1、 TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 1 TECHNICAL EVALUATION FOR A U.S.CENTRAL BANK DIGITAL CURRENCY SYSTEM SEPTEMBER 2022 TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 2 About this Document Executive Order(EO)14067 directed the Office of Science and Technology Policy to produce a technical evalu

2、ation to facilitate and support the introduction of a Central Bank Digital Currency(CBDC)system in the United States(U.S.),should one be proposed.This report lays out the policy objectives for a U.S.CBDC system,and proceeds to analyze technical design choices for a U.S.CBDC system with respect to th

3、ose policy objectives.This report also estimates the feasibility of building a U.S.CBDC minimum viable product and assesses how a U.S.CBDC system may impact Federal processes.This report makes recommendations on how to prepare the U.S.Government for a U.S.CBDC system,but it does not make an assessme

4、nt or recommendation about whether a U.S.CBDC system should be pursued.About the Office of Science and Technology Policy The Office of Science and Technology Policy(OSTP)was established by the National Science and Technology Policy,Organization,and Priorities Act of 1976 to provide the President and

5、 others within the Executive Office of the President with advice on the scientific,engineering,and technological aspects of the economy,national security,health,foreign relations,the environment,and the technological recovery and use of resources,among other topics.OSTP leads interagency science and

6、 technology policy coordination efforts,assists the Office of Management and Budget with an annual review and analysis of Federal research and development in budgets,and serves as a source of scientific and technological analysis and judgment for the President with respect to major policies,plans,an

7、d programs of the Federal government.More information is available at http:/www.whitehouse.gov/ostp.About the Interagency Process The creation of this report was coordinated through an interagency process led by the Assistant to the President for National Security Affairs and the Assistant to the Pr

8、esident for Economic Policy,as described in Section 3 of EO 14067.A list of departments and agencies involved in this interagency process can be found in Appendix B.Copyright Information This document is a work of the United States Government,and this document is in the public domain(see 17 U.S.C.10

9、5).TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 3 Contents Introduction.5 Policy Objectives for a U.S.CBDC System.7 Technical Design Choices for a U.S.CBDC System.11 Participants.12 Transport Layer.12 Interoperability.15 Governance.16 Permissioning.16 Access Tiering.18 Identity Privacy.20 Remediation.

10、22 Security.24 Cryptography.24 Secure Hardware.26 Transactions.27 Signatures.27 Transaction Privacy.29 Offline Transactions.30 Transaction Programmability.32 Data.33 Data Model.33 Ledger History.34 Adjustments.36 Fungibility.36 Holding Limits.38 Adjustments on Transactions.39 Adjustments on Balances

11、.40 Feasibility and Resources for a U.S.CBDC System Minimum Viable Product.41 Brief Survey of Relevant Experimentation.41 Public Sector.41 Private Sector.42 TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 4 Estimating Resources Required Based on Sets of Hypothetical CBDC Design Choices.42 Example Set#1:M

12、inimally Complex.43 Example Set#2:More Complex Focusing on Broader Participation.44 Example Set#3:More Complex Focusing on Programmability,Privacy,and Inclusion.44 Impact of a U.S.CBDC System on Federal Processes.46 Cybersecurity and Privacy.46 Customer Experience.47 Social Safety Net Programs.48 Re

13、commendations on Preparing for a U.S.CBDC System.50 Advance Technical Work Related to Digital Assets.50 Continue Digital Assets Research and Experimentation Within the Federal Reserve.50 Establish a Digital Assets R&D Agenda.50 Scale Up Tech Capacity Across the Federal Government.51 Appendix A:Digit

14、al Services Best Practices.53 Open Source.53 Modern Technology Stack.54 Agile Development.54 Team Structure.55 Appendix B:Interagency Process.58 TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 5 Introduction A Central Bank Digital Currency(CBDC)is a digital form of a countrys sovereign currency.1 If the

15、United States issued a CBDC,this new type of central bank money may provide a range of benefits for American consumers,investors,and businesses.For example,a U.S.CBDC might enable transactions that are more efficient and less expensive,particularly for cross-border funds transfers.However,there are

16、also potential risks to consider.A U.S.CBDC might affect everything ranging from the stability of the financial system to the protection of sensitive data.Recognizing these potential upsides and downsides,the Biden-Harris Administration is committed to further exploring the implications of,and optio

17、ns for,issuing a CBDC.On March 9,2022,President Biden signed Executive Order(EO)14067,Ensuring Responsible Development of Digital Assets,placing the highest urgency on research and development efforts into the potential design and deployment options of a U.S.Central Bank Digital Currency(CBDC).2 EO

18、14067 further directed the Federal government to“prioritize timely assessments of potential benefits and risks under various designs to ensure that the United States remains a leader in the international financial system.”To help advance this directive,Section 5(b)(ii)of EO 14067 ordered the Directo

19、r of the Office of Science and Technology Policy(OSTP)and the Chief Technology Officer of the United States in consultation with the Secretary of the Treasury,the Chair of the Federal Reserve,and the heads of other relevant agencies to submit to the President a technical evaluation for a U.S.CBDC sy

20、stem,should one be proposed.This report begins by laying out the policy objectives for a U.S.CBDC system,outlined in EO 14067 and developed in further detail through an interagency process led by the National Economic Council and the National Security Council.These policy objectives reflect the Admi

21、nistrations ongoing commitment to develop and use technology in accordance with democratic values.This report then analyzes the technical design choices for a U.S.CBDC system,focusing on how those choices would impact the policy objectives for a U.S.CBDC system.Next,this report estimates the feasibi

22、lity of building a minimum viable product for a U.S.CBDC system,based on hypothetical combinations of technical design choices.Finally,this report assesses how a U.S.CBDC system may impact Federal processes,focusing on cybersecurity and privacy,customer experience,and social safety net programs.This

23、 report concludes by making recommendations on how to prepare the Federal government for a U.S.CBDC system,should one be pursued.It recommends that OSTP help advance technology related to CBDCs as part of the CBDC Working Group outlined in the Department of the Treasurys report on The Future of Mone

24、y and Payments.It encourages the Federal Reserve to continue its research and experimentation on CBDC systems,while recommending that the National Science Foundation(NSF)and OSTP develop a National Digital Assets Research and Development(R&D)Agenda to help spur innovation that could support the Fede

25、ral Reserves 1 Other U.S.Government reports explain CBDCs in greater depth.See,e.g.,The Future of Money and Payments.(Sep.2022).Department of the Treasury;and Money and Payments:The US Dollar in the Age of Digital Transformation.(Jan.2022).The Federal Reserve.2 Executive Order 14067:Ensuring Respons

26、ible Development of Digital Assets.(Mar.2022).Federal Register.TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 6 efforts.Finally,it recommends scaling up relevant technological infrastructure,capacity,and expertise across the Federal government to harness benefits and mitigate risks of digital assets.It

27、is also important to briefly note what this report does not do.This report does not make any assessments or recommendations about whether a U.S.CBDC should be pursued.Additionally,this report does not make any design choices for a U.S.CBDC system,if one were proposed.Instead,it fulfills the mission

28、of EO 14067 by providing a timely assessment of potential benefits and risks for a U.S.CBDC system.TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 7 Policy Objectives for a U.S.CBDC System EO 14067 outlines the principal policy objectives of the United States with respect to digital assets and provides a

29、dditional priorities for a U.S.CBDC.This document provides considerations related to choices and limitations that should inform the design of a U.S.CBDC system,where a“CBDC system”includes the CBDC itself,the public sector and private sector components that are built to interact with it,and the laws

30、 and regulations that apply to each of those components.3 Building on the policy objectives described in EO 14067,a U.S.CBDC system should support the following objectives.4 While some of these objectives may be in tension,it is not the aim of this document to reconcile or prioritize the policy obje

31、ctives listed below.Additionally,the purpose of this document is not to take a position on whether a U.S.CBDC should be pursued,or to make decisions regarding particular design choices for a U.S.CBDC system to achieve the stated objectives.1.Provide benefits and mitigate risks for consumers,investor

32、s,and businesses a.Consumers,investors,and businesses should be financially protected.The CBDC system should include appropriate protections for custodial and other arrangements related to customer assets and funds,fraudulent and other illegal transactions,and market failures.It should also provide

33、for appropriate disclosures of risk.b.Consumers,investors,and businesses should be digitally protected.The CBDC system should include consumer protections by design and default.These protections should include mechanisms for human consideration and remedy of harms,and these protections should be acc

34、essible,equitable,effective,maintained,accompanied by appropriate operator training,and should not impose an unreasonable burden on the public.2.Promote economic growth and financial stability and mitigate systemic risk a.The CBDC system should support economic activity.The CBDC system should be des

35、igned to integrate seamlessly with traditional forms of the U.S.dollar.In addition,the CBDC should be flexible enough to facilitate a range of economic policy objectives,including promoting competition and innovation.To support these objectives,the CBDC system should be both governable and sufficien

36、tly adaptable.b.The CBDC system should ensure the resilience of the financial system.The CBDC system should be designed in a way that is consistent with broad financial intermediation and that mitigates concentration risks.The CBDC system should be designed to minimize the occurrence of destabilizin

37、g runs and liquidity risks.The CBDC system should not increase systemic risk.3 The term“components”is broadly construed.For example,components might include smart cards,mobile applications,and intermediaries that fulfill various roles in the CBDC system.4 These objectives are also consistent with th

38、e G7 Public Policy Principles for Retail CBDCs.(Oct.2021).G7.TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 8 c.The CBDC system should be operable in normal circumstances and under stress.The CBDC system should be resilient under a range of adverse circumstances,both at initial deployment and over its l

39、ifecycle.When problems are discovered in CBDC functionality,there should be a clear process and adequate support for mitigating and resolving those problems.3.Improve payment systems a.The CBDC system should be functional.The CBDC system should support the smooth functioning of the payment system by

