In the West there has been significant resistance to the concept of retail central bank digital currencies (CBDC) based on āBig Brotherā concerns. In other words, privacy fears that the government can monitor personal payment transactions. Or sometimes, even concerns that they might attempt to control behaviors. Hence, the Bank of England and the Massachusetts Institute of Technology Digital Currency Initiative (MIT DCI) published aĀ paperĀ exploring privacy enhancing technologies (PETs) for a possibleĀ digital pound.
Before delving into the paper, thereās an overlap with another topical subject. In the United States, the FBI has suggested that people should use encrypted messaging apps instead of texts and normal calls, because allegedlyĀ China has hackedĀ the major phone networks. WhatsApp provides end-to-end encryption, and even Meta does not have access to the data.
However, in recent years law enforcement has repeatedly requested back doors to encrypted messaging solutions, including Apple and Google messaging. Even if law enforcement has a warrant, Meta, Apple and Google canāt help them decrypt the data. Private cybersecurity personnel resist backdoor access because it can be used by hackers and others with bad intentions.
Thereās a parallel with the digital pound, which is not for anonymous payments. The aim is to prevent the government from having all the private identity data, both in legislation and by using technical means.
However, as the paper highlights, if payments are not anonymous, then there is data to hack. The data might sit with payment providers rather than the central bank, but itās still there and could be mis-used.
What the paper does not mention is the existence of the data also means that a future government could change the law. Of if thereās a Canada-style COVID trucker revolt, it could tell PIPs to block certain wallets (or bank accounts).
Privacy enhancing technologies
Meanwhile, the paper explores three PETs: pseudonymity, zero knowledge proofs (ZKP) and multi-party computation. One of the most interesting aspects is how pseudonymity affects wallet holding limits.
Pseudonymity avoids using a personās name, phone number or social security number to attempt to obfuscate a personās identity. Blockchains use pseudonymous identifiers, yet several service providers can identify wallet holders. Thatās in part because wallet addresses often persist across multiple blockchain transactions, but different wallet addresses can also often be linked. Hence, pseudonymity wonāt guarantee privacy.
The digital pound and other CBDCs often impose holding and transaction limits. If someone has CBDC accounts with multiple payment providers which use different pseudonymous identifiers, that makes it harder to police limits.
However, the paper makes three suggestions. One is for the user to have a personal wallet that connects to multiple payment provider balances and gives an aggregate proof of the total holdings or transactions to an automated auditor. But what if the person has more than one digital wallet?
Another solution is for each payment provider to provide a daily total for each user and that data is aggregated across payment providers. This clearly raises privacy issues. The authors suggest using additional PETs.
A third path is additionally to use pseudo-random identifiers. Based on a personās name or national insurance number, a pseudonymous hash would be inserted into all their transactions for a specific day, but the hash would change every day and not be linkable.
While some of these seem viable, they appear to haveĀ privacyĀ trade offs.
ZKP and MPC
Moving on to the other privacy technologies,Ā Zero Knowledge ProofsĀ (ZKPs) will provide a proof, giving an answer to a narrow question. For example, whether this person has passed KYC or do they have a sufficient balance for the transaction? It can provide a yes/no answer without revealing the personās name or the actual balance.
Multi-party computationĀ (MPC) allows multiple parties to access data for use by an algorithm without releasing the underlying data. This could be used for sanctions screening.
Each of them has benefits and drawbacks. ZKP and MPC are both relatively new, although a particular type of MPC is widely used to safeguard cryptocurrency keys. ZKP is also heavily used for cryptocurrencies but can have performance challenges depending on design. Both technologies require specialist skills to implement properly. There are potential legal issues about whether payment firms can rely on them for compliance.
The paper is written in a way that makes it quite accessible to people who donāt want to delve into the technical details. Some suggestions for future work relate to enhancing privacy for very small transactions. Earlier this yearĀ MIT DCIĀ also partnered the Bundesbank for privacy work.
Ā