Stop Confusing Cryptocurrency with Digital Currency: The Move Towards 21st Century Finance
The debate around the usage of blockchain and DLT (Distributed Ledger Technology) is over, and, all over the place, we see real things being built which reshape our societies. In the EU, we see the advent of e-ID, and which is anchored in trusted ledgers, and with eIDAS 2, we see the support for legal certainty for digital signing. But, one of the most disruptive areas will be the move toward digital currencies, and which will finally rid of our paper-based approaches to money. But, this should be a debate that is not just driven by legal people, it should also be informed by those who know how best technology works.
And, one of the key debates, it to understand that digital currencies are not cryptocurrencies. Like it or not, cryptocurrencies — the dream of those who believed in a decentralised world of finance — have been partially besmirched by some bad business models and by hype. Few citizens would ever accept a world where we traded Bitcoins, rather than with fiat currencies. Our trust is in our banks, and not in global ledgers and smart contracts.
Basically, cryptography (and related security proofs) and software engineering are building a new foundation for our digital future.
The Digital Pound
And the UK advances towards a CBDC (Central Bank Digital Currency): the Digital Pound [2]. And why not? It just translates what a central bank does, but does it in a more trustworthy and auditable way. Though DLT (Distributed Ledger Technology), we will be able to keep our finger on the economy and understand its dynamics. But from the decentralised world of cryptocurrencies, we end up with a more centralised approach. For one the trust is cryptography, and on the other, it is the central bank. The task, though, is enormous, but it perhaps needs to happen, and properly convert our paper-based world of money towards a fully digital one.
The Bank of England is looking at a model of not replacing cash and bank deposits, but using digital currencies alongside these. This would reduce the disruption involved, and allow for a gradual migration towards a fully integrated digital currency infrastructure. A citizen or a company would then have a separate bank account and digital wallet, and where they could move money between them. This would significantly reduce the risks of any hacks on the digital wallet, and where payments for the digital pound could be canceled on the detection of fraud.
What’s the difference between digital currency and cryptocurrency?
With a digital currency, we have the equivalent of fiat currency transactions, and basically signing of a payment from one bank ledger to another. If Bob has an account with CyberBank, and Alice with SecurityBank; then a transaction between Bob and Alice would involve a transaction receipt from Bob to Alice. CyberBank would then present the transaction to the Central Bank for approval for a transfer of the digital currency to a wallet in SecurityBank. If Bob has enough digital currency to pay Alice, then the Central Bank is likely to approve it, and it will be recorded on a ledger. Both CyberBank and SecurityBank can check the ledger at any time and know how much funds have been transferred.
The central bank then becomes the regulator of transactions, and where we have a centralised approach. This means that the Central Bank can define the supply (and withdrawal) of currency, and thus keep control. In an inflationary time, there could be a withdrawal of current, and to stimulate, there may be a larger supply.
With cryptocurrency, we have a P2P (Peer-to-peer) transfer, and where there is no intermediary involved. This is a decentralised approach. The transfer it approved using the private key of the sender. The transfer is then recorded on a public ledger. No one should be able to regulate this transfer, as it is a cryptographically approved transfer.
The great advantage of digital currency is that the currency is likely to be more stable, and more readily accepted by payment providers and vendors. Bitcoin and Ethereum are still struggling in their wide-scale adoption as a payment method. For privacy, digital currencies also support enhanced masking of the transactions, as only the sender, the receiver, and the banks involved will be able to trace the transaction, whereas, in most cryptocurrencies, the details of the transaction are only pseudo-anonymised, and where it is often possible to link wallets to an individual. The transactions will be there, as long as the public ledger exists. Of course, the decentralised approach means that there can be no control of the transactions, and where they cannot be canceled by an external party.
What’s the difference between digital currency and tokenization?
A token transfer system allows for enhanced privacy, as a token receipt can be sent from Bob’s bank to Alice’s bank, which does not reveal their identities. This is especially useful for bank transfers, where we could send a receipt of funds, rather than with fiat currency. For example, 1 EveToken could be mapped to $1000, and a transfer could anonymise the bank accounts to be mapped for the transfer. On receipt of the EveToken, the accounts can then be revealed through anonymisation of the digital wallets involved. With a digital currency, we have a pseudo-identification of the wallets involved, and where Bob must provide proof that he has enough currency in his wallet to pay Alice. This is done through an Unspent funds Hash for proof. The digital currency method thus maps better to our existing payments infrastructure, where the tokenization approach hides a good deal from an auditing point of view, as each bank would have to reveal the mapping of every token.
The state-of-the-art?
There are several existing models for a CBDC, including Project Hamilton, and which is a collaboration between the Federal Reserve Bank of Boston (Boston Fed) and MIT [1]:
The targets are for a minimum of 100,000 transactions per second and for 99% of all transactions to be completed within five seconds. There should be no loss of funds in the event of a data outage, and privacy is a fundamental part of the design.
