Architecting Anonymity and Security for Central Bank Digital Currencies (CBDC)
19.01.2023, by iconicchain
One of the stated goals of digital central bank currencies (CBDC) is to preserve the benefits of traditional cash while extending those with key new capabilities enabled by digitalization.
Two of the key characteristics of cash are anonymity and extreme distribution. Using cash does not require (up to a limit) any identification nor is its origin traceable or traced. Further, every bill or coin in circulation can be handled and protected individually, without any connection to any other bill or coin. From a security point of view, cash cannot be fully seized by any authorized and especially not by any unauthorized entity. Cash asset seizure and other similar extreme events are essentially impossible to follow through with regard to any currency by malicious actors.
Therefore, we argue that a digital infrastructure for CBDC must exhibit the same extreme distribution and the same level of anonymity as cash exhibits today. Any solution reliant on a single root of trust carries a certain level of IT security risk that, despite best mitigation efforts, will be always there and will represent a “golden target” for malicious attacks as well as undermine the trust of the public at large in CBDC.
In this proposed talk we will outline a potential solution that addresses these two fundamental concerns and requirements – anonymity and extreme distribution. Our proposal builds on existing technology, deployed in a new architecture, suitable for the goals of CBDC.
The architecture builds on the use of distributed ledger technology (DLT) as the battle-proven technology for achieving a distributed root of trust that prevents external interference and asset seizure. The infrastructure will be operated through nodes hosted across the eurozone, similarly to current ATM machines: state institutions, commercial banks and other financial institutions, together with the central bank, will operate the nodes that will execute the transfer and conversion of money from bank accounts to CBDC wallets. This is called the account-to-cash DLT (A2C DLT). To achieve anonymity – obfuscating where (to which wallet) the CBDC tokens have been deposited – the digital wallet infrastructure will be managed by another DLT network – the CBDC wallet DLT (DEW DLT) – interconnected to the A2C at every node level. This way, CBDC tokens are generated on A2C DLT, but once deposited to a wallet on DEW DLT, the link from a bank account to a digital wallet is removed, hence preserving the anonymity of the wallet. If needed, for performance reasons, a hierarchical A2C and DEW DLT structure can be designed.
Furthermore, on DEW DLT, wallets will be identified by unique ids, much like a pocket or wallet in real life (“my black wallet”, “my blue jeans pocket”). Whoever knows the unique id has access to the wallet anonymously, exactly as in the case of traditional cash.
Such an architecture puts in place the technical capabilities for making the infrastructure un-hackable (due to the extremely distributed nature) and guarantees anonymity of cash assets while providing the additional benefits of cash tracking and ultimately control by the central bank.
Image copyright: peshkov/ BigStock Photo.