Comment by AnthonyMouse

You're not understanding the dichotomy. It doesn't matter what kind of encryption you use, the system you're asking for can be made much simpler than this: Just use the same token for everyone and only give it to adults. It needs no cryptography at all, it just needs to be a random string that children don't have. You don't need anything to do with cigarettes, just print it on the back of every adult's ID or allow any adult to show their ID at any government office.

But then anyone can post the token on the internet where anyone can get it, the same as they could do with anything cryptographic that you put on the back of cigarettes or whatever. Unless you have a way of tracing it to the person who did it in order to impose penalties, which is precisely the thing that would make it not private/anonymous, which is why they're incompatible.

If you're going to do one then do the first one -- just make it actually untraceable -- but understand that it won't work. It would never work anyway because there are sites outside of your jurisdiction that won't comply with whatever you're proposing regardless, so the thing that fails to work while not impacting privacy is better than the thing that fails to work while causing widespread harm, but then people are going to complain about it and try to impose the thing that does cause widespread harm by removing privacy. Which is why the whole thing should be abandoned instead.