When China announced in 2019 that it was working on its own national digital currency, there was widespread speculation about what role, if any, blockchain would play in a digital yuan, or e-CNY. One reason for this was that news of the digital yuan came just after Facebook announced its own digital currency called Libra, later renamed Diem and killed after its assets were sold off.
While the warning signs of regulatory hurdles facing Facebook were apparent from the beginning, it was not clear three years ago that Facebook, one of the world’s largest tech companies, would fail. So Beijing moved up its timeline to launch the e-CNY.
Mu Changchun, head of the People’s Bank of China’s (PBOC) digital currency research institute, said that year that the digital yuan “isn’t bitcoin and is not for speculation”. While authorities have promoted the use of blockchain for cross-border financing and settlements, cryptocurrencies like bitcoin and central bank digital currencies (CBDCs) typically have very little in common.
China, as the only large economy to have trialled a national digital currency, is demonstrative of this fact, and other central banks are showing little interest in using blockchain to manage digital cash. Here is why.
While the digital yuan attracted broad attention with comparisons to blockchain-based cryptocurrencies, the reality is that CBDCs are almost as different from each other as bitcoin is from the cash in your bank account.
This is because blockchain is unlikely to be used to mint CBDCs. Other database technologies are better suited for scaling across entire populations. When it was created in 2009, blockchain’s biggest asset was that it was the first peer-to-peer currency that did not need a central authority or server. CBDCs obviously do not operate like this, as they would be part of the greater money supply that is directly managed by a central bank.
“If we look at modern database technologies, they’re good enough for securing transactions,” said Jan Ondrus, associate dean of faculty at the ESSEC Business School’s Asia-Pacific campus in Singapore, who has studied mobile payment technologies for two decades. “And that’s what banks are using. That’s what most of us use on a daily basis when we use any kind of applications. When you check your emails on Gmail, or when you write on Google Docs, texts, all of this is stored in a centralised, secure way. So it works.”
Most of today’s money supply is already little more than numbers on a computer. In some ways, CBDCs are an extension of that. The main difference is that the central bank’s backing means that it is a liability directly held by the government institution.
Today, the general public does not have access to liabilities from a central bank. Instead, that process goes through consumer-facing banks and other approved financial institutions.
The original bitcoin blockchain sought to bypass this complicated system of monetary management with a creative trick called proof-of-work, which made it prohibitively difficult to modify a permanent ledger of all transactions on the chain. The bitcoin blockchain also tightly manages the amount of new supply that can be created per minute, to eventually max out at 21 million bitcoins, which would make many elements of modern monetary policy unworkable.
Public blockchains like bitcoin’s are open source and do not have any intermediary. CBDCs, on the other hand, are centralised by definition. Their value comes from the full faith and credit of the institutions that create them, not directly from the technology underpinning the currency.
The underlying system managing the e-CNY can be summed up as “one coin, two databases, three centres”, as explained in the paper Digital Currencies: The US, China, And The World At A Crossroads from Stanford University’s Hoover Institution, a conservative think tank. The paper cites Chinese CBDC research from before the launch of the digital yuan.
The system manages the one coin (the e-CNY) through an issuance database and transaction databases at commercial banks. As the names indicate, the former is a database that manages the currency doled out by the central bank to commercial banks, while the latter is the more traditional distributed system of databases through which banks monitor their money supply.
The system is monitored through the “three centres”: registration centres, an authentication centre and a big data centre.
Registration centres are where the records of e-CNY owners are held. These centres keep track of the identities of e-CNY holders, their transactions, and the circulation, redemption and life cycle of the digital coins.
The authentication centre is perhaps the part of the system that is closest to cryptocurrencies, as it manages the encryption keys needed to verify transaction requests. For high-end users such as large institutions, this is managed using public key infrastructure (PKI). Other types of identity-based cryptography can be used for retail users.
Finally, the big-data centre processes transaction data to monitor for illegal activities.
Similar to other mobile payment systems that have existed in China for years, such as Tencent Holdings’ WeChat Pay and Ant Group’s Alipay, the e-CNY is transferred between digital wallets using quick response (QR) codes. The wallet manages the cryptographic keys for the e-CNY, which is the mechanism that prevents double spending, enabling digital currencies.
