Privacy Enhancing Technologies (PET) and the Privacy Dilemma for CBDCs

Introduction

Central Bank Digital Currencies (CBDCs) are digital versions of fiat currencies issued and backed by central banks. They aim to provide a secure and efficient means of digital payments and transfers. CBDCs can potentially enhance financial stability, increase financial inclusion, and provide a more efficient and effective payment system.

One of the key concerns associated with CBDCs is privacy. The central banks that issue CBDCs have the ability to track and monitor all transactions, thereby undermining the privacy of users. This raises questions about the government's role in monitoring citizens' financial transactions and the potential for misuse of this information.

This article will highlight the number of ways in which CBDCs can affect privacy. For instance, if a CBDC is built on a public blockchain, the transactions are visible to anyone who has access to the network. This makes it easy for governments or other entities to monitor financial transactions and gather data on citizens. On the other hand, if a CBDC is built on a private blockchain, the central bank has complete control over the network and can monitor transactions at will.

In addition, we will discuss how CBDCs can impact privacy through the use of Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations. These regulations require financial institutions to verify the identity of their customers and report suspicious transactions. With CBDCs, the central bank can easily enforce these regulations and monitor transactions for illicit activities, but this comes at the cost of sacrificing the privacy of users.

Finally, we will touch on how CBDCs can also affect privacy through the use of smart contracts. Smart contracts are self-executing contracts with the terms of the agreement directly written into code. With CBDCs, the central bank can enforce smart contracts and monitor transactions, but this also increases the potential for privacy violations.

Introducing Privacy

Privacy is a fundamental right that refers to the ability of individuals to control access to and use of personal information. It allows individuals to protect their personal and sensitive information from being disclosed to others without their consent.

When it comes to CBDCs, privacy has a significant impact on the overall design and implementation of these digital currencies. CBDCs are essentially digital versions of traditional fiat currencies and are issued and backed by central banks. With this in mind, the central bank can have access to all transactions and user information, which raises questions about privacy and the potential for misuse of this information.

There seems to be a general consensus when you read the literature, especially on central bank digital currencies, that it's more or less impossible to combine true anonymity and regulatory compliance because you can't be regulatory compliant if you don't know where money is coming from and going to. Therefore, there needs to be a way to combine these two worlds, so at least some of it is already coded of course.

How the payment asset issuer can exert control over settlement rules and maintain adequate, tamper-proof evidence of the amounts in circulation while also minimizing access to sensitive information—defined as "any information that allows the operator of a ledger to link transaction data to an individual user"—and considerations related to "back-end" IT are among the issues that has been covered by the ECB and will continue to be an important part of future discussions [6].

There are several ways in which CBDCs can impact privacy. For example, the central bank can monitor all transactions, thereby undermining the privacy of users. This can include tracking of financial transactions, monitoring of smart contracts, and the enforcement of know your customer (KYC) and anti-money laundering (AML) regulations. These regulations require financial institutions to verify the identity of their customers and report suspicious transactions, but they can also lead to the central bank having more control over the financial transactions of citizens.

In order to ensure that CBDCs do not undermine privacy, it is essential to consider the privacy implications at every stage of development. This may involve using privacy-enhancing technologies such as zero-knowledge proofs, homomorphic encryption, and ring signatures to protect the privacy of users. It may also involve balancing the need for privacy with the need for security, such as by using a hybrid approach that combines public and private blockchains.

The growing dominance of e-commerce has profound implications for the economics of payments. Since more and more transactions are conducted online, physical currency (“cash”) is becoming less effective as means of payment for a growing share of economic activity [1].

Digital payments, in contrast to cash, provide vast amounts of data, and private businesses have an incentive to use that data for profit. The increased accessibility of personal information might have significant welfare ramifications, which raises privacy concerns. 3 Despite the efficiency that a proliferation of data promises. Gains aside, the dominance of data-centric business models and their propensity to hinder competition, prevent creative destruction, and engage in price discrimination have concerned policymakers. Incidents like the one involving Facebook and Cambridge Analytica have made people more aware of the importance of data privacy in the context of the digital economy [2].

Privacy Initiatives by Banks

The UK's presidency of the Group of Seven (G7) nations last year saw the publication of 13 public policy guidelines for the implementation of retail CBDCs. According to the document titled "Public Policy Principles for Retail CBDCs," "Rigorous norms of privacy, accountability for the security of users' data, and clarity on how information will be secured and used is necessary for any CBDC to command trust and confidence. [7].

Recently, the inventor of eCash, the forerunner of Bitcoin, and more recently of the cryptocurrency elixxir, David Chaum, highlighed the democratic world can have a form of CBDCs that respects privacy. He is collaborating with the Swiss National Bank (SNB) on Project Tourbillon, which is intended for central bank money that prioritizes privacy [3].

