4 Reasons For A Case Against Central Bank Digital Currency or CBDC

It seems that their widespread adoption is only a matter of time, with G7 officials approving principles for central bank digital currency (CBDC) and more than 80 countries having launched some type of CBDC initiative. CBDC, a digital version of central bank money that is accessible to the public, is basically a group of individuals and businesses having access to savings and transaction accounts with their home central bank.

The first CBDC programs were implemented by the Bahamas, China, and Nigeria. More are expected to follow. CBDC, if successful, could help policy-makers reach goals around payment efficiency and financial inclusion. It also provides access to safe central banks money in an era of digital payments.

Central Bank Digital Currency as a software

CBDC, like all digital payment systems, is susceptible to hacking, data and account breaches, theft, counterfeiting and other challenges that are related to quantum computing. Citizens must feel confident about CBDC’s security in order to be comfortable with it. It will fail if it doesn’t carefully plan and invest in a strong cybersecurity strategy. Cyber security best practices should be considered by decision-makers, such as the ones published by the US National Institute of Standards and Technology and the Microsoft “STRIDE” model.

This article summarizes key points in the World Economic Forum’s white paper on CBDC Technology Considerations. It also outlines additional critical considerations for CBDC cybersecurity.

How can we ensure that CBDC remains secure for many decades to come? Below, we discuss four key aspects of its cyber security:

1. Credential theft and loss

Access credentials to the CBDC are required for funds transfer and access. These credentials can be in the form of a passphrase, which could be communicated on paper, or a hardware token that holds the private keys. No matter what form it is, there are significant risks of credential theft or loss. Account funds and data may be compromised.

Passphrases are a common way to steal data. With the modern arsenal of attackers at their disposal, methods such as side-channel attacks, malware, and social engineering could all be used to steal credentials from a CBDC user’s device. CBDC users shouldn’t lose their data and passphrases if they are damaged or lost due to fire/water, natural disasters, or other factors. The system should include credential recovery mechanisms.

A multi-signature (“multisignature”) wallet is one that a CBDC might use to store its credentials. This wallet can be used by at least two trusted parties (e.g. the central bank and/or relatives or contacts of the end user). Multi-sig wallets have the disadvantage of being less user-friendly as one must coordinate with at least one party for any transfer. These security-usability compromises are not uncommon with internet banking, where 2 Factor Authentication (2FA), is very common. A CBDC based on old technology could allow a privileged authority to simply update a database entry by adding new credentials.

2. Users who hold privileged positions

One concern is that government officials, law enforcement, and other agents could have roles that permit privileged actions such as freezing or withdrawing funds from CBDC accounts without consent. These capabilities are compatible with current compliance procedures in regulated payments systems. Although such roles are expected to be a functional requirement for a CBDC they can also allow malicious insiders access to the system. Like other types of information security the central bank and all intermediaries should prepare and implement a cybersecurity risk management plan that covers such privileges. Multi-party protections such as multisignature wallets and other protections could make it more difficult to attack.

Malicious validator nodes could pose security risks if the CBDC uses blockchain technology. Nodes are non-central banks entities that have the power to validate and invalidate transactions. They can also compromise the independence and monetary authority of the central bank by accepting or rejecting transactions contrary to its intention. It is not recommended that non-central bank nodes have transaction validation powers, unless it is absolutely necessary.

3. System integrity and “double expenditure”

Depending on the consensus protocol used non-central banks nodes could declare transactions invalid. This would effectively block them from being accepted by network.

Non-central bank nodes may also collude to enable “double-spending,” a type of counterfeiting in which the CBDC is spent multiple time illegitimately. The distributed ledger may be “frozen” by the nodes, which creates a new track and view of transactions that are not in line with the central bank’s. Digital counterfeiting could also be a possibility for CBDC users to try and spend money from their wallets in different places. Double-spend risk is greater if the CBDC has offline capability. Depending on the technology used, double-spend transactions could also be sent to offline entities, without the same high-security validation process as online.

The impact of these attacks could be minimized by limiting spending and limiting transaction frequency while the CBDC user is offline. Additionally, compliance software could sync transactions with those that were agreed upon when a device conducting transactions is “online”.

4. Quantum computing

Quantum computing will eventually impact all financial services because it compromises key data encryption methods and cryptographic primitives that protect access to, confidentiality, and integrity of data stored or transmitted. CBDC is not an exception. Hence, technology design must take into consideration the risk of quantum computers emerging that could compromise cryptography used to secure CBDC accounts. The vulnerability of certain primitives in future quantum computing should be considered by central banks. Quantum computers might also be able to decrypt the cryptography of the CBDC system in the future without detection.

The most crucial elements of CBDC technical design are cybersecurity and technical resilience. A weak cyber security strategy, not considering the above risks, could lead to compromises in citizen data and funds and impact the CBDC programme’s success, reputation of the central bank, and wider opinions about the new currency. Based on past cybersecurity failures, security is more than just keeping bad guys out or limiting unauthorized account access. It must encompass all risks and be holistic to ensure that the system functions as intended and maintains its integrity. CBDC will only succeed in reaching its goals if it is comprehensive and thorough.