40、 ensuring that the CBDC system works,including at initial deployment,over its lifecycle,and when parts of the systems are nonoperational.Furthermore,the CBDC system should function efficiently relative to the costs to operate so that it can also achieve the promised benefits of a CBDC system.To do s

41、o,the CBDC system should be designed such that adequate resources and personnel training will exist for developing and maintaining the CBDC systems components.b.The CBDC system should be efficient.The CBDC system should be usable and provide a good customer experience.It should also allow for effici

42、encies that make investments and domestic and cross-border fund transfers and payments cheaper,faster,and safer,by promoting greater and more cost-efficient access to financial products and services.c.The CBDC system should be secure.The CBDC system should be protected against cybersecurity attacks

43、and failures,and the system should ensure assurance and integrity of the CBDC and the system as a whole.The CBDC system should be designed so that consumers,investors,businesses,and the public can trust it to be secure and resilient to potential attacks,disasters,and failures,as well as cyber,fraud,

44、counterfeiting,and other operational risks.The CBDC system should include appropriate cybersecurity and privacy incident management,contingency plans,and continuity plans to ensure availability of its functionalities,including in the case of natural disasters and foreign attacks.d.The CBDC system sh

45、ould be flexible.The CBDC system should support an ecosystem of innovation from the public and private sectors in order to meet the various goals of the United States.The CBDC system itself should be extensible and upgradeable such that it can be iterated upon quickly to improve and harness new inno

46、vation,as well as changing technologies,regulations,and needs.4.Ensure the global financial system has transparency,connectivity,and platform and architecture interoperability or transferability,as appropriate a.The CBDC system should be appropriately interoperable.The CBDC system should,where appro

47、priate and consistent with other policy priorities,facilitate transactions with other currencies and systems,such as physical cash,commercial bank deposits,CBDCs issued by other monetary authorities,and the global financial system.The CBDC system should be designed to avoid risks of harm to the inte

48、rnational monetary system and financial system,including broad monetary sovereignty and financial stability.The CBDC system should be designed with TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 9 appropriate considerations for transferability and orderly termination in events such as a change in policy

49、 or end of life.5.Advance financial inclusion and equity a.All should be able to use the CBDC system.The CBDC system should enable access for a broad set of potential consumers and uses,with appropriate restrictions to mitigate specific risks(e.g.,destabilizing runs,money laundering).While the CBDC

50、system may initially support fewer potential consumers and uses,it should scale and support a broader range of use cases over time.As it is designed,implemented,and maintained,the CBDC system should take particular notice of EO 13985(Advancing Racial Equity and Support for Underserved Communities Th

51、rough the Federal Government)and EO 14058(Transforming Federal Customer Experience and Service Delivery to Rebuild Trust in Government).b.The CBDC system should expand equitable access to the financial system.The CBDC system should expand equitable access to deposit and payment products and services

52、,as well as credit provided by banks and other sources.This includes expanding equitable access for people of color,rural communities,individuals without the resources to maintain expensive devices or reliable Internet access,and individuals with cognitive,motor,or sensory impairments or disabilitie

53、s.The CBDC system should not create new inequities,including through technological barriers to use.Technological advances,educational material,and support should be leveraged to overcome the potential technical and economic barriers to using CBDC that may disproportionately harm some communities.The

54、 CBDC system should support payments to and from the public sector and equity-advancing initiatives,such as the administration of social safety net programs.However,use of the CBDC system should not be mandated.Offline capability should be incorporated,and the role of cash should be preserved.6.Prot

55、ect national security a.The CBDC system should promote compliance with AML/CFT requirements and mitigate illicit finance risks.The CBDC system should be designed to facilitate compliance with anti-money laundering(AML)and combating the financing of terrorism(CFT)requirements,as well as relevant sanc

56、tions obligations.The CBDC system should allow for the collection of information necessary to fulfill these requirements,but not more.The system should also enable adequate transaction monitoring to detect and report suspicious activity to the relevant authority.The CBDC system should be designed to

57、 include features,or enable intermediaries to include features,to identify and mitigate illicit finance risks(e.g.,fraud,sanctions evasion,money laundering),while providing appropriate protections for privacy,civil and human rights,and cybersecurity.b.The CBDC system should support U.S.leadership in

58、 the global financial system,including the global role of the dollar.The CBDC system should be at the forefront of responsible development and design of digital assets and should underpin new forms of payments.The CBDC system should support scalability TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 10 a

59、nd be capable of maintaining high throughput,speed,resiliency,security,and privacy as it facilitates millions or billions of users and global transactions that are fast,efficient,and convenient(for both domestic and cross-border payments,if deemed appropriate).The fully operational CBDC system shoul

60、d support high user and transaction loads,including during surges in transaction volume.7.Provide ability to exercise human rights a.The CBDC system should respect democratic values and human rights.The CBDC system should be designed and used in accordance with civil and human rights,such as those p

61、rotected by the U.S.Constitution,as well as those outlined in the Universal Declaration of Human Rights and the International Covenant on Civil and Political Rights.The CBDC system should have oversight and accountability mechanisms to ensure compliance with civil and human rights.The CBDC system sh

62、ould be able to incorporate technical protections that prevent the use of CBDC in ways that violate civil or human rights.The CBDC system should also be protected from abuse during periods of high political volatility or deviation from democratic values.8.Align with democratic and environmental valu

63、es,including privacy protections a.Sensitive financial data should be private.The CBDC system should maintain privacy and protect against arbitrary or unlawful surveillance.The CBDC design,deployment,and maintenance should adhere to privacy engineering and risk management best practices,including pr

64、ivacy by design and disassociability.5 Built-in protections and design choices should ensure that privacy is included by default,including ensuring that data collection conforms to reasonable expectations and only data that is strictly necessary for advancing CBDC system policy objectives is collect

65、ed.b.The CBDC system should be sustainable.The CBDC system should be compatible with U.S.environmental priorities,including cutting U.S.greenhouse gas pollution by 50-52%from 2005 levels by 2030 and transitioning to a net-zero emissions economy by 2050.The CBDC system should minimize energy use,reso

66、urce use,greenhouse gas emissions,other pollution,and environmental impacts on local communities.The system should improve environmental performance relative to the traditional financial system.5 Disassociability refers to the processing of data or events without association to individuals or device

67、s beyond the operational requirements of the system.See,e.g.,NIST Privacy Framework.(Jan.2020).National Institute of Standards and Technology,29.TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 11 Technical Design Choices for a U.S.CBDC System EO 14067 directed OSTP to submit to the President a report tha

68、t addresses the technical aspects of the various CBDC designs,including with respect to emerging and future technological developments.This section provides a list of design choices that could inform the technical design of a U.S.CBDC system,as well as an analysis of their benefits and risks.This se

69、ction focuses on 18 design choices,divided into six categories:Participants,Governance,Security,Transactions,Data,and Adjustments.This section:Does not presuppose that a CBDC system would use any particular technology(e.g.,a distributed ledger technology or a centrally managed database);Does not ass

70、ume that a CBDC system would maintain identical functionality to cash;Does not take any position on whether establishing a CBDC system would be in the best interest of the United States;Does not prioritize the design choices in order of importance;Does not claim that the list of design choices is co

71、mplete;Does not assume a particular distribution model,but does,for the sake of analysis,focus on design choices with more applicability for a retail CBDC system;6 Does not assume that all applicable design features need to be incorporated into a CBDC system at initial deployment;Does emphasize that

72、 many design choices are linked to other design choices;and Does,for the sake of analysis,focus on the two endpoints for the spectrum of possibilities for a design choice,even though hybrid options are possible,or potentially desired.In order to focus the analysis on the design choices that likely m

73、atter to policymakers,this section makes a few starting assumptions about the design of a U.S.CBDC system.While a U.S.CBDC system could,in theory,be mostly“permissionless”7 from a governance standpoint,this design choice introduces a large number of technical complexities and practical limitations t

74、hat strongly suggest that a permissionless approach does not make sense for a system that has at least one trusted entity(i.e.,the central bank).It is possible that the technology underpinning a permissionless approach will improve significantly over time,which might make it more suitable to be used

75、 in a CBDC system.However,given the state of the technology,most of the analysis that follows assumes that there is a central authority and a permissioned CBDC system.6 Many of these design choices are likely also applicable to a wholesale or hybrid CBDC system.7 A CBDC system could either be manage

76、d by a set of trusted entities(permissioned)or by a network of system participants(permissionless),or some combination of the two.This is discussed further in the permissioning design choice later in this report.TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 12 Deciding whether a CBDC is in the best int

77、erest of the United States will depend,in part,on the specific design choices contemplated for the CBDC system under consideration.The aim of this section is to help policymakers understand these technical design choices and their associated tradeoffs,especially with respect to the policy objectives

78、 for a U.S.CBDC system outlined in Section 4 of EO 14067 and expanded upon in the Policy Objectives section of this report.U.S.policymakers should read this section in conjunction with the Department of the Treasurys report titled The Future of Money and Payments,in order to get a fuller picture of

79、the design choices important to the decision of whether to issue a CBDC.Participants Transport Layer:Less Intermediated vs.More Intermediated What roles do intermediaries take on,and can people opt to pay each other without intermediaries in certain conditions?Who has access to the payment system te

80、chnology and at what level?The transport layer of a CBDC system determines whether a third party must facilitate transfers between two parties,and if so,who the third party or parties are.A CBDC system could be less intermediated by allowing some amount of peer-to-peer(P2P)transactions,which are tra

81、nsactions that occur without the direct involvement of a financial intermediary.8 Alternatively,the system could be more intermediated,which would mean that most or all transactions occur with the involvement of a financial intermediary(e.g.,transfers made via a bank or private services).This is not

82、 a binary choice;there are many fine-grained design choices embedded in this question,including the option to support both less intermediated and more intermediated transactions under different conditions.Even if a P2P funds transfer could be completed without an intermediary,other functions of the

