>"Personal data would be fully protected. Banks, not even the ECB, would not see or be able to trace, people's personal details or data. Offline payments would offer a similar level of privacy as cash does today," Dombrovskis told reporters.
Yeah, lol no I'm not buying that. Maybe if the actual architecture and source code gets open sourced and people more knowledgeable than me audit it...
In my country already 80% of all transactions are electronic. I personally haven't used cash in ages.
There's nothing to attempt we've been living this way for a long time and nothing bad has happened. Just don't vote for a Christian fascist party led by a narcissist moron.
This sure reads like a press release announcing a project that hasn't been designed or built yet.
Promising complete privacy and fully offline transactions both sound dubious.
What mechanisms would be in place to allow me to transfer money from my KYC bank account to an anonymous wallet without it being tracked?
If the max is €3000 but it's entirely private, how could they possibly know I don't have a higher balance or multiple wallets?
What tech is even being used to allow fully private, offline transactions in the first place? How does the receiver verify that the digital cash is legit? And how does the network ensure that the money wasn't double spent while offline?
So many questions here, and I can't help but have a hunch that the gaps in description would be blocked by fundamental technical limitations.
> What mechanisms would be in place to allow me to transfer money from my KYC bank account to an anonymous wallet without it being tracked?
I really doubt that they intend do use it, but zero-knowledge cryptography indeed can accomplish this, so there is no technical limitation afaik.
> If the max is €3000 but it's entirely private, how could they possibly know I don't have a higher balance or multiple wallets?
This gets trickier. Let's say we limit to 3000 per account (and use whatever else to limit accounts/person). This would be possible, but would also reveal the amount on the account: try to send decreasing amounts, first one that succeeds reveals previous balance. There's probably an entity that can simulate sending too.
> What tech is even being used to allow fully private, offline transactions in the first place? How does the receiver verify that the digital cash is legit? And how does the network ensure that the money wasn't double spent while offline?
> I really doubt that they intend do use it, but zero-knowledge cryptography indeed can accomplish this, so there is no technical limitation afaik.
It's really hard to say without details of how the proposed system would actually work, but I don't think they can get away from KYC laws.
They'd still have the on ramp / off ramp problem of existing cryptocurrencies, my bank would know how much I transferred and some unique identifier of either my wallet or the transaction. Assuming that offline transactions aren't possible, the network would also know every transaction made and could link that back to my original bank deposit.
> And despite those drawbacks, it's still better than the VISA/MC duopoly on online payments
I'm always torn on this one. I really dislike monopolies (or duopolies in this case) and functionally the government has enough power today to compel Visa/MC to do whatever they want. Though as long as they are technically not part of the government we have a chance to rip apart that government power and remove their control of the financial institutions.
I have no real hope that those in charge would actually let it happen, but that small chance is gone if the government is running things directly.
Usually, in the context of these privacy-preserving payment systems, online vs offline refers to whether the merchant has to be online to check if the 'coin' they received is valid (authentic and not doubly spent). The user usually has no reason to be online at all, since they withdrew the coin already in the past.
By that definition neither the wallet holder nor the merchant would have to be online for a real 'offline' system.
GNU Taler e.g. is an online system on the other hand, where the merchant has to be online for pragmatic reasons. It's kind of sad to see them being categorically excluded by this requirement. Their the best we currently have afaik.
That could very well be what they mean, though that isn't offline at all and is no different than my offline credit card being run through an online card reader
If they want to compare it to cash, I'd have to be able to give you the money directly without any network verification. Just the step of a receiver having to ask the network to validate means there is no guarantee of privacy.
I'd like to know more about the technical implementation.
For society, this is really important. Basically everyone needs a bank account. In some countries, the government even forces people implicitly to have one in order to pay taxes or fees.
In such a case, the government should provide a solution for this too.
Then, there are also economic implications of this. Society needs to run many banks, which uses a lot of resources (especially people). However, many people and companies only need one simple part of banking: cashless payment. Something that’s, from a technical perspective, just a database for transactions and accounts. So a default solution by the government makes sense to me.
Of course people will argue against this as the government would have full control over people’s money. But I think that’s the case anyway. Money is something inherently governmental as it’s produced by an governmental institution (central bank) and collected by the government in form of taxes.
>Of course people will argue against this as the government would have full control over people’s money. But I think that’s the case anyway.
To an extent, but (speaking for the US primarily) there is significant added friction from the current distributed nature of the legacy banking system. If it were as easy as typing a person's ID number into a form and the system would take care of the rest, it would certainly be used more freely (freezing the accounts of thousands of people attending a protest with today's system would be a monumental task, even with full judicial endorsement).
I take your point, a well designed centralized system by a competent, benevolent government would be better than having to rely exclusively on a set of private banks not beholden to a constitution. My concern there, given the track record of most governments, this will not be built without tools for control, even if they are not used right away.
It also sets a precedent for government involvement in individual transactions. Today we'll have an optional cashless payment system, tomorrow banks will start shifting over to keeping accounts with the government directly, the next all financial services will be required to use the government system for transaction processing to simplify monitoring. Anything to stop money laundering for terrorism, you know.
Fully agree. But instead of having "the government have full control over people's money", I think, setting this up as a federated cheap-to-run payment system would be even better. This would allow multiple existing banks to offer the service to their existing customers. This could reduce the risk of a fully decentralized solution a little bit.
