Yesterday Sweden’s Riksbank published a paper that concludes that if DLT tokens are used for a central bank digital currency (CBDC), they have no greater ability to provide cash-like features than an account-based CBDC. Late last week, the central bank also announced it was extending its tests with Accenture of its e-krona technical solution by a year to the end of February 2022. The country has not yet decided whether to issue a CBDC.
Riksbank considers cash-like features to be a lack of traceability and the ability to operate when offline.
One of the primary design choices for a CBDC is whether it should be account-based or token-based. While tokens are perceived to present advantages for these two features, Riksbank disagrees.
Regarding privacy, the central bank argues that a ledger is involved whether the currency is token or account-based. And the ledger is essentially a third party, unlike cash where a transaction can be truly person to person. Ledgers also imply some level of traceability even with obfuscation. In the EU, if a prepaid card is funded with more than €150, the customer has to comply with anti-money laundering (AML) procedures. The same will apply to an offline CBDC.
Even if tokens are used offline, Riksbank notes they will need to be reconciled with the ledger when the device goes back online to prevent a double spend.
Hence the bank concludes these two cash-like features are present neither in a token-based nor an account-based CBDC. It states that tokens may offer other advantages in terms of efficiencies but no comparative benefits for cash-like features.
How to cheat the system offline
Exploring offline digital currency use, the two ways that someone might cheat the system is by copying real CBDC tokens or creating their own counterfeits. It would be possible to check the token was created with the central bank’s digital signature even offline. So the more likely route is the duplication of an existing token, which is the essence of the ‘double spend’ problem.
One solution might be to ensure local devices cannot be tampered with. “Unfortunately, such 100 per cent tamper-proof devices do not exist,” says the central bank.
Most modern mobile phones have secure enclaves that can store things like encryption keys or digital currency. The aim is to make them tamperproof, like Intel’s computer chipset Intel SGX. But 100% is a tough threshold, and SGX has had vulnerabilities from time to time. Riksbank notes the high economic incentive to break them, and that only one device needs to be corrupted for the whole system to break down.
The key point is that there needs to be some reconciliation with a ledger. And once you do that, the digital currency could be account-based.
Offline P2P digital currency will be possible
The central bank says that there are existing offline payment solutions such as offline credit allowed on payment cards. It notes others are working on solutions that limit how many times a token can change hands before it has to be reconciled to a ledger.
Visa recently published a paper that also required an intermediary or wallet provider to allocate funds to a mobile phone for offline use. Visa’s solution also required the payer to use a device with a secure enclave. And Japan’s central bank is particularly interested in this area given its experience with tsunamis.
The country that’s the furthest along in CBDC trials is China, which has tested its offline CBDC solution.