The Bank of International Settlements (BIS) Innovation Hub will oversee the project's development, the agency said on Thursday. The initiative will increase the number of CBDC pilots already being developed by the BIS Innovation Hub, including the Helvetia and Mariana projects, both of which also involve the SNB.

According to the BIS statement, the technology underlying Project Tourbillon will integrate Chaum's quantum-resistant cryptography and privacy-preserving functions. According to the press release, the system will also be scalable because it will "use an architecture that is compatible with, but not predicated on, distributed ledger technology." The idea was developed by Chaum and Thomas Moser, an alternate member of the SNB governing board, and is based on Chaum's blind signature approach.

He acknowledges that “CBDCs are a big deal” in the world at the moment and is well aware of the fact that many believe CBDCs will be “the end of privacy in money.”

The Bank of Canada has conducted several studies on the privacy of CBDCs. One of the key findings from their research is the importance of balancing privacy with other functional requirements, such as security and accessibility. They have found that the trade-off between privacy and these other requirements must be carefully considered in order to design a CBDC system that meets the needs of both individuals and the government.

Another key takeaway from the Bank of Canada's research is the need for clear and concise privacy policies to ensure that users understand the extent of their privacy in a CBDC system. The bank has also explored the use of privacy-enhancing technologies, such as zero-knowledge proofs and ring signatures, to help preserve privacy while still enabling efficient transactions [5].

What is Privacy Enhancing Technologies

Privacy Enhancing Technologies (PETs) are a set of tools, protocols, and methods that aim to enhance the privacy of digital transactions while still maintaining their security. In the context of Central Bank Digital Currencies (CBDCs), PETs play a crucial role in ensuring the privacy and confidentiality of transactions, particularly in an era where financial data is a valuable commodity that is highly sought after by both government agencies and malicious actors [4].

One of the key aspects of CBDCs is the transparency of transactions on the ledger, which makes it easy for governments and other entities to track financial activity. PETs help to mitigate this issue by obscuring sensitive information, such as the identities of parties involved in transactions, the amounts involved, and transaction histories. This protects the privacy of users and ensures that their financial information remains confidential.

There are several types of PETs that can be applied to CBDCs, including Zero Knowledge Proofs, Blind Signatures, Tiered Ledger Systems, and Privacy Threshold Limits. Each of these technologies provides a different approach to enhancing privacy and has its own advantages and limitations [5].

Privacy Enhancing Technologies

1. Anonymous Transactions: Anonymous transactions allow users to keep their transaction history private, by obscuring their identity or the amount of funds being transferred. This can be accomplished through various methods, such as ring signatures, stealth addresses, and zero-knowledge proofs. For example, a ring signature is a type of digital signature that allows a group of users to sign a message, such that it is not possible to determine who among the group actually signed the message. This can be leveraged in a CBDC scenario by creating a group of users who can all sign a transaction, making it difficult to determine who the actual sender and recipient are.
2. Confidential Transactions: Confidential transactions hide the amounts being transferred, while still allowing the network to verify that the transaction is valid. This can be achieved through the use of cryptographic techniques, such as homomorphic encryption. For example, a study by the Central Bank of Canada is exploring the use of confidential transactions in CBDCs, with the goal of improving privacy while still ensuring the security of the network.
3. Decentralized Architecture: Decentralized architecture can also be leveraged to enhance privacy in CBDCs, by distributing the network across multiple nodes. This makes it more difficult for any single entity to gather information on transactions and users, as the information is spread out across the network. For example, a study by the Bank for International Settlements is exploring the use of decentralized architecture in CBDCs, with the goal of improving privacy and security.
4. Zero-Knowledge Proof: A CBDC system could leverage Zk-SNARKs to allow users to prove the validity of their transactions without revealing any information about the transaction itself. This can enhance privacy by obscuring the amount of funds being transferred, the identities of the sender and recipient, and the transaction history. For example, privacy-focused cryptocurrency ZCash uses Zk-SNARKs to enable private transactions on its network. A user may want to send a large amount of funds to a recipient without revealing the exact amount of the transaction or their identity. The user leverages a CBDC system that uses Zk-SNARKs to allow the user to prove the validity of the transaction without revealing the amount of funds being transferred, the identities of the sender and recipient, and the transaction history. This enhances the privacy of the transaction by obscuring sensitive information.
5. Blind Signatures: A CBDC system could leverage blind signatures to allow users to sign a transaction without revealing their identity. The recipient of the transaction can then verify the signature, ensuring that the transaction is valid, without being able to determine the identity of the sender. This can enhance privacy by obscuring the identity of the sender and the transaction history. For example, a user wants to sign a transaction without revealing their identity. The user leverages a CBDC system that uses RSA Blind Signatures to allow the user to sign the transaction without revealing their identity. The recipient of the transaction can then verify the signature, ensuring that the transaction is valid, without being able to determine the identity of the sender. This enhances the privacy of the transaction by obscuring the identity of the sender and the transaction history.
6. Privacy Threshold Limits: A CBDC system could implement privacy threshold limits to control the amount of information that is disclosed about a transaction. For example, a user could set a privacy threshold limit such that their transaction history is only disclosed if a certain number of parties agree to it. This can enhance privacy by allowing users to control the amount of information that is disclosed about their transactions. For example, a user wants to control the amount of information that is disclosed about their transactions. The user leverages a CBDC system that implements privacy threshold limits to allow the user to control the amount of information that is disclosed about their transactions. The user sets a privacy threshold limit such that their transaction history is only disclosed if a certain number of parties agree to it. This enhances the privacy of the transactions by allowing the user to control the amount of information that is disclosed.

