Design Choices for Central Bank Digital Currency: Policy and Technical Considerations
Central banks around the world are exploring and in some cases even piloting Central Bank Digital Currencies (CBDCs). CBDCs promise to realize a broad range of new capabilities, including direct government disbursements to citizens, frictionless consumer payment and money-transfer systems, and a range of new financial instruments and monetary policy levers.
CBDCs also give rise, however, to a host of challenging technical goals and design questions that are qualitatively and quantitatively different from those in existing government and consumer payment systems. A well-functioning CBDC will require an extremely resilient, secure, and performant new infrastructure, with the ability to onboard, authenticate, and support users on massive scale. It will necessitate an architecture simple enough to support modular design and rigorous security analysis, but flexible enough to accommodate current and future functional requirements and use cases. A CBDC will also in some way need to address an innate tension between privacy and transparency, protecting user data from abuse while selectively permitting data mining for end-user services, policymakers, and law enforcement investigations and interventions.
In this paper, we enumerate the fundamental technical design challenges facing CBDC designers, with a particular focus on performance, privacy, and security. Through a survey of relevant academic and industry research and deployed systems, we discuss the state of the art in technologies that can address the challenges involved in successful CBDC deployment. We also present a vision of the rich range of functionalities and use cases that a well-designed CBDC platform could ultimately offer users.
The authors wish to thank IC3’s industry partners for their support of this work. Thanks also to Jim Ballingall for helpful comments. Ittay Eyal was partially funded by ISF (1641/18) and BSF grants. Giulia Fanti was partially funded by NSF grant CIF-1705007 and ARO grant W911NF17-S-0002. Bryan Ford was partially funded by ONR grant N00014-19-1-2361 and the AXA Research Fund. Ari Juels was partially funded by NSF grants CNS-1704615 and CNS-1933655. Sarah Meiklejohn was partially funded by EPSRC Grant EP/N028104/1. Andrew Miller was partially funded by NSF grant CNS-1943499. The views expressed herein are those of the authors and do not necessarily reflect the views of the National Bureau of Economic Research. Kari Kostiainen, Karl Wüst and Srdjan Capkun were supported (in part) by the Zurich Information Security and Privacy Center (ZISC).
Ari Juels serves as a technical advisor to Chainlink SmartContract Ltd. and affiliates and to Soluna.