Paper 2022/974
PEReDi: Privacy-Enhanced, Regulated and Distributed Central Bank Digital Currencies
Abstract
Central Bank Digital Currencies (CBDCs) aspire to offer a digital replacement for physical cash and, as such, must address two fundamental yet conflicting requirements. On the one hand, they should be private to prevent the emergence of a financial “panopticon.” On the other hand, they must be regulation friendly, facilitating threshold-limiting, tracing, and counterparty auditing functionalities necessary for compliance with regulations such as Know Your Customer (KYC), Anti-Money Laundering (AML), and Combating the Financing of Terrorism (CFT), as well as financial stability considerations. In this work, we propose PEReDi, a new asynchronous model for CBDCs and present an efficient construction that, for the first time, simultaneously addresses these challenges in full. Moreover, recognizing the necessity of avoiding a single point of failure, our construction is distributed to ensure that all its properties remain intact even when a bounded number of entities are corrupted by an adversary. Achieving all the above properties efficiently is technically involved; among others, our construction employs suitable cryptographic tools to thwart man-in-the-middle attacks, introduces a novel traceability mechanism with significant performance gains over previously known techniques, and, perhaps surprisingly, shows how to obviate Byzantine agreement or broadcast from the optimistic execution path of a payment, something that results in an essentially optimal communication pattern and minimal communication overhead. We demonstrate the efficiency of our payment system by presenting detailed computational and communication cost analyses. Beyond “simple” payments, we also discuss how our scheme can support one-off large transfers while complying with Know Your Transaction (KYT) disclosure requirements. Our CBDC concept is expressed and realized within the Universal Composition (UC) framework, providing a modular and secure way for integration into a broader financial ecosystem.
Note: In the proceedings version of our paper, we assumed that the total number of maintainers required for the system was D=3t+1, where t represents the maximum number of maintainers that can be corrupted by the adversary. Upon further analysis, we identified a need to revise this assumption. We describe a lower bound on D in the updated version of the paper, arguing that 5t+1 maintainers are necessary to prevent adversary-induced faults in the pessimistic execution path of a payment for any efficient realization of our ideal functionality in the asynchronous setting. In the security proof, we demonstrate that 5t+1 is also sufficient.
Metadata
- Available format(s)
-
PDF
- Category
- Applications
- Publication info
- Published elsewhere. Major revision. The 29th ACM Conference on Computer and Communications Security (CCS) 2022
- Keywords
- PrivacyAnonymityRegulatory ComplianceCBDCCryptographyKYCAMLCFTUniversal Composition
- Contact author(s)
-
Amirreza Sarencheh @ ed ac uk
Aggelos Kiayias @ ed ac uk
Markulf Kohlweiss @ ed ac uk - History
- 2025-02-07: last of 4 revisions
- 2022-07-29: received
- See all versions
- Short URL
- https://ia.cr/2022/974
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2022/974, author = {Amirreza Sarencheh and Aggelos Kiayias and Markulf Kohlweiss}, title = {{PEReDi}: Privacy-Enhanced, Regulated and Distributed Central Bank Digital Currencies}, howpublished = {Cryptology {ePrint} Archive, Paper 2022/974}, year = {2022}, url = {https://eprint.iacr.org/2022/974} }