Privacy Framework

Privacy Enhancing Framework for CBDCs should address the following questions:

1. Transparency: Should all transactions be routinely disclosed to the government, or only some (by, e.g., dollar threshold)? This question addresses the issue of transparency and the extent to which CBDC transactions should be visible to the government. In some cases, it may be necessary for the government to have full visibility into all transactions to detect and prevent illegal activities. On the other hand, some users may value their privacy and not want their financial transactions to be disclosed to the government unless necessary. A dollar threshold could be established to balance these conflicting interests, such that only transactions above a certain value would be disclosed to the government.
2. Law Enforcement: Should law enforcement be able to determine a person’s holdings, even if only approximately? Law enforcement agencies need to be able to track and investigate illegal activities, which often involves determining a person's holdings. However, this can compromise the privacy of the individual. A privacy enhancing framework for CBDCs should address this issue by establishing clear guidelines for when and how law enforcement agencies can access a person's financial information. For example, law enforcement agencies may be able to determine a person's holdings only with a warrant or in specific circumstances.
3. Payer Identity: Should a payer's identity be hidden from a merchant? What transaction details should be shown to a payer's bank? A payer's identity is often revealed to the merchant during a transaction, which can compromise their privacy. A privacy enhancing framework for CBDCs should address this issue by establishing clear guidelines for when a payer's identity should be hidden from a merchant and when it should be disclosed. The framework should also specify what transaction details should be shown to a payer's bank. For example, a payer's bank may need to know the identity of the payer and the amount of the transaction to verify the authenticity of the transaction and prevent fraud.

Knowing the CBDC business model, attributes and technology platform is essential to choosing the right constructs and combining them appropriately.

For example, consider a system where private transactions are verified by banks. If the business model states that banks are highly trusted, then privacy protocols can be simplified by assuming verifiers are honest. If not, the chosen protocols must guard against dishonest verifiers, which entails higher complexity. If amounts are hidden and policy dictates an interest-bearing CBDC, then chosen schemes must support encrypted computations of interest payments.

Further, the selection of privacy techniques will depend on the chosen platform. Typical proof systems are made up of provers (e.g., end-users) who generate proof and verifiers (e.g., the systems) that check them. In a DLT system, multiple nodes perform verification, so system designers would need to ensure verification protocols are highly efficient. Centralized systems could tolerate slower verification.

Another consideration is the trade-off between prover efficiency and proof size—algorithms that achieve fast proof generation generally result in large proofs. This could be a challenge in device-based solutions constrained by limited storage. Device-based solutions must also ensure that selected schemes can operate within the restrictions of sporadic CBDC network connectivity and limited computing capacity [5].

In addition, a CBDC system must adhere to laws and regulations (e.g., KYC and AML). The degree of privacy and the choice of privacy techniques can be determined by this. Entities may be required by KYC to classify and store personal data appropriately. Generally speaking, maintaining high degrees of privacy while abiding by laws is challenging. However, a designer could create a system with mixed levels of privacy. This allows for both regulated and unregulated assets and transactions to exist side by side, each with its own set of restrictions (such as a maximum amount).

How to Solve Double-Spend in a Token-based CBDC?

The relationship between CBDC privacy and double spending is indirect, but they are both important considerations in the design of a CBDC system.

Double spending refers to the ability of a user to spend the same digital currency multiple times, potentially undermining the integrity of the system. To prevent double spending, a CBDC system must have a mechanism in place to ensure that each digital currency unit can only be spent once. This typically involves some form of central authority, such as a central bank, that maintains a ledger of all transactions and ensures that each unit is only spent once.

