Content uploaded by Josiah Hernandez
Author content
All content in this area was uploaded by Josiah Hernandez on Feb 26, 2021
Content may be subject to copyright.
1
Overall, the paper displays peer-leading expertise on central bank digital currency. I personally applaud
the Bank of England for its serious and literal commitment to exploring CBDC as a concept and its
potential added value to the UK economy. Below are Satoshi Capital Advisors’ general comments on the
paper in addition to responses to the questions listed in Chapter 7.
Chapters 1.1 and 2.3 characterize stablecoins as riskier versions of CBDC issued by the private sector.
We take the view that stablecoins collateralized by reserves custodied in a central bank maintain
counterparty risks little to no greater than CBDC issued directly by a central bank. Coupling central bank
custody with regulatory guidance compounds this risk mitigation. As mentioned in Box 3, the global
CBDC community refers to such stablecoins as synthetic central bank digital currency, or sCBDC.
In Table 3.A there is a column that displays current payment methods available for payments from and
to different market participants. The intersection of this column and the row for payments from small
and medium sized businesses to households only lists faster payments or debit/credit cards, despite
6.6% of UK households (~3.8 million people) receiving salaries in cash, according to the World Bank.
With regards to Box 2’s explicit clarification on and the paper’s broad avoidance of cross-border
payments as a retail CBDC use case, it is worth noting that £26 billion in remittances is annually sent to
and from the UK, according the World Bank. Much of this remittance funds flow is driven by migrant
workers sending money to their families overseas, who represents a meaningful potential user segment
of a CBDC due to their generally limited access to low cost financial services. We agree that proper
interoperability for cross border, cross-currency payments among upcoming CBDCs will require direct
collaboration between issuing central banks and private sector entities, and welcome both groups to
join the CBDC Group accordingly. The CBDC Group is a global think tank established by Satoshi Capital
Advisors and centered around CBDC thought leadership and community building.
The platform CBDC model described in Chapter 4 is interesting albeit seemingly achievable with the
addition of APIs and extension of settlement operating hours to existing Bank of England infrastructure.
The primary component that is unaccounted for and required for implementation of this model with
existing Bank of England infrastructure is ledger and API technology design, which is addressed in
chapter 6 and the subject of ongoing research by private sector and central bank engineers.
We are looking forward to further reading from and potential collaboration with the Bank.
Best,
Josiah Hernandez
Satoshi Capital Advisors, Founder & Global CEO
2
Please see below for our responses to the questions listed in Chapter 7:
1. How could CBDC be designed to support a more resilient payments landscape in the UK?
CBDC utilizing technology design that incorporates decentralization into network architecture (e.g.
distributed ledger with multiple network nodes) to mitigate downtime risk should meaningfully improve
resilience of payments for CBDC end users in the UK and raise consumer expectations across the UK with
regards to payment systems’ ability to recover swiftly from difficulties.
2. How could CBDC be designed in a way that improves the efficiency and speed of payments,
while also facilitating competition and innovation?
Real-time settlement of CBDC is an inherent meaningful improvement on the efficiency and speed of
payments not currently facilitated by the Bank of England’s RTGS system, and an improvement in hours
of operation when compared to payments currently facilitated by the Bank of England’s RTGS system.
With regards to facilitation of competition and innovation, ensuring that the CBDC is fairly accessible to
the private sector, via API access to the Core ledger for Payment Interface Providers in the platform
model described in Chapter 4 and via API access to the Core ledger for Central Reserve Institution clients
in the synthetic CBDC implementation framework proposed by Satoshi Capital Advisors, should achieve
this goal. Additionally, similar to with payment systems’ resilience, exposure to the efficiency, speed,
innovation, and industry competitiveness associated with CBDC as its discussed in this paper, should
raise consumer expectations across the UK.
