# AMMUS ### Preliminary Observations - OBSERVATION 1: To create fiat-backed stable coin you need to rely on reserves off-chain. By design it's impossible to trustlessy (and cryptographically) verify the existance of these reserves. - OBSERVATION 2: The best tooling that we have today to guarantee the existance of reserves is auditors. In other terms we don't rely on cryptography, but we trust the auditor that is putting their reputation at stake. - [Latest Reserves Report of USDT - September 30 2023](https://assets.ctfassets.net/vyse88cgwfbl/36XORApdEYAq3AsH1FTXRT/9205ac62f2f57178c47ac5e2eca098c0/Std_ISAE_3000R_Opinion_30-09-2023_BDO_Tether_CRR_RC134792023BD0430.pdf) - [Latest Reserves Report of USDC - October 30 2023](https://www.circle.com/hubfs/USDCAttestationReports/2023/2023%20USDC_Circle%20Examination%20Report%20September%202023.pdf). (to note: interesting that bonds have an ID) - The most reliable stablecoin is the one in which these reports are performed: - Frequently - By reputable auditors - By many different auditors - OBSERVATION 3: The business model of stablecoins is based on reinvesting the reserves. I think we should aim to destroy such business model. Instead we should create a more transparent infrastrcture where the user of the stablecoin is able to assess the risk of these investments. - In such transparent scenario we can also imagine the existance of stablecoins in which the reserves are invested in more risky assets. In this case, users of this stablecoin are aware of this happening and are ok with that because the stablecoin can guarantee a better return rate on deposits. The core thing is that a user should be able to assess the investment profile of the stablecoin company. - OBSERVATION 4: Stablecoin company don't like to reveal their investments, especially at the time they are making it. On the contrary, they may be fine to reveal their investment at a later point in time. ### Solution Tranform this (see below) into a ZK proof.  Each chuck of the table is a Signature provided by an Auditor (or a ZK email/TLS Notary thing) attesting that the stablecoin company is holding that asset. *DeloitteSign("Gold, 10kg, $1M, USDT, 8/11/2023")* *ZKEmailSign("Gold, 10kg, $1M, USDT, 8/11/2023")* - "Gold" is the type of asset - 10kg is the amount of the asset controlled - $1M is the nominal value of that asset - USDT is the owner of that asset - 8/11/2023 is the data at which this is being assessed - Deloitte or ZKEmail are the auditors (note that different chunk can have different auditors) More technicall, the ZK proof can be designed as an aggregation of multiple signatures. The level of information that the proof reveal can vary: - The proof **must** reveal the sum of the amount of dollar owned in reserves by the stablecoin company - The proof can reveal each asset owned or just that it belongs to a public bucket of assets - The proof **must** reveal the distribution of the reserves across the assets (or across the buckets) - The proof **must** reveal the identity of the audtiors and the relation between the auditor and the asset (or bucket of assets) they signed for. - Alternatively, the granularity of the asset distribution can be revealed, for example, 6 months after the proof is published (commit-reveal scheme) ### Future This is an infrastructure that can be set up today. We can leverage **reputable** third-party attestor with direct access to bank or custodian balances, and have them digitally sign attestation with balances. In the future, we can think of bank or custodian digitally sign balances directly.