As noted earlier, the CBDC proposed in the present paper is based on eCash and GNU Taler.18 Since Chaum’s original e-cash proposal, research has focused on three main issues. First, in Chaum’s original proposal, the coins were of fixed value and could only be spent in their entirety. Paying vast amounts with coins denominated in cents would be inefficient, so Okamoto (1995), Camenisch (2005), Canard and Gouget (2007), and Dold (2019) invented ways to address this issue. These solutions involve protocols for giving change or for providing divisibility of coins.
A second issue is that transactions sometimes fail due to network outages, for instance. In this case, the system must make it possible for the funds to remain with the consumer without a negative impact on privacy. Endorsed e-cash proposed by Camenisch et al. (2007) and Dold (2019) both tackle this issue. Several of the above solutions violate the assurances of privacy for customers using these features, and all of them except Taler violate the requirement of income transparency.
The third major issue, often neglected, is maintaining income transparency and thus AML and KYC compliance. Fuchsbauer et al. (2009) deliberately designed their system for disintermediation to provide more cash-like semantics. However, unlimited
disintermediation is typically at odds with AML and KYC regulations, as it becomes impossible to attain any level of accountability. An example of such a design is ZCash, a distributed ledger that hides payer, payee, and transaction amount information from the network and is thus the perfect payment system for online crime. Only Taler offers both consistent customer privacy and income transparency while also providing efficient change, atomic swaps (see Camenisch 2007), and the ability to restore wallets from backup.
Regarding payment systems for CBDCs, Danezis and Meiklejohn (2016) designed a scalable ledger with RSCoin. It is basically an RTGS system that is secured using the same
18 The actual implementation of eCash by the DigiCash company in the 1990s is documented at https://www.chaum.com/ecash.
cryptography that is used in Bitcoin. Like Taler, the design uses database sharding to achieve linear scalability. However, Danezis and Meiklejohn’s design does not have any provisions for privacy and lacks considerations for how to practically integrate the design with existing banking systems and processes.
The European Central Bank’s EUROchain (see ECB 2019) is another prototype for a CBDC with a distributed ledger. Similar to the architecture proposed in the present paper, EUROchain uses a two-tier architecture with commercial banks acting as intermediaries.
One crucial difference is how the systems try to combine privacy and AML compliance.
While in our design, regulators could impose a limit on the amount of electronic cash that a bank account holder can withdraw over a certain time, EUROchain issues a limited number of “anonymity vouchers” that grant the receiver a limited number of transactions without AML checks. As these vouchers seem divorced from any token of value, it remains unclear how the design could avoid the emergence of a black market for “anonymity vouchers”.
Moreover, EUROchain’s notion of anonymity is very different, in that their “anonymity vouchers” merely eliminate certain AML checks while preserving commercial banks’
ability to view how their consumers spend their electronic cash. Whereas Taler payers directly interact with merchants to spend their e-cash, the EUROchain system requires payers to instruct their commercial banks to access their CBDC. Therefore, EUROchain does not directly issue valuable tokens to consumers and instead relies on consumers to authenticate themselves to their commercial banks to access CBDC that the central bank effectively holds in escrow. Thus, it is unclear what privacy, performance, or security benefits EUROchain has over existing deposit money.
VII. Conclusion
With the emergence of Bitcoin and the recently proposed digital currencies from BigTech, such as Diem (formerly Libra), central banks ace growing competition from actors offering their own digital alternative to physical cash. Central banks’ decisions on whether to issue a CBDC or not depend on how they assess the benefits and risks of a
CBDC. These benefits and risks, as well as the specific jurisdictional circumstances that define the scope of retail CBDC, are likely to differ from one country to another.
If a central bank decides to issue a retail CBDC, we propose a token-based CBDC that combines transaction privacy with KYC and AML/CFT compliance. Such a CBDC would not compete with commercial bank deposits but rather replicate physical cash, thereby limiting financial stability and monetary policy risks.
We have shown that the scheme proposed here would be as efficient and as cost-effective as modern RTGSs operated by central banks. Electronic payments with our CBDC would only necessitate simple database transactions and miniscule amounts of bandwidth. The efficiency and cost-effectiveness, together with enhanced consumer
usability caused by shifting from authentication to authorization, make this scheme likely to be the first to support the long-envisioned objective of online micropayments. In addition, the use of coins to cryptographically sign electronic contracts would enable the use of smart contracts. This, too, could lead to the emergence of entirely new applications for payment systems. Although our system is not based on DLT, it could easily be integrated with such technologies if required by financial market infrastructures in the future.