83、system(e.g.,account creation)could still require intermediation.Furthermore,though it is easy to imagine transactions being settled by current-day private sector intermediaries,such as banks,it is possible for other CBDC system functionalities to be fulfilled by non-traditional public or private int

84、ermediaries.9 This design choice is linked to the design choices on transactions,as the transport layer would set the foundation for who can facilitate transactions.This design choice is also linked to the Data design choices,as the transport layer would affect who gets write access to the ledger hi

85、story,if it exists.This design choice is also linked to the governance design choices,as a less intermediated system would require a vastly different set of governance guidelines and 8 Potential intermediaries for transaction processing include the central bank,commercial banks,and other third-party

86、 entities.9 A non-exhaustive list of possible intermediation functionalities includes issuing currency,distributing currency,custody and wallets for currency,validating transactions,settling transactions,provisioning access(e.g.,user accounts,know your customer),providing user interfaces,providing c

87、ustomer service,conducting fraud detection,conducting AML/CFT compliance,and resolving disputes.Some of these functionalities would likely require compliance with banking laws and regulations,as well as other applicable laws,such as Federal securities laws.However,other functionalities(e.g.,provisio

88、ning access)could have different eligibility criteria for intermediaries,allowing a broader range of private entities(e.g.,pharmacies,grocery stores)and public entities(e.g.,libraries,post offices)to provide these functionalities.In turn,this could help increase financial inclusion and equity,could

89、bring more relevant expertise to bear on providing specific intermediary functionalities,and may promote more innovation in payments technology.TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 13 requirements(e.g.,who conducts transaction-level remediation when there isnt an intermediate party facilitatin

90、g transactions?).Finally,this design choice intersects with transaction signing,since multiple-signature transactions may make more sense for an intermediated transport layer.Design choice benefits and drawbacks are described below:Less intermediated:Could improve the privacy of sensitive financial

91、data:A key feature of enabling P2P transactions is that it could mimic the cash-like experience in terms of anonymity and functionality.10 P2P transactions may not need to be known or recorded by an intermediary,which may increase the CBDC systems capacity to protect the privacy of sensitive data.Th

92、e privacy benefits would depend on the specific way the P2P system is set up;for example,if P2P transactions are recorded on a public ledger,then it may be easier to identify and track users than via a well-constructed intermediated system that does not record on a public ledger.Could hamper complia

93、nce with AML/CFT requirements:Pure P2P transactions can be designed either where tokens are bearer assets,11 or where there is account creation.A P2P design with a bearer-asset type token could enable transactions without any intermediary and therefore complicate,and potentially circumvent,AML/CFT o

94、bligations even where registration and reporting obligations apply.12 Alternatively,should transactions be recorded on a public ledger,investigators may be able to use analytics tools to trace transactions.Could affect the improvement of payment systems:A P2P system may have more limited intermediar

95、y13 costs and fees(which would likely be passed on to participants),possibly making it easier to achieve more cost-efficient financial product and services.P2P transactions can also process small-amount retail transactions quickly and cheaply,freeing capacity for an intermediated layer to handle lar

96、ger transactions.However,a less intermediated system may displace traditional financial intermediaries and their business models,which may have ripple effects some potentially negative throughout the American financial system.More intermediated:May provide traditional financial and digital protectio

97、ns:CBDC intermediaries such as financial institutions or new businesses created for processing CBDC transactions14 could help provide key requirements or benefits for a CBDC system,such as facilitating 10 This could also help with CBDC adoption,and thus,financial inclusion.See,e.g.,How America Banks

98、:Household Use of Banking and Financial Services,2019 FDIC Survey.(Oct.2020).Federal Deposit Insurance Corporation,which notes that one of the top reasons cited by unbanked households for not having a bank account is a concern about privacy.11 Here,“bearer asset”refers to an asset where its value is

99、 derived from its own digital representation.12 In the current U.S.framework,Bank Secrecy Act(BSA)obligations are placed on financial intermediaries.13 Even if the CBDC system supports P2P transactions,the complexity needed to facilitate P2P transactions could lead consumers to seek out intermediari

100、es,similar to what has happened in the present crypto-asset ecosystem.14 The Bank of England describes a potential industry of“Payment Interface Providers”(PIPs)for processing the commercial and retail sectors CBDC transactions.See Central Bank Digital Currency:Opportunities,challenges and design.(M

101、ar.2020).Bank of England.TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 14 remediation,implementing AML/CFT controls,performing customer service functions,abiding by privacy regulations,and facilitating cross-border exchanges of currencies.15 Could provide additional benefits and mitigate risks for cons

102、umers,investors,and businesses:An intermediated system could also promote payments innovation by creating incentives for intermediaries to provide new services that build on top of the CBDC system,thus promoting the improvement of payment systems.For example,intermediated exchange can facilitate add

103、itional cybersecurity safeguards to protect CBDC system assets.Enlisting intermediaries existing expertise on this topic would likely benefit the servicing of CBDC system core activities.Furthermore,intermediaries may be better able to bear certain types of transaction risk,because laws and regulati

104、ons require them to be better capitalized.Could advance financial inclusion and equity:This approach could allow for non-traditional,more accessible entities to fulfill various roles in the CBDC system,which could help expand access to the CBDC system.For example,there are a variety of intermediarie

105、s that have identity verification infrastructure,which could help play a role in increasing the accessibility of the CBDC.16 It is also possible,however,that intermediaries could negatively affect financial inclusion(e.g.,with high fees for CBDC-related services,by not providing equitable access to

106、consumers),as has sometimes happened in the corresponding banking context.May reduce security of CBDC system:Intermediaries can be attractive targets for attacks.In an intermediated system,the security of the CBDC system as a whole could be harmed by the compromise of intermediaries with inadequate

107、cybersecurity practices.A CBDC system may also permit people to provision their own intermediary.17 For example,while most people use intermediary services for email provision,it is possible to set up and host ones own email service.If the permissioning of intermediaries was flexible enough to inclu

108、de individuals,then that may reduce some of the downsides of intermediation by introducing more competition.18 Additionally,a CBDC system could also make it easy to switch accounts between intermediaries,similar to how mobile phone users can switch between carriers while still keeping their phone nu

109、mbers.Aside from intermediation of individual payments,there is also a question of intermediation with the CBDC system itself.A CBDC system could allow retail users(e.g.,consumers,businesses)access to CBDC directly from the CBDC system operator,via layers of intermediaries,19 as a 15 For example,the

110、 Monetary Authority of Singapore(MAS)and the Bank of Canada(BOC)explored an intermediated,blockchain-based multi-currency payment system that could facilitate international exchange of currencies.See Jasper-Ubin Design Paper:Enabling Cross-Border High Value Transfer Using Distributed Ledger Technolo

111、gies.(2019).Bank of Canada and Monetary Authority of Singapore.16 Note that a less intermediated system could be similarly accessible and be marketed by similar entities.17 Self-provisioning would not necessarily sidestep obligations under U.S.laws and regulations.Without a third party,these obligat

112、ions potentially shift to the user designing,implementing,and/or operating as an intermediary.A full consideration of regulatory treatment of such self-provisioned intermediaries is outside the scope of this paper.18 A CBDC system could either be managed by a set of trusted entities(permissioned)or

113、by a network of system participants(permissionless),or some combination of the two.Here,permissioning refers to the act of designating an intermediary as a trusted entity.19 If this design choice is implemented,a key question concerns the number of layers of intermediaries.In a model where there is

114、only one layer of intermediaries,banking institutions might interface with retail and wholesale TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 15 liability of intermediaries,or not at all.Much has been written about this distinction,often framed as a difference between“retail CBDC”and“wholesale CBDC,”in

115、 other fora.20 Interoperability:Less vs.More Technical Interoperability with Other Payment Systems Can CBDC be widely transferred such that private and public payment systems can be interlinked(including international CBDCs)so as not to fragment the payment system?What kind of interfaces should be b

116、uilt to interface with other payment systems?Interoperability refers to whether and how a CBDC system can communicate,execute transactions,or transfer data with other payment systems(e.g.,fiat systems,international payment systems,other CBDC systems,or other digital assets systems,such as stablecoin

117、s)while users may have limited knowledge of the unique characteristics(e.g.,data structures)of other payment systems.21 Here,interoperability is not the same as integration,as the former refers to systems that can talk to each other,while the latter refers to more direct access to other systems.A CB

118、DC system could be designed to prevent interoperation with other systems or it could be designed to allow for interoperation where appropriate.With less technical interoperability,it could be harder for a CBDC system to communicate,execute transactions,or transfer data with other payment systems.Alt

119、ernatively,a CBDC system could have more technical interoperability with other payment systems,having the opposite effect.Design choice benefits and drawbacks are described below:Less interoperability:May provide consumers with better financial protection:By reducing interdependence with systems tha

120、t increase or introduce new risks of cybersecurity and operational incidents,the CBDC system might better protect consumers from spillover effects of issues with other payment systems.Less interoperability can also protect against counterparty risk.There are also non-technical ways to protect consum

121、ers that are also relevant here.For example,a certain degree of centralization is beneficial to ensuring consumers can more easily exercise the financial protections they are accustomed to with the transfer of U.S.dollars,such as protections afforded by Regulation E.Additionally,if a U.S.CBDC system

122、 were connected with a foreign CBDC system that required different standards for a range of issues,such as privacy,U.S.consumers could lose protections.May provide a more secure CBDC system:A less technically interoperable CBDC system could provide better resilience during a wide-scale cyberattack.I

123、nteroperability customers,as well as the CBDC system operator.In a model with more than one layer of intermediaries between the CBDC system operator and end users,different banking institutions may interact with different types of users;in this model,smaller banking institutions could interact with

124、retail and potentially wholesale customers,and larger banking institutions could perform other activities necessary for the operating of the CBDC system.20 See,e.g.,Auer,R.and Bhme.R.(2020).The technology of retail central bank digital currency.BIS Quarterly Review,March,89.21 This definition of int

