When The Revolution Comes, It Won’t Be On The Blockchain
Digital currencies, and especially central bank digital currencies, don't need blocks, chains or means to form consensus in the presence of untrusted third parties.
Dateline: Zurich, 19th September 2022.
The Deputy Governor of the Bank of England, Jon Cunliffe, the chap overseeing the Old Lady’s work on central bank digital currencies (CBDCs), said a while back that the Bank plans to release a research paper at the end of the year about how a retail CBDC might look. He also said that he expects it will be five or more years before digital pounds are available to consumers and I’m sure that this is a conservative estimate. This is because a retail CBDC has to satisfy the demands of many competing stakeholders and it will take a long time to elucidate and reconcile the requirements, goals and constraints around a worthwhile practical digital pound.
The Deputy Governor further said that any such digital pound would likely be managed through some sort of account rather than working like coins or banknotes. His comments seemed to imply that coins on a blockchain are not all that when it comes to a population-scale cash alternative or some other form of electronic legal tender.
Those remarks were greeted with dismay by many cryptocurrency devotees who imagine a blockchain of one kind or another to be at the heart of any digital currency system. But the Bank of England’s views in this respect echo the findings of The Federal Reserve Bank of Boston and the Massachusetts Institute of Technology's Digital Currency Initiative (DCI). Their “Project Hamilton” Phase 1 executive summary says that they found “a distributed ledger operating under the jurisdiction of different actors was not needed to achieve our goals.”
Yes, blocks in a chain, but you don’t need them.
In plain English they said that no blockchain is needed to implement a CBDC. What’s more, they said that a distributed ledger did not match the “trust assumptions in Project Hamilton's approach” which assumes that the platform would be administered by a central actor (eg, a central bank) and they found that even when run under the control of such a single actor, the architecture creates "performance bottlenecks".
(In other words, the core of their discovery was that a blockchain is a very specific solution to the problem of forming consensus in the presence of untrusted third parties but in a Federal Reserve digital currency system of any kind there would be no such parties.)
What is more, as the Project Hamilton people noted, CBDC design choices are more granular than commonly assumed and the “tokens or accounts" categorisation is limited and insufficient to surface the complexity of choices in access, intermediation, institutional roles and data retention in CBDC. I completely agree.
(The heart of the “tokens or accounts” categorisation is that generally speaking — as noted in various reports from the BIS, Bank of Canada, IMF and so on — an account-based system requires verifying the identity of the payer, while a token-based system requires verifying the validity of the object used to pay.)
In reality, no central bank is going to allow a token-based system that operates anonymously (hence the Deputy Governor’s comments about coins) and therefore digital identity will be integral to CBDC roll-out.
The need for integration with a digital identity infrastructure is yet another reason why I think it will take some time for all of these architectural choices to be worked through even after the requirements, goals and constraints of a national digital currency have been agreed. I do not see this wide spectrum of design choices as a problem, but rather an optimistic shout out to the policy makers and regulators: if you can actually tell us (i.e., the digital financial services industry) what you want from a digital currency, then we can deliver it because we know that all the technologies needed to build it already exist (unless your requirements include time travel or perpetual motion.)
(To pick an example at the customer interface, wallets can support both an account-balance view and a coin-specific view for the user regardless of how funds are stored in the wallet, database or AI-powered quantum blockchain in the cloud.)
To summarise, then: the Bank of England’s apparent view that a retail CBDC is best implemented through the transfer of account balances accords with other findings. What’s more, in my view, the ability to transfer limited balances directly between devices that are offline is central to making a CBDC that viable population-scale alternative to cash.
Switch It Off
One of the reasons why some people think that a blockchain is needed for a digital currency is because of the potential for smart, programmable money. I agree that programmability will surely be one of the most interesting characteristics of retail digital currency, but that does not mean “smart” “contracts” and blockchains.
(I am talking about retail CBDC here. When it comes to wholesale CBDC for institutions, trading more complex instruments, then the full panoply of smart contract capabilities may well be appropriate.)
The Bank of England, and as far as I can tell pretty much every other central bank, has no interest in running a digital currency scheme themselves. They all envisage “two-tier” schemes whereby they control the scheme but have it delivered through third-parties. The Bank of England calls these third-parties Payment Interface Processors (or PIPs), which I think is a little too generic: I would have gone with Currency Connectors (CCs) or something like that, but no matter.
Lee Braine and Shreepad Shukla from the Chief Technology Office at Barclays Bank have a paper "An Illustrative Industry Architecture to Mitigate Potential Fragmentation across Central Bank Digital Currency and Commercial Bank Money” which expands on the Bank of England’s platform model of CBDC to make some suggestions as to what the PIP ecosystem will look like. They point out that implementing programmability in this ecosystem, instead of on a blockchain using smart contracts should "reduce security risks and complexity” and I am sure that they are right.
(Note also that a recent report commissioned by the Pentagon found that the blockchain is not decentralized, is vulnerable to attacks and is running outdated software. That doesn’t sound like the best platform for smart contracts for the nation.)
Smart contracts (or “persistent scripts”, as they should be called) have some interesting capabilities. But they impose an incredible degree of responsibility on their creators, who are required to write perfect code to implement perfect logic. Should there be a flaw in the logic or a mistake in the code, it will inevitably be exploited by attackers. This goes on all the time, as even a cursory glance at cryptocurrency news feeds will confirm. I simply cannot imagine a central bank forking a nation’s currency to correct an error made in a smart contract!
(As Patrick McConnell succinctly notes, any programmable money scheme that relies on smart contracts not only creates economic difficulties but, more importantly, poses risks to national security. For regulators, this should mean discouraging the use of such architectures and even banning them until any unintended consequences can be understood.)
Instead of blockchain-style smart contracts what if the intermediaries (i.e., PIPs/CCs) provide a rich and well-defined set of APIs for the wallet providers to use to deliver services to end consumers then we have the basis for creative new products and services without the problem of testing, certifying and policing smart contracts. Given the frequent and serious nature of the smart contract errors we see on public blockchains, such APIs are very attractive.
This is what the People’s Bank of China (PBoC) are doing with their digital currency, the eCNY. Mu Changchun, the Director of the Digital Currency Research Institute at People’s Bank of China, gave a speech to the China International Finance Annual Forum in Beijing in September 2022 in which he set out the principles of the eCNY smart contract platform. These are:
Adhering to centralized management and a two-tier operational structure.
Ensuring the legitimacy and validity of the contract template.
Maintaining openness and open source.
Constantly upgrading technology to prevent technical risks.
The PBoC will build a service platform for the e-CNY smart contract ecosystem, on which the smart contract templates that have “passed the review” will be registered and made available to users with no blockchain in sight.
All things considered, then, it seems that blockchains are neither necessary nor desirable for a retail digital currency and since — according to the Bank of England, the Fed, the Bank of Japan and others — there is no “burning platform” for retail CBDCs and it will take time for them to reach the general public, there is plenty of time to explore other architectures more suited to an electronic fiat alternative.
Are you looking for:
A speaker/moderator for your online or in person event?
Written content or contribution for your publication?
A trusted advisor for your company’s board?
Some comment on the latest digital financial services news/media?
Fantastic read Dave! I only would add that the e-CNY is operational today in the very structure you suggest (in addition to the smart contract aspect you mention)