commit cec682e8b3c4a82b3f146ac0f54b88e45a0ab00c
parent 8eaf8e4f8bc228b541740e19434cd428a8315043
Author: Christian Grothoff <christian@grothoff.org>
Date: Sun, 23 Dec 2018 12:36:42 +0100
elaborating a bit more
Diffstat:
1 file changed, 71 insertions(+), 50 deletions(-)
diff --git a/2018-cbdc-response/taler-cbdc.tex b/2018-cbdc-response/taler-cbdc.tex
@@ -30,8 +30,9 @@ footskip=1cm]{geometry}
\begin{document}
-\title{Taler as the Foundation for a European Retail CBDC}
-\date{}
+\title{Taler as the Foundation \\ for a European Retail CBDC}
+\author{Florian Dold}
+\date{\today}
\maketitle%\vspace{-15ex}
This note elaborates on how the open source payment system GNU Taler fits into the
@@ -48,58 +49,69 @@ features.
The following components form the core of the system:
\begin{enumerate}
- \item An \emph{Electronic wallet} software stores cryptographic tokens of
- value (called digital coins), implemented via blind signatures. Wallets
- are typically managed by the end user, a \emph{wallet provider} can manage
- storage of cryptographic material for the user, and can provide backup,
- synchronization and recovery.
-
- \item The \emph{Exchange} issues digital coins to wallets, after receiving
- money on a transit account. As blind signatures are used, the exchange
- knows that it issued coins of a certain monetary value, but not to which
- wallet. Digital coins are always denominated in a fiat currency (e.g.
- Euro).
-
- \item The \emph{Merchant} receives digital coins from customers and transmits
- them to the exchange. After validating these coins, the exchanges sends
- money from the transit account to the merchant's bank account. Transfers
- can be aggregated to allow micropayents of even fractions of a cent.
-
- \item The \emph{Auditor} is a central entity that certifies which Exchanges
- are to be trusted as legitimate, and how much digital coins an exchange
- can issue during a given time frame. Merchants typically accept digital coins
- from all exchanges that are certified by the centrally trusted auditor.
- Additionally the Auditor has a software component that conducts frequent
- automated checks of the Exchanges' transaction history and database to
- detect if they deviate from their expected operation.
+ \item An \emph{Electronic wallet} software stores cryptographic
+ tokens of value (called digital coins), implemented via blind
+ signatures. Wallets are typically managed by the end user; a
+ \emph{wallet provider} can manage storage of cryptographic
+ material for the user, and can provide backup, synchronization and
+ recovery.
+
+ \item The \emph{Exchange} issues digital coins to wallets, after
+ receiving money in a escrow account. The authorized electronic
+ wallet is identified using an ephemeral \emph{reserve public key}
+ encoded in the wire transfer subject. As blind signatures are
+ used, the exchange knows that it issued coins of a certain
+ monetary value, but not to which wallet. Digital coins are always
+ denominated in a fiat currency (e.g. Euro).
+
+ \item The \emph{Merchant} proposes contracts to customers and
+ receives payment in the form of contracts signed using digital
+ coins. The merchant must then immediately clear these
+ \emph{deposit permissions} with the exchange. The exchange checks
+ against double-spending, and if everything is in order provides
+ the merchant with an instant \emph{deposit confirmation}. After
+ possibly aggregating many micro-transactions, the exchanges sends
+ money from the escrow account to the merchant's bank account.
+
+ \item \emph{Auditors} are entities that certify which Exchanges are
+ to be trusted as legitimate. Auditors must be configured in the
+ electronic wallets and the merchant's infrastructure before these
+ users accept digital coins the respective exchanges. Auditors
+ include a software component used to conduct ongoing automated
+ checks of the Exchanges' wire transaction history to detect if
+ they deviate from their expected operation. For this, auditors
+ must be provided a replica of the exchange's database and read-only
+ access to the escrow account.
\end{enumerate}
-The implementation of all core components is licensed as free and open source (FOSS) software.
+The implementation of all core components is licensed as free and open
+source (FOSS) software.
\section*{Addressing CBDC Requirements}
-We now sketch how the Taler components map to a CBDC system run by ECB/NZBs,
-according to the draft requirements. As Taler is a value-based payment system,
-we will address the common requirements C1-C8 and requirements V1-V4 specific
-to the value-based model.
-\paragraph{C1. Tokenization:} The ECB/NZBs would simultaneously take the role of the Taler Exchange
-and Taler Auditor.
+We now sketch how the Taler components map to a CBDC system run by
+ECB/NZBs, according to the draft requirements. As Taler is a
+value-based payment system, we will address the common requirements
+C1-C8 and requirements V1-V4 specific to the value-based model.
+
+\paragraph{C1. Tokenization:} The ECB/NZBs might simultaneously take the role of the Taler Exchange
+and Taler Auditor (or could outsource operations to separate commercial entities).