125、eroperability is derived from the International Organization for Standardization(ISO)definition of interoperability.See ISO/IEC 19763-1:2015(en).TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 16 could expand the attack surface,even if the CBDC is not directly integrated with other payment systems.May pr

126、ovide a more functional CBDC system:Interoperability has a number of challenges that make it relatively challenging to implement with full functionality.For example,in the international context,governance and standards alignment can provide a key roadblock to more interoperability.A less technically

127、 interoperable CBDC system may not have to deal with as many obstacles to achieve high functionality as expected.More interoperability:May improve payment systems:A CBDC system designed to be technically interoperable with foreign payment systems including CBDCs could enable cross-border funds trans

128、fers and payments that are cheaper and faster.Envisioned international,private sector,and non-government organization CBDC system interlinkages have explored asset swaps through a trusted intermediary,interconnected CBDC ledgers,and holding multiple currencies within a single ledger.These interconne

129、ctions could be difficult to manage,expand the attack surface,and likely require intermediaries to manage the associated risks.May benefit financial inclusion and equity:With easy interoperability with traditional stores of value,a CBDC system may receive increased uptake from communities and busine

130、sses that make limited use of the traditional financial system.Interoperability could also make cross-border payments,such as remittances,cheaper,quicker,more accessible,and more transparent.The possibility of some interconnection would depend on the type of ledger and transaction structure.Intercon

131、nections could also depend on intermediaries or P2P options in the transport layer.Decisions regarding interoperability should also consider if and how CBDC can be converted to non-CBDC currency on the spot,such as at a point of sale.This may be an important functionality to enable in order to mitig

132、ate certain risks,such as the challenge that holding limits might pose for businesses that hold or exchange large volumes of CBDC at a time.A potential solution to this risk might be to enable quick routing of CBDC to a commercial bank deposit account with ease.Governance Permissioning:Permissioned

133、vs.Permissionless Is the system permissioned(and if so,how)or permissionless?A CBDC system could either be managed by a set of trusted entities(permissioned)or by a network of system participants(permissionless),or some combination of the two.22 This design choice does not assume the use of distribu

134、ted ledger technology,but rather focuses on the governance structure of the system regardless of the technology used.22 For example,a CBDC system might allow permissionless management for most actions,but require heightened permissions for some actions.TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 17 I

135、n environments without trusted entities,permissionless systems often trade efficiency or other design features to potentially permit transactions to settle without established counterparty trust relationships or trusted third parties.By contrast,we assume that a U.S.CBDC system will rely on one or m

136、ore trusted entities,such as the Federal Reserve.Design choice benefits and drawbacks are described below:Permissioned:Often better protects privacy of sensitive financial data:While permissionless systems often build trust and consensus using public ledgers,permissioned systems generally do not req

137、uire a public ledger.This means that transaction history is generally only viewable by a small number of trusted entities,such as the Federal Reserve,and kept private with respect to others.23 Helps mitigate risks for consumers,investors,and businesses:Permissioned systems can simplify transaction r

138、emediation,making it easier to protect consumers,investors,and businesses.They could also make it easier to prohibit migrating CBDC to non-compliant trading venues or other organizations engaged in misconduct or fraud,which can also help protect consumers,investors,and businesses.Permissionless:May

139、have implications for the security of the CBDC system,and thus have effects on the resilience of the financial system:A CBDC system needs to be highly resilient to vulnerabilities(e.g.,insider threats,malicious actors,liquidity risks).A permissionless system invites additional types of malicious beh

140、avior,so many other permissionless payment systems have incorporated additional cybersecurity considerations into their design.That design philosophy may make the system more likely to stay operational if several entities go offline or malfunction at any point.It may also mitigate attacks related to

141、 trust in one or more trusted entities.However,in practice,vulnerabilities introduced by permissionless systems(e.g.,51%attacks,ambiguity from code forks in the case of a distributed ledger)24 may offset the purported resiliency benefits from permissionless systems.25 May not be sustainable or suppo

142、rt economic activity:One of the best-known methods to maintain synchronicity between distributed ledgers the proof-of-work consensus mechanism uses a significant amount of energy.26 Although a permissionless CBDC system would not be required to use proof-of-work,if a U.S.CBDC system did choose to us

143、e such a method to synchronize a ledger of transactions,it may not align with the policy objective that a CBDC system should be environmentally sustainable.23 This is true for P2P transactions too.A permissioned CBDC system could be designed to permit accessing after-the-fact transaction-level detai

144、ls of P2P transactions,in accordance with appropriate legal protections.24 For explanations of these terms and a greater discussion of cybersecurity vulnerabilities,see,e.g.,Hasanova,H.,Baek,U.J.,Shin,M.G.,Cho,K.,&Kim,M.S.(2019).A survey on blockchain cybersecurity vulnerabilities and possible count

145、ermeasures.International Journal of Network Management,29(2),e2060.25 For a more extensive discussion of vulnerabilities,see researched cited in DARPA-Funded Study Provides Insights into Blockchain Vulnerabilities.(Jun.2022).Defense Advanced Research Projects Agency.26 See Climate and Energy Implica

146、tions of Crypto-Assets in the United States.(Sep.2022).Office of Science and Technology Policy.TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 18 Access Tiering:Tiering by User Account vs.Transaction Amount vs.Counterparty vs.None Are there differences in how transactions or accounts are treated?If so,ho

147、w are the tiers of accounts or transactions determined(e.g.,user account,transaction amount)and for what purposes?Access tiering refers to the various features that a CBDC system offers that vary based on the attributes of a given transaction.Transactions could be tiered for a variety of purposes,su

148、ch as privacy,security,financial inclusion,and promoting a risk-based approach to AML/CFT compliance.For example,a CBDC system could provide“lower”tier(s)where users who provided less identity verification information are subject to transaction limits,while providing“higher”tier(s)whereby users who

149、opened an account and are subject to robust customer due diligence standards could transact without limitations.The tier used for a transaction could be based on the user accounts(e.g.,level of customer due diligence)involved in the transaction,the amount being transacted,counterparties involved,or

150、other criteria(e.g.,characteristics of an intermediary).Transactions between two less risky accounts(e.g.,two personal accounts with small balances)could be facilitated on a lower tier.Transactions below a certain amount(e.g.,$3,000,$10,000,or some other dollar amount)could also be facilitated on a

151、lower tier.27 Transactions could be tiered based on counterparties(e.g.,business-to-business payments could be one tier,business-to-consumer and consumer-to-business payments could be another tier,and consumer-to-consumer payments could be yet another tier).Hybrid options are also possible;for examp

152、le,switching to a higher tier once the total amount transacted between two accounts exceeds a certain amount.Transactions could also not be tiered.A tiered system has implications for the data design choices;a tiered system requires the ability to record different amounts of permanent and temporary

153、history for different tiers.Access tiering might also be linked to offline transactions,where a lower tier may facilitate offline transactions and a higher tier may require online capabilities.Access tiering is linked to the transport layer,where a CBDC system could support P2P transactions for lowe

154、r tiers but require intermediaries to facilitate higher tiers(though intermediaries could have the choice to only support certain tiers).Governance,along with whether the tiering needs to be universally adopted within the CBDC system,would also need to be addressed.Finally,access tiering may be link

155、ed to identity privacy,with lower tiers facilitating a higher level of privacy in transactions than higher tiers.This report does not address specific tiering thresholds or which entity in a CBDC system would be responsible for setting them.Design choice benefits and drawbacks are described below:27

156、 Canada and Sweden are considering tiering systems based on the value of the transaction.See Central Bank Digital Currency(CBDC):Retail Considerations.(2021).Bank of Canada,13.Note that the specific dollar amount does not have to be taken from existing precedent in other types of financial transacti

157、ons;a new threshold could be set for the CBDC systems access tiers,based on the unique AML/CFT risk profile of the CBDC system.TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 19 Tiering based on user account:Has implications for privacy and AML/CFT compliance:Tiering based on user accounts,depending on h

158、ow customer information is collected and stored,would promote a risk-based approach rather than solely the amount being transacted.28 Has implications for financial inclusion and equity:Tiering based on actors could raise equity questions based on the types of criteria used to determine a customer r

159、isk profile.29 For example,such a system might subject immigrants to enhanced due diligence,if they engage in more cross-border transactions to send money home.Alternatively,by allowing for simplified customer due diligence on lower tiers,financial inclusion might be increased by giving access to in

160、dividuals who may have previously had problems getting access to an intermediary.Tiering based on transaction amount:30 Has implications for privacy:Tiering based on transaction amount allows for users to conduct lower-value transactions while not meeting other requirements to transact on a higher t

161、ier(e.g.,providing more identity verification information).Has implications for AML/CFT compliance:Tiering based on amount would provide a unified way to assess risk,but given that some types of illicit finance transactions(e.g.,terrorist financing)could regularly involve lower transaction amounts,t

162、his approach might create new vulnerabilities and might be difficult to implement.Tiering based on counterparty:Has implications for AML/CFT compliance:Tiering based on counterparty makes it possible to better assess the nature of a transaction,rather than just the amount or accounts involved.This i

163、nformation can then be used as part of a risk-based approach to due diligence.None:Has implications for AML/CFT compliance:A lack of tiering means that intermediaries would likely develop and implement their own risk-based compliance programs and incorporate simplified or enhanced due diligence in l

164、ine with customer risk profiles.Easier to make functional:A lack of tiering means that only one transaction method must be developed,which then applies to all transactions.Hybrid approaches are also possible.For example,if a form of self-custodied wallets were to be adopted,they could be limited to

165、the lower tier with temporal restrictions on cumulative transfer amounts.It may be ideal to include these access tiers directly in the CBDC systems protocol,rather than allowing them to be easily adjusted through programmable functionality.This could help increase consumer trust that the CBDC system

