First, the central bank announced the potential benefits and risks of CBDC.
At present, there is no uniform definition of CBDC, which usually refers to the legal digital currency issued by the central bank in electronic form. The motives of central banks issuing CBDC mainly include improving payment efficiency, maintaining the stability of monetary system, expanding financial inclusion and avoiding illegal activities such as money laundering. The potential benefits and risks of issuing CBDC by the central bank include:
1. Potential income
The potential benefits of issuing CBDC by the central bank include: reducing the cost of money and improving the efficiency and stability of transactions, such as realizing instant payment; Bring more economic activities into the scope of taxation to expand the tax base and limit tax evasion; Use the traceability of digital transactions to reduce illegal activities such as money laundering and terrorist financing; New monetary policy tools such as nominal negative interest rate can be introduced; Develop financial inclusion and expand the scope of financial service groups.
2. Potential risks
The potential risks of issuing CBDC by the central bank include: accelerating the disintermediation of the banking system; Improper government intervention will hinder private sector innovation, but without the overall planning of the central bank, systemic risks and incompatibility may occur; Without supporting regulatory measures, financial innovation may bring financial risks; There are hidden dangers of privacy leakage in the new data form; There may be technical loopholes in the system that affect information security; The risk of exchange rate fluctuations and cross-border capital flows may increase.
Second, the main content of CBDC design and its technical challenges
The report introduces the main contents of CBDC design, as well as the technical challenges and opportunities from six aspects: ledger infrastructure, account and identity management, digital wallet, privacy and transparency, smart contract and security hardware.
1. Ledger infrastructure
The design of CBDC focuses on ensuring information security, which usually includes confidentiality (no information leakage), integrity (correct storage and calculation) and availability (quick response). Ensuring information security depends on distributed and decentralized system design. Among them, the distributed system mainly includes the distributed general ledger and a group of devices that use state machine replication or * * * identification algorithm to maintain the transaction history cooperatively. Decentralized system refers to a system composed of composite equipment that is not controlled by a single central organization. It usually includes role separation (different roles are responsible for different processes), decentralized trust (one role is held by multiple organizations, and each organization only serves a part of users) and threshold trust (collective authorization by multiple authorized organizations is required). According to the concentration of distributed account books, it can be divided into centralized account books, centralized but verifiable account books, semi-centralized account books and decentralized account books. Centralized or semi-centralized account books are beneficial to the management and fault repair of the central bank, but there may be private tampering and information leakage, which is not conducive to public trust. The report pointed out that based on the comprehensive consideration of information security and privacy, the central bank should maintain the ability to control, change or reset transactions, so centralized but verifiable account books are a feasible scheme.
2. Account and identity management
Who is responsible for managing accounts and verifying identity is the primary problem in CBDC design. Potential management methods include using cryptocurrency accounts to avoid unified management, and entrusting management tasks to commercial banks through cryptocurrency exchanges and central banks. Digital identity verification methods include online video verification, identity agent information verification, biometric identification, social trust network and self-help selection of identity certificates. The report compares and analyzes different administrators and authentication methods, and points out that it is reasonable to adopt a two-tier structure to authorize commercial banks to manage accounts, but it is necessary to provide appropriate incentives to promote administrators' innovation in protecting account privacy and security; The existing authentication methods, such as online video, biometric identification, social trust network and self-provided certificate, are still insufficient in security and cannot be applied to financial scenarios such as CBDC.
3. Digital wallet
Digital wallet is a software application for users to interact with CBDC, which needs to focus on three aspects: user authentication, transaction authentication and user interface. At present, there are huge technical challenges in overcoming single point of failure, key storage management and protecting transaction privacy.
4. Privacy and transparency
There is a natural contradiction between privacy and transparency. Cryptographic currencies such as Bitcoin do not undertake the functions of ensuring financial stability and preventing criminal activities. However, CBDC needs to provide users with appropriate privacy protection, and at the same time provide necessary information for audit and law enforcement departments so that they can track the flow of funds and crack down on crimes. The report pointed out that the central bank should choose a suitable middle position according to its own cultural environment and build a system that takes into account privacy protection and enforcement compliance. Related available technologies include zero-knowledge proof, privacy protection monitoring and so on. , but in general, there are limitations.
5. Smart contracts
Digital currency can expand its functions with the help of smart contracts, but there may be potential risks such as coding errors and hacker attacks. There are technical challenges in program analysis and verification, reversible and modifiable transactions and handling concurrent transactions, so it is necessary to limit the language of smart contracts. The report pointed out that the CBDC design with two-tier architecture may be more effective, that is, the central bank issues digital certificates to commercial banks, and commercial banks maintain digital wallets and define smart contract languages. However, this involves the transfer of assets between chains, so a lot of research and development work is devoted to formulating cross-chain interoperability agreements.