3. How could CBDC be designed to meet future payment needs? How might future innovations and
evolutions in technology (eg the Internet of Things) change these needs? Discussion Paper:
Central Bank Digital Currency March 2020 49
With the evolution of payment needs from simple send, receive, and store functionality into ever more
complex functionalities and processes, there is a growing need for digital money that can directly or
indirectly service these new and changing use cases (e.g. the Internet of Things). Our view is that CBDC
designed to be transaction cost free and API-accessible should provide a proper foundation for private
sector entities to build consumer-facing platforms that directly service these use cases.
4. As usage of cash as a means of payment declines, is it important to preserve access to central
bank money for households and businesses?
Our view is that direct access to a pseudonymous means of payment that offers instant or near-instant
transaction finality and is operated independent of political, social, or other types of influences (i.e.
banknotes) should be a human right. However, with the proliferation of private cryptocurrency (i.e.
bitcoin), the responsibility of a nation’s monetary authority to be the operator of such a system is no
longer present.
3
5. Does CBDC pose other opportunities or challenges with respect to the payments landscape that
we have not discussed?
One major challenge associated with CBDC with respect to the payments landscape that has not been
discussed at length is the extent to which a limited number of market participants having direct access
to the Core ledger may impact the CBDC’s resilience. For instance, the platform model described in
Chapter 4 provides Core ledger API access to certain market participants with the expectation of these
market participants abiding by certain operating standards. While maintaining strong operating
standards is key to ensuring system resilience, our view is that opening Core ledger API access to a
broader set of market participants, as done via the Central Reserve Institution in the sCBDC
implementation framework proposed by Satoshi Capital Advisors, should ensure strong enough
optionality to consumers that the best providers of value added services are chosen by end users as
opposed to only the limited set of pre-approved service providers selected by the central bank.
6. What factors would determine the level of adoption of CBDC as a means of payment in the UK?
Acceptance of CBDC for payment of goods and services by merchants, via their point of sale register
system or an application on a tablet or smartphone, will be a primary component required for
meaningful adoption of CBDC as a means of payment. Integration of CBDC payment functionality into
existing consumer-facing digital wallet software (e.g. cryptocurrency wallets, Google Pay, etc.) in
addition to the launch of new consumer-facing digital wallet software by market participants with API
access to the Core ledger will be a primary component required for meaningful adoption of CBDC as a
means of payment as well. Lastly, public education on digital literacy and best practices will be required
to migrate last mile users of the traditional financial system to a system utilizing CBDC.
7. Are the design principles described in Chapter 3.2 comprehensive? What are the most
significant trade-offs between some of these design principles?
While somewhat covered under the extensive principle described in Chapter 3.2, our view is modularity
is also key for comprehensive CBDC design. The ability for market participants to only rely on or utilize
certain components or functionalities of a CBDC system is an indicator of good health. With regards to
the most significant trade-offs between some of the design principles, we find privacy and compliance to
be most at odds with each other. Designs focused predominantly on privacy tend to prioritize
anonymizing identity and payment details while designs focused predominantly on compliance tend to
prioritize deanonymizing identity and payment details. Our view is a blended focus tends to produce
designs that well address the overarching goals of CBDC issuance.
8. How could CBDC be designed to complement other public and private sector initiatives to
improve payments in the UK?
CBDC designed with programmable money functionality should be well equipped to complement other
public and private sector initiatives to improve payments in the UK. Programmable money functionality
introduces extendibility and modularity to CBDC that enables adaptation or utilization for initiatives
driven by both the private and public sector.
4
9. Could CBDC provide unique benefits, over and above existing initiatives, to improve UK
payments
The ability to utilize a shared API-accessible ledger with 24/7 instant transaction finality with little to no
direct private sector collaboration is the primary benefit of CBDC over existing initiatives to improve UK
payments. Additionally, the opening of access to central bank money to a wider set of market
participants offers a meaningful benefit over existing initiatives.
10. Could the potential benefits of CBDC alternatively be achieved with policy levers to (a) influence
the private sector to deliver a better payments landscape, or (b) address market failures or
co-ordination problems in the private sector?