One crucial difference between this system and a decentralised cryptocurrency is that the e-CNY is still distributed through banks and other verified financial institutions. The advantages of this method help endure redundancy in tracking the money supply and prevent overburdening a central bank with managing direct-to-consumer services.
This method also avoids undermining an established monetary system, which many central banks fear could be destabilising.
There has been some speculation that by offering its own app, the e-CNY could undermine other digital wallets like WeChat Pay and Alipay. Ant Group is the fintech affiliate of Alibaba Group Holding, owner of the South China Morning Post.
However, PBOC’s Mu said the e-CNY does not compete with private digital wallets, as they “don’t belong to the same dimension”.
“They are wallets … Inside that wallet they can have multiple types of currencies,” said ESSEC’s Ondrus. “So for WeChat and Alipay, to some extent, it’s just adding one more currency to what they offer in their services. So I don’t see [the e-CNY] as a direct threat.”
Both WeChat Pay and Alipay currently support the e-CNY. Ondrus noted that the e-CNY app could be a potential competitor if enough consumers make the switch, but keeping money in other systems comes with advantages like accruing interest.
Third-party systems can also facilitate the use of the e-CNY outside mainland China. Hong Kong is currently trialling the use of the e-CNY in the city through its local Faster Payment System (FPS). PBOC’s Mu said in late 2021 that a future scenario could involve Chinese tourists visiting the city and paying with digital yuan, while merchants automatically receive Hong Kong dollars.
The e-CNY is currently the only large-scale example of a CBDC in action, but some other countries have also been trialling or conducting research for their own digital currencies. Some of this research expresses interest in blockchain. South Korea has gone as far as trialling a digital won on a distributed ledger using technology from the blockchain arm of local tech giant Kakao. But the consensus is that blockchain is not needed for a CBDC.
One problem with public distributed ledgers is scaling. Proof-of-work blockchains like the one used for bitcoin are notorious for extreme bottlenecks when it comes to transaction throughput. The bitcoin blockchain averages three to four transactions per second, compared with 1,700 for credit card operator Visa.
A newer verification method for blockchain transactions called proof-of-stake is designed to solve this problem with the ability to handle thousands of transactions per second, but experts have raised concerns about its ability to function on a large scale. Unlike proof of work, proof of stake gives users with larger stakes more control over transaction verification.
At one point, the PBOC’s Mu suggested that blockchain could be one of the technologies used to distribute the e-CNY, but that has not panned out.
In the US, the Federal Reserve Bank of Boston and Massachusetts Institute of Technology (MIT) jointly researched and developed two systems that could theoretically be used for a CBDC.
One of the architectures functioned like a blockchain, with transactions grouped into batches to be validated, resulting in a single, ordered transaction history. This system has a huge bottleneck problem, according to the corresponding research paper titled Project Hamilton Phase 1: A High Performance Payment Processing System Designed for Central Bank Digital Currencies. While most transactions completed in under two seconds, the average throughput was 170,000 transactions per second.
The second system allows for parallel transactions on multiple computers without a single, ordered ledger. This resulted in much improved throughput of 1.7 million transactions per second, with 99 per cent of transactions completing in less than a second.
“The MIT-Boston Fed technical paper for Project Hamilton makes a great case that a central bank should start from scratch and not think one should just take an existing technology stack off the shelf in order to build a CBDC,” said Yaya Fanusie, an adjunct senior fellow at the Center for a New American Security (CNAS). “They identify that there are some elements from the computer programming experience of cryptocurrencies that could be infused into a CBDC, but not necessarily the unique features of decentralisation.”
Research in other countries also suggests that central banks around the world are unlikely to want a national digital currency running on blockchain.
A research paper from the Hong Kong Monetary Authority (HKMA) outlined a system that could use a SQL database to track unspent transactions while signed transactions are stored in a NoSQL database, a type of database for holding unstructured data.
Any two types of databases could be used to track validation, according to the city’s de facto central bank, and thus protect the integrity of the system from issues like double spending.
In Iceland, the central bank specifically noted, “It is possible to issue [a digital krona] using the technology already available in Iceland, which is built on the same foundation as the banks’ conventional deposit and internal payment intermediation systems.”
This would be the least expensive way to roll out a CBDC, the bank said in a report. Otherwise, it would have to create a system from the ground up, possibly using distributed ledger technology, which is “not yet well enough developed to enable a thorough analysis”, the bank concluded.
