The European Central Bank (ECB) and Bank of Japan published a report about technologies to enable privacy, as part of their exploration of distributed ledger technologies (DLT) and central bank digital currencies (CBDC).
This is phase four of Project Stella, a multi-year joint project which started in December 2016.
Two months ago, the ECB published a report into anonymizing CBDCs.
In the latest report, the researchers approach a practical issue: how to achieve privacy but yet enable the auditing required by a regulator. Because regulators expect to achieve the same level of auditability that’s possible with current centralized systems and financial market infrastructures (FMIs).
They grouped privacy-enhancing technologies (PETs) into three categories.
The first is segregation so that participants only see transactions in which they participate. This is a feature baked into R3’s Corda, although there is the option to use validating notaries, and those nodes receive all the information. Similarly, Hyperledger Fabric has a concept of channels that are like mini blockchains to segregate data.
The second approach is to hide data. For example, Zero Knowledge Proofs (ZKP) enable information to be proved as true or false, without revealing the underlying information. A typical example is to check if someone is of drinking age without discovering their specific age or accessing the details of their identity document.
Another example is JP Morgan’s Quorum protocol, which has a concept of private transactions allowing the full details of some transactions to be hidden and only accessible to those with the right keys. (Some might argue this is a type of segregation).
It’s also possible to encrypt transactions in a way that can be verified without the ability to decrypt them, for example, with Pedersen commitments.
The third approach to privacy is unlinking. So the transactions might be viewable, but there’s no way to determine who the participants were. These techniques are typically used on public blockchains. They include one-time addresses so that multiple transactions are not associated with a single address.
Mixing is another method, which is like putting a card in a deck of cards, shuffling, and trying to figure out which one was added, without the cards being marked.
Another “unlinking” approach is ring signatures, which is like having a keyring with many keys. But without a lock with which to test them. So you know one of them was a participant in the transaction, but not which one. Both mixing and unlinking have drawbacks and hence are commonly used in conjunction with hiding approaches.
Auditability
The paper then explores the ability to audit with each type of privacy approach. The simplest is to have a single trusted source, as is often the case without DLT. But in the case of DLT that defeats the object and potentially undermines the privacy of the entire network.
The approach to auditing differs depending on the privacy approach. For example, in the case of segregated ledgers, the auditor would need access to all of the sub ledgers. For hidden PETs the auditor needs access. And for unlinking approaches, the auditor needs access to the original information that includes the sender and receiver’s identities and the transaction relationship.
However, if you start looking at more complex scenarios such as multi-tiered payment systems, auditability can become more of a challenge.