While the tightening of policy should be effective with regards to the private sector delivering a better
payments landscape or addressing market failures or co-ordination problems, the turnkey infrastructure
offered to consumer-facing service providers by a CBDC brings meaningful advantages that cannot be
replicated in a policy-only approach. First, the advantage of 24x7 hours of operation of a payment
settlement system accessible to a broad set of consumer-facing service providers is a feature that would
likely require years of private sector collaboration to build and be structured favorably for the service
providers who are best able to bear the brunt of system development and operating costs. Second,
while policy-encouraged, standardized automated communication and payments among service
providers via API is achievable and less dependent on direct collaboration among service providers, the
advantage of a shared API-accessible ledger with instant or near instant transaction finality is not
possible with existing infrastructure or currently utilized technology designs.
11. Could the potential benefits of CBDC be alternatively achieved by enabling new innovative
private sector arrangements (eg stablecoins) to develop?
To the extent that bank deposit money currently exists around the world with varying levels of risk
relative to the regulatory, insurance, and operating infrastructure underpinning each bank, there is the
possibility for the many of the benefits of CBDC to be achieved by private sector issuers (e.g. sCBDC
stablecoins). However, the end goal of a central bank with regards to mitigating systemic risks of the
national monetary system should be to ensure the availability of counterparty risks-free money, which
in our view can only be achieved in this context with direct central bank issuance of CBDC.
12. What opportunities could CBDC provide to enhance monetary or financial stability?
The programmable nature of CBDC inherently enhances the customizability and impact of the tools in
the toolkits utilized by central banks to ensure monetary and financial stability. For example,
remunerated CBDC, as described in the sCBDC framework proposed by Satoshi Capital Advisors and
Chapter 5.4 of this paper, enables a central bank to apply benchmark interest rates directly to the
holdings of CBDC users, enhancing benchmark interest rate changes impact on the economy.
5
13. How much demand would there be to hold CBDC? How would that demand vary depending on
the economic design choices outlined in this paper?
Demand to hold CBDC will likely correlate well with its utility to a nation’s consumers and the incentive
offered to its holders, in the case of a remunerated CBDC. In a developed market such as the UK, our
view is that demand will initially be driven by domestic peer-to-peer and consumer-to-business
payments by smartphone-utilizing underbanked populations and digital natives, with remunerated CBDC
offering meaningful interest rates attracting demand from investors currently holding traditional bank
deposit currency in a checking account or interest-bearing accounts with liquidity lockup periods. This
should cumulatively account for between 5% and 10% of the UK’s payment market share within a few
years. Subsequent to traction among these user segments, our view is that remittances sent by
smartphone-utilizing migrant workers will also become a significant driver of CBDC demand.
14. To what extent might CBDC lead to disintermediation of the banking system? How would the
degree of disintermediation vary with different economic, functional and technological design
options outlined in this paper? How would different degrees of disintermediation affect the
stability of banks and the rest of the financial system?
The primary impact to the banking system with regards to disintermediation caused by CBDC issuance is
the degraded added value of banks in currency custody and payments facilitation. Consumers holding
CBDC in a digital wallet instead of bank deposit currency would mitigate the need for consumers to hold
their currency in a bank to facilitate payments. This dynamic gaining traction would require banks
currently utilizing currency deposits to generate revenue to modify their business models to stay in
operation. Banks can partially circumvent this impact by offering digital wallets, although the set of
digital wallet provider competitors in this scenario will still be meaningfully larger than the set of retail
currency custody service providers today. Accordingly, this would also mitigate the need for consumers
to utilize banks for payment facilitation. While less directly impactful to the average bank’s business
model with regards to lost transaction fees, the removal of payments facilitation functionality from
banks more importantly removes the ability for banks to collect financial data that can be utilized to
issue loans and offer other services. However, CBDC utilizing a transaction transparent ledger design
should circumvent this impact.
15. How would CBDC affect the monetary transmission mechanism and policy setting under existing
monetary policy frameworks? What overarching analytical frameworks could be used for
modelling how CBDC would affect the macroeconomy and monetary policy?
