feat: stablecoin draft specification

[CjS77]

This Request for Comment (RFC) describes a possible manifestation of a privacy-preserving stablecoin on the Tari Digital Assets Network (DAN).

The stablecoin design broadly follows that of Tether and Circle's ERC-20 stabecoin, with the exception that amounts and transacting parties are confidential.

The latest draft represents a more fully-fledged design for a privacy-enabled stablecoin and one that approaches feasibility.

It is still likely insecure in places and there are still a few holes to plug in some of the operations, but the broad brushstrokes are certainly there.

The specification given here focuses on a surveillance-enabled stablecoin (i.e. CBDC) model.

The specification is presented neutrally as pure technology and should not be construed as an endorsement of centralised surveillance. In fact, the author abhors surveillance of individuals' sovereign wealth, but since this is actually the more difficult case to implement in a zero-knowledge manner, it is fairly straightforward to modify the specification to implement a free (as in speech) stablecoin (i.e. digital cash) model. Some hints are given at the end on how one might actually achieve this.

There are also some tweaks that could allow/deny the central issuer to arbitrarily seize funds from accounts. Obviously a free model would disallow this feature.

[CjS77]

Great suggestions, esp ElGamal encryption idea. I was looking for something like this but I wasn't aware of how to do the proof of equality.

[AaronFeickert]

I'm writing all this up more formally, including details on the required proofs.

[AaronFeickert]

Here are some work-in-progress design notes. I've tried to unify the handling of checks, as well as minimize the changes required for transfers involving the issuer to ensure the issuer's balance and check values are public and verifiable.