166、s rules will not be changed haphazardly,and 28 The regulatory ramifications and scaffolding necessary for this approach are beyond the scope of this report.29 These equity concerns may be exacerbated when automated systems are used to make determinations about customer risk profiles.30 This could al

167、so be done as an amount over time.The tier could capture information about the sender and amount,but not retain information about the recipient.This might be facilitated more easily with zero-knowledge proofs.TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 20 this could also help protect the CBDC system

168、from being abused during periods of high political volatility.Identity Privacy:Known to Central Bank vs.Intermediary vs.No One What aspects of identity are kept private/confidential,from whom,and under what circumstances?Identity privacy concerns the extent to which individuals can keep various attr

169、ibutes related to their identity confidential from different parties,such as the central bank and intermediaries.Identity-related information within transactions such as payment addresses could be known to the central bank,intermediaries,or no one.Identity privacy is linked to access tiering,as iden

170、tity privacy could vary between higher and lower tiers,allowing lower tiers to facilitate transactions while keeping more attributes confidential from specific actors.This design choice applies for each piece of sensitive identity-related information.Hence,for each piece of sensitive identity-relate

171、d information,the following design choice benefits and drawbacks should be considered:Collected by central bank:May harm human rights and democratic values:Identity-related information known to the central bank for all or most transactions would represent a significant expansion of the central banks

172、 access to customer information,which would raise significant privacy concerns.This centralized data must therefore not only have extensive cybersecurity protections,but also significant legal protections;for instance,it could be designed to be either legally or technologically(via use of encryption

173、 keys)challenging to view this data without judicial approval and oversight.Even if policies exist to prevent this harm at this time(e.g.,law enforcement needing to seek a subpoena to get identity-related information from intermediaries),enabling this capacity could allow a future Administration to

174、use the CBDC system to surveil the population in close detail,and cybersecurity compromise may still occur.Has implications for privacy and AML/CFT compliance:If“collected by central bank”was the design choice chosen for many pieces of sensitive identity-related information,it may place responsibili

175、ty for AML/CFT compliance on the central bank,greatly increasing its responsibility.This would raise novel concerns about the central bank being subject to supervision for their compliance.This approach may provide users less privacy from the central bank and entities able to get information from it

176、 compared to the current system,but if combined with other design choices(e.g.,access tiering),it may be possible to protect sensitive financial data from disclosure to most parties.If“collected by central bank”was the design choice chosen for many pieces of sensitive identity-related information,it

177、 may place a large burden on the central bank for AML/CFT Compliance;this may also raise novel concerns,since the central bank may need to be subject to supervision for compliance.May not help expand equitable access to the financial system:Consumer discomfort with central bank collection of identit

178、y-related information could discourage adoption and use TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 21 of the CBDC system,which may limit the potential for a CBDC system to expand equitable access to the financial system.Outside of the context of consumer use and adoption,decreased domestic and globa

179、l use of the U.S.CBDC system may harm U.S.leadership in the global financial system and the global role of the dollar,and may also harm economic growth.May introduce new risks:This approach would be a significant departure from current models in the financial system and may introduce unforeseen risk

180、s.Collected by intermediaries:Has implications for privacy and AML/CFT compliance:This approach is more similar to the current AML/CFT regulatory framework,where key reporting and recordkeeping obligations are generally imposed upon intermediaries,providing consistency with that approach.This approa

181、ch has some key advantages,including many that are inverses of the drawbacks noted above.While this system may limit the amount of new risk introduced,it would also implicitly endorse an imperfect status quo.31 No one:Has implications for privacy and AML/CFT compliance:Keeping some pieces of identit

182、y-related information anonymous from the central bank and intermediaries could help enable cash-like privacy for those pieces of information.This may not be possible or sensible for some pieces of sensitive identity-related information.Given that a CBDC is not subject to the same physical limitation

183、s as cash,such an approach might make it harder to identify,trace,and disrupt money laundering and the financing of terrorism and for relevant financial institutions to comply with existing AML/CFT obligations.If“no one”was the design choice chosen for many pieces of sensitive identity-related infor

184、mation,it may functionally provide some level of anonymity,which may complicate intermediaries compliance with AML/CFT obligations and may be out of line with global AML/CFT standards.32 A key question is what kind of information would be considered“identity-related information”for the purpose of th

185、is design choice.This design choice should be considered for all key pieces of identity-related information,and it is probably better for privacy and civil and human rights purposes for some pieces of information to be collected by intermediaries rather than the central bank.Additionally,not all int

186、ermediaries are the same,and criteria may need to be established to determine which types of intermediaries are allowed to collect which types of identity-related information.Pseudonymous payment addresses may provide a privacy-enhancing feature,but they must be designed carefully so as not to be tr

187、ivially linked back to individuals based on other information(e.g.,transaction history).For example,it may be possible for intermediaries to hold or rotate pseudonymous keys on behalf of individuals such that external parties may not view or use them 31 The United Nations Office on Drugs and Crime e

188、stimates that 2-5%of the global Gross Domestic Product is laundered every year,with the International Monetary Fund estimating that$1.6-4 trillion is laundered annually.See,Miller,R.(Apr.2022).Overview of Correspondent Banking and“De-Risking”Issues.Congressional Research Service,1.32 Whether this ap

189、proach is legally possible in the context of current regulation and other obligations is outside of the scope of this report.TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 22 without sufficient authority.However,in general,vulnerabilities in pseudonymous methods could allow for deanonymization,and suffi

190、ciently motivated parties can often render pseudonymity ineffective.Still,for certain threat models,pseudonymity may provide a layer of privacy.If identity-related information is known to some party,some entities likely need to verify the identity of an individual seeking to transact CBDC.33 This co

191、uld be done by intermediaries,establishing their own procedures and systems to verify identity,in line with regulatory obligations.Crucially,it is worth noting that any privacy scheme will likely have some vulnerabilities,so even the“more private”choices will still not guarantee privacy.It is import

192、ant to take a systems-level view of privacy,and not consider a system“private”just because information is being collected by intermediaries and not the central bank.Following best practices on privacy engineering such as minimizing the amount of extraneous data collected in the first place will like

193、ly be vital to minimizing the risk of unauthorized disclosures.Privacy-enhancing technologies could play a key role here,helping to ensure that privacy and AML/CFT objectives can be advanced in tandem.34 Remediation:On-ledger vs.Off-ledger Does remediation(e.g.,chargebacks,liens)get facilitated thro

194、ugh core CBDC system functionality,or is it mandated through external governance processes?Who authorizes these actions,and what transparency is provided?Remediation refers to the ability to fix mistakes made with the CBDC system,such as transactions that occurred accidentally or fraudulently.We ass

195、ume a CBDC system will be required to facilitate remediation,so that persons or entities can conduct activities such as recovering accounts,voiding transactions,ordering restitution,and conducting recovery and resolution activities.These functionalities could be primarily provided on-ledger,such tha

196、t affordances for remediation are built into the CBDC systems protocol(e.g.,transactions can be reversed until settlement is final,the central bank conducts remediation).Alternatively,these functionalities could be primarily provided off-ledger,so that remediation can be retroactively ordered(e.g.,i

197、ntermediaries settling disputes and conducting chargebacks equivalent to the incorrectly-transacted amount,courts mandating intermediaries to close accounts,etc.)and reflected by new offsetting transactions.For example,if Alice mistakenly pays Bob$100,an on-ledger remediation approach could simply v

198、oid that transaction,leaving Alice and Bob the way they were before the transaction.Off-ledger remediation in this example would mean allowing the$100 transaction from Alice to Bob to settle but then,based on that off-ledger action,create a new transaction that pays$100 from Bob to Alice,again attem

199、pting to leave Alice and Bob where they were before the original transaction.33 If access tiering is used,this may only need to apply to individuals seeking to transact on higher tiers.34 The governments of the United States and the United Kingdom launched a set of innovation prize challenges in pri

200、vacy-enhancing technologies to tackle financial crime,working with synthetic global transaction data created by SWIFT,the global provider of secure financial messaging services.See U.S.and U.K.Launch Innovation Prize Challenges in Privacy-Enhancing Technologies to Tackle Financial Crime and Public H

201、ealth Emergencies.(Jul.2022).Office of Science and Technology Policy.TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 23 The key questions here are who has the ability to authorize these actions,and what technical features would enable them to conduct these actions.Remediation would likely be easiest to i

202、mplement in a permissioned and centralized CBDC system with intermediaries that have visibility onto a ledger and the ability to submit transactions.In this case,the primary challenge will likely lie in establishing the governance mechanism to determine the conditions that allow for remediation.Some

203、 of these procedures and principles can likely be drawn from an existing body of property,payment,contract,and banking law that spells out rules for settlement,finality,and liability.Additionally,remediation is also linked to offline transactions;if intermediaries are facilitating remediation in gen

204、eral,then P2P offline transactions may pose additional challenges.Finally,this also relates to access tiering,as higher tiers may want to use more of an on-ledger approach,in order to increase scrutiny for higher risk transactions.Design choice benefits and drawbacks are described below:On-ledger:Pr

205、ovides additional financial protections:Embedding remediation into the CBDC systems core architecture could provide additional guarantees for the ability to conduct remediation.For example,transactions could take a certain amount of time35 to settle with finality,during which period parties may have

206、 the ability to seek remediation.While this approach would render some CBDC unusable for a period of time and may be a disincentive toward using the CBDC system,it would also ensure that the CBDC is not fully transferred until the validity of the transaction is verified.May harm the improvement of p

207、ayment systems:Building remediation directly into the CBDC systems protocol would be challenging,as the central bank is not set up to conduct remediation in the same way private payment services can(e.g.,chargebacks via a credit card company).This would raise governance concerns.Off-ledger:May impro

208、ve payment systems by making the CBDC system faster to settle:Providing remediation as a new offsetting transaction after the initial transaction has settled would likely allow for more speed for transaction settlement,as transactions could be made“final”more quickly.May have implications for advanc