Privacy, on the other hand, refers to the protection of individuals' financial information, such as the details of their transactions and their balance. In a CBDC system, privacy considerations can arise if the central authority that maintains the ledger of transactions is able to access and use individuals' financial information for purposes beyond ensuring the integrity of the system.

While the relationship between CBDC privacy and double spending is indirect, it is important to consider both issues when designing a CBDC system. For example, a system that relies on a central authority to prevent double spending may also increase the risk of privacy violations if the central authority is able to access and use individuals' financial information. On the other hand, a system that prioritizes privacy may need to use alternative methods, such as cryptographic techniques, to prevent double spending and ensure the integrity of the system.

Therefore, in designing a CBDC system, it is important to balance the need to prevent double spending with the need to protect privacy, and to carefully consider the trade-offs between these two important considerations.

Double-spending is a problem that can occur in a token-based DLT system where a user tries to spend the same token multiple times. Although Blockchain is secured, it still has some loopholes. Double spending refers to using the same digital currency more than once to obtain various services. Users can create duplicate copies of money due to a technical error. A malevolent person can make many copies of the same currency file and utilize it in other locations because digital currencies are nothing more than files. This problem may also arise if the network is changed or if only copies of the money are utilized, not the original.

Double spending also provides hackers with the ability to make a transaction happen twice. By doing this, the user loses money twice: once for the original block and once for the phony block the hacker produced.

To prevent this, several techniques can be employed in a CBDC system. Some of these include:

1. Centralized Ledger: One of the simplest ways to prevent double-spending is to maintain a centralized ledger of all transactions. In this system, all transactions are verified and recorded by a single entity, such as a central bank, before being added to the ledger. This ensures that a token can only be spent once as the central ledger keeps a record of all transactions and detects any duplicates.
2. Consensus Algorithms: In a decentralized system, where there is no central authority, consensus algorithms can be used to prevent double-spending. Popular consensus algorithms include Proof of Work (PoW), Proof of Stake (PoS), and Delegated Proof of Stake (DPoS). These algorithms use cryptographic techniques to secure the network and prevent double-spending by ensuring that each transaction is verified and confirmed by multiple nodes in the network.
3. Digital Signatures: Digital signatures are a cryptographic technique that can be used to verify the authenticity of transactions in a CBDC system. When a user sends a token, they sign the transaction using their private key, which is verified by the network using the sender's public key. This ensures that the transaction is authentic and can only be spent once.
4. Double-Spending Detection: Another way to prevent double-spending is to detect it before it happens. This can be achieved by monitoring the network for potential double-spend attempts and flagging any suspicious transactions for further investigation.

To prevent double-spending in a token-based CBDC system, it is essential to have a secure and efficient system that verifies transactions and ensures the uniqueness of tokens. The choice of the right combination of techniques depends on the specific requirements of the CBDC system and the trade-offs between security, scalability, and efficiency [8].

Summary

CBDCs have the potential to revolutionize the financial sector and provide a more efficient and secure payment system. However, it is essential to consider the impact of privacy when developing CBDCs. A balance must be struck between ensuring privacy and ensuring the safety and security of the financial system. It is up to central banks and policymakers to determine the best approach to ensuring that CBDCs do not undermine privacy.

Privacy is a crucial consideration for CBDCs. While CBDCs have the potential to revolutionize the financial sector and provide a more efficient and secure payment system, it is important to ensure that privacy is not compromised in the process. By striking a balance between privacy and security, CBDCs can ensure that users have the ability to protect their personal and sensitive information while also enjoying the benefits of a digital currency.

Citations:

• https://www.ecb.europa.eu/pub/pdf/scpwps/ecb.wp2662~fa8429a967.en.pdf?[1]
• https://jsis.washington.edu/news/facebook-data-privacy-age-cambridge-analytica/ [2]
• https://coindesk.com/tech/2022/11/10/david-chaum-rolls-out-privacy-protecting-cbdc-technology [3]
• https://www.regulationasia.com/boj-examines-use-of-privacy-enhancing-technologies-for-cbdc/?[4]
• https://www.bankofcanada.ca/2020/06/staff-analytical-note-2020-9/ [5]?
• https://www.globalgovernmentfintech.com/ecb-consults-experts-over-privacy-enhancing-digital-euro-tech/?[6]
• https://www.globalgovernmentfintech.com/ecb-consults-experts-over-privacy-enhancing-digital-euro-tech/ [7]?
• https://www.suerf.org/suer-policy-brief/27227/how-to-issue-a-privacy-preserving-central-bank-digital-currency [8]