Skip to main content

The political problem

Every CBDC proposal to date resolves to one of two positions: Surveillance CBDC: The central bank can observe every transaction in real-time. This is structurally equivalent to abolishing cash. It has encountered serious political opposition in the US, EU, and India, and has been explicitly banned from the Federal Reserve by riders attached to multiple appropriations bills. No CBDC: The political path of least resistance. Cash declines; no private alternative emerges. Financial surveillance by private intermediaries (banks, card networks) continues unchecked. shyware offers a third position that resolves the political deadlock:
Private from counterparties — identical to cash. Auditable by the state with legal process — identical to a bank account.
This is not a technical compromise. It is the correct description of how cash already works, implemented on a canonical BFT-style ledger with a transparent supply invariant.

Why not the Federal Reserve

The Fed cannot deploy this. Congressional opposition to CBDC is categorical — “no Federal Reserve digital currency” riders have appeared in multiple bills regardless of the privacy properties of the proposed design. The viable path runs through private issuers acting under existing licensing:
  1. A stablecoin issuer with MSB licensing deploys shyware. Users hold private dollar balances.
  2. The product accumulates adoption. The privacy property becomes a competitive baseline.
  3. A sovereign (Singapore, UAE, or a nation seeking cash-equivalent digital currency without surrendering AML) licenses the protocol for a national deployment.
The seda-haqq deployment demonstrates the sovereign-will application of the same protocol in an adversarial network environment. shyware is the payments analog.

Sovereign deployment architecture

Central bank / issuer           canonical shyware network      Citizen wallet
    │                               │                               │
    │   Issue currency:             │                               │
    ├── RegisterAsset("ngn") ───────►                               │
    │                               │                               │
    │   Citizen onboards:           │                               │
    │                               │◄── RegisterAccount ──────────┤
    │                               │    (national ID → commitment) │
    │                               │                               │
    │   Citizen receives salary:    │                               │
    ├── Mint(to: H(national_id)) ───►                               │
    │                               │                               │
    │   Citizen buys groceries:     │                               │
    │                               │◄── Transfer(anon) ───────────┤
    │                               │                               │
    │   Tax authority investigates: │                               │
    │◄── Admin API ─────────────────┤                               │
    │    (full history for target)  │                               │

AML compliance model

The sovereign deployment is structurally identical to cash:
PropertyCashshyware
Counterparty privacyMerchant cannot surveil balanceTwo-list invariant
Supply auditabilityCentral bank knows total in circulationGET /supply — public, BFT-enforced
Tax authority accessWarrant required for financial recordsAdmin API + legal process
Proactive surveillanceNot possibleNot possible by design
Double-spend preventionSerial numbers + wearNullifier uniqueness enforced by consensus
The supply invariant (TotalSupply == TotalMinted - TotalBurned) is enforced by canonical consensus with the shared managed signing boundary — the issuer cannot inflate supply without the validators detecting it. This is a stronger supply guarantee than physical cash.

Identity model options

OptionIdentity bindingWhen to use
Wallet ECDSA (default)H(wallet_address)Permissioned wallets issued by the sovereign
Didit biometricH(person_secret) attested by DiditWhen Sybil resistance matters (e.g. UBI distribution)
National IDH(national_id_hash)Full sovereign control; operator runs identity oracle
The two-list mechanism is identity-model agnostic. The account_commitment field in RegisterAccountData accepts any hash — the protocol does not prescribe what it commits to.

Licensing

Sovereign deployments are handled on a case-by-case basis. Contact hello@sayists.com to discuss terms. Patent application in preparation is pending. The value conservation circuit is the key technical addition for production permissionless deployment.