Our view is the primary effect of CBDC on the monetary policy transmission mechanism and policy
setting under existing monetary policy frameworks will be the further mitigation of time between
monetary policy change being enacted and its intended impact(s) on markets and the economy. While
the proliferation of digital news networks has already mitigated the time between monetary policy
change being enacted and the monetary policy transmission mechanism starting up, near-term impacts
on markets and the economy may be more profound due to a wider set of market participants directly
being affected by monetary policy changes.
6
16. What are the most significant risks to monetary policy implementation, and how could those
risks be addressed?
We do not foresee any significant risks to monetary policy implementation that are unique to CBDC.
17. How could CBDC affect the portfolio of unconventional monetary policy tools available to the
central bank? How effective would a remunerated CBDC be in relaxing the effective lower
bound on monetary policy?
With regards to zero interest rate policy and negative interest rate policy, remunerated CBDC may
increase the risk of gradual capital flight from investors seeking a reserve asset with positive returns
over time. For average consumers, there is little to no impact from zero interest rate policy considering
most bank deposit money does not currently offer interest. However, negative interest rate policy may
negatively impact consumer confidence through the real-time diminishment of CBDC holdings, having
the opposite of intended effect with regards to relaxing the effective lower bound on monetary policy.
18. How would increasing the efficiency of payment systems affect the macroeconomy and
monetary policy?
Increasing the efficiency of payment systems should primarily increase the velocity of money in an
economy, as evidenced by the proliferation and transactions volumes of wechat pay and other mobile
payment options in China. The broader implications on the macroeconomy and monetary policy of this
increase in money velocity have not yet been thoroughly explored by Satoshi Capital Advisors’ research
team.
19. What are the advantages and disadvantages of this public-private payments platform approach?
What alternative approaches might be considered?
The advantages of a public-private payments platform approach are primarily in the outsourcing of
operational risks and mitigation of spillover risks in the case of market failure. When CBDC, or digital
payments more broadly, are directly facilitated by a private sector entity in partnership with a public
sector institution such as a central bank, there is the separation of operational risks and counterparty
risks; with operational risks managed by the private sector and counterparty risks managed by the public
sector. For instance, in the synthetic central bank digital currency framework proposed by Satoshi
Capital Advisors, a private sector entity referred to as the Central Reserve Institution (‘CRI’) is organized
to manage issuance and redemption of synthetic CBDC as well as offer a liquidity facility for market
participants to convert between sCBDC and traditional currency. Such a nimble operating structure is
typically not possibly in a public sector institution required to adhere to large bureaucracies and
entrenched processes. Currency reserves held by this entity to back CBDC issuance and redemption are
custodied by the central bank, mitigating counterparty risks.
In the case of a market failure of a CBDC, for technology, structural, or other reasons, there are
meaningful risks associated with spillover of investor panic and corresponding capital flight into the
broader UK economy. A public-private approach mitigates these risks by encouraging a gradual
migration from the legacy financial system that can be properly observed, understood, and managed. In
7
other words, we see a public-private approach as a steppingstone to full-fledged CBDC issued directly by
a central bank.
20. Are there viable business models that would incentivise firms to offer CBDC-related payment
services in this approach?
There are viable business models that would incentivize firms to offer CBDC-related payment services in
this approach. For instance, in the synthetic central bank digital currency framework proposed by
Satoshi Capital Advisors, a private sector entity referred to as the Central Reserve Institution (‘CRI’) is
organized to manage issuance and redemption of synthetic CBDC as well as offer a liquidity facility for
market participants to convert between sCBDC and traditional currency. This entity will charge a fixed
fee for conversion of sCBDC and traditional currency, providing operating revenue that we predict will
be largely driven by arbitrageurs capturing price differences between the primary market offered by this
entity and secondary markets.
Additionally, firms offering added value financial services to CBDC users such as loans and remittances
may charge fees for their services, creating viable business models related to CBDC payment services.