An important element of the design is the use of intermediaries and custody. In terms of trust, we have intermediaries — such as banks, and payment service providers — and which are custodians of the digital wallet. But there is the opportunity for customers to own their own digital wallets — as with an Ethereum wallet. The model can then be “direct” — customer-to-central bank, or “two-tier” — central bank to intermediatory (Figure 1).
The proposed method decouples fund checks with transaction validations. Funds are stored as a 32-byte hash value with an Unspent funds Hash Set (UHS) — Figure 2. The transaction has a similar format to Bitcoin.
Economic concerns
The speed of the transactions and the ease of access to digital currency could enable economic risks, including:
- Reduced lending opportunities. As the digital coins are moved to a wallet, they will thus be out of the control of a bank, which means that they could not lend the money to another person — which kinda defeats one of the main functions of a bank. If too much of this money was moved to wallets, it could cause the lending system to stall.
- Bank runs. There have been many occurrences of runs on banks, including with Northern Rock. With this, customers queued to get access to the funds, and which generally slowed down the pressures on withdrawals. With a digital pound, this could be made much worse, as customers could withdraw their funds with a simple transfer. Banks could thus risk a run on their funds.
- Cybersecurity? Generally, we trust our banks to look after our money. With a digital wallet, attackers could target hacks, which could have lower levels of control on access to the wallet.
A core part of the Bank of England’s strategy for the digital pound is to develop resilience in both the technical and financial disuptions involved [2]:
Technical challenges
The enablement of a CBDC brings many technical challenges.
- Privacy and auditability. There is a significant balance between privacy and audibility. The use of zero-knowledge proofs will allow for privacy within transactions, but this will hide the sender and recipient of a transaction. This privacy, though, can restrict audibility and reduce the opportunities for law-enforcement investigations.
- Programmability. Most current models must have the full state transition of a transaction to be in place for a transaction to go ahead (to avoid double spending). Within contract implementations, there may be intermediate states that allow for the digital pound to exist in an intermediate state awaiting an event. For example, Bob might commit to paying Alice for a new car, but she will not accept shipping the car until Bob commits the funds. Once she ships the car, the funds would then stay pending until Bob confirms its receipt. This smart contract associated with the transaction would thus need to store the state of the intermediary state, and not release the funds to Alice until there is a digital proof of receipt from Bob (Figure 3).
- Interoperability. A major focus for the digital pound must be the interlinkage with existing Layer-2 payment channel networks. This would also support cross-border transactions but will require integration with other CBDCs in other countries.
- Offline payments. In the likely model for the digital pound, there is an interaction between the central bank, and the transacting parties (Bob and Alice). In some circumstances, there could be no Internet connection, and thus there needs to be an offline transaction. This type of transaction will likely require a secret enclave to be setup on a hardware payment device so that the transaction could not be tampered with.
- Minting and redemption. It is likely that the CBDC will be responsible for minting and removing the digital tokens. Each of these would be digitally signed by the issuing bank. But, the great risk here is the use of the private key to sign the transactions of the central bank. If an insider in the Bank of England gained access to this, then tokens could be issued or even removed by malicious entities — this is equivalent to printing forged bank notes.
- Productionization. While models exist as prototypes, the scale-up to a national level would involve extensive design and implementation skills to make sure there were no ways to compromise the infrastructure.
- Denial of service attacks. In a model where Bob and Alice own their private keys, there are no fees for a payment. This means there is no cost to support payment transactions, which means that it could be susceptible to a Denial of Service against the infrastructure — as it will not cost anything to flood the system with valid and invalid transactions. Likely mitigations here are rate-limiting, and the enforcement of a cool-off period before money can be respent on another transaction. Along with this, there could be proof-of-work transactions (such as computing a hash value of a given complexity for each transaction), or fees charged for a given volume of transactions. Quantum resistance. Existing public key encryption methods — such as ECC and RSA — are at risk against quantum computers. The infrastructure that we create must be resilient to a medium-term attack against transactions. Currently, NIST has defined that Dilithium, FALCON and SPHINCS+ are the preferred solutions for digital signatures, and should replace RSA and ECDSA signatures. For key exchange, Kyber is recommended as a replacement for ECDH. It is likely that any digital currency will support these methods, alongside existing public key methods — but will migrate in time to the post-quantum robust methods.
Conclusions
It is an exciting time. This is one of the greatest debates of our time, and cybersecurity/cryptography professionals need to get involved, otherwise, we could end up with an infrastructure that — at worst — could bring down a whole country. At best, it will bring new opportunities for innovation and address many cybersecurity-related risks.
What is likely is that digital currency will open up new areas of innovation, but one slip-up could bring the whole of the financial infrastructure down in an instant. I repeat again, this is not cryptocurrency, but a trusted digital payment infrastructure. There are good opportunities to improve the detection of fraud and scammer, and truly move to a more trusted financial world.
References
[1] Lovejoy, J., Fields, C., Virza, M., Frederick, T., Urness, D., Karwaski, K., … & Narula, N. (2022). A high performance payment processing system designed for central bank digital currencies. Cryptology ePrint Archive.
[2] The digital pound: Technology Working Paper, Bank of England, 2023.