David Chaum Rolls Out Privacy-Protecting CBDC Technology

Will central bank digital currencies (CBDCs) replace cash and bank transfers in the future? And will they be an ultimate tool for financial surveillance and control, or is another, more benign future possible?

David Chaum, creator of the Bitcoin predecessor eCash and, more recently, the Elixxir cryptocurrency, believes the democratic world can have a version of CBDCs that protects privacy. He is working with the Swiss National Bank (SNB) on Project Tourbillon, designed for privacy-focused central bank money.

The project will be developed under the auspices of the Bank of International Settlements’ (BIS) Innovation Hub, the organization announced on Thursday. The project will add to the range of CBDC pilots already in the works by the BIS Innovation Hub, like the projects Helvetia and Mariana – both involving the SNB, too.

The technology underlying the Project Tourbillon will combine privacy preserving functions and quantum-resistant cryptography developed by Chaum, the BIS announcement says. The system will also be scalable as it will be “using an architecture that is compatible with, but not based on, distributed ledger technology,” the press release reads.

The concept, based on Chaum’s blind signature technique, has been outlined in a joint research paper by Chaum himself and Thomas Moser, alternate member of the SNB governing board.

According to Morten Bech, Head of the BIS Innovation Hub Swiss Centre, the project allows to avoid trade-offs between cyber resilience, scalability and user privacy. “Project Tourbillon will build and test a prototype that reconciles these trade-offs and pushes central banks' technological frontier," Bech said in the BIS announcement.

The prototype is slated to be completed by mid-2023.

Not like China

According to Chaum himself, the SNB first approached him last year about his eCash technology and he took it as a chance to prove that a CBDC can be designed in a privacy-protecting fashion. Speaking with CoinDesk in an exclusive interview, he pointed at China as an example of omnipresent digital surveillance by the government. China’s central bank has one of the world’s most advanced CBDC projects, with 100 billion yuan (US$13.9 billion) in transactions already completed.

The U.S. and Europe can do better, Chaum believes. He acknowledges that “CBDCs are a big deal” in the world at the moment and is well aware of the fact that many believe CBDCs will be “the end of privacy in money.”

“It’s incredibly ironic for me that something I’ve been working on 40 years ago has become the actual pivotal distinction between the East and West – privacy in payments,” Chaum said.

“It really becomes a choice: are we going to have a kind of protection we are entitled to and that distinguishes us as a human rights-based democracy, or we basically are going to have the same thing as in China,” he added.

Chaum says the technology he created and described in the paper with SNB’s Moser, named eCash 2.0, is a “superior payment system” with both privacy and anti-counterfeiting protection built into it.

He believes it’s important to show that a CBDC can actually be privacy-preserving, so that no government can say it’s impossible and use it as an excuse to build something similar to the Chinese model.

In another scenario, a government might be willing to maintain privacy for its CBDC, but at some point, it can discover that criminals are using those privacy features to conceal illegal activities. That in turn can become a reason to abandon the idea of privacy altogether.

Chaum believes that the technology he invented can prevent both scenarios, preventing anyone from tracing how people use their money and, at the same time, allowing the law enforcement to track criminal funds.

How this works in practice is not easy to unpack.

Revocable anonymity

The eCash 2.0 model has two tiers when it comes to issuing central bank digital money: a central bank does it via commercial banks, which onboard users. To get some CBDC on their digital wallets, users need to request it from banks they already have accounts with. Banks perform KYC and send a specific authentication code to the central bank, so that money can be issued.

Cryptographic mechanics of eCash 2.0 allow central banks to issue those coins to a user without knowing which user exactly owns specific coins, says Mario Yaksetig, the project’s cryptographer. Neither knows the commercial bank that onboarded the user, although both the central and commercial bank know how much money in CBDC a known user received from the system.

A central bank holds a blockchain-based ledger of all the valid coin identifiers, Yaksetig said, so no one can forge new coins, but transactions between wallets are not recorded on a blockchain. “There is no record of transactions whatsoever,” Yaksetig said in an interview with CoinDesk.

However, users can voluntarily give up the privacy of their coins if they want law enforcement to trace stolen funds. For this, a user would need to reveal his unique cryptographic key to, say, the police, and then the police can see when these stolen coins are being spent at a restaurant, a store or other kind of merchant, because merchants, unlike individual users, would be known to the system. So the police would be able to find where that merchant is, go there and arrest the thieves, Chaum said.

Alternatively, instead of going to the police, a robbed or scammed user might request re-issuance of his money, using his unique key, Chaum said, so he can spend those coins before the criminals do.

Asked if a government building a CBDC can use what he created to make a surveillable and censorable system, making crypto’s worst fears about CBDCs come true, Chaum believes his technology is ill-suited for that.

“There is no way to use it for evil because all it does is protect privacy,” he said. You can opt to use decentralized cryptocurrencies if you wish, but “if you choose to use government-issued money, the government should not be able to see how you spend it,” he added.