The Bank of Canada has published a staff analytical note exploring privacy for central bank digital currencies (CBDC). It also outlined the pros and cons of zero knowledge proofs.
The bulk of the succinct paper highlights the trade offs between privacy – which is seen as a public good – and the need for disclosure required by regulations. But it also explores several of the complexities involved. Specifically, a payment system includes multiple technologies, several players and different pieces of information. It compares the privacy features in these three dimensions.
In terms of the technologies, these might include a centralized system, distributed ledger technology (DLT), cards and offline devices used for storage, each with different privacy features.
Payment systems are ecosystems where the central bank is just one player. Others might include payment providers for the payee or payer, banks and money service business as well as the public such as merchants. Again there is potential for disclosure or privacy required for each player.
And there isn’t just one piece of information. For balances, apart from the amount, there’s the identity of the holder. And for transactions, there’s the payer, the payee and the amount. The paper takes these three dimensions, the technology, the participant and the data element and explores the level of privacy possible for each combination.
The conclusion is that offline devices achieve a level of privacy that is closest to cash. Tiered ledgers provide significant privacy when it comes to payment providers and the public, but limited privacy with respect to money service businesses and the government.
Specifically, the paper states that “techniques to achieve cash-like privacy are immature”. It lists six techniques from group signatures and multi-party computation to zero knowledge proofs (ZKP). Some of the comments apply to all the technologies, but it singled out zero knowledge proofs. It stated that the pool of skills is rather limited, and the combination of technical complexity and immaturity raises the risk that there could be hidden vulnerabilities.
When we’ve raised this issue, the response is often that zero-knowledge proofs have been around for 30 years. That may be so, but they haven’t been used in a real environment until very recently. Moreover, there’s been quite a bit of development to extend their application. And each of those carries risks as well. In the last few years, there have been several weaknesses exposed in widely used software that leverage cryptography. So the concern which the BoC articulated is that the immaturity may mask vulnerabilities.
Zero knowledge proofs are also highly resource intensive. While many are attempting to address this (including EY), the BoC notes that there are limited ZKP deployments in a live environment and none at a national scale to their knowledge.