\paragraph{C2. Issuance:} The ECB/NZBs create new CBDC units by issuing Taler digital coins,
and destroy CBDC units by accepting digital coin deposits from merchants, subsequently releasing
-funds blocked in the transit account and sending them to the merchant's bank account.
-\paragraph{C4. 1-on-1 parity rule:} Digital coins in GNU Taler already correspond 1-on-1 to a
+funds blocked in the escrow account and sending them to the merchant's bank account.
+\paragraph{C4. 1-on-1 parity rule:} Digital coins in GNU Taler correspond 1-on-1 to a
value in a fiat currency such as the Euro.
\paragraph{C4. Two-tier structure:} With Taler, national banks can serve as
-the primary Tier-2 entity, and facilitate the transfer from a customer's bank
-account to the ECB/NZBs transit account, in exchange for letting the customer
-obtain digital coins. A secondary Tier-2 entity are the wallet providers.
+the primary Tier-2 entity, establish customer's identities (KYC) during bank
+account setup, and facilitate the transfer from a customer's bank
+account to the exchange's escrow account. A secondary Tier-2 entity are the wallet providers.
Banks can serve as wallet providers, but other third party businesses can offer
-a wallet backup/sync/restore service as well. Customers can even decide to be
+a wallet backup/sync/restore services as well. Customers can even decide to be
responsible for the security of their wallet on their own, and manage private keys directly
and on their own device.
\paragraph{C5. Compliance with AML regulation:} Strict withdrawal limits can
be placed on customers' bank accounts. Merchants can be required to collect
-customer data for transactions of large amounts. Due to the technical measures
+customer data for critical transactions. Due to the technical measures
that provide transparency of cash flows to merchants, the compliance of
merchants can be easily verified.
\paragraph{C6. Fees:} Taler has a flexible fee structure that can be adjusted so that Tier-2 banks
@@ -110,18 +122,27 @@ available with standard software deployment and operations techniques.
with Taler are processed in the order of milliseconds. Unlike DLTs, Taler can
be easily scaled both horizontally (sharding, more processing nodes) and
vertically (faster machines). Since multiple payments to a merchant can be aggregated into
-one bank transfer, even micropayments with fractions of a cent are possible.
-\paragraph{V1. Non-interest-bearing:} In Taler, digital coins do not bear interest.
+one bank transfer, even micropayments with fractions of a cent are possible. All coins
+are issued with expiration dates, ensuring that the exchange can eventually delete ancient
+transactions.
+\paragraph{V1. Non-interest-bearing:} In Taler, digital coins do not bear interest; however,
+when coins expire it is possible to charge fees when the electronic wallets trade
+expiring coins for fresh coins. This feature can be used to
+provide a mechanism for negative interest rates (for non-circulating coins).
\paragraph{V2. Limitation of bank runs:} Bank runs can be discouraged and limited with Taler: (1) Withdrawal
-limits can be imposed by the Tier-2 banks on the withdrawal of CBDC units (2) wallet providers can place limits
-on how much money can be stored in online wallets (3) customers that mange their own wallet are discouraged from
-withdrawing large amounts of CBDC units in their wallets, as they must ensure its safety similar to a physical wallet.
-\paragraph{V3. Anonymity and AML:} AML measures can be implemented upon the \emph{income transparency} feature,
-where cash flows to merchants (but not cash flows from individual customers) are visible to the exchanges (and
+limits can be imposed by the Tier-2 banks on the withdrawal of CBDC units; (2) wallet providers can place limits
+on how much money can be stored in online wallets; (3) customers that mange their own wallet are discouraged from
+withdrawing large amounts of CBDC units in their wallets, as they must ensure its safety similar to a physical wallet;
+(4) modest expiration times with modest refresh fees can make hoarding coins unattractive.
+\paragraph{V3. Anonymity and AML:} The exchange does not know which customer owns which coin
+due to the use of blind signatures during the withdrawal process.
+AML measures are based on the \emph{income transparency} feature,
+where cash flows to merchants are visible to the exchanges (and
thus ECB/NCBs). As the merchant redeems CBDC units with a transaction to their bank account, the KYC process
-already happened when the merchant opened their SEPA bank account.
-With Taler, ownership of
-digital coins between mutually distrusting parties can only be securely transferred with a digital coin deposit via the exchange.
+already happened when the merchant opened their SEPA bank account. Furthermore, the
+deposit permissions are linked to the contract with the customer, allowing authorities
+to validate the plausiblity of the transaction during tax audits.
+With Taler, ownership of digital coins between mutually distrusting parties can only be securely transferred with a digital coin deposit via the exchange.
This discourages ``invisible'' payments by sharing digital coins between wallets.
\paragraph{V4. Ownership and spending rights of CBDC:} Technically literate users can manage their own wallets
