research-article

Platypus: A Central Bank Digital Currency with Unlinkable Transactions and Privacy-Preserving Regulation

Authors:

Kari Kostiainen,

Srdjan CapkunAuthors Info & Claims

CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security

Pages 2947 - 2960

https://doi.org/10.1145/3548606.3560617

Published: 07 November 2022 Publication History

Abstract

Due to the popularity of blockchain-based cryptocurrencies, the increasing digitalization of payments, and the constantly reducing role of cash in society, central banks have shown an increased interest in deploying central bank digital currencies (CBDCs) that could serve as a digital cash-equivalent. While most recent research on CBDCs focuses on blockchain technology, it is not clear that this choice of technology provides the optimal solution. In particular, the centralized trust model of a CBDC offers opportunities for different designs. In this paper, we depart from blockchain designs and instead build on ideas from traditional e-cash schemes. We propose a new style of building digital currencies that combines the transaction processing model of e-cash with an account-based fund management model. We argue that such a style of building digital currencies is especially well-suited to CBDCs. We also design the first such digital currency system, called Platypus, that provides strong privacy, high scalability, and expressive but simple regulation, which are all critical features for a CBDC. Platypus achieves these properties by adapting techniques similar to those used in anonymous blockchain cryptocurrencies like Zcash to fit our account model and applying them to the e-cash context.

References

[1]

[n.d.]. gnark Library. https://github.com/ConsenSys/gnark.

[2]

[n.d.]. SQLite. https://www.sqlite.org/.

[3]

[n.d.]. Tor Browser. https://www.torproject.org/.

[4]

Martin Albrecht, Lorenzo Grassi, Christian Rechberger, Arnab Roy, and Tyge Tiessen. 2016. MiMC: Efficient encryption and cryptographic hashing with minimal multiplicative complexity. In International Conference on the Theory and Application of Cryptology and Information Security.

[5]

Sarah Allen, Srdjan Čapkun, Ittay Eyal, Giulia Fanti, Bryan A Ford, James Grim- melmann, Ari Juels, Kari Kostiainen, Sarah Meiklejohn, Andrew Miller, Eswar Prasad, Karl Wüst, and Fan Zhang. 2020. Design Choices for Central Bank Digital Currency: Policy and Technical Considerations. Technical Report. The Brookings Institution.

[6]

Elli Androulaki, Jan Camenisch, Angelo De Caro, Maria Dubovitskaya, Kaoutar Elkhiyaoui, and Björn Tackmann. 2020. Privacy-preserving auditable token payments in a permissioned blockchain system. In Proceedings of the 2nd ACM Conference on Advances in Financial Technologies.

Digital Library

[7]

Karim Baghery, Markulf Kohlweiss, Janno Siim, and Mikhail Volkhov. 2021. Another look at extraction and randomization of Groth's zk-SNARK. In International Conference on Financial Cryptography and Data Security. Springer, 457--475.

Digital Library

[8]

Foteini Baldimtsi, Melissa Chase, Georg Fuchsbauer, and Markulf Kohlweiss. 2015. Anonymous Transferable E-Cash. In Public Key Cryptography.

[9]

Bank of Canada, European Central Bank, Bank of Japan, Sveriges Riksbank, Swiss National Bank, Bank of England, Board of Governors of the Federal Reserve, and Bank for International Settlements. 2020. Central bank digital currencies: foundational principles and core features. https://www.bis.org/publ/othp33.htm.

[10]

Bank of England. 2020. Central Bank Digital Currency: Opportunities, challenges and design. https://www.bankofengland.co.uk/-/media/boe/files/paper/2020/ central-bank-digital-currency-opportunities-challenges-and-design.pdf.

[11]

Daniel J Bernstein, Niels Duif, Tanja Lange, Peter Schwabe, and Bo-Yin Yang. 2012. High-speed high-security signatures. Journal of cryptographic engineering 2, 2 (2012).

[12]

Jan Camenisch, Susan Hohenberger, and Anna Lysyanskaya. 2005. Compact E-Cash. In Advances in Cryptology - EUROCRYPT 2005 (Lecture Notes in Computer Science, Vol. 3494).

Digital Library

[13]

Jan Camenisch, Susan Hohenberger, and Anna Lysyanskaya. 2006. Balancing accountability and privacy using e-cash. In International Conference on Security and Cryptography for Networks.

