Central Bank Digital Currencies: Where is the Privacy, Technology, and Anonymity?

TL;DR

This paper explores how privacy can be defined and enhanced in Central Bank Digital Currencies (CBDCs) using Privacy-Enhancing Technologies, highlighting the gap between design and implementation stages.

Contribution

It provides a comprehensive privacy definition for CBDCs and maps it to cryptographic features, validated through analysis of 20 current CBDC case studies.

Findings

Privacy can be incorporated during design but often not in the final launched CBDC.

A comprehensive privacy framework can guide CBDC development.

Multiple PETs are applicable to enhance privacy in CBDC systems.

Abstract

In an age of financial system digitisation and the increasing adoption of digital currencies, Central Bank Digital Currencies (CBDCs) have emerged as a focal point for technological innovation. Privacy compliance has become a key factor in the successful design of CBDCs, extending beyond technical requirements to influence legal requirements, user trust, and security considerations. Implementing Privacy-Enhancing Technologies (PETs) in CBDCs requires an interdisciplinary approach, however, the lack of a common understanding of privacy and the essential technological characteristics restricts progress. This work investigates: (1) How privacy can be defined within the framework of CBDCs and what implications does this definition have for CBDCs design? and (2) Which PETs can be employed to enhance privacy in CBDC design? We propose a comprehensive definition for privacy that is mapped to the cryptographic landscape for feature implementation. The research is validated against case studies from 20 current CBDCs. The study shows that comprehensive privacy can be designed in the proposal stage, but that privacy does not reach the launched version of the CBDC.