Regarding digital currencies, the authors focus on 1) the security issues with the advent of quantum computers and 2) the privacy issues in relation with CBDC's wider collection of personal data. Many legal issues can be solved using technology. Thus, they propose central banks to adopt their privacy-enhancing technologies in cryptography, called “SK4SC,” which performs KYC (know your customer) while keeping PKI (public key infrastructure)-registered trading partners anonymous. Security and privacy in digital currency can be trade-offs. For example, the AML/CFT effort requires the collection of personal information about innocent people, which can be detrimental to their privacy. On the other hand, excessive restrictions on the collection of personal information to protect privacy may weaken the AML/CFT. However, adopting SK4SC can resolve the trade-offs by anonymizing KYC, which is essential for the AML/CFT.
TopIntroduction
While various private and national digital currencies, including cryptocurrencies such as bitcoins and CBDCs (Central Bank Digital Currencies), have rapidly developed, security and privacy concerns still exist. Usually speaking, personal freedom of being free from potential hazards is defined as security, while privacy is defined as being free from unwanted attention. In other words: a) Rapid advances in quantum computers will sooner or later break existing cryptography. At that time, the authentication itself necessary for online payment is broken, so security is significantly reduced. Therefore, we need to switch from existing cryptography to quantum-safe cryptography. b) In AML/CFT (Anti-Money Laundering and Combating the Financing of Terrorism), privacy concerns remain as before, even if security is enhanced with quantum-safe cryptography. Therefore, it is necessary to strengthen both security and privacy by developing a new cryptographic application system that incorporates cryptography into an ingenious management method.
Regarding the privacy concern, let us consider a CBDC as an example. A CBDC that collects information on consumers has serious privacy implications. In the past, when transactions were digitized, there were many incidents in which a large amount of personal information was stolen instantaneously by so-called man-in-the-middle attacks by hackers. CBDC poses a similar threat from hackers. Moreover, according to Sheluchin (2020), establishing a CBDC would allow the central bank to collect more information on its consumers than ever before. These personal details and data could then be shared with law enforcement without needing a warrant, which currently require a warrant to investigate the spending habits of an individual. Now that the authorities have not decided how to obtain a warrant in the case of CBDC, there are concerns about the unintended exploitation of users' personal information when it comes into effect. The introduction of any centralized cryptocurrency through the central bank should be subject to scrutiny since it would likely lead to an unprecedented level of state surveillance.
As for the security concern, let us remind the issue of quantum-resistant cryptography by referencing the U.S. NIST (National Institute of Standard and Technology) homepage (NIST (2022)), which explains as follows:
In recent years, there has been a substantial amount of research on quantum computers – machines that exploit quantum mechanical phenomena to solve mathematical problems that are difficult or intractable for conventional computers. If large-scale quantum computers are ever built, they will be able to break many of the public-key cryptosystems currently in use. This would seriously compromise the confidentiality and integrity of digital communications on the Internet and elsewhere. The goal of post-quantum cryptography (also called quantum-resistant cryptography) is to develop cryptographic systems that are secure against both quantum and classical computers, and can interoperate with existing communications protocols and networks. The question of when a large-scale quantum computer will be built is a complicated one. While in the past it was less clear that large quantum computers are a physical possibility, many scientists now believe it to be merely a significant engineering challenge. Some engineers even predict that within the next twenty or so years sufficiently large quantum computers will be built to break essentially all public key schemes currently in use. Historically, it has taken almost two decades to deploy our modern public key cryptography infrastructure. Therefore, regardless of whether we can estimate the exact time of the arrival of the quantum computing era, we must begin now to prepare our information security systems to be able to resist quantum computing.