Digital Library

[14]

Sébastien Canard, David Pointcheval, Olivier Sanders, and Jacques Traoré. 2015. Divisible e-cash made practical. In IACR International Workshop on Public Key Cryptography. Springer, 77--100.

[15]

David Chaum. 1983. Blind Signatures for Untraceable Payments. In Advances in Cryptology: Proceedings of Crypto 82.

[16]

David Chaum, Christian Grothoff, and Thomas Moser. 2021. How to issue a central bank digital currency. SNB Working Papers (2021).

[17]

George Danezis and Sarah Meiklejohn. 2016. Centrally Banked Cryptocurrencies. In 23nd Annual Network and Distributed System Security Symposium, NDSS.

[18]

T. Elgamal. 1985. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory 31, 4 (1985).

Digital Library

[19]

Henk Esselink and Lola Hernández. 2017. The use of cash by households in the euro area. ECB Occasional Paper 201 (2017).

[20]

European Central Bank. 2019. Exploring anonymity in central bank digital currencies. https://www.ecb.europa.eu/paym/intro/publications/pdf/ecb. mipinfocus191217.en.pdf.

[21]

European Central Bank. 2021. Eurosystem report on the public consultation on a digital euro. https://www.ecb.europa.eu/pub/pdf/other/Eurosystem_report_on_ the_public_consultation_on_a_digital_euro 539fa8cd8d.en.pdf.

[22]

eurostat. [n.d.]. Population Development and Projections. https://ec.europa.eu/ eurostat/web/population-demography-migration-projections/visualisations (retrieved 2021-04--10).

[23]

Christina Garman, Matthew Green, and Ian Miers. 2016. Accountable privacy for decentralized anonymous payments. In International Conference on Financial Cryptography and Data Security.

[24]

Arthur Gervais, Srdjan Capkun, Ghassan O Karame, and Damian Gruber. 2014. On the privacy provisions of bloom filters in lightweight bitcoin clients. In Proceedings of the 30th Annual Computer Security Applications Conference.

Digital Library

[25]

Jonas Gross, Johannes Sedlmeir, Matthias Babel, Alexander Bechtel, and Benjamin Schellinger. 2021. Designing a central bank digital currency with support for cash-like privacy. Available at SSRN 3891121 (2021).

[26]

Jens Groth. 2016. On the size of pairing-based non-interactive arguments. In Annual international conference on the theory and applications of cryptographic techniques.

[27]

Tom Elvis Jedusor. 2016. Mimblewimble. http://mimblewimble.org/mimblewimble.txt.

[28]

Butler Lampson and Howard E Sturgis. 1979. Crash recovery in a distributed data storage system. (1979).

[29]

Zeyu Liu and Eran Tromer. 2021. Oblivious Message Retrieval. Cryptology ePrint Archive (2021).

[30]

Sinisa Matetic, Karl Wüst, Moritz Schneider, Kari Kostiainen, Ghassan Karame, and Srdjan Capkun. 2019. BITE: Bitcoin Lightweight Client Privacy using Trusted Execution. In 28th USENIX Security Symposium (USENIX Security 19). 783--800.

[31]

Ian Miers, Christina Garman, Matthew Green, and Aviel D Rubin. 2013. Zerocoin: Anonymous distributed e-cash from bitcoin. In 2013 IEEE Symposium on Security and Privacy.

Digital Library

[32]

Satoshi Nakamoto. 2008. Bitcoin: A peer-to-peer electronic cash system. (2008).

[33]

Morgen Peck. 2016. The Crazy Security Behind the Birth of Zcash, the Inside Story. IEEE Spectrum (2016). https://spectrum.ieee.org/tech-talk/computing/ networks/the-crazy-security-behind-the-birth-of-zcash

[34]

Torben Pryds Pedersen. 1992. Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing. In Advances in Cryptology - CRYPTO '91.

[35]

David Pointcheval and Olivier Sanders. 2016. Short randomizable signatures. In Cryptographers' Track at the RSA Conference.

