(This post currently requires client-side JS from capability.party. Sorry.)

“I work for a 16-digit Swiss bank account number, and an anonymous email address.” ~ Gregory Hart, Burn Notice “Friends and Enemies”

In cryptography, particularly when forging transient identities or unguessable capabilities, randomly-generated numbers are an essential ingredient of many recipes. A swissnum, or “Swiss number”, is a randomly-generated number of bits. Unlike a nonce, which must only be used once, a swissnum is intended to identify a persistent agent.

The etymology of the word “swissnum” comes from the concept of numbered “Swiss bank accounts”. A numbered bank account yields no identity information about the agent behind the number. Additionally, in Hollywood, there is a trope of Swiss banks permitting access to a numbered account to any agent which holds the account numbers. Both of these ideas are manifest in swissnums.

A swissnum can be a simple yardstick of guessability. Given a swissnum of bits, the likelihood of guessing it on any given trial is . We can say that the difficulty of guessing the swissnum is .

As an example, how difficult would Gregory’s employer’s bank account be, if it were a decimal-encoded swissnum? It would be in the range , and , so it would be as difficult as a 53-to-56-bit swissnum.


Returning to Hollywood, how is it that a swissnum could both be a closely-held secret and also an identifier? To avoid the Social Security number mistake, we outline a basic recipe for assigning swissnums to objects in the context of an agent who exports objects.

First, let us assign a random base swissnum to each object. The agent keeps a mapping of bases to objects. Then, we create an export swissnum for each base swissnum by applying a cryptographic hash function :

Now, the agent may use to identify an object, and export that identifier to other agents, without compromising the corresponding base swissnum.

This is only a single possible construction; there are others.