Just as important, however, a retail CBDC must preserve cash as a privacy-friendly commons under citizens’ individual control. This can be attained with the scheme proposed in this paper, and central banks can avoid significant disruptions to their monetary policy and financial stability while reaping the benefits of going digital.
REFERENCES
Adrian, Tobias and Tommaso Mancini-Griffoli. 2019. “The Rise of Digital Money.” IMF Fintech Note 19/01.
Agarwal, Ruchir and Miles S. Kimball. 2019. “Enabling Deep Negative Rates to Fight Recessions: A Guide.” IMF Working Paper 19/84.
Agur, Itai, Anil Ari and Giovanni Dell'Ariccia. 2019. “Designing Central Bank Digital Currencies.” IMF Working Paper 19/252.
Allen, Sarah, Srđjan Čapkun, Ittay Eyal, Giulia Fanti, Bryan A. Ford, James Grimmelmann, Ari Juels, Kari Kostiainen, Sarah Meiklejohn, Andrew Miller, Eswar Prasad, Karl Wüst, and Fan Zhang. 2020. “Design Choices for Central Bank Digital Currency: Policy and Technical Considerations.” NBER Working Paper No. 27634.
Alves, Tiago and Don Felton. 2004. “TrustZone: Integrated hardware and software security.” ARM IQ, Vol. 3, No. 4, pp. 18–24.
Auer, Raphael and Rainer Böhme. 2020. “The technology of retail central bank digital currency.” BIS Quarterly Review, March 2020, pp. 85–96.
Auer, Raphael, Giulio Cornelli and Jon Frost. 2020. “Taking stock: ongoing retail CBDC projects.” BIS Quarterly Review, March 2020, pp. 97–98.
Bank for International Settlements. 2018. “Central Bank Digital Currencies.” Joint Report of the Committee on Payments and Market Infrastructures and Markets Committee.
Bank of England. 2020. “Central Bank Digital Currency: Opportunities, Challenges and Design.” Discussion Paper. March.
Baiocchi, Giovanni and Walter Distaso. 2003. “GRETL: Econometric Software for the GNU Generation.” Journal of Applied Econometrics, Vol. 18, pp. 105-110.
Bech, Morten and Rodney Garratt. 2017. “Central bank cryptocurrencies.” BIS Quarterly Review, September, pp. 55–70.
Berentsen, Aleksander and Fabian Schär. 2018. “The Case for Central Bank Electronic Money and the Non-case for Central Bank Cryptocurrencies.” Federal Reserve Bank of St. Louis Review, Vol. 100, No. 2, pp. 97–106.
Bernstein, Daniel J. and Tanja Lange. 2020. “eBACS: ECRYPT Benchmarking of Cryptographic Systems.” https://bench.cr.yp.to, accessed 17 March 2020.
Bernstein, Daniel J., Niels Duif, Tanja Lange, Peter Schwabe, and Bo-Yin Yang. 2012.
“High-speed high-security signatures.” Journal of Cryptographic Engineering, Vol. 2, pp.
77–89.
Bindseil, Ulrich. 2020. “Tiered CBDC and the financial system.” ECB Working Paper 2351 January.
Boar, Codruta, Henry Holden and Amber Wadsworth. 2020. “Impending arrival - a sequel to the survey on central bank digital currency.” BIS Papers, No. 107.
Boneh, Dan. 1999. “Twenty Years of Attacks on the RSA Cryptosystem.” Notices of the AMS, Vol. 42, No. 2, pp. 202–213.
Bordo, Michael D. and Andrew T. Levin. 2017. “Central bank digital currency and the future of monetary policy.” NBER Working Papers No. 23711.
Brunnermeier, Markus and Dirk Niepelt. 2019. “On the Equivalence of Private and Public Money.” Journal of Monetary Economics, Vol. 106, pp. 27–41.
Buiter, Willem H. and Nikolaos Panigirtzoglou. 2003. “Overcoming the Zero Bound on Nominal Interest Rates with Negative Interest on Currency: Gesell's Solution.” The Economic Journal, Vol. 113, No. 490, pp. 723–746.
Bullmann, Dirk, Jonas Klemm and Andrea Pinna. 2019. “In search for stability in crypto-assets: are stablecoins the solution?” ECB Occasional Paper Series No. 230.