Regarding the private, offline payment, there has been a somewhat comparable, actually offline, system in place in Germany for the last 30 or so years: https://en.wikipedia.org/wiki/Geldkarte
Probably due to its security being based on the security of the embedded smart card, it had a much lower limit and other than my father showing me how it worked 20 years ago I have neither used nor seen anybody use it.
> Having this will be an awesome replacement to the limitations of the visa/mastercard monopoly
Yes, they are a 2-3% leech on the economy in the US. In Europe, the regulators there have kept it a bit lower, which is reflected in EU credit cards having few benefits and high fees.
> I wonder how they will implement the infrastructure.
That's also what I wonder. A description of the cryptography and system would be interesting.
If this is only as anonymous as cash (i.e. unique serial numbers on every bill), then this would still be a step backwards, as it would be trivial to track individual e-bills around.
I am also surprised that they allow up to €3,000. This would make smuggling far easier/denser than physical €500/CHF1,000/USD100 notes. It could even allow a relay-attack smuggling, where the wallet is located far away from where the funds are used.
It's not impossible: techniques like those monero uses can allow for good on-chain privacy, and the limited amount and central administration of cash going in and out makes money-laundering worries a much smaller concern. The offline transactions are interesting though, I suppose again the central administration means that double-spending is not going to be quite as exploitable.
There is off course the technical issue: crypto is hard, attacks never progress to get weaker. In the realm of privacy this is especially important because you have to loose your privacy only once to not have it.
There is also the issue of contradicting incentives. To keep payments safe from crooks, no-one should be able to follow any trails. But to trace crooks making payments, the authorities need to be able to follow the money.
A central digital coin concentrates a lot of power. Money and power are a magnet for crooks.
Not saying this can't/won't/shouldn't work, but it's quite a promise to make...
Sure! If everything crypto were as simple as hashing, but protocol design and in particular privacy is not.
I was thinking along the lines of Bruce Schneier's infamous “Attacks always get better, they never get worse”.
In terms of hashes, md5 was once pretty secure. But we can't go back in time, we can't unlearn how to create hash collisions. And we can't force the world to only use 8 bit, 16 bit hardware from the 90s when brute forcing.
If the privacy of EU citizens were to solely rely on securely designed crypto of around a public ledger consider that 20 years of unbreakable crypto might be too little. What if every transaction you made 20 years ago was accessible to anyone? What if in 25 years they figured out how to make changes and no one could tell which one was authentic?
Sounds like scifi? Would probably be trivial for a block chain based on good old trusted DES.
How can they make it work offline while protecting the money from being duplicated?
That's something that I don't quite understand.
Would they give a unique ID to each cent so that if two with the same ID appear they see the discrepancy, but even that wouldn't work for offline, unless if they're planning to make it so that you have to go online every set period of time and then they verify the money.
Chaum designed and tried to commercialize an anonymous + offline payment system in the 90s already.
Basically he used (and invented) blind signatures to allow the bank to sign a 'coin' without knowing what they signed. The customer takes the blindly signed coins from the bank, pays at a merchant and later the merchant deposits the coins at the bank again, where the signature is checked.
In this context offline just means that the merchant can verify the authenticity of the coin without immediately needing a connection to the bank. At some point in the future, however, the merchant will have to connect to the bank to get their money.
Check out his original paper for details[1].
Offline systems have drawbacks, though. E.g the GNU Taler people made the pragmatic decision to have an online system. See chapter 1.2.1 'Offline vs Online' of Florian Dold's Phd thesis for a discussion on why[2].
> How can they make it work offline while protecting the money from being duplicated?
It's not actually possible to prevent this entirely. It's not even possible with physical currency. You can always look at a bank note and make an exact-enough duplicate, then spend it twice.
> they're planning to make it so that you have to go online every set period of time and then they verify the money.
That's not a hard requirement, but yes. The central bank is the final authority on what currency is counterfeit or not.
-----
For current technology, I think it's probably sufficient to have a smart card issued by the central bank, with an embedded certificate chained to the central bank. For offline transactions, the two cards can establish an encrypted stream, mutually verify that they were attested by the central bank, and then mark notes as transferred to the other party in TXN#X, run the transfer, then delete the notes entirely.
Interrupting the process might leave the notes in a partial state (marked for transfer to a particular smart card), but the connection can be reestablished to try again, so long as the TXN# isn't incremented by another transaction.
Now you have to hack a smart card processor to double spend (and only offline, and still detectable), which is of similar difficulty and risk to making counterfeit banknotes.
Maybe North Korea will sell you an infinite money card, but it will only get you free coffee when hiking in the Alps, and only until that card's certificate is added to the revocation list and people update their transfer boxes.
It's private for the user. Transactions are only between you and the merchant. Credit card networks, PayPal, etc are all third parties with insight into all Payments going through them globally.
It's offline. Neither you nor the merchant have to have a connection to the bank for the transaction to happen.
It ultimately comes down to being able to go to a physical location and get coins/paper or not.
I just don't see what the value is of having my account denominated in a way that getting coins/paper is gone. Even if we went to all digital money tomorrow we would probably quickly get a bank that denominates in gold and gives you back paper slips for proof of deposit. Or doesn't even bother with gold and gives paper slips of electronic currency deposits.
We can't even get rid of useless pennies in the US.
Yeah, lol no I'm not buying that. Maybe if the actual architecture and source code gets open sourced and people more knowledgeable than me audit it...