How China plans to design an auditable – permission blockchain payment system
Recently People Bank of China (PBoC) said that the main purpose behind creating a new blockchain-based payment system is to mitigate the financial risk posed by existing electronic payment platforms which are highly dominated in China by just two private players – WeChat and AliPay.
Read more: Why central bank are rushing to create the digital currency
As the world’s central banks and financial service sector are closely watching the blockchain development progress, in mainland China, many view this payment system as a government tactic to gain oversight over their personal financial information.
To unrest public worries, PBoC clarified it will keep a balance between users’ privacy and regulator need for an audit. Meaning users who transact in digital currency will have their anonymity preserved, just as the case with cash transactions. At the same time for regulators, it will provide just enough auditable information to combat money laundering, terrorist financing, tax evasion, online gambling transactions and financing criminal activities.
As we know People Bank of China (PBoC) uses blockchain for developing its payment system and digital currency. Early blockchain implementations such as Bitcoin or Ethereum record transactions in a public blockchain, which makes them linkable and traceable. Several approaches exist for adding privacy to blockchain-based transactions. Such as combining transactions of several users and obscure the relation between payers and payees.
While user privacy is important, at the same time it should meet the requirements of financial regulators. Therefore, a balance is been sought out by PBoC: A permission network that hides the content of transactions without preventing authorized parties from auditing them.
So how PBoC plans to keep the balance:
Disclaimer:
Since little is known about China’s digital currency design, this article is an Op-Ed.
User’s security will be the main focal point for PBoC which depends on one piece of information. An information user must protect and not loose: Private key. If the user loses the private key, s/he also loses all the assets. PBoC may greatly reduce the risk by using a simple idea: use more than one key to sign a transaction. A “multi-layer” arrangement known as the ‘Threshold signature scheme’ to protect the user’s private key. For example, requiring 2 out of 3 signatures to successfully sign a transaction.
In such an arrangement, each participant gets a separate private key for each user’s public-address. These participants could be – users themselves, Institutions, and auditors (or regulators). For ease of use, a mobile app will store the user’s private key and through biometric fingerprint sign the transactions. Note this mobile app is not a wallet, but more like an encrypted messaging app.
For users, the front-end interface would more or less look like a transaction app while in reality, it triggers an encrypted message. Each time the user initiates a transaction, the initiator’s institute receives the details of the transaction (like payee address, amount) in an encrypted message. A copy of this encrypted message is also saved in a private database 1 -‘Records’ for audit reference.
Relationship between Institute and user:
As we know that China’s digital currency will be distributed by 7-8 institutes. Most of them are established financial institutions where their customers have already been through the KYC process. Therefore, any customer (user) from these institutes will use the provided mobile app to register, get added to database 2 – ‘White-list’ (explained later) and start initiating the transaction.
Now institutes with their set of private-key decode the message. Takes the information (like amount, recipient address, etc) and finds the receivers institute. Once found, the institution sends the currency to the receiver’s institution along with an encrypted message which adds the recipient’s address. This transaction between institutions happens in a real blockchain-based transaction system much like Bitcoin.
Why between institutions:
One reason why PBoC would still consider institutions (like commercial banks) involvement is if central bank digital currency replaces bank deposits, that could erode commercial banks’ credit channels and may have a negative impact on the economy.
The receiving institution will look for the encrypted message and decrypt to know the recipient’s address. Then sends a confirmation message to the payee-payer and the mobile app syncs to reflect the new amount. Such an arrangement hides the payee-payer relationship as the public ledger only shows the institutions transacting with each other.
In addition to the above system, there might also be another private database 2 – ‘White-list’ to keep a record of all public addresses along with user identity associated with it. Before the institute processes the transaction, they may check the authenticity of the user in this database like KYC verified user, etc.
Now for audibility, auditors would refer to the private database 1 – ‘Records’. Each user will have an auditor assigned who can decrypt the message. Remember, the use of a threshold signature scheme. This auditor could be the third participant in this multi-layer arrangement who holds separate private-key associated with the user.
By coordinating with the respective institute, the auditors decrypt the transactions and check compliance of the user’s financial transaction. If a user is using the digital currency for illegal purposes, the authorities will lock-up his/her address by changing user status as ‘not valid’ in the database 2 – ‘White-list’.
Conclusion:
Designing an auditable – permission blockchain is relatively new. There has been a commission of similar research by a few central banks. The implementation never happened due to the uncertainty of such a system. Therefore, we believe that China’s digital currency may be partially powered by a centralized database to simplify the whole system.
Given the complexity of establishing the infrastructure, the exact timeline for the DCEP launch is not set by PBoC. Also, such a system may not have smart contract compatibility.
We believe that PBoC may launch the project in a phased manner. It may start first with distributing for whole-sale purposes only, allowing transaction settlement between institutions instantly without central bank involvement. For the users, each institution may come-up with their mobile app which looks like a wallet but works as a messaging app.
Note: the interaction between institutions and users can be arranged in a distributed ledger. The use of zero-knowledge proof to keep transactions anonymous. At the same time confirm, digital asset transactions are valid and unspent. However, the authorities might have chosen to use an encrypted communication application.