209、ing financial inclusion and equity:More off-ledger remediation would likely allow transfers to settle faster,meaning that Americans waiting for a payment would have access to that capital more quickly.This is particularly important for Americans living paycheck to paycheck,who may also be more vulne

210、rable to predatory lending(e.g.,payday loans).On the other hand,if intermediaries are tasked with facilitating remediation,then offline transactions without intermediaries would pose additional challenges for remediation.35 It may be possible to design a CBDC system where this amount of time could b

211、e specified per transaction.For example,a CBDC system might enable Alice to send money to her trusted friend Bob with no wait time,but if Alice wants to send money to untrusted merchant Charlie,then she could set a wait time of 3 days.This system would still support instant settlement,which is descr

212、ibed as a core attribute of a CBDC system in The Future of Money and Payments.(Sep.2022).Department of the Treasury.TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 24 Security Cryptography:Public-Key Cryptography vs.PKC with Zero-Knowledge Proofs vs.Other What cryptographic techniques are used and for wh

213、at purposes?How would quantum computers affect public-key cryptography systems and how would the system change post-quantum?How can the system be protected against abuses such as fraud and money laundering?Cryptographic design choices are based upon the computationally intractable problems that inve

214、rt and enable the secure storage,transmission,and usage of the information needed to operate a CBDC system.A CBDC system could use public-key cryptography(PKC),in which users have a public key that represents a payment address to receive funds,and a private key that can authorize future payments to

215、spend once funds are received,using digital signatures.A CBDC system could also use a PKC approach with zero-knowledge proofs(ZKPs)to help facilitate secrecy,where users send proof of knowledge and validity of particular data(e.g.,transaction details such as recipients and amount),rather than sendin

216、g the data.There are several other cryptographic methods(e.g.,secure multiparty computation,private set intersection,homomorphic encryption)that could also enhance the security of the CBDC system,and these methods should also be considered if developing a CBDC system.Cryptography design choices are

217、vital to security as quantum computing becomes feasible at scale,as discussed below.The cryptography scheme chosen would also impact how privacy,fungibility,and programmability are designed as well.Design choice benefits and drawbacks are described below:PKC:Likely to be more efficient:PKC is an ext

218、ensively tested and used cryptographic method,and there is familiarity with this approach among developers.It would be relatively easy to roll out a CBDC system with a functional and efficient PKC-based system using longstanding and well-tested code libraries,which would advance the policy objective

219、 of improving payment systems.As quantum-resistant cryptography protocols(discussed below)are standardized,libraries are tested and deployed,and adoption across government and industry become the norm,they can be integrated into the CBDC system.PKC with ZKPs:Provides increased privacy for sensitive

220、financial data:ZKPs can be used to provide enhanced privacy safeguards by verifying if attributes of a transaction are valid without revealing anything about the underlying data itself.By not needing to share this underlying data during transactions,it is generally easier to keep that data private.M

221、ay introduce complexities for AML/CFT compliance:ZKPs may prevent discoverability information and the enforcement of AML/CFT regulations in general,unless combined with a scheme to facilitate compliance.This may increase the complexity of enforcing AML/CFT regulations.TECHNICAL EVALUATION FOR A U.S.

222、CBDC SYSTEM 25 Likely more secure:ZKPs limit the amount of potentially-revealing information sent across networks,reducing potential security vulnerabilities.The use of ZKPs may advance the policy priority of improving payment systems.Furthermore,some ZKP approaches are quantum resistant while other

223、s are not,and choosing an approach will depend on the standardization process.Possibly not as sustainable:Executing ZKPs requires more computation than PKC by itself,especially in order to operate approaches that remain viable when cryptanalytically relevant quantum computers are developed.There are

224、 methods to improve the performance of ZKPs,so there may be reasonable mitigations of this concern.If this approach is chosen,it will be important that the hardware that generates ZKPs is sufficiently decentralized or protected(including from distributed denial-of-service attacks)in order to not inv

225、ite targeted attacks.The security of PKC is based on the inefficacy of certain computations using known algorithms;however,quantum computers are theoretically able to perform some of these computations quickly.Thus,many PKC protocols will be insecure when quantum computing becomes feasible at scale.

226、The PKC systems that are resistant to attacks from such future“cryptanalytically-relevant quantum computers”are referred to as“quantum-resistant cryptography.”National Security Memorandum 10(NSM-10)36 prioritizes the transition to quantum-resistant cryptography and sets the policy that agencies shou

227、ld only transition to quantum-resistant cryptography once the first set of NIST standards for quantum-resistant cryptography is complete(expected in 2024)and implemented in commercial products.If a CBDC system were to be launched in the near future,a traditional non-quantum-resistant PKC system coul

228、d be developed,with the concern that older transactions may be vulnerable to tampering from future cryptanalytically-relevant quantum computers.Alternatively,a longer-term strategy would be to develop a CBDC system with a quantum-resistant PKC system after standardization has been completed.Regardle

229、ss of the cryptographic approach taken,consistent with NSM-10,the CBDC system should maintain“cryptographic agility in that the system should allow for seamless updates for future cryptographic standards.Given this,further research and analysis should be conducted on possible challenges in upgrading

230、 any non-quantum-resistant cryptography protocols to quantum-resistant methods at a later date.There is also policy37 concerning the governments ability to retain and manage encrypted records.A relatively complex change in policies and regulations would take significant effort,and should be careful

231、to align with recent Executive Orders and memoranda38 regarding the Federal governments posture toward cybersecurity.36 National Security Memorandum on Promoting United States Leadership in Quantum Computing While Mitigating Risks to Vulnerable Cryptographic Systems.(2022).The White House.37 See,e.g

232、.,Bulletin 2007-02,Guidance concerning the use of Enterprise Rights Management(ERM)and other encryption-related software on Federal records.(Apr.2007).National Archives and Records Administration.38 See,e.g.,Executive Order 14028:Improving the Nations Cybersecurity.(May 2021).Federal Register;M-22-0

233、9:Moving the U.S.Government Toward Zero Trust Cybersecurity Principles.(Jan.2022).Office of Management and Budget.TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 26 Secure Hardware:More Hardware-Based vs.More Software-Based Is there support for secure hardware interfaces?Secure hardware refers to computi

234、ng equipment(i.e.,hardware)that is designed to protect data and computation,especially from other processes running on that equipment.A CBDC system could base a large part of its security model on secure hardware-based approaches.This could include the use of a separate module(i.e.,physically separa

235、ted from other hardware)that isolates specific data and/or computations.This could also include the use of a trusted execution environment,where there are limitations placed on the code that can be executed on the equipment.Such a system could connect to a users smartphone,could be made as a special

236、ized part of the users cellphone,or could function as a standalone device.A CBDC system could also run with limited or no secure hardware-based approaches,prioritizing software-based approaches to security.Secure hardware is likely to be important for enabling offline transactions,in order to combat

237、 fraud and abuse(e.g.,counterfeiting money)when transacting parties are offline.Design choice benefits and drawbacks are described below:More hardware-based:Likely more secure:This approach can better secure cryptographic keys and certify code performance,helping to provide higher levels of security

238、.May promote AML/CFT compliance and limit concerns with privacy of sensitive financial data:Secure hardware could possibly be the place where encrypted transactions take place,and much of the information necessary for compliance with AML/CFT regulations may reside.This can provide additional mechani

239、sms for limiting illicit activity while minimizing risks to the privacy of individuals,but would put additional pressure on the security of that hardware.May harm the expansion of equitable access to the financial system:Consumers may need to purchase a piece of hardware that would enable them to pa

240、rticipate in the network,which would create a barrier to equitable access to the financial system.However,if there was widespread access to secure hardware-based approaches(e.g.,if most cellphones had the appropriate capability),then secure hardware could possibly execute trusted code that ensures C

241、BDC cannot be double-spent even without access to a network;this would help facilitate offline transactions,which may expand equitable access to the financial system.Introduces new risks to security and sensitive financial data:Secure hardware also sometimes still shares hardware with other parts of

242、 the system,allowing for data to leak onto insecure hardware.Without adequate protections,secure hardware may also be manipulated by those with physical access to the system.This could be counter to the policy objectives of having a secure CBDC system and keeping sensitive financial data private.Exa

243、cerbates systemic risk:It is vital that secure hardware can be trusted to be secure,and appropriate protections can be incorporated.However,secure hardware is only developed by a few key players,and there would be large incentives for those throughout the supply TECHNICAL EVALUATION FOR A U.S.CBDC S

244、YSTEM 27 chain(including end users)to exploit the system,as the reward could potentially be the ability to mint unlimited CBDC.This would also add another potential vulnerability for the CBDC system by increasing reliance on supply chain security beyond security through software only(which also has

245、risks for supply chain attacks).More software-based:Likely provides more flexibility:Software-based approaches to wallets or other cryptographic primitives allow a variety of platforms and languages to adopt implementations which can improve security,and interoperability of a protocol.Supports expan

246、sion of equitable access to the financial system:By providing lower barriers to entry for consumers who do not need secure hardware,it may encourage adoption from consumers not having to acquire hardware-based technologies.If secure hardware is part of a CBDC system design,it should be layered on to

247、p of other security measures,and not be used as a standalone guarantor of CBDC system integrity.Transactions Signatures:No-signature vs.Single-signature vs.Multi-signature Signing Do transactions use digital signatures,and if so,are transactions single-signed or multiple-signed?How do you protect th

248、reshold keys/signatures?What does signing confer to the transaction?What signing algorithm is the right one?A CBDC system could require zero,one,or multiple digital signatures to execute a valid transaction.The CBDC system could use a no-signature approach,where transactions are not signed with any

249、verification of identity;this would rely on a custodian to provide a user account and facilitate access to funds.The CBDC system could use a single-signature approach,where only the payer is needed to authorize the transaction.In this process,a single individualtypically the payer in possession of a

