Platypus: A Central Bank Digital Currency with Unlinkable Transactions and Privacy-Preserving Regulation

Due to the popularity of blockchain-based cryptocurrencies, the increasing digitalization of payments, and the constantly reducing role of cash in society, central banks have shown an increased interest in deploying central bank digital currencies (CBDCs) that could serve as a replacement of cash. While most recent research on CBDCs focuses on blockchain technology, it is not clear that this choice of technology provides the optimal solution. In particular, the centralized trust model of a CBDC offers opportunities for different designs. In this paper, we depart from blockchain designs and instead build on ideas from traditional e-cash schemes. We propose a new style of building digital currencies that combines the transaction processing model of e-cash with the account model of managing funds that is commonly used in blockchain solutions. We argue that such a style of building digital currencies is especially well-suited to CBDCs. We also design the first such digital currency system, called Platypus, that provides strong privacy, massive scalability, and expressive but simple regulation, which are all critical features for a CBDC. Platypus achieves these properties by adapting techniques similar to those used in anonymous blockchain cryptocurrencies like Zcash and applying them to the e-cash context.

[1]  S. Nakamoto,et al.  Bitcoin: A Peer-to-Peer Electronic Cash System , 2008 .

[2]  Angelo De Caro,et al.  Privacy-preserving auditable token payments in a permissioned blockchain system , 2020, IACR Cryptol. ePrint Arch..

[3]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[4]  David Chaum,et al.  Blind Signatures for Untraceable Payments , 1982, CRYPTO.

[5]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[6]  Exploring anonymity in central bank digital currencies , 2019 .

[7]  Butler W. Lampson,et al.  Crash Recovery in a Distributed Data Storage System , 1981 .

[8]  Eli Ben-Sasson,et al.  Zerocash: Decentralized Anonymous Payments from Bitcoin , 2014, 2014 IEEE Symposium on Security and Privacy.

[9]  Ghassan O. Karame,et al.  BITE: Bitcoin Lightweight Client Privacy using Trusted Execution , 2018, IACR Cryptol. ePrint Arch..

[10]  David Pointcheval,et al.  Divisible e-cash made practical , 2015, IET Inf. Secur..

[11]  Daniel Davis Wood,et al.  ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .

[12]  Matthew Green,et al.  Zerocoin: Anonymous Distributed E-Cash from Bitcoin , 2013, 2013 IEEE Symposium on Security and Privacy.

[13]  David Pointcheval,et al.  Short Randomizable Signatures , 2016, CT-RSA.

[14]  Matthew Green,et al.  Accountable Privacy for Decentralized Anonymous Payments , 2016, Financial Cryptography.

[15]  Kari Kostiainen,et al.  PRCash: Fast, Private and Regulated Transactions for Digital Currencies , 2019, Financial Cryptography.

[16]  Jan Camenisch,et al.  Balancing accountability and privacy using E-cash , 2006 .

[17]  Lola Hernández,et al.  The Use of Cash by Households in the Euro Area , 2017, SSRN Electronic Journal.

[18]  Martin R. Albrecht,et al.  MiMC: Efficient Encryption and Cryptographic Hashing with Minimal Multiplicative Complexity , 2016, ASIACRYPT.

[19]  George Danezis,et al.  Centrally Banked Cryptocurrencies , 2015, NDSS.

[20]  Srdjan Capkun,et al.  ZLiTE: Lightweight Clients for Shielded Zcash Transactions using Trusted Execution , 2019, IACR Cryptol. ePrint Arch..

[21]  Tanja Lange,et al.  High-speed high-security signatures , 2011, Journal of Cryptographic Engineering.

[22]  Fan Zhang,et al.  Design Choices for Central Bank Digital Currency: Policy and Technical Considerations , 2020, SSRN Electronic Journal.

[23]  Tim Ruffing,et al.  (Short Paper) Burning Zerocoins for Fun and for Profit - A Cryptographic Denial-of-Spending Attack on the Zerocoin Protocol , 2018, 2018 Crypto Valley Conference on Blockchain Technology (CVCBT).

[24]  Amos Fiat,et al.  Untraceable Electronic Cash , 1990, CRYPTO.

[25]  Georg Fuchsbauer,et al.  Anonymous Transferable E-Cash , 2015, Public Key Cryptography.

[26]  Jan Camenisch,et al.  Compact E-Cash , 2005, EUROCRYPT.

[27]  Thomas Moser,et al.  How to Issue a Central Bank Digital Currency , 2021, ArXiv.

[28]  Jens Groth,et al.  On the Size of Pairing-Based Non-interactive Arguments , 2016, EUROCRYPT.

[29]  Ghassan O. Karame,et al.  On the privacy provisions of Bloom filters in lightweight bitcoin clients , 2014, IACR Cryptol. ePrint Arch..