“All these pieces of paper are issued with as much solemnity and authority as if they were of pure gold or silver… and indeed everybody takes them readily, for wheresoever a person may go throughout the Great Kaan’s dominions he shall find these pieces of paper current, and shall be able to transact all sales and purchases of goods by means of them just as well as if they were coins of pure gold.” https://en.wikipedia.org/wiki/Fiat_money
In the 2nd half of the 20th-century electronic money has emerged when banks moved their processes to computers. Electronic money is a currency that is stored in banking computer systems. Its authenticity comes from the security of the system where it is stored. If we copy the pure data that is representing the money, that will prove nothing, no one would accept it, and no one would consider it as money. This is an issue when the use of cash is reduced. We have our money on bank accounts or payment service providers, but we do not possess it on our own, because we need the consent, the infrastructure and the measure of the bank. The existence of self-authenticating digital money would give us the actual possession of the money similar to that of the notes and coins. My objective is purely technical thus let’s suppose that all the monetary rules belonging to fiat money remain unchanged. This means that our digital coin is to be released by the central bank according to the same principles as its printed or minted predecessor. We have to fulfill all the requirements of the printed notes. What are those technical requirements to abide by?
In the digital world, we describe everything through data. A note has lots of physical security features as protection against counterfeiting. Digital data cannot be protected by these security features and can be easily copied therefore we drop them. However, we keep the denomination and the serial number as a unique identifier and a statement of the central bank that this is a legal tender. We have to be sure that this digital coin is from the central bank, thus we need an electronic signature to certify the data. Only the authorized bank can create this digital coin, because of the electronic signature, but it is, unfortunately, useless because we can make as many copies as we want, and all of them will be indistinguishable. There is no original copy in the digital world (the zeroes are indistinguishable in the memory just like ones).
We’ve got to improve. Let’s use asymmetric cryptography to connect the coin to its owner. On spending, we always add the public key of the new owner to the key and then sign the new version of the coin with our private key. Our partner who accepts the coin can immediately check whether the signature is valid using the previous public key and can check all the signatures in the chain back to the first which is from the issuing central bank. Such a coin will grow in data size with each spending. But the previous owners can’t be forced to delete the spent coins, thus they can spend them several times. Unfortunately, this system is also useless.
Double spending means that the payer spends a previous state of the coin and not the last one. This is where self-authentication fails. We are simply not able to change the data in the copies of the previous states of a coin at the former owner’s computer or smartphone where she or he stores them. Deadlock? The solution is a registry of transactions, where at least the beneficiaries of the transactions report the last state of the coin, disabling the previous versions. If someone wants to spend a disabled state of a coin, then the acceptor can check in the registry and refuse to accept. Should the records be kept by the central bank? Not necessarily. People mostly earn electronic money on their bank accounts. If they need crypto coins for peer-to-peer transactions, they can buy it from their bank against the balance of their account. Therefore, it is obvious that all banks should keep records. As everybody can report new transactions to any bank, they should maintain a synchronized, distributed ledger. In such a system all participants, including the central bank, can check whether all signatures are authentic and if all bookkeepers comply with the protocol. Here everyone can only spend her/his coins, but only once. If we want to distribute the trust between the bookkeepers, we “invented” the permissioned blockchain. The banks as blockchain nodes can charge a moderate service fee to compensate their virtual loss on the peer-to-peer transactions. In case of emergency regarding the trust of the system, the central bank can shut the whole stuff down and pay the value of the coins in electronic or physical money to people possessing the appropriate private key belonging to the last state of the valid coins.
Crypto coin owners generate the public-private key pairs on their own (eg. using their wallet app). If the connection between the public part and the owner is authenticated according to the law (eg. eIDAS in Europe), the owners would always be authenticated. This way the system fulfils the anti-money laundering rules. The presented fiat crypto coin is very simple. In an actual initiative more requirements have to be considered.