[36]

Tim Ruffing, Sri Aravinda Thyagarajan, Viktoria Ronge, and Dominique Schroder. 2018. (Short Paper) Burning Zerocoins for Fun and for Profit-A Cryptographic Denial-of-Spending Attack on the Zerocoin Protocol. In 2018 Crypto Valley Con- ference on Blockchain Technology (CVCBT).

[37]

Eli Ben Sasson, Alessandro Chiesa, Christina Garman, Matthew Green, Ian Miers, Eran Tromer, and Madars Virza. 2014. Zerocash: Decentralized anonymous payments from bitcoin. In Security and Privacy (SP), 2014 IEEE Symposium on.

Digital Library

[38]

Sveriges Riksbank. 2020. The Riksbank's e-krona pilot. https://www.riksbank.se/ globalassets/media/rapporter/e-krona/2019/the-riksbanks-e-krona-pilot.pdf.

[39]

Alin Tomescu, Adithya Bhat, Benny Applebaum, Ittai Abraham, Guy Gueta, Benny Pinkas, and Avishay Yanai. 2022. UTT: Decentralized Ecash with Accountable Privacy. Cryptology ePrint Archive (2022).

[40]

Gavin Wood. 2014. Ethereum: A secure decentralised generalised transaction ledger. (2014).

[41]

Karl Wüst, Kari Kostiainen, Vedran Čapkun, and Srdjan Čapkun. 2019. PRCash: Fast, private and regulated transactions for digital currencies. In International Conference on Financial Cryptography and Data Security.

Digital Library

[42]

Karl Wüst, Kari Kostiainen, Noah Delius, and Srdjan Capkun. 2021. Platypus: A central bank digital currency with unlinkable transactions and privacy preserving regulation. Cryptology ePrint Archive, Paper 2021/1443. https://eprint.iacr.org/ 2021/1443.pdf

[43]

Karl Wüst, Sinisa Matetic, Moritz Schneider, Ian Miers, Kari Kostiainen, and Srdjan Čapkun. 2019. Zlite: Lightweight clients for shielded zcash transactions using trusted execution. In International Conference on Financial Cryptography and Data Security.

Digital Library

[44]

Wolfie Zhao. [n.d.]. Chinese State-Owned Bank Offers Test In- terface for PBoC Central Bank Digital Currency. Coindesk. 2020. https://www.coindesk.com/chinese-state-owned-bank-offers-test-interface-for-pboc-central-bank-digital-currency (retrieved 2021-04-14)

Cited By

Ismayilov GÖzturan C(2025)PTTS: Zero-knowledge proof-based private token transfer system on Ethereum blockchain and its network flow based balance range privacy attack analysisJournal of Network and Computer Applications10.1016/j.jnca.2024.104045233(104045)Online publication date: Jan-2025
https://doi.org/10.1016/j.jnca.2024.104045
Gao LZhang JYu JTang YZeng Z(2024)BPA: A decentralized payment system that balances privacy and auditabilityAIMS Mathematics10.3934/math.20243029:3(6183-6206)Online publication date: 2024
https://doi.org/10.3934/math.2024302
Zhaolu TWan ZWang H(2024)Division of Regulatory Power: Collaborative Regulation for Privacy-Preserving BlockchainsIEEE Transactions on Information Forensics and Security10.1109/TIFS.2023.334826819(2533-2548)Online publication date: 1-Jan-2024
https://dl.acm.org/doi/10.1109/TIFS.2023.3348268
Show More Cited By

Index Terms

Platypus: A Central Bank Digital Currency with Unlinkable Transactions and Privacy-Preserving Regulation
1. Applied computing
  1. Electronic commerce
    1. Digital cash
2. Security and privacy
  1. Systems security
    1. Distributed systems security

Recommendations

Blockchain application for central bank digital currencies (CBDC)
Abstract
Central Bank Digital Currency (CBDC) is a digital version of domestic currency with a unit of account equivalent to its domestic currency. Blockchain or Distributed Ledger technology (DLT) can be used to implement CBDC to execute and settle peer-...
Traversing Bitcoin's P2P network: insights into the structure of a decentralised currency

Lots of existing work addresses the analysis of Bitcoin's publicly available transaction graph. There are evaluations of the user's anonymity and privacy, but no proper measurements of the underlying network. This paper presents novel insights about ...
Anonymity on blockchain based e-cash protocols—A survey
Abstract
The transactions in blockchain framework, based cryptocurrencies are publicly available, thereby accessible to all users by design. However, the anonymity of blockchain transactions is necessary for acceptance of such frameworks. There ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security

