Home Digital Currencies ‘Cash-like anonymity’ for retail CBDC demonstrated in prototype: BIS

‘Cash-like anonymity’ for retail CBDC demonstrated in prototype: BIS

Project Tourbillon: The project was launched just over one year ago (Global Government Fintech coverage); (inset) BIS Innovation Hub Swiss centre head Morten Bech

A new ‘privacy paradigm’ of payer anonymity that ‘balances user needs and public policy objectives‘ when using retail central bank digital currencies (CBDCs) has been demonstrated in technical experimentation led by the Bank for International Settlements (BIS), according to a report from the Switzerland-headquartered central banking institution.

The ‘Project Tourbillon’ conclusions, released today (29 November), will likely make for timely reading for technical specialists at the growing number of central banks across the globe that are considering launching a CBDC. Privacy consistently ranks at or near the top of potential CBDC users’ concerns, for example in surveys conducted by the European Central Bank and Bank of England.

The project, run by the BIS Innovation Hub’s Swiss centre working alongside the Swiss National Bank (SNB), was launched just over 12 months ago as an exploration in how to ‘improve’ CBDC privacy, cyber-resiliency and scalability through prototype development. Designing a CBDC involves ‘complex’ trade-offs between these three elements, BIS stated, explaining that – for example – privacy needs to be balanced against the need to counter money laundering, terrorism financing and other illicit payments; and that higher resiliency against cyber-attacks, especially from quantum computers, requires additional cryptography, which can slow payment processing.

BIS Innovation Hub Swiss centre head Morten Bech said the project would ‘push central banks’ technological frontier’. He and colleagues’ subsequent work, which has also involved IBM as private-sector technology partner, sought to address the three features simultaneously: privacy – by enabling payer anonymity; cyber-security – by implementing ‘quantum-safe’ cryptography; and scalability – by testing the prototype’s ability to handle a growing number of transactions using payment data.

“Privacy is an important user requirement but it is the most difficult to solve,” said Thomas Moser, governing board alternate member at the Swiss National Bank, which is keen on the possibilities of wholesale CBDC but not committed to implementing a retail CBDC, today. “The difficulty lies in ensuring privacy protection technologically rather than just promising it, and at the same time ensuring that such a high level of protection cannot be abused.”

RELATED ARTICLE Think you know CBDCs? An A(CID) to Z(KP) test – a feature article (26 June 2023) focused on some of the many technology considerations involved with CBDCs (the article is based on the Bank of England’s ‘Digital pound: technology working paper’)

Prototypes based on eCash designs

In its project report, BIS sets out how payment methods currently used across the globe have different levels of privacy: cash provides anonymity for both payer and payee but cannot be used in online transactions; credit and debit cards are confidential for the user (‘provided that only banks and card operators see personal information’); and crypto-currencies ‘generally provide pseudo-anonymity where amounts and addresses are visible on the public blockchain, making the exposure of identities possible’.

Payer anonymity provides cash-like anonymity to payers but not for payees, BIS states. ‘For example, a consumer paying a merchant using CBDCs does not disclose personal information to anyone, including the merchant, banks and the central bank. However, the identity of the merchant is disclosed to the merchant’s bank (as part of the payment) and is kept confidential there. This concept also helps to reduce tax evasion or illicit payments. The central bank is able to see the transaction amount but remains unaware of any details regarding the consumer or the merchant,’ the 46-page ‘Project Tourbillon: Exploring privacy, security and scalability for CBDCs – final report’ explains.

Project Tourbillon had the ambition of ‘reconciling’ the CBDC architecture trade-offs by ‘combining proven technologies such as blind signatures and mix networks with the latest research on cryptography and CBDC design’ specifically suggested by US cryptography pioneer David Chaum and the SNB’s Moser in a co-authored 11-page paper, published last year, titled ‘eCash 2.0: Inalienably private and quantum-resistant to counterfeiting’. The ‘eCash’ design was first described in 1982 by Chaum, who was a technical adviser on Project Tourbillon (and features in a three-minute BIS-produced ‘Reflections on Project Tourbillon’ video).

