisdictions may need to satisfy 3 different regulatory regimes. No current system handles this natively.

Forced Disclosure Resistance

Even multi-authority disclosure (Platypus model) is vulnerable if both authorities are in the same jurisdiction or controlled by the same government. Designing multi-sig de-anonymization that resists coordinated state coercion is unsolved.

Offline CBDC with Supervision

Identified by Bank of Canada (2025) as unsolved for ALL technologies (ZKP, MPC, FHE, DP, TEE). Offline payments (no network access) with post-hoc AML enforcement require either hardware trust (TEE) or deferred proofs — both have fundamental limitations.

Post-Quantum Migration

PS-署名s, Coconut, and most pairing-based ZK systems are vulnerable to quantum computers. The entire CBDC cryptographic stack needs migration to lattice-based or ハッシュ-based alternatives — without known equivalents for randomizable 閾値 credentials.

DeFi Integration

How do CBDCs connect to permissionless DEX / AMM / lending protocols? A CBDC UTXO has strong privacy guarantees that break down the moment it touches a public AMM. DART begins to address this but DeFi composability with regulated payment tokens is fundamentally unsolved.

Implementation Recommendations

For Central Bank CBDC

Use Platypus architecture for stronger 強要耐性. Split authority between CB and independent regulatory body. Consider Coconut 閾値 for issuer decentralization. Defer DeFi integration to v2.

PEReDi / Platypus lineage
For Private ステーブルコイン

Use PARScoin framework for FATF Travel Rule compliance. Account-based model (DART) better fits existing financial infrastructure than UTXO. Plan for cross-jurisdiction credential verification.

PARScoin / DART lineage
For DeFi Protocol

Use プライバシー Pools model — voluntary compliance via association sets. Curator アカウントability is the key unsolved governance question. Consider post-hoc proofs (prove compliance after the fact) for latency-sensitive applications.

プライバシー Pools / a16z
For Cross-Chain / RWA

Start with DART アカウント-based model. Add IBC or CCTP-style message passing for cross-chain KYC credential portability. Expect regulatory fragmentation — design for multi-jurisdiction credential sets from day one.

DART lineage

Key Papers at a Glance

PaperVenueYearKey Contributionステータス
RSCoinNDSSCBDC architecture vocabulary, ミンテット sharding リサーチ
PRCashFCSpeed + privacy + レギュレーション trilemma リサーチ
PEReDiCCSCoconut 閾値 + UTXO CBDC リサーチ
PlatypusCCSAccount-based + split trust CBDC リサーチ
a16z ReportPolicyZKP satisfies both privacy + レギュレーション Theoretical
プライバシー PoolsResearch + DeployAssociation Set Provider, voluntary compliance Deployed (0xbow)
PARScoinリサーチCBDC framework → private stablecoins + FATF リサーチ
DARTePrintRegulation-friendly tokenization for any asset リサーチ
FASTAFTAsync consensus + privacy + AML リサーチ
BoC SurveyBank of CanadaCross-technology CBDC privacy evaluation Policy