This paper addresses core challenges in digital payments—privacy preservation, issuance controllability, and coercion resistance—by proposing a user-self-custodial privacy-preserving electronic payment system. Methodologically: (1) it introduces verifiable reissuance rules, leveraging zk-SNARKs to enable zero-knowledge verification of asset minting authority, ensuring only the original issuer can perform compliant reissuance; (2) it proposes a novel “audit-log chain + zero-knowledge proof” architecture that implicitly verifies issuance compliance without revealing contextual information; (3) it establishes a “stateless payer” security model, eliminating cross-transaction key dependencies to withstand coercion attacks. The key contribution is the first construction achieving, simultaneously, strong payer anonymity, tamper-proof issuance control, and operationally autonomous compliant reissuance—without requiring an active operator. Formal security proofs demonstrate that the protocol satisfies traceability resistance, forgery resistance, and coercion resistance.

This article builds upon the protocol for digital transfers described by Goodell, Toliver, and Nakib, which combines privacy by design for consumers with strong compliance enforcement for recipients of payments and self-validating assets that carry their own verifiable provenance information. We extend the protocol to allow for the verification that reissued assets were created in accordance with rules prohibiting the creation of new assets by anyone but the issuer, without exposing information about the circumstances in which the assets were created that could be used to identify the payer. The modified protocol combines an audit log with zero-knowledge proofs, so that a consumer spending an asset can demonstrate that there exists a valid entry on the audit log that is associated with the asset, without specifying which entry it is. This property is important as a means to allow money to be reissued within the system without the involvement of system operators within the zone of control of the original issuer. Additionally, we identify a key property of privacy-respecting electronic payments, wherein the payer is not required to retain secrets arising from one transaction until the following transaction, and argue that this property is essential to framing security requirements for storage of digital assets and the risk of blackmail or coercion as a way to exfiltrate information about payment history. We claim that the design of our protocol strongly protects the anonymity of payers with respect to their payment transactions, while preventing the creation of assets by any party other than the original issuer without destroying assets of equal value.