Camenisch, J., Aanna Lysyanskaya, and Mira Meyerovich. 2007. “Endorsed E-Cash.” In:
2007 IEEE Symposium on Security and Privacy (SP ’07). May: pp.101–115.
Camenisch, Jan, Susan Hohenberger, and Anna Lysyanskaya. 2005. “Compact E-Cash.” In:
Advances in Cryptology – EUROCRYPT 2005: 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, May 22-26, 2005. Proceedings. Ed. by Ronald Cramer. Berlin, Heidelberg: Springer.
Canard, Sébastien and Aline Gouget. 2007. “Divisible e-cash systems can be truly anonymous.” In: Annual International Conference on the Theory and Applications of Cryptographic Techniques. pp. 482–97.
CCC. 2017. “Chaos Computer Club hacks e-motor charging stations.” 34c3.
Chapman, James, Rodney Garratt, Scott Hendry, Andrew McCormack and Wade
McMahon. 2017. Project Jasper: Are Distributed Wholesale Payment Systems Feasible Yet? Bank of Canada, Financial System Review, June, pp. 59–69.
Chaum, David. 1983. “Blind signatures for untraceable payments.” Advances in Cryptology: Proceedings of Crypto ‘82, Vol. 82, No. 3, pp. 199–203.
Chaum, David, Amos Fiat, and Moni Naor. 1990. “Untraceable electronic cash.” Advances in Cryptology: Proceedings of CRYPTO '88, pp. 319–327.
Danezis, George and Sarah Meiklejohn. 2016. “Centrally Banked Cryptocurrencies.” In:
23nd Annual Network and Distributed System Security Symposium, NDSS2016, San Diego, California, USA, February 21–24. The Internet Society.
Diffie, Whitfield and Martin Hellmann. 1976. “New Directions in Cryptography”. IEEE Trans. on Inf. Theory, IT-22, pp. 644–654.
Dold, Florian. 2019. The GNU Taler System: Practical and Provably Secure Electronic Payments. PhD Thesis, University of Rennes 1.
European Central Bank. 2019. “Exploring anonymity in central bank digital currencies.” In:
In Focus, Issue No. 4, December.
Fuchsbauer, Georg, David Pointcheval, and Damien Vergnaud. 2009. “Transferable constant-size fair e-cash.” In: International Conference on Cryptology and Network Security. Springer. pp. 226–47.
Garcia, Flavio, Gerhard de Koning Gans, Ruben Muijrers, Peter van Rossum, Roel Verdult, Ronny Wichers Schreur and Bart Jacobs. 2008. “Dismantling MIFARE Classic.”
European Symposium on Research in Computer Security.
Garratt, Rod, Michael Lee, Brendan Malone, and Antoine Martin. 2020. “Token- or Account-Based? A Digital Currency Can Be Both.” Liberty Street Economics, Federal Reserve Bank of New York, August 12, 2020.
Goodfriend, Marvin. 2000. “Overcoming the Zero Bound on Interest Rate Policy.” Journal of Money, Credit, and Banking, Vol. 32, No. 4, 1007–35.
Johnston, Casey. 2010. “PS3 hacked through poor cryptography implementation.” Ars Technica, December 30.
Jordan, Thomas J. 2019. “Currencies, money and digital tokens.” Speech given at the 30th anniversary of the WWZ and VBÖ, University of Basel, September. Available at:
www.snb.ch/en/mmr/speeches/id/ref_20190905_tjn/source/ref_20190905_tjn.en.pdf Kahn, Charles M. and William Roberds. 2009. “Why Pay? An Introduction to Payments
Economics.” Journal of Financial Intermediation, No. 18, pp. 1–23.
Kahn, Charles M., James McAndrews, and William Roberds. 2005. “Money is Privacy.”
International Economic Review, Vol. 46, No. 2, pp. 377–399.
Kasper, Timo, Michael Silbermann and Christof Paar. 2010. “All you can eat or breaking a
real-world contactless payment system.” Financial Cryptography and Data Security, Lecture Notes in Computer Science, Vol. 6052, pp. 343–50.
Katzenbeisser, Stefan, Ünal Kocabaş, Vladimir Rožić, Ahmad-Reza Sadeghi, Ingrid Verbauwhede and Christian Wachsmann. 2012. “PUFs: Myth, Fact or Busted? A Security Evaluation of Physically Unclonable Functions (PUFs) Cast in Silicon.”
Cryptographic Hardware and Embedded Systems – CHES 2012. Lecture Notes in Computer Science, Vol. 7428, pp. 283–301.
