17 November 2021
In light of the global trend of issuance of central bank digital currency (the “CBDC”), on 4 October 2021, the Hong Kong Monetary Authority (the “HKMA”) released a technical whitepaper on retail central bank digital currency titled “e-HKD: A technical perspective” (the “Whitepaper”). The aim of the Whitepaper is to explore potential architecture and design options that could be applied to the construction of the infrastructure for distributing e-HKD and to report HKMA’s initial thoughts and findings.
In its Whitepaper, the HKMA started a study on the prospect of issuing retail CBDC in Hong Kong, i.e. e-HKD, covering both technical and policy considerations and aims to come up with an initial view by the mid-next year. The Whitepaper is the first among similar papers published by central banks to unveil a technical architecture that includes a ground breaking privacy preservation arrangement that allows transaction traceability in a privacy-amicable manner.
The HKMA proposes that the retail CBDC (“rCBDC”) be designed as a two-tier system, namely, the wholesale interbank and the retail user wallet system. The central bank can focus on providing the core, foundational infrastructure of a CBDC, guaranteeing the stability of its value and overseeing the system’s security, so as to promote a level playing field for the private sector. The private sector intermediaries (the “Intermediaries”) will be responsible for the majority of the operational tasks and consumer-facing activities.
Further, the HKMA recognized that there may be privacy issues in the process of identifying the rightful owners of CBDC, ensuring correct accounting and redemption of e-money with issuers. The HKMA recognized that a CBDC system should be compliance to relevant privacy protection regulations such as the Personal Data (Privacy) Ordinance and it suggested that the system should be designed in such a way that only necessary data are disclosed to relevant parties as needed for processing transactions and fulfilling relevant compliance requirements. Personally identifiable information should be restricted to authorized parties only. The system is also designed such that the central bank does not record retail balances, resulting in minimum interactions between the two layers when payments are made in the retail layer. The Intermediaries would be responsible for maintaining the correctness of the retail balances.
Based on its proposed technical design, the HKMA has made a preliminary analysis in the following areas:-
1. Over-issuance prevention
A validator infrastructure, which could be initiated by a centralized database or Distributed Ledger Technology (“DLT”), could help to prevent over-issuance and double spending in the retail system. There will, however, be trade-offs in terms of performance and availability. The unspent transaction outputs (“UTXO”) transactions kept at the validator infrastructure can readily form inheritance chains, which can be used as an audit trail. Each transaction requires the signatures of a number of parties to authorise it, and the validator infrastructure forms a store of all signed transactions.
2. Asset and transaction traceability
Explicit references to previous transactions in a UTXO transaction allows easy traceability of transactions and assets, in turn supporting correct redemption when there are multiple e-money issuers.
The UTXO design requires each payment transaction to specify the source(s) of the CBDC/e-money used to make the payment concerned by explicitly referencing the previous payment transactions. An inheritance chain of transactions can therefore be formed readily to link up the current ownerships of CBDC or e-money with the coinbase transactions from which the CBDC/e-money inherits its monetary value.
3. Flexibility
The proposed architecture can flexibly instantiate different two-tier distribution models, based on different configurations of the validator infrastructure, and support both CBDC and CBDC-backed e-money through suitable coinbase definitions.
4. Safety
Cross-ledger synchronisation merely based on signed transactions exchanged via Intermediaries enhances separation of the wholesale and retail ledgers, potentially leading to better cyber resilience. Only the owner can spend his CBDC or e-money to ensure payment safety, but this also brings up user-friendliness issues related to losing private keys. The issuance of CBDC is also restricted to the wholesale system only.
The proposed architecture preserves user anonymity from the validator infrastructure and other users through a pseudonym system, which only uses public keys in transactions and evolves public keys for new transactions, while making the mapping between real identities and public keys known to the respective Intermediaries only.
5. Efficiency
The proposed architecture is expected to be energy-efficient and scalable even in the event of an increasing number of users and transaction volume. The key processing load of a transaction is largely on verifying the digital signatures of the inheritance chain of transactions, most parts of which only need to be performed once given the verification is done by a single server. A user will need to have a mobile wallet app in order to hold CBDC or e-money and make payment transactions.
The HKMA seeks feedback, suggestions and improvements from the academia and industry to its proposed design by 31 December 2021.