21. What are the respective advantages or disadvantages of (a) the pooled accounts model
described in Chapter 4.2, and (b) the alternative approach described in Box 3 in Chapter 4?
The primary advantages of the pooled accounts model described in Chapter 4.2 are the pseudonymity
that is achieved for end-users of CBDC on the Core ledger, as a result of know your customer
information being collected by Payment Interface Providers who then act as a proxy for their clients on
the Core ledger, and the corresponding increase in scalability of the Core ledger as a result of less data
being included in the ledger per transaction. The primary disadvantage of the pooled accounts model
described in Chapter 4.2 are the lack of funds flow traceability and end-user identity continuity
associated with such a dynamic.
22. What kind of overlay services would be most useful? What functionality would a CBDC core
ledger need to provide to enable these?
Traditional financial services such as loans and remittances would be the most useful overlay services
for CBDC end-users. CBDC with core ledger API access enabling service providers to view and submit
transactions to the ledger should be sufficiently structured to enable a wide set of service providers to
offer these overlay services.
23. How could CBDC be designed to ensure businesses are able to easily accept CBDC payments at
the point of sale?
The digital nature of CBDC enables simple integration into tablet or smartphone point of sale
applications on the business side and into smartphone digital wallet applications on the consumer side.
Additionally, technology and operating frameworks have been designed for integration of digital
currency into traditional cash register point of sale systems with internet connectivity capabilities via
8
software built by the payment processing companies operating the payment networks powering them.
These integrations coupled with increased adoption of CBDC by consumers over time should be primary
driver of CBDC use for payments at the point of sale.
24. What would be needed to ensure that CBDC would be inclusive and accessible by all sectors of
society in the UK?
Ample optionality and quality of smartphone CBDC digital wallet applications should ensure CBDC is
inclusive and accessible by all sectors of society in the UK. This is due to even the most underserved
communities with regards to financial services increasingly utilizing smartphones with digital wallet
capabilities.
25. What is the appropriate privacy model for CBDC? Is it necessary, or feasible, to replicate any of
the privacy aspects of cash?
Our view is that privacy at the Core ledger level should be a lever controlled by service providers that
maintain direct access to the core ledger. In the platform model described in Chapter 4 this includes
Payment Interface Providers and in the sCBDC implementation framework proposed by Satoshi Capital
Advisors this includes clients of the Central Reserve Institution.
26. Would offline payments functionality be required in CBDC?
While offline payments functionality in CBDC would add meaningful utility to underbanked and elderly
populations that don’t maintain consistent internet access on their smartphone or do not have
smartphones, it is not a required component in our view.
27. The paper describes a core ledger, operated by the Bank, which supports a range of Payment
Interface Providers through an API layer. What are the advantages and disadvantages of this
architecture? What are the alternative architectures that we should consider?
The model of giving Payment Interface Providers (‘PIPs’) access through an API seems a reasonable
approach to abstract the different layers of the CBDC solution and is what we would recommend. Using
an API, effectively makes the PIP agnostic to the underlying ledger, whose functionality could be
upgraded with zero to minimal changes required at the PIP level.
An alternative approach would be one in which PIPs build directly on the underlying ledger and create
APIs they themselves use to interact with the ledger or to provide to their end-users. There are several
challenges with this approach, from coordination with and across PIPs to ensure their APIs do not clash
or introduce bugs at the ledger level, to the burden on PIPs from increased technology specialization
and specific DTL technology dependence. The former introduces potential security risks, while the latter
effectively increases the barriers of entry and reduces competition among PIPs.
28. What are the main trade-offs that arise in deciding on a technology approach? What should we
be prioritizing in these trade-offs?
9
Before deciding on trade-offs, there are three key considerations which go hand in hand: Minimum
privacy, desired network topology, and governance.