Keynes, John Maynard. 1936. The General Theory of Employment, Interest and Money.
London: Macmillan.
Kiff, John, Jihad Alwazir, Sonja Davidovic, Aquiles Farias, Ashraf Khan, Tanai
Khiaonarong, Majid Malaika, Hunter Monroe, Nobu Sugimoto, Hervé Tourpe, and Peter Zhou. 2020. A Survey of Research on Retail Central Bank Digital Currency. IMF Working Paper 20/104.
Kumhof, Michael and Clare Noone. 2018. “Central bank digital currencies - design principles and balance sheet implications.” Bank of England, Staff Working Paper No.
725.
Lapid, Ben, and Avishai Wool. 2018. “Cache-Attacks on the ARM TrustZone Implementations of AES-256 and AES-256-GCM via GPU-Based Analysis.”
International Conference on Selected Areas in Cryptography. Lecture Notes in Computer Science, Vol. 11349.
Lerner, Josh and Jean Tirole. 2005. “The Scope of Open Source Licensing.” Journal of Law, Economics & Organization, Vol. 21, pp. 20-56.
Libra Association. 2020. Libra White Paper v2.0. https://libra.org/en-US/white-paper/
Lim, Chae Hoon and Phil Joong Lee. 1997. “A key recovery attack on discrete log-based schemes using a prime order subgroup.” CRYPTO 1997. Lecture Notes in Computer Science, vol 1294.
Lyons, Richard K. and Ganesh Viswanath-Natraj. 2020. “What Keeps Stablecoins Stable?”
NBER Working Paper No. 27136, May.
Mancini-Griffoli, Tommaso, Maria Soledad Martinez Peria, Itai Agur, Anil Ari, John Kiff, Adina Popescu, and Celine Rochon. 2018. “Casting Light on Central Bank Digital Currency.” IMF Staff Discussion Notes 18/08, International Monetary Fund.
Nakamoto, Satoshi. 2008. Bitcoin: A Peer-to-Peer Electronic Cash System.
https://www.bitcoin.com/bitcoin.pdf
Narayanan, Arvind, Joseph Bonneau, Edward Felten, Andrew Miller, Steven Goldfeder.
2016. Bitcoin and Cryptocurrency Technologies: A Comprehensive Introduction.
Princeton: Princeton University Press.
Niepelt, Dirk. 2020. Digital money and central bank digital currency: An executive summary for policymakers. VOX/CEPR. https://voxeu.org/article/digital-money-and-central-bank-digital-currency-executive-summary.
Okamoto, Tatsuaki. 1995. “An Efficient Divisible Electronic Cash Scheme.” Advances in Cryptology — CRYPT0’95: 15th Annual International Cryptology Conference Santa Barbara, California, USA, August 27–31, 1995 Proceedings. Ed. by Don Coppersmith.
Berlin, Heidelberg: Springer, pp. 438–451.
Pinto, S. and N. Santos. 2019. “Demystifying Arm TrustZone: A Comprehensive Survey.”
ACM Computing Surveys, Article No. 130, January.
Rivest, Ronald L., Adi Shamir, and Leonard Adleman. 1978. “A Method for Obtaining Digital Signatures and Public Key Cryptosystems”. Comm. ACM, Vol 21, No 2.
Solove, Daniel J. 2011. Nothing to Hide: The false tradeoff between privacy and security.
New Haven & London: Yale University Press.
Soukup, Michael and Bruno Muff. 2007. “Die Postcard lässt sich fälschen.”
Sonntagszeitung, April 22.
Stallman, Richard. 1985. The GNU manifesto. Dr. Dobb’s Journal of Software Tools 10(3), pp. 30–35.
Sveriges Riksbank. 2020. The Riksbank's e-krona project. February.
https://www.riksbank.se/globalassets/media/rapporter/e-krona/2019/the-riksbanks-e-krona-pilot.pdf
Wojtczuk, Rafal and Joanna Rutkowska. 2009. “Attacking Intel Trusted Execution Technology.” BlackHat-DC 2009.
Yalta, A.Talha, and A. Yasemin Yalta. 2010. “Should Economists Use Open Source Software for Doing Research?” Computational Economics, Vol. 35, pp. 371–94.
Yalta, A. Talha, and Riccardo Lucchetti. 2008. “The GNU/Linux Platform and Freedom Respecting Software for Economists.” Journal of Applied Econometrics, Vol. 23, pp.
279-86.