Each country with a significant stake in the global economy has been confronted with the advent of a new technology in central banking: the central bank digital currency (CBDC). At its most fundamental level, a CBDC is a digital version of a currency issued by a national bank.
In this article, Sky Guo, Chief Executive Officer at Cypherium, explains more on the security of CBDCs and what challenges lay ahead in the future.
Those familiar with the central banking space will know that the digitization of central bank currencies is not itself a new phenomenon. Today, central banks issue two kinds of currencies: retail (cash) and wholesale (reserve). Central bank reserves, which are not available to the public for retail use, already exist in digital form in many countries throughout the globe. However, CBDCs are poised to renovate these systems in their entirety.
Most of the serious conversations and investigations surrounding CBDCs focus on the practicalities of moving public retail money onto DLTs and, specifically, blockchains. If this is to be the first era in which nationally issued currencies go digital, central banks around the world are asking if blockchains are the most suitable and most reliable framework for this major shift. Increasingly, these studies, such as this year-long research report published recently by the Saudi and Emirati central banks, are proving that blockchains will not only conserve the function of public currencies in our digital era but, in fact, will vastly improve our currencies’ operations and security. These inquiries, which are happening throughout Asia following the large investment that China has put into its DC/EP project, focus on security beyond everyday monetary practice, toward the more practical and perhaps more urgent concern of national security when dealing with a necessarily international, digital financial system.
Retail is, of course, the far more complicated front end, as it is the half of the CBDC equation that poses the challenges around adoption. However, wholesale CBDC security will be improved as well: many of the improvements of blockchains are generally applicable to the entire system. The Real-Time Gross Settlement (RTGS) systems that currently operate wholesale can be digitally bolstered by blockchains and distributed ledger technologies so that if they suffer a vulnerability to attack or some other stoppage, the CBDC can continue to operate based off of DLT’s back-up capacities. Blockchains naturally eliminate centralized points of failure, which are the greatest vulnerabilities of large-scale sensitive systems. Additionally, blockchains reduce the cost of on-boarding and operation, facilitating cooperation and collaboration with private fintech companies and cutting-edge financial instruments.
Beyond these general remarks about the security benefits of blockchains, this process will require a difficult balance between tailoring these systems to the requirements and preferences of a given nation and enabling communication among the various systems so that even different retail currencies have the capacity to foster exchange and mutually beneficial building. For example, in the aforementioned report produced by the Saudi and UAE central banks, for these two organizations that public key infrastructure (PKI) based permissioning would be a crucial factor. PKI is a cornerstone of most blockchains, in which users receive a set of public keys and a set of private keys; the public keys allow users to transact freely with one another, while the private keys ensure that only the owners can access their accounts.
Unlike with private digital currencies like Bitcoin and Ethereum, however, the central banks themselves would have custodial responsibilities over the “public keys”. This echoes the design of the DC/EP project that the People’s Bank of China laid out in 2019. Chinese officials announced three institutional centers that would undergird their CBDC project: the Certification Center, the Registration Center, and the Big Data Analysis Center. Of these, the bank’s Certification Center would securely encrypt the mapping relationship between the customers‘ identity and the digital wallet it holds, which is critical for the digital currency’s controllable anonymity. In this schema, the certification centre manages the mapping relationship between the address of the digital currency wallet and the real name of the owner in an encrypted form, and the registration centre records the subordinate relationship between the central bank digital currency and the digital currency wallet to which it belongs. This stratified design manages users’ identities and secures their financial anonymity.
Detractors of CBDCs (whose numbers are rapidly diminishing) argue that anonymity is its own form of security in the current paper cash system. Keeping cash a bearer instrument, it has been argued, makes it harder to target specific individuals, and most of the money in our current system is ultimately entrusted to private custodians and payment solutions companies. Of course, it is not the case that being personally responsible for your digital wallet will be less secure. Yet as the recent Saudi/UAE report points out, “security requirements go hand-in-hand with networking.” It is true that for DLT CBDCs to work, they will require a high level of collaboration among financial institutions.
In the PBoC’s DC/EP this requirement manifests as a “two-tier operating architecture” capable of “dual offline payments.” This system will focus on commercial bank resources in the hope of avoiding potential financial risks. In such a system, the upper-tier is The People’s Bank of China, which exchanges digital currency to the second tier composed of commercial banks and other operating agencies. These agencies, in turn, exchange to the public. The central bank is, in other words, the upper tier, and commercial banks are the second tier. This dual delivery system is well suited for our national economic system. It not only utilizes existing resources to arouse the enthusiasm of commercial banks, but also seamlessly increases the adoption of digital currencies while maximizing resource utilization, fostering development, and avoiding discrimination among the public user-base.
Moreover, mediation is crucial beyond the security of the data itself. Indeed, it is necessary for the political security and international regulatory compliance required of such a wide-scale financial overhaul. Any financial service needs to be compliant with its regulators, and intermediary structures allow CBDCs to maintain compliance within their own government structures, as well as among the other nations with which those central banks interact. For example, although banks in Asia are not compelled to design their systems based on the anti-money laundering directives of, say, the EU (such as the PSD2 or AMLD), the security of our international system requires that these various digital ledgers be cooperative for the protection of the system as a whole. Cypherium’s own Digital Currency Interoperability Framework (DCIF) is one such intermediary. It is a novel approach that consists of six major bodies: the central bank, CypherLink (a notary mechanism based on the InterLedger protocol), Cypherium Connect (a third-party plug-in module for banking systems), Cypherium Validator (a verification machine), a mediation institution, and, finally, the users.
While the security of CBDCs is still in the development process, banking officials and policymakers are educating themselves on these issues and technologies, and are almost uniformly realizing that putting public money on-chain will bring about a level of efficiency and security that most people around the world assumed to be impossible for public money. The gulf between private banking practices and central banking has grown so wide that many users do not realize how little they truly interact with Central Bank issued currencies. Bringing this on-chain will make our economies safer and fairer in a time that so evidently needs these improvements.