November 2022

3598 pages

ISBN:9781450394505

DOI:10.1145/3548606

General Chairs:
Heng Yin
University of California, Riverside
,
Angelos Stavrou
Virginia Tech
,
Program Chairs:
Cas Cremers
CISPA Helmholtz Center for Information Security
,
Elaine Shi
Carnegie Mellon University

Copyright © 2022 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 November 2022

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS '22

Sponsor:

SIGSAC

CCS '22: 2022 ACM SIGSAC Conference on Computer and Communications Security

November 7 - 11, 2022

CA, Los Angeles, USA

Acceptance Rates

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

12
Total Citations
View Citations
679
Total Downloads

Downloads (Last 12 months)244
Downloads (Last 6 weeks)28

Reflects downloads up to 26 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Ismayilov GÖzturan C(2025)PTTS: Zero-knowledge proof-based private token transfer system on Ethereum blockchain and its network flow based balance range privacy attack analysisJournal of Network and Computer Applications10.1016/j.jnca.2024.104045233(104045)Online publication date: Jan-2025
https://doi.org/10.1016/j.jnca.2024.104045
Gao LZhang JYu JTang YZeng Z(2024)BPA: A decentralized payment system that balances privacy and auditabilityAIMS Mathematics10.3934/math.20243029:3(6183-6206)Online publication date: 2024
https://doi.org/10.3934/math.2024302
Zhaolu TWan ZWang H(2024)Division of Regulatory Power: Collaborative Regulation for Privacy-Preserving BlockchainsIEEE Transactions on Information Forensics and Security10.1109/TIFS.2023.334826819(2533-2548)Online publication date: 1-Jan-2024
https://dl.acm.org/doi/10.1109/TIFS.2023.3348268
Ahuja APani SKanchanapalli SVigneswaran RRajan MLodha S(2024)LIMBOCOIN: On the Denial-of-Service of Token based Retail CBDCs2024 IEEE International Conference on Blockchain and Cryptocurrency (ICBC)10.1109/ICBC59979.2024.10634471(325-333)Online publication date: 27-May-2024
https://doi.org/10.1109/ICBC59979.2024.10634471
Kaur G(2024)Privacy implications of central bank digital currencies (CBDCs): a systematic review of literatureEDPACS10.1080/07366981.2024.2376794(1-37)Online publication date: 15-Jul-2024
https://doi.org/10.1080/07366981.2024.2376794
Zhou XLi WZhong L(2024)A supervised privacy preservation transaction system for aviation businessPeer-to-Peer Networking and Applications10.1007/s12083-024-01647-517:4(1898-1913)Online publication date: 10-Apr-2024
https://doi.org/10.1007/s12083-024-01647-5
Sarencheh AKiayias AKohlweiss M(2024)PARScoin: A Privacy-preserving, Auditable, and Regulation-friendly StablecoinCryptology and Network Security10.1007/978-981-97-8013-6_13(289-313)Online publication date: 2-Oct-2024
https://doi.org/10.1007/978-981-97-8013-6_13
Badertscher CJourenko MKarakostas DLarangeira M(2024)Scalable and Lightweight State-Channel AuditsCryptology and Network Security10.1007/978-981-97-8013-6_12(264-288)Online publication date: 24-Sep-2024
https://dl.acm.org/doi/10.1007/978-981-97-8013-6_12
Oude Roelink BEl‐Hajj MSarmah D(2024)Systematic review: Comparing zk‐SNARK, zk‐STARK, and bulletproof protocols for privacy‐preserving authenticationSECURITY AND PRIVACY10.1002/spy2.401Online publication date: 18-Apr-2024
https://doi.org/10.1002/spy2.401
Krishnan RKandasamy LPerumal EMariyappan MSankar Ganesh KGovindaraj MMalali A(2023)Youth Intention Towards Implementing Digital CurrencyGlobal Perspectives on Social Media Usage Within Governments10.4018/978-1-6684-7450-1.ch018(276-296)Online publication date: 30-Jun-2023
https://doi.org/10.4018/978-1-6684-7450-1.ch018
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents