FPSF-CPP-001 — Core Concepts
Layer: Core Concepts · Audience: technical evaluators, architects, product teams For normative requirements, see the Formal Specification.
The Bearer Principle
A bearer instrument grants its holder the right to a value, regardless of how the holder came to possess it. Physical cash is the most familiar example. The CashPack Protocol implements this principle digitally: whoever controls the private key corresponding to current_bearer_pk is entitled to renew or redeem the instrument.
The Operator does not track who holds the instrument between issuance and redemption. The instrument travels off-ledger, passing from key-pair to key-pair, with the Operator serving only as the countersigning authority when a holder presents it for renewal or redemption.
The Trust Model
Unlike blockchain-based bearer systems, the CashPack Protocol is a trusted model. The Operator is the single source of truth for instrument validity. There is no consensus mechanism, no mining, and no distributed agreement. If the Operator says an instrument is valid, it is valid.
This is not a weakness — it is a deliberate design choice. It means the system is:
- Auditable and supervisable by regulators
- Operationally simple and fast — no consensus latency
- Legally accountable — the Operator has a known domicile, a licence, and assets
- Compatible with existing financial infrastructure — no new settlement rails required
Participants must trust only one counterparty: the Operator. They do not need to trust each other, any network, or any protocol. The Operator's countersignature on every update is the guarantee.
The Chain Structure
Each cash-pack carries its full history. The lock request — signed by the original Principal — is embedded in the instrument. Every subsequent renewal is appended as a signed entry. Each entry includes a hash of all previous entries (the chain digest), creating a tamper-evident log.
This chain serves two purposes:
- Non-repudiation: every transfer is cryptographically attested by the outgoing bearer.
- Auditability: in a legal investigation, the full transfer history is available to the Operator and, through the Operator, to authorized investigators.
The chain is maintained and validated by the Operator alone — not by a distributed network. This gives it the auditability of a ledger without the public visibility.
Disposable Keys and Privacy
The strongest privacy guarantee is achieved when each bearer generates a fresh key pair for each instrument they receive. Because bearers are identified only by public key, a bearer who uses a disposable key pair achieves:
- Unlinkability across instruments: their identity cannot be linked between two instruments even if both are examined together.
- No prior history: the public key in the chain has no prior on-chain or off-chain history.
- No forward exposure: even if a later holder's identity is disclosed (e.g., at redemption), it cannot be retroactively linked to earlier holdings.
The FPSF-MPC-001 system is the RECOMMENDED mechanism for generating disposable bearer keys in deployments that require strong privacy guarantees.
Application developers implementing CashPack-compatible wallets SHOULD make disposable key generation the default behavior, with reusable keys as an explicit opt-in.
The Intermediate Bearer's Advantage
Intermediate bearers — those who receive a cash-pack and pass it on rather than redeeming it — have the strongest privacy protection in the system:
- They are never identified to the Operator. The Operator sees their public key but has no obligation or mechanism to link it to an identity.
- If they use a disposable key pair, that public key is a one-time artifact with no prior or subsequent history.
- They control the timing of transfer — they can hold the instrument and pass it at any moment before expiry.
- They receive a cryptographically guaranteed instrument: the Operator's countersignature on the renewal confirms the instrument is active and the amount intact.
The two parties necessarily identified to the Operator are the Principal (who holds an account) and the final redeemer (who must be identifiable to receive funds). Everyone in between is shielded.
Relationship to FPSF-CPD-001
The CashPack Protocol is a specialization of the Canonical Payment Definition (FPSF-CPD-001). The lock → issue → transfer → redeem flow maps directly to the CPD-001 lifecycle: CREATED → AUTHORIZED → IN_FLIGHT → SETTLED. The Operator's countersignature serves as the AuthorizationProof at each lifecycle transition. The instrument's chain_digest implements the CPD-001 integrity invariant.
Relationship to Existing Instruments
| Instrument | Relationship |
|---|---|
| Physical cash | Cash-packs replicate the bearer property and privacy of cash in digital form, with cryptographic verification and no physical transport risk. |
| Cashier's cheques | Similar trust model (institution-issued, identifiable at edges) but cash-packs are transferable multiple times without institution involvement at each step. |
| Prepaid cards | Similar use case, but prepaid cards are account-based and each transaction is logged. Cash-packs are not. |
| Tokenized deposits | A cash-pack can wrap a tokenized deposit, providing a privacy layer above the token's settlement infrastructure. |
| Bearer bonds | The instrument structure maps directly: locked value, transferable by key, redeemable by the current holder. |
FPSF-CPP-001 v1.0.0 · Draft · Fabric Payment Standards Foundation · Apache-2.0