Establishing a privacy threshold is a key consideration as it will define which blockchain technologies are
viable. Having a clear view of the network topology, that is, who are the parties that will run nodes and
who are the end-users that will access the network through those nodes. This will define the level of
decentralization as well as influence the network operating costs and end-user costs once a technology
is chosen. The governance of the network needs to be defined, meaning who is the party or parties that
will define who can join, the workflows available in the network and the approval to deploy smart
contracts and network upgrades. We will assume the central bank wants full control over governance,
but could potentially delegate certain roles.
Once the above are defined and the different technologies that meet the minimum are short listed, then
the following tradeoffs should be considered: granular privacy features, performance, maximum
number of nodes, availability, and security (including fault tolerance).
More granular privacy requirements will generally result in a larger cryptographic payload, which will
reduce network throughput. Performance is influenced by the size of the cryptographic payload of each
transaction and, depending on the consensus protocol, the number of nodes in the network that need
to reach consensus. The number of nodes participating in consensus will affect performance, potentially
affect the privacy features chosen and increase the attack surface. Data availability is affected by the
number of nodes, the privacy model chosen and limited by the underlying technology chosen and its
consensus protocol. This is also important for node recovery and disaster recovery. The security of the
network will be limited by the privacy model chosen (i.e. who can see what determines the attack
surface in case of a breach), the network topology, and the underlying consensus layer (e.g. Byzantine-
fault tolerance vs. crash-fault tolerance in the case of permissioned networks vs. proof of work
blockchain consensus).
29. The core ledger for this model of CBDC could be centralized, or operated through a
consensus-driven distributed approach. Which is the optimum approach, and why?
A consensus driven distributed approach eliminates the need for costly data reconciliations for parties
utilizing the system that create operational frictions, which among other consequences, may slow down
payment settlement. These benefits generally come at the expense of lower performance compared to
a centralized core ledger. The distributed approach is a better option as long as the expected network
throughput is met through a decentralized approach.
There may be benefits in terms of data availability and disaster recovery by using a distributed
approach. Architecture in which there is no “selective sharing” and all nodes store the full ledger but can
only decrypt part of it are the most robust to ensure availability and recovery. That said, a cloud solution
with enough redundancy across different availability zones could mitigate these concerns in a
centralized solution model.
While performance is likely a weakness of DLT vs centralized past a certain threshold network volume,
privacy and security considerations may be addressed or mitigated by an appropriate architecture
supported by the right DLT technology. In the approach that gives Payment Infrastructure Providers
10
(PIPs) API access, as described in Chapter 4, the authentication of the PIPs when calling the API is the
most likely attack vector, which would be very similar under both centralized and distributed
approaches.
With regards to privacy, as long as the PIPs provide KYC for Core ledger accounts, then under certain DLT
implementations there is no distinction between both under the assumption that network encryption is
robust enough. There are DLT solutions that do not require transaction validators, endorsers or notaries
neither to post transactions to the network, nor to coordinate secure channels.
30. What are the merits, or challenges, of either ‘token-based’ or ‘account-based’ approaches to a
CBDC ledger? Are there particular use cases that are better supported by either approach? Are
there alternative approaches? Discussion Paper: Central Bank Digital Currency March 2020 51
The terms ‘token based’ or ‘account based’ may have different interpretations and so to avoid confusion
we will assume that ‘token-based’ refers to a system that utilizes unspent transaction output (UXTO)
model as used in Bitcoin, while ‘account-based’ refers to a system that utilizes an identity continuity
model to facilitate payments.
In general, UXTO models are a great choice for systems whose primary purpose is simple, fast payments.
This makes them an optimal choice for a proof-of-work DLT such as Bitcoin that are built to store large
amounts of value. However, once you introduce complex functionality, such as programming languages
to a system, a layered approach facilitated by overlay technologies or permissioned DLT is ideal to
mitigate systemic and idiosyncratic risks at the Core ledger layer. Given the desire to have the central
entity be responsible for network governance, it is our view that a combination of these two approaches
makes sense for CBDC issuance.
