The European Central Bank (ECB) is also considering a digital currency. The institution has not yet issued a letter of intent that there should be a digital euro. However, she develops various concepts, such as how to deal with anonymity and privacy.
Will the central bank issue a digital euro or will it not? The clearest thing to say about this question is that everyone agrees that it can’t be answered. ECB President Christine Lagarde said:
“ECB will continue to assess the costs and benefits of issuing a central bank digital currency that would ensure that the general public remains able to use central bank money even if the use of physical cash eventually declines.”
But it does not want to commit itself yet. The authors of a central bank research paper discussing concepts for the anonymity of a digital currency also make it clear in the introduction: “The work does not refer to a practical implementation and does not imply any decisions to introduce a digital currency.”
So the ECB thinks, discusses, researches and advises. The institution has also set up a research group that deals with various challenges surrounding the introduction of a digital currency issued by a central bank. One of these challenges is data protection, to which the Central Bank paper published in December 2019 is dedicated.
A relatively concrete architecture
First of all, the paper notices that the digital currency, which may exist, is at least conceptually very advanced. The authors describe a very concrete architecture. This is astonishing given the indecisiveness of the ECB as to whether or not to introduce a digital currency.
First, the researchers assume that the currency issued by the central bank should have “cash-like properties”: “There is a strong focus on the privacy of users in transactions with low value”, and transactions should not convey direct debit, but should be direct. Secondly, users should not have direct access to the system, but should come on board via middlemen. Third, these middlemen keep accounts with the central bank and pass their balances on to the users. Fourthly, there should be an institution that ensures that measures against money laundering are observed.
The ECB software developers have already developed a proof-of-concept for this system. A proof-of-concept is something like a raw model that is not meant to be used, but only to find out if a system is possible. For this they used the Corda platform. This is a product of R3, an American company that has been trying to build the “blockchain for the banks” since around 2014, and has found many partners, but has so far found only a few applications.
In the proof-of-concept system, there are four parties: two intermediaries, a central bank and an institution to prevent money laundering. Each party forms a node in the network. Like Bitcoin, Corda uses a UTXO model, in which the “not yet outputted outputs” of a transaction become the input for the subsequent transaction. The best way to describe this model is that a UTXO is like a coin or a bill. Like a Bitcoin node, intermediaries check whether an output that goes into a transaction is valid by validating it backwards to the original output.
However, a “non-validating notary” will help them. This node allows intermediaries to check the validity of a state – i.e. an output that has not been issued – by storing all currently valid UTXO. The paper does not clearly describe the role of the notary node. One might assume that intermediaries may not be able to check all transactions like in a block grove, but only those that own their users. A notary node could help you validate other people’s transactions – or incoming transactions.
Vouchers for anonymity
At this point, the ECB researchers bring in an interesting objection for privacy: The notary nodes “have no access to data such as the value of a transaction, the addresses of the users or the history of a status.” How exactly this works is probably without Knowledge of the Corda architecture difficult to say. Without advanced technologies such as zero knowledge proofs or ring signatures, it should hardly be possible for a notary node to validate the UTXO set without knowing the content of the transaction.
But the most important question for the paper is: How can the anti-money laundering node enforce the rules without knowing the user’s transaction data? That sounds like squaring the circle: on the one hand, the digital currency should be private, analogous to cash, but on the other hand, it should be possible to prevent money laundering. The two goals seem to contradict each other massively.
To resolve the contradiction, the researchers have developed a new concept: The “anonymity vouchers.” The AML node “issues these additional, time-limited states to each user at regular intervals. If a user now wants to transfer the currency without giving information to the anti-money laundering node, they have to issue these vouchers. “So every user has a certain number of these vouchers in his wallet, so that he can get a certain amount in a certain amount Can output time interval anonymously.
For transactions that exceed this amount, a message goes out to the anti-money laundering nodes. These then request certain information from the middleman, possibly further confirmations from the user, and then release or refuse the transaction.
The concept is interesting in itself. It is in a way more private than Bitcoin because you may not be able to track small transactions, but at the same time, of course, it is less autonomous and less private for larger amounts. One could even say that the digital currency planned by China represents the ideology of cryptocurrencies more than the concepts of the ECB. With the digital yuan, it should be possible for small amounts that users receive and send money without a middleman, i.e. only with an app.
Open questions: The ECB could learn a lot from cryptocurrencies
With all this, of course, there are still some questions left. The proof of concept was able to show that such a system can be built with the Corda platform. However, not all challenges have been overcome.
For example, the authors complain that Corda’s privacy is inadequate. Intermediaries need to look at past transactions to validate whether a transaction is valid, back to the original issuance by the ECB. This allows you to build a graph and see details about past transactions, even if they are not involved in the current transaction.
So these are the same problems as are known with Bitcoin: That blockchain analyzes allow a relatively far-reaching reconstruction of transaction flows and wallets. With Bitcoin, this problem is put into perspective by the fact that the users are pseudonymous, can operate their own nodes and do not need middlemen to open a wallet. As soon as you use different wallets here and make sure that the coins are not linked to your own name, you achieve a relatively wide degree of privacy. However, connecting a system of middlemen and identified users to a semi-public chain of transactions threatens to bury all financial privacy, even if it was not intended.
Therefore, the authors propose to enrich the digital central bank currency with additional privacy technologies. They call rotating or changing public keys, which is a system that has long been the standard for all Bitcoin wallets. The fact that Corda has apparently failed to do this so far basically shows how far behind this technology is. The authors also suggest zero-knowledge proofs that are already in use in many cryptocurrencies , such as Zcash , Monero, or the tornado mixer at Ethereum. You could also add Monero’s ring signatures, or simple decentralized mixing methods like CashShuffle at Bitcoin Cash.
While too much privacy triggers legitimate concerns about promoting money laundering and crime in many cryptocurrencies, an ECB block grove with middlemen and anti-money laundering nodes could use all the privacy technologies that the ecosystem provides. When identity is involved, there can be no more anonymity.
Subscribe To our Newsletter
And receive the Bitcoin Whitepaper Poster