250、 private key to a digital walletcan execute a transfer of funds to another wallet.The CBDC system could also use a multi-signature approach,where multiple signatures are needed in order to execute the transaction.In this approach,multiple private keys possibly held by separate actors39 must be used

251、in a transaction before the CBDC is transferred.These options are not mutually exclusive;all three could be supported by the CBDC system in different circumstances.In a multi-signature approach,there will also be additional design choices concerning who holds the appropriate keys,and whether a thres

252、hold approach is to be adopted(i.e.,requiring some subset of possible signatures to be given,rather than requiring all of them).This design choice could be linked to access tiering,where higher tiers use multiple-signature or single-signature approaches,and lower tiers use single-signature or no-sig

253、nature approaches.This design choice is closely linked to the cryptography and quantum-proofing design choices.This design choice is also linked to transaction privacy;for example,if the recipient is not one of 39 The transaction recipient may want to hold one of these keys.Should a CBDC system grow

254、 to interoperate with digital assets from many sources,unsolicited assets might be sent to accounts.This could introduce off-ledger attack vectors(e.g.,compromised privacy,phishing).TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 28 the signers of a transaction,a bad actor might try to send unsolicited a

255、ssets to a target in order to glean information about them.Design choice benefits and drawbacks are described below:No-signature:Likely less secure than other options:If transactions do not require any direct authentication by the owner,there would be fewer safeguards to prevent the unauthorized tra

256、nsfer of CBDC.May limit improvements to payment systems:This approach may make it harder to introduce transaction programmability into the CBDC system,as signatures are a method to provide proof of ownership.Single-signature:Possibly less secure than multiple-signature approach:This would be more se

257、cure than no-signature.However,because transactions only require one private key,there is a single point of failure.If a less intermediated transport layer is used,or if a private key is lost or stolen,that could lead to the loss of CBDC held in the associated wallet;similar to cash,once the asset h

258、as been lost or stolen,regaining possession can be difficult.This may not be as much of a problem with a multi-signature threshold approach,because that approach allows for“backup”keys to exist if some keys are lost or stolen.Fraud detection and prevention measures may also mitigate some of these pr

259、oblems.Possibly more functional and efficient:This approach is likely simple to understand and implement.Single-signature(and its analogs)are the default in the retail commerce environment(e.g.,credit and debit card transactions,transferring money from individual bank accounts)and among many private

260、 sector-administered digital assets.Multiple-signature:Likely more secure than other options:Multi-signature offers security enhancements over single-signature.In P2P transactions,the payer might hold two private keys on different devices that are needed to execute the transaction,providing addition

261、al security(similar to two-factor authentication).A threshold approach allows for,say,two of three possible signatures to be present;for example,the payer and the intermediary can each hold a key,and a third key is stored with a trusted third party in case either of the other keys is compromised.Thi

262、s could advance the policy objective of improving payment systems.Possibly less functional and efficient:Multi-signature requires more steps to complete a transaction,possibly adding roadblocks to easy use of CBDC.For example,if multi-signature is used for low-value transactions,the safety features

263、may not outweigh the poorer customer experience(e.g.,requiring two-factor authentication at every point-of-sale).Multi-signature would also require more effort to implement than single-signature.Additionally,more research will have to be done to determine what offline capabilities can be achieved wi

264、th a multi-signature approach.Possibly better for ensuring appropriate interoperability:Multi-signature can provide a method to enable cross-border,cross-currency exchanges.In this model,one of the required signatures is from an intermediary that holds the transfer in escrow until all TECHNICAL EVAL

265、UATION FOR A U.S.CBDC SYSTEM 29 transfer conditions are met.The multi-signature serves not only as an additional layer of security,but also as a facilitator of the transaction.Transaction Privacy:More Private vs.More Observable Transactions vs.Layering What level of transaction privacy is supported?

266、What aspects of transactions are private,and from whom?Are amounts,destinations,and smart contracts private from the central bank?Can transactions be chained?Transaction privacy concerns which entities are able to access which characteristics of transactions,including data privacy(e.g.,account balan

267、ces,location of participants,information about goods)and program privacy(e.g.,source code and inputs used for a smart contract transaction).A CBDC system could be more private,limiting access to sensitive data for legal reasons only(e.g.,for compliance with AML/CFT regulations,to competent authoriti

268、es for AML/CFT regulation and supervision).A CBDC system could be more observable,such as by maintaining a public record of all transactions associated with pseudonyms(e.g.,the way that many private sector-administered digital assets work).A CBDC system could be a hybrid of these options,providing a

269、 public record of some characteristics and only allowing limited discoverability of others.A CBDC system could also support a layering approach,where intermediaries capture information about transactions or accounts that meet some established set of concerning characteristics,and that information co

270、uld be retained for some fixed period of time during which proper legal authorities could petition to review that information in accordance with legal standards.This design choice could be enabled in a variety of ways that intersect with other design choices.For example,if the cryptography design ch

271、oice includes ZKPs,it may be possible to use ZKPs to facilitate transactions that require fewer entities to view sensitive data.Or,if the CBDC system has access tiering,design choices could be chosen for the lower tiers that provide greater transaction privacy.Additionally,if the CBDC system has int

272、ermediaries,these intermediaries could facilitate a layering approach.Design choice benefits and drawbacks are described below:More private:Better protects the privacy of sensitive financial data:This approach would limit the data and program information that is accessible to transacting parties and

273、 third parties.It also may increase public trust and financial inclusion in a CBDC system.Might introduce challenges for promoting compliance with AML/CFT requirements:Some methods for enabling transaction privacy(e.g.,some ZKP-based approaches)have limitations in how much information would be saved

274、 for future discoverability.If this approach is chosen,thought should be given to how sufficient transaction information could be preserved and remain accessible only for a limited set of verified use cases(e.g.,competent authorities or financial institutions for AML investigations or to comply with

275、 AML/CFT obligations).Limitations on data preservation or access could also have implications for existing recordkeeping obligations of relevant financial institutions.TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 30 More observable:Promotes AML/CFT compliance:This approach would increase the amount of

276、 information readily available for AML/CFT compliance purposes,albeit in pseudonymous form,to competent authorities and could support relevant financial institutions compliance with existing AML/CFT obligations.Competent authorities and relevant financial institutions would still need to be able to

277、access and share,when appropriate,detailed transaction information to facilitate compliance with AML/CFT obligations.Might reduce privacy of sensitive financial data:Even if pseudonymous identities are used for transactions,vulnerabilities in pseudonymous methods could lead to deanonymization in the

278、 future.This could potentially reduce public trust and financial inclusion if deanonymization incurs privacy harms to innocent actors.May help support economic activity:Some public information about characteristics of transactions may be useful for understanding consumer preferences and promoting pr

279、ivate sector innovation.Layering:Aims to protect privacy of sensitive financial data and promote AML/CFT compliance,via intermediaries:In this approach,transaction information would be mostly unavailable to the general public,while intermediaries or programmatic rules would get access to transaction

280、 information necessary to support compliance with AML/CFT obligations,and data would be available to competent authorities.For example,AML/CFT compliance practices could be standardized at the CBDC system level(e.g.,along the rails),which could increase the efficiency and effectiveness of AML/CFT pr

281、ocesses,but may place a large burden on the CBDC system operator to be responsible for a large part of AML/CFT compliance.In addition,a one-size-fits-all AML/CFT program may not be aligned with the risk-based approach promoted by international standards.However,if intermediaries play a role in such

282、a process,care would likely be required to ensure that intermediaries do not sell,transfer,or lose this sensitive financial data in a manner that unreasonably breaches privacy.Possibly less secure:Because intermediaries would need to access transaction information,this approach would have an access

283、point that could be compromised,either directly(e.g.,since the information is being captured somewhere)or indirectly(e.g.,unauthorized access to intermediaries databases).Offline Transactions:Online Only vs.Both Online and Offline How can offline capabilities be provided,such that some transactions

284、can occur without connectivity to the broader CBDC system?Would tokens or debit cards tied to the CBDC operate as a tool to permit a higher level of privacy for some transactions?Offline transactions refer to exchanges of CBDC that occur when the exchanging parties can communicate with each other,bu

285、t they cannot communicate with the transaction processor.One design choice is to forgo offline transactions,instead requiring some form of connectivity in order to complete a transaction of CBDC.Alternatively,offline transactions could be provided,TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 31 for ex

286、ample,by using trusted execution environments for individuals to verify to each other that they have the CBDC they claim to have,and to facilitate the transaction securely.This option is closely linked to the Secure Hardware design choice,as that might provide the guarantees needed to facilitate som

287、e transactions offline without the broader CBDC systems features and safeguards.It is also linked to the governance design choices,as there could be future punishments and remediation for offline transactions that were incorrect or malicious.Finally,the data model and fungibility of CBDC would also

288、have an impact on the privacy implications of offline transactions.Design choice benefits and drawbacks are described below:Online only:Could be more secure:An online-only model would not introduce vulnerabilities from offline capabilities,such as flaws in a trusted execution environment that functi

289、onally allows individuals to create CBDC out of thin air.However,there are reasons that offline capability could also boost the CBDC systems security,as discussed below.May harm financial inclusion and equity:The requirement to have connectivity to the CBDC system would disproportionately disadvanta

290、ge underserved communities that lack access to reliable and high-speed Internet.Additionally,the inability to use CBDC like physical cash may not be enticing to communities that have been particularly disenchanted with the traditional banking and financial systems.Both online and offline:Has implica

291、tions for security and AML/CFT controls:An offline-capable system would be more resilient if the network or intermediaries were rendered dysfunctional at any point.This resiliency would be important during potential attacks or failures,allowing CBDC to be exchanged while the system comes back online

292、.However,if someone breaks the mechanism(e.g.,secure hardware)that ensures CBDC cannot be spent twice,then it could be possible to counterfeit CBDC.In addition,offline transactions could presumably take place without being subject to real-time transaction monitoring or investigative tracing,which co