31. What are the key use-cases for programmable money?
The key use-cases for programmable money include automation of complex financial services in novel
ways (e.g. short term microlending) and automation of facilitation of payments among a group of
market participants without the need for direct co-ordination.
32. What architecture choices would best support programmable money functionality in a CBDC?
Would it be preferable to build this functionality into the core ledger, via a separate module, or
to enable the functionality to be provided by third parties? Are there alternative approaches?
A two layered approach would work best. Basic functionality could be provided at the Core ledger layer,
with the potential of extensible features via customized smart contracts. There are several advantages:
tighter integration with the underlying blockchain (i.e. Bitcoin), better security by not exposing
blockchain logic externally, lower likelihood of software bugs, especially vs. third parties providing the
functionality, provide the basic blocks for extended functionality on a separate module or layer 2
approach (e.g. time triggers).
33. How could CBDC support offline functionality? Are there technology solutions that can enable
this without exposing any party to credit risk?
11
One method of supporting offline functionality in CBDC is encouraging service providers with direct core
ledger access to offer SMS friendly digital wallet solutions. This would enable end-users with no internet
access to send, receive, and store CBDC with only a SMS-enabled feature phone. This method exposes
CBDC end-users to effectively as much credit risk as they would be exposed to being a standard
customer of any service provider abiding by the operating expectations put in place by the central bank.
34. What dependencies would CBDC have on other innovations, such as digital identity solutions?
An ideal design would be one that does not depend on other innovations and can be integrated with
these as they come up. In the case of digital identity, having an architecture that allows the mapping of
network identities to external identities would address this. The network governance model and the
abilities granted to node operators will influence how the integration can happen. Other innovations
may be addressed in a similar way. If the innovations are related to the underlying blockchain, e.g.,
encryption improvements, then choosing an underlying technology with a strong, fast and nimble
support is key.
35. What other future technology and digital economy innovations should we be factoring into the
potential design of CBDC? How might these impact the future demands placed on CBDC, and
potential approaches to designing a CBDC?
Broad buckets of future technology innovations to factor into the design of CBDC include hardware,
encryption, and portable digital identity. Integration with hardware-based CBDC wallets enables ease of
use, financial inclusion through offline functionality, and transaction anonymity for small transactions—
offering consumers many of the core advantages of cash. This is accomplished through the utilization of
Hardware Security Modules (HSMs) for safeguarding of end-users’ private keys; this is at the service
provider layer, as the core ledger will be not accessible to end-users, who will transact through their
service provider and can utilize hardware- or software-based tokens for authentication.
The design should also factor in encryption updates as techniques to encrypt and break encryption
evolve. This includes scenarios in which key encryption and all encrypted data may need to be updated,
e.g., a future need to update RSA4096 to RSA8192. This can mean the difference between declaring the
network obsolete vs. upgrading it to withstand the threat of quantum computing once it becomes
imminent.
A portable digital identity could be handled by the service providers providing access to the ledger,
however it could potentially be advantageous for end-users to use some type of portable digital identity
to sign transactions sent through their service provider as a way of preventing service providers acting
on their behalf without their consent (e.g., through identity theft or a hack at the service provider).
In terms of designing a CBDC, a model with underlying distributed ledger supported by a robust yet
flexible programming language can provide the extensibility required for expanded functionality or
future innovations. This also ensures that integration with other networks or CBDC can be implemented.
However to be clear, by integration we mean basic coordination across two networks, e.g., manage
cross-chain transfer of assets through escrows, and not interoperability of nodes of one chain directly
12
participating in consensus or sharing data in another chain (that is currently an unrealistic goal given the
existing diverse DLT architectures and lack of standardization across them).
Future digital economy innovations that should be factored in the potential design of CBDC largely
overlap with expected technology innovations, primarily including the internet of things (‘IoT’) and the
corresponding growth in machine-to-machine payments and smart finance (e.g. automated lending
platforms). IoT devices and smart finance services providers may evolve to the point that they can hold
their own CBDC accounts and interact directly with each other via the Core ledger, as opposed to an
end-user of a service provider.