CBDC Part 3: What could possibly go wrong?
In the first two parts of this series on Central Bank Digital Currencies (CBDC), I have focused on why central banks are looking into launching digital currencies and the trade-offs that have to be made to launch one. In this third part, I will look at the risks involved with a CBDC, focussing mostly on the risks for users.
From a technology perspective, there are two ways to prove that you rightfully own a unit of CBDC. You either have stored them in an account like a bank account or a crypto exchange, or you stored them in an e-wallet that contains the ‘anonymous’ private keys to the tokens of the CBDC (or any other cryptocurrency, for that matter).
The two basic forms of ownership of a CBDC
Source: BIS.
If CBDC are stored in an account, the distributor of the account (typically a commercial bank or a cryptocurrency exchange) needs to verify your identity before they can open the account. These KYC rules are designed to prevent money laundering, terrorism financing, etc. The big advantage of account-based ownership is that it reduces criminal activities and we by now know quite well how to effectively protect these accounts from hackers. Furthermore – and this is generally an underappreciated advantage – if an account owner forgets the password to the account, the money isn’t lost. Access to the account can be restored once the rightful owner has been identified beyond doubt.
But of course, the problem with account-based ownership of CBDC is that it is not anonymous and that especially in emerging markets, millions of people do not have access to banks. There are legitimate reasons, why people want or have to use physical cash as a medium of exchange and if we want to introduce CBDC as a true alternative (or substitute) of physical cash, there needs to be some form of privacy protection.
This is where tokenisation comes in. Tokens are anonymous by design, and owners of these tokens prove their ownership by showing a private encryption key. In theory, these private keys can be stored anonymously on e-wallets. But as always, nothing is anonymous on the internet. Every transaction ever made with the token is recorded in the blockchain of cryptocurrencies and if one can link an encryption key with an individual, everything becomes traceable and identifiable. A couple of months ago, the FBI showed the world that it can trace Bitcoin and identify the owners of each Bitcoin. And if they can do it with sophisticated criminals that presumably are better at hiding their identities than most, then they can do it with everyone.
Now, some crypto fans will say that there are zerocoins that are extensions of traditional cryptocurrencies designed to preserve anonymity. Well, you might not have heard, but in 2018 it was shown how these zerocoins can be hacked and destroyed. Hackers cannot steal the zerocoins, but they can definitely destroy them and thus cause enormous damage.
Finally, if we leave the privacy concerns behind, there are the usual security concerns of digital coins being stolen. The Bank of Canada has done a very good job of summarizing all the risks to a token-based CBDC. In essence, the problem is that criminals typically don’t know how much money is stored in individual wallets. Thus, they flock to the biggest pool of money and tend to focus their attacks on the largest cryptocurrency exchanges, the largest banks, or in the case of CBDC, the central bank itself. In particular state-sponsored hackers from countries like North Korea that have already successfully hacked into the central bank of Bangladesh in the past, will be targeting CBDC networks.
The simplest way to steal CBDC would be to take over the majority of nodes in a distributed ledger which would allow the criminals to control all the tokens. This is a key reason, why CBDC will likely not use a public network but be restricted to a permissioned network of participating banks and institutions that are heavily regulated and have the means to protect their computers.
Even so, computing power constantly increases, and thus what appears unhackable today may not be unhackable in a few years. In fact, we are at the cusp of quantum computing becoming reality. Quantum computing would deliver a true revolution in computing power and enable us to perform calculations in a few minutes that currently would take hundreds or thousands of years. No cryptographic protocol currently in use in any digital currency could withstand quantum computing attacks. Thus, with the emergence of quantum computers, all digital currencies will immediately become unsafe (including any CBDC), or CBDC will need to be designed in such a way that they can be made ‘quantum safe’ in no time or that they will be ‘quantum safe’ by design. But making a digital currency ‘quantum safe’ will almost inevitably reduce the number of transactions that can be made per second and thus reduce its efficacy as a medium of exchange (see last week’s discussion).
But for now, quantum computing is science fiction, yet the key security gap for any CBDC already exists. It’s you.
I tell people that modern cryptographic protocols are so safe that I am not worried they will be hacked all the time to steal digital currencies. Criminals simply don’t need to go through all that hard work when the biggest security risk to digital currencies sits in front of the computer. E-wallets and accounts of cryptocurrencies and any CBDC will be owned by normal people and secured by passwords. And people use rubbish passwords all the time. Or they forget their passwords which is not so bad if they own an account with a bank, but if they forget the password to their e-wallet where all the highly secure cryptographic keys to their CBDC are stored, then, well, they are out of luck and have lost all their money forever.
People have told me that this is the same as carrying physical cash in a wallet and then having that wallet stolen by a pickpocket. And we accept that risk as well without complaining. Yes, but the analogy is not quite the same. If you go shopping in a mall with your physical cash in a wallet there may be one or two pickpockets around that will try to steal your wallet. If you use an e-wallet to pay on the internet it is as if you are walking in a shopping mall where every pickpocket in the entire world is hanging around, ready to steal your wallet given the opportunity. How likely do you think it is that your wallet will be stolen in that environment?
And this security risk is innate in every digital currency, and it means that no matter how the CBDC is designed, it will always be less secure than physical cash for a user because it can be stolen much more easily. It will be a security risk we will have to live with.
Great article Joachim, super!
The case for a CDBC based on a blockchain doesn't make much sense. If you want a digital currency controlled by a central bank, you can make it using conventional tech. You don't need blockchains. Blockchains technology is needed to run a decentralized no trust network. The bitcoin blockchain is a slow, resource intensive, distributed database. If you want a centralized database, there is no need for it.
Based on everything I've read, it sounds like a CDBC would basically be a government controlled savings account. It'd probably be built with conventional technology, with standard ways to recover your account if you lose access.