The project developed two prototypes based on eCash designs: ‘eCash 1.0 (EC1)’, which resembled a ‘cash-like digital payment instrument’; and ‘eCash 2.0 (EC2)’, which investigated ‘enhanced security features allowing for strong protection against and detection of counterfeiting’. EC1 provided unconditional payer anonymity but EC2 had ‘more resilient security features allowing for better protection against counterfeiting.’

The report acknowledges in a footnote that ‘Tourbillon prototypes cannot protect a consumer’s anonymity against user behaviour or external tools […] in particular, a consumer can always choose to reveal their identity to the merchant, to banks, or even to third parties […] external tools like reward cards or facial recognition software in stores can also link consumers to payments.’

VIDEOCLIP (10 seconds; embedded on ‘X’) “Offline payments? There’s nothing better than this…!”: Dr Geoff Goodell (University College London) deploys a visual prop during Global Government Fintech’s global webinar (14 November 2023) on CBDCs and cybersecurity | WATCH THE FULL WEBINAR HERE (Project Tourbillon is mentioned twice by Dr Goodell – approx 37 mins into the full recording and also after approx 42 mins 40 secs) => https://globalgovernmentforum.com/events/cbdcs-and-cyber-security-resilience-considerations-when-developing-digital-money/

Throughput reduced ‘by a factor of 200’

Project Tourbillon has partly shared the terrain occupied by other BIS experimentation projects including ‘Project Leap’, which is focused on how quantum computing increases the vulnerability of the global financial system.

Experimentation during the first stage of Leap, which is being led by the Innovation Hub’s Eurosystem centre, involved the sending of test payment messages via a ‘quantum-resistant virtual private network (VPN) tunnel’ between servers located in Paris and Frankfurt. This experimentation concluded in June 2023 with the verdict that a quantum-safe financial system’s viability had been ‘proven’.

Project Tourbillon explored not only current but also ‘quantum-safe’ blind signatures, a cryptography used in both EC1 and EC2 to guarantee privacy and future security, BIS states.

The Tourbillon experimentation demonstrated that ‘implementing quantum-safe cryptography is possible, but that it requires specialised expertise, and severely limits transaction processing’. 

Compared to current cryptography, the duration of payments was increased by a factor of five and throughput reduced ‘by a factor of 200’, BIS states, adding that this finding ‘shows the need for more research on quantum-safe cryptography’.

RELATED ARTICLE Crypto security breaches? ‘Stakes for CBDC are much higher…’: BIS chief – a news story (10 November 2023) on BIS head Agustín Carstens highlighting the need for vigilance and preparedness for the ‘constantly evolving’ security challenges facing CBDCs in a keynote speech

Three areas for future focus

The report concludes by describing Project Tourbillon as ‘a first step in exploring privacy, security and scalability in CBDC designs’. It states that it has ‘successfully demonstrate[d] the feasibility of the proposed design [and] provide[d] new insights into the potential of eCash as a basis for future CBDC systems’.

The experimentation has also highlighted three areas where further work is needed.

Firstly, addressing the challenges of implementing and deploying quantum-safe cryptography – ‘mainly the reduction in transaction processing speed’.

Second, the report states that ‘although Tourbillon demonstrates the feasibility of the eCash design, privacy, security or scalability may be improved as requirements or objectives change… thus, modelling the trade-offs between privacy, security and scalability and the extent to which they impact each other is useful for advancing the prototypes.’

Third, it states that further work is needed to explore how an eCash-based design could be implemented. This includes considering additional use cases – such as offline payments, one of the other more challenging areas of CBDC implementation – and ‘exploring economic viability with a sustainable business model’.

IBM was private sector technology partner in Project Tourbillon, whose name owes to a mechanism in wrist-watches, as well as being chosen to hint at the mix network technology to be used.


Global Government Fintech’s dedicated Digital Currencies section