Research conducted from the Bank of Canada discusses the grey areas between disclosure and privacy
The Central Bank of Canada has released a staff analytical note exploring the concept of privacy for central bank digital currencies (CBDC). It also presented an outline of the advantages as well as the disadvantages of zero-knowledge proofs.
A large part of the paper looks into the trade-offs between privacy, which is perceived as a public good, and the need to disclose information as required by local regulations. It also explores the complexities of carrying out the entire operation; that is, to deliver a payment system that includes several different technologies, a host of actors across the board, and different facets of information. Possible privacy features for CBDCs are analysed across these three dimensions.
The technologies involved in its implementation may include distributed ledger technology (DLT), a centralized system, cards, and offline devices that are used for storage, each with different privacy features to offer.
Payment systems refer to entire ecosystems where the central bank is just one player. Other systems may include payment providers for the payer, banks and money service businesses, and merchants. The paper explores the depth for privacy or disclosure as required from each player.
The kinds of information that are being considered in the paper have also been laid out. Apart from the amount of money in balances, revealing the identity of the holder is currently being discussed. For transactions, the paper looks at the need to disclose or withhold the payer, payee and amount.
The conclusion offered by the paper is that offline devices offer a level of privacy that is closest to fiat currency. While tiered ledgers provide a high level of privacy when it comes to payment providers and the public, it still has a long way to go with respect to privacy with money service businesses and the government.
While the paper’s comments regarding the lack of privacy pertain to all the technologies, it did single out zero-knowledge proofs (ZKP) by stating that it has a limited pool of skills and that there could be hidden vulnerabilities due to the combination of technical complexity and immaturity.
“No known deployments have scaled up to a national population. The risk, in this case, is the unknown technical obstacles in applying these techniques to the Canadian population and beyond for future uses, such as micropayments at internet-of-things endpoints.” the paper reads.