293、uld complicate compliance with AML/CFT obligations.Could be more private:An offline system,based on how it is implemented,could offer more cash-like privacy in offline transactions.For example,if transactions are only recorded when they intersect with intermediaries,then CBDC could be exchanged betw

294、een many hands offline before being re-tracked in the ledger.There is a spectrum of options between fully online-only and fully offline-compatible.Limitations could also be placed on the amounts,frequency,or types of transactions that could occur offline.For example,third-party network transactions

295、have a reporting requirement for transactions exceeding$600.40 Furthermore,cash transactions in trade and business over$10,000 are required to be reported to the Internal Revenue Service(IRS)under current law;an analogous norm in offline CBDC transfers might mean that more than$10,000 cannot be tran

296、sferred offline.However,P2P cash transactions not considered in the context of trade or business do not have this reporting requirement.40 Instructions for Form 1099-K.(Jan.2022).Internal Revenue Service.TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 32 Transaction Programmability:Supported vs.Not Suppo

297、rted Are transaction-level application programming interfaces(APIs)supported?If so,can they be created in a permission-less manner,only by the CBDC authority,or somewhere in between?Who defines the API?Is there a governance process to determine API requirements?Transaction programmability refers to

298、whether,broadly,third-party developers are able to code rules into a CBDC system,such that those rules are executed when the predefined conditions are met.41 This does not refer to the ability to uniquely identify specific CBDC units and place restrictions on their use;for a discussion of that desig

299、n choice,refer to the fungibility design choice.Transaction programmability can be supported,such that the CBDC system has smart contract programming capabilities that developers can use to develop programs to run on the CBDC system.Alternatively,transaction programmability could not be supported,so

300、 that most or all CBDC cannot be programmed to function in more specific ways.Hybrid options are also possible;for example,programmability could be supported for broad use cases(e.g.,regulatory and monetary policy)and execution of some smart contracts could be extended to intermediaries,but direct p

301、rogramming against a ledger could be unsupported.Programmability could also be allowed for applications that use data from the CBDC system without having direct access to CBDC system infrastructure.Trustworthy programmability is highly entangled with the cryptographic primitives that are chosen to e

302、nable security and trust.Because programmability can also have tradeoffs with privacy,the design choices about identity privacy and transaction privacy are also closely linked to programmability.The data model chosen is relevant here;for example,an unspent transaction outputs(UTXO)model,as described

303、 below,may make it harder to conduct auctions using smart contracts.42 Finally,questions of governance are also important here if transaction programmability is supported on a centralized system,it will likely be important to ensure that the central authority or authorities are verifiably committed

304、to following and executing the rules.Design choice benefits and drawbacks are described below:Transaction programmability supported:Likely supports payments innovation:Allowing entities or developers to build in their own programs could enable new forms of payment technologies,similar to the ecosyst

305、em of innovation seen with smart contracts.This may not be fully realized if programmability is only partly supported(e.g.,if the CBDC system is deployed with programmed rules established,but does not support third parties to build in their own programs).May harm the privacy of sensitive financial d

306、ata:Programmability is often based on verifying that a certain set of conditions is true,which then initiates the execution of the smart contract.In order to verify that set of conditions,the smart contract needs access to 41 Transaction programmability is often implemented through transaction-level

307、 APIs.42 Allen,S.,apkun,S.,Eyal,I.,Fanti,G.,Ford,B.A.,Grimmelmann,J.,.&Zhang,F.(Aug.2020).Design choices for central bank digital currency:Policy and technical considerations(No.w27634).National Bureau of Economic Research,51-2.TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 33 certain sets of data.This

308、can lead to privacy risks to sensitive financial data,although various privacy-enhancing approaches(e.g.,ZKPs)could help mitigate these risks.May make the CBDC system less secure:In the private sector use of smart contracts,there have been a number of bugs,mistakes,and hacks that have caused smart c

309、ontracts to behave in unexpected or malicious ways.While this can be partly mitigated via controlled libraries for smart contract programming languages,upgradable code,and code verification,there will likely still remain key security risks with programmable CBDC.May worsen systemic risk:A network of

310、 smart contracts and the potentially high interdependency between them could create unexpected feedback loops,where the whole system triggering rules in parallel could collectively create systemic issues for the financial system.May reduce financial protections for consumers:Programmability might in

311、troduce challenges for stopping code execution in response to bankruptcy,recovery and resolution,or other court prescribed activities.The smart code execution is driven by standard external inputs and may have additional challenges for adjusting or accommodating“extraordinary”events such as bankrupt

312、cy or receivership,which could lead to violations of laws or regulations.Transaction programmability not supported:The benefits and drawbacks of not implementing transaction programmability are the inverse of implementing it.Data Data Model:Unspent Transaction Outputs vs.Account Balances What model

313、is used to maintain records:Unspent Transaction Outputs(UTXOs)or Account Balances?The data model refers to the method of keeping records about ownership of CBDC.The CBDC system could use the UTXO data model,where the transfer of specific CBDC units is tracked(e.g.,like coins being transferred betwee

314、n individuals).Alternatively,the CBDC system could use the Account Balances model,where it tracks the aggregate amounts of CBDC held in different places.The system could also use a hybrid of these approaches.The data model is closely linked to many other design choices,including those involving the

315、transport layer,identity privacy,transaction privacy,and offline capabilities.Design choice benefits and drawbacks are described below:Unspent Transaction Outputs(UTXOs)May enable more privacy for sensitive financial data:It is a bit easier to do privacy-preserving cryptography with this model.Indiv

316、idual UTXOs can be linked to unique keys,so that they are not all easily tied back to one individuals account.Meanwhile,with the Account Balances model,many people will likely use one account for their TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 34 transactions,which means all transactions could be l

317、inked back to a single person more easily.Likely easier to expand access for all Americans:As a CBDC system scales,the UTXO data model is likely to make it easier to facilitate more transactions(e.g.,transactions can happen in parallel without needing to sequence them to avoid double-spending).With

318、the Account Balances model,transactions require editing a global state about account balances,and these edits likely have to happen sequentially so that money isnt double-spent;this might provide a challenge to scaling the CBDC system.Account Balances:May support certain types of payments innovation

319、:The Account Balances model could make it easier to reference outside states via oracles or smart contracts.Global account states would make it easier to incorporate transaction programmability.It is harder for a UTXO data model to reference the full global state of the CBDC system,which is likely a

320、 key feature for achieving extensive programmability(e.g.,enabling the checking of other users balances).There is also a spectrum of designs between the UTXO and Account Balances data models.For example,some projects have used a hybrid approach that features a“collection of object states”as its data

321、 model.Ledger History:None vs.Centralized vs.Distributed Does the CBDC maintain a history of issuances and transactions,and what information is stored(e.g.,value,issuer)and for how long?If a decentralized system is used,do nodes contain all or part of the transaction history(e.g.,full versus light n

322、odes)or partition the storage workload(e.g.,sharding43)?Ledger history refers to the maintenance of a history of issuances and transactions in a CBDC system.A CBDC system could not store ledger history;for example,a system of smart cards(e.g.,mobile phone SIM cards)may not need a ledger.A CBDC syste

323、m could store ledger history on a more centralized ledger,with the central bank providing the core infrastructure and with trusted intermediaries operating key features(e.g.,adding transactions to the ledger).Alternatively,a CBDC system could store ledger history in a more decentralized manner,with

324、trusted intermediaries or individuals being able to operate their own nodes to facilitate part of the CBDC system.The specific questions about which information is recorded are addressed in previous sections on identity privacy,transaction privacy,remediation,and data.The choices made in those secti

325、ons are highly relevant here;because different pieces of historical data could be accessed together,the risks to privacy and AML/CFT controls would be shaped by the specific pieces of information being stored.Additionally,remediation will likely be more challenging if a distributed ledger is chosen

326、such that no trusted entities have unilateral write access to the ledger.43 Sharding refers to taking natural subsets of data in a database,often to help improve performance.See,e.g.,Amiri,M.J.,Agrawal,D.,&El Abbadi,A.(Jul.2019).On sharding permissioned blockchains.2019 IEEE International Conference

327、 on Blockchain,282-5.TECHNICAL EVALUATION FOR A U.S.CBDC SYSTEM 35 Design choice benefits and drawbacks are described below:None:May improve security and privacy of sensitive financial data:A key way to protect privacy and security is to not capture information.44 By not maintaining a ledger,there w

328、ould be fewer places where sensitive financial data could be accessed.May introduce risks for consumers,investors,and businesses:It may be impossible to offer all the features and requirements of a central bank asset without any ledger.A lack of a ledger,even one that only temporarily records transa

329、ctions,could make it harder to resolve critical failures and conduct remediation.May have implications for expanding equitable access to the financial system:A lack of any historical ledger directly tied into the core CBDC system could foster widespread distrust in the CBDC system,especially during

330、its early adoption phase when there may be doubts as to whether the system works properly.Alternatively,because privacy concerns are one of the most-cited reasons for not having a bank account among unbanked households,45 the lack of a ledger may help increase adoption of a CBDC among the unbanked a

331、nd underbanked.Centralized ledger:Likely more functional and efficient:A centralized ledger would likely be easier to build and operate,especially at the scale needed for a U.S.CBDC system.May have implications for payments innovation and consumer protection:Since a centralized ledger approach is si

332、milar to how electronic money transactions are currently tracked,this approach is more familiar and better tested.However,this familiarity may limit full consideration given to incorporating the latest features in areas like encryption and programmability,possibly limiting innovation,but also possib

333、ly better protecting consumers,investors,and businesses.Distributed ledger:May be less functional and efficient:Further research would have to be performed to understand if distributed ledgers can support transaction rates and latency likely required by a U.S.CBDC system.This could build on the considerable energy that has been invested into research on additional technologies to enhance underlyin