There is one area of CBDC research where blockchain is being trialled: cross-border transactions. The multiple CBDC (mCBDC) Bridge, a joint project that currently involves the PBOC, HKMA, Bank of Thailand, and Central Bank of the United Arab Emirates.
A prototype of the project meant to enable the trading of digital currencies used the Ethereum blockchain “to assess how an Ethereum-inspired architecture could support the objectives of a single-ledger multicurrency network”.
The blockchain layer is considered a core component of the bridge because smart contracts are used to govern payments and currency issuance and redemption.
Perhaps one of the most surprising things about bitcoin is that it has lasted so long without any major security flaws found in the blockchain. Proof-of-work blockchains have proven resilient to hacks, helping give bitcoin its reputation as a kind of digital currency gold standard.
Still, security experts have raised concerns about distributed ledger technologies. In its report Missing Key: The challenge of cybersecurity and central bank digital currency, The Atlantic Council, a US-based think tank, said some CBDC trials are relying on unproven security protocols that have not been peer reviewed, including the digital won. The report recommended the use of “proven consensus protocols and cryptographic primitives” to deploy CBDCs.
One of the fundamental weaknesses of traditional public blockchains like the one for bitcoin is that the cryptographic key cannot be changed. A wallet is identified by its public key, which is matched with a private key used to access that wallet.
A user could just create a new wallet and transfer the tokens, but this would also mean generating a new public key. So if the previous wallet had been compromised, such as through a phishing attack, everyone with that key would have to be notified of the change.
The fixed public and private key algorithm is one of the major issues with blockchain-based currencies, according to Amnon Samid, CEO of BitMint, a company that works on quantum-resistant solutions for digital currencies.
“Being ‘fixed’ turns it into a resting target for advanced cryptanalysis,” Samid said.
One way banks and other organisations have sought to mitigate digital currency risks is through account-based verification. The e-CNY’s two-tiered system is partially account-based, according to the PBOC. This system also keeps the process of creating new tokens separate from broader distribution of the e-CNY, something other central banks, including the Hong Kong Monetary Authority, agree is important to secure CBDCs.
“In order to present comparative advantages over cryptocurrencies in terms of security, privacy, stability and solvency, CBDC coins should be centrally minted through a database, shunned away from any mining, and from the idea of unaccountable source for the money,” Samid said.
A limitation of account-based digital currencies, though, is that they might be limited when it comes to offline payments and anonymity, which Samid said requires a token-based system. Cryptographically secured tokens like those used in cryptocurrencies can be transferred offline using what are called hardware wallets. Some companies are preparing for a future in which the e-CNY can be transferred through hardware wallets. Huawei Technologies Co, for example, has introduced this functionality to some of its smartphone models.
Still, central banks fear a completely decentralised model because it can make it more difficult to track funding of criminal activities. The PBOC says the least-privileged e-CNY wallets are anonymous, but real-name registration is required to move to a higher level.
This has led to concerns that some security measures for digital currencies could come at the expense of privacy.
“The push towards cashless society was justified by the fact that you could actually increase security,” ESSEC’s Ondrus said. “Privacy will be very difficult to ensure … It’s a question of choices of architecture and a choice of what is acceptable by your citizens or not.”
While all digital currencies today are secured using proven cryptographic methods, there is no guarantee that the encryption will not one day be crackable. This has driven fears that state actors like the governments of the US and China are sitting on mounds of encrypted data until technology advances to the point of being able to decrypt it.
One way this might feasibly happen at some point is through the use of quantum computing, which Samid said poses a threat to digital currencies and financial stability, although it is addressable.
“The cryptographic risk of the prevailing ciphers is very worrisome on account of the looming quantum computers, and therefore CBDCs solutions should be, demonstrably quantum-resistant,” he said.
The Boston Fed also warned of the risks associated with quantum computing, but said that the system proposed in the Hamilton Project is “well-prepared for such a transition and can remain a long-term secure system in a post-quantum world”. This would require “minimal modifications” to its cryptography, or it could be replaced with a future standardised post-quantum alternative.
In recognition of this risk, the White House recently issued a memorandum calling for the shift to quantum-resistant cryptography to mitigate “as much of the quantum risk as is feasible by 2035”.