6. Security hardware
"Secure hardware" usually refers to a computing environment designed to protect data and calculation results, which can be used to execute secure applications and protect data and execution processes from other untrusted computing platforms. The report introduces typical applications such as Trusted Execution Environment (TEE) and External Security Hardware Module (HSM), and points out that the current security hardware technology has some problems such as side attack, physical tampering, implicit trust in suppliers, and easy to be completely destroyed. It is more suitable as a supplement to other protection technologies and a system enhancement tool.
Third, the legal factors that need to be considered in CBDC design
This report introduces the general legal issues and existing laws and regulations that should be considered in CBDC design, such as jurisdiction, compliance, privacy protection, handling of wrong or fraudulent transactions, lien, traceability, taxation, etc.
In terms of jurisdiction, the specific legal requirements of CBDC depend on jurisdiction and must be incorporated into its domestic legal system;
In terms of compliance, we mainly consider whether the general prohibitions, reporting and disclosure requirements in existing anti-money laundering and anti-terrorism (AML) laws (such as the US Money Laundering Control Act) and anti-circumvention rules are applicable to CBDC, and carefully choose weak authentication, non-traceability and other technical designs that are incompatible with AML laws and regulations.
In terms of privacy, we mainly consider the balance between user privacy and law enforcement needs, and refer to the provisions of the existing privacy law on the conditions for allowing financial institutions to disclose customer information, which usually include purpose restrictions, disclosure object restrictions, data format restrictions and so on.
When dealing with wrong or fraudulent transactions, the main consideration is how to prevent and correct wrong transactions, including principal-agent problems, impersonation authorization problems and correcting unintentional errors. CBDC is required to reserve the administrator's right to modify, have an interface for verifying legal orders, and report the system status in time.
Regarding lien, consider how to use CBDC and related digital assets as collateral, and how to create, revoke and cancel lien;
In terms of taxation, we mainly consider how to define CBDC and determine its tax classification, and how to evaluate the value of CBDC as a tax base.
The design of CBDC needs to consider the limitations of existing laws, and the technical provisions of CBDC need to carefully consider specific legal requirements, which may promote supporting legislation. At present, the mixed two-tier CBDC design is the easiest to meet the existing legal requirements, that is, commercial banks, as the main interface between users and CBDC, manage digital wallets and related transactions for individuals and entities, but they cannot ensure the privacy of personal accounts, and may have technical problems such as incompatibility of different interfaces.
Fourth, related practice.
The report summarizes the technical design of Libra and digital RMB, and provides use case reference for CBDC design.
1. lb
Libra is a kind of digital currency, compiled by Libra Association led by Facebook, which has not been approved by the regulatory authorities, and plays a boosting role in CBDC construction in various countries. Libra plans to produce a stable currency for a single currency, and uses the real assets of 1: 1 as the reserve and guarantee (called Libra reserve assets), with limited promise that users can convert their assets held by Libra into local legal tender at any time; Libra Association will also create a platform-specific cryptocurrency called. LBR adopts a fixed ratio of single currency and stable currency, is managed through smart contracts, and is designed for cross-border settlement. At present, its core technologies include Byzantine fault-tolerant (BFT) Ledger blockchain, Move programming language and * * * knowledge protocol LibraBFT.
2. Digital RMB
China is the first major economy to experiment with sovereign digital currency, and its digital RMB (DC/EP) is designed to be the legal tender instead of cash, adopting a two-tier structure of "central bank-commercial bank". DC/EP is first transmitted between the central bank and commercial banks, that is, issuance and withdrawal; Then it will be transferred from commercial banks to residents and enterprises. DC/ Europe also adopts the operation framework of "one currency, two banks and three centers". "One currency" refers to the DC/EP guaranteed by the central bank, "two banks" refers to the card-issuing banks and commercial banks of the central bank, and "three centers" refers to the DC/EP including the registration center, authentication center and big data analysis center. In addition, China's patents in digital currency also include "controllable anonymity", hierarchical account command control architecture and digital wallet with security hardware technology.
Finally, the report points out that the potential benefits and risks of CBDC are very complicated, and its design should comprehensively consider financial, legal and technical factors. Each country should consider its own specific conditions and initial conditions in these aspects to judge whether the potential benefits of introducing CBDC exceed the costs.
Reply to "digital currency" in the background to obtain the original and full-text translation of the report.
Working papers selected from global economic and development projects.