Today the Hong Kong Monetary Authority (HKMA) published a technical paper on its retail central bank digital currency (CBDC) or rCBDC project. It includes a novel privacy approach to CBDC.
As with most CBDC research projects, the central bank emphasized the e-HKD research is exploratory. It also has another initiative with the BIS, Project Aurum, in which it explores the trade offs between an intermediated CBDC and CBDC backed e-money.
Today’s announcement outlines some key design principles such as safety, efficiency and openness. It also marks the launch of a public consultation.
“The knowledge gained from this research, together with the experience we acquired from other CBDC projects, would help inform further consideration and deliberation on the technical design of the e-HKD,” said Eddie Yue, CEO of HKMS. “We also look forward to receiving feedback and suggestions from the academia and industry to enrich our perspectives.”
How to keep banks and e-money issuers honest
The document explores a two-tier CBDC system in which the central bank is only involved in the wholesale blockchain tier where it issues CBDC to banks or intermediaries. A second blockchain is used for retail transactions, which supports both rCBDC and stablecoins backed by CBDC. This intermediated CBDC approach is distinct from a Hybrid model in which intermediaries process payments, but the central bank has a log of everything.
The crux of the paper is about the intermediated model and how to keep the two blockchains in sync – the wholesale one that issues the CBDC and the retail one with which the central bank has no involvement. Because if they’re separate, in theory, an intermediary could issue more CBDC on the retail chain than they paid the central bank for, the typical double-spending problem.
There’s also a secondary issue. If the central bank doesn’t have a log of all payments, when a financial intermediary such as stablecoin issuer becomes insolvent, it might be harder to prove claims by consumers.
A simple approach to ensure the wholesale and retail blockchains are kept in sync would be to have a database with two logs. One log is of all the wholesale CBDC issued to intermediaries, and the other is all the related initial transactions on the retail chain. The two logs need to tally. And if they don’t, those initial retail CBDC transactions should fail. A set of validators could verify that this database is up-to-date and verify the initial issuance on the retail blockchain is legitimate.
Privacy is a key challenge for CBDCs. In particular, how do you stop someone with access to a single blockchain transaction from being able to see where that person spent other money, given blockchain logs are transparent. Before we explain how, a brief aside is needed.
Blockchains or DLTs tend to adopt two models. One is unspent transaction output (UTXO), and another is account-based. (This is a separate issue from whether a CBDC is token or account-based). In the first case, if I have a $2 token and I spent 50 cents, the recipient gets a new 50 cent token that traces back to my $2 token, and I get a new $1.50 token. The original token is marked as spent. This is how Bitcoin and R3’s Corda work. It’s possible to see that the $1.50 was the change from $2.00 and is owned by the same person because it used the same public key.
The alternative is an account based system such as Ethereum and Hyperledger Fabric. Here you have a wallet address. So it’s really easy for anyone to see where else that wallet has spent money.
The privacy proposal uses the UTXO model and allows consumers to use random public keys for transactions. That makes it trickier to trace who owns the coins. But banks will know the public key association to ensure it is legally compliant. However, someone perusing a blockchain’s logs could not easily trace new coins to the same person.
We were slightly puzzled that the paper focused on a UTXO model, which implied it does not use Ethereum. Yet, we thought the project consultant was Ethereum development-house ConsenSys, but perhaps that was just LionRock / M-CBDC Bridge. Update: It’s been confirmed that ConsenSys was not directly involved in this project.
Meanwhile, the HKMA has been working for a few years on cross border wholesale CBDC trials with the Bank of Thailand, the Inthanon-LionRock project, which recently announced the outcome of phase 2. The project has since added the central banks of China and UAE and morphed into the M-CBDC Bridge project with the BIS.