Offline CBDC
Thales and Secretarium have been collaborating since 2022 on offline CBDC. This paper presents our technical approach.
Offline CBDC payments
Thales has decades of experience in smart payment cards, mobile payments and secure payment applications. They have developed technology that supports strong identity verification, payment data encryption and multiple authentication schemes - including biometrics.
Secretarium won the Monetary Authority of Singapore (MAS) Global CBDC Challenge in 2021 and is a global leader in digital cash solutions. Thales and Secretarium have been collaborating since 2022 and our solution is used in a number of projects with central banks all over the world.
The Thales CBDC PoC leverages tamper proof hardware - the Secure Element - which is commonly used in smart cards. Secretarium has been providing the privacy-preserving Monitoring and Detection System, an advanced piece of engineering based on Confidential Computing to stop the circulation of potential counterfeited digital cash. Read more.
The PoC comprises the following elements:
- Smart cards and smartphones. The solution supports multiple transact types: card to phone, phone to card or phone to phone.
- A Digital Currency Provider (DCP) server. The DCP server manages loading (or unloading) digital currency into (from) the device and handling online transactions between devices. The DCP server interfaces with the CBDC core ledger via the Core Ledger Gateway and will typically be operated by the Central Bank or an accredited entity.
- A Monitoring and Detection System. This component, based on Secretarium's confidential computing platform, stores and monitors the history of transactions that took place offline between devices. It provides key econometric indicators and, most importantly, detects issues such a loss of digital currencies or the fraudulent creation of digital currencies.
- A directory of Secure Element identifiers.
Key design elements in the PoC include:
- The use of tokens. The system uses UTXO cryptocurrency techniques by chaining offline payments. When paying offline, a new token is computed in the payer device using funds from one or several token(s) previously stored in this device (funding tokens). A similar UTXO token, for the remaining/unspent amount, is stored in the payer device.
- Successful storage for credits and debits. Storage of the remaining amount token in the payer device causes the payer device to be debited - and the payee device to be credited. This transfer is final and irrevocable. There is no need for back-end settlement.
- No more offline payments after the limit is reached. After this point, the device will have to perform an online transaction during which the complete token history is uploaded to the DCP server, erased from the device memory and replaced in the device by a single small new token of same value. This re-origination process is called a renewal.
- Token histories are uploaded to the Monitoring and Detection System. This privacy-preserving system is used for IT and econometric monitoring purposes. It also detects fraud (double spends or fake funding tokens) and can recover lost funds due to offline transaction interruptions.
References
Bank of England
The Thales POC was chosen by the Bank of England for its evaluation of offline CBDC payments. In a four-month project, Thales delivered:
- Workshops on the different aspects of the offline CBDC system.
- Integration with a core ledger leveraging the Rosalind APIs jointly defined by the Bank of England and the Bank for International Settlement.
- Provision of cards, phones and servers to test the POC.
- A 50-page report on the project.
Thales is now helping the bank's CBDC Technology Forum to progress the design phase of the digital Pound.
Reserve Bank of Australia (RBA)
RBA chose Thales as one of the partners for its pilot in two Australian universities (RMIT and Southern Cross). Students used smart cards to make contactless payments with digital Australian Dollars (eAUD) to merchants with CBDC-enabled smart phones. The eAUDs were minted by RBA on a core ledger and distributed to ANZ.
Bank of International Settlements (BIS)
Thales collaborated with BIS on the banks' landmark Rosalind and Polaris API projects. We used the APIs to load and unload offline-capable devices with funds coming from a user wallet on the core ledger.
We participated in a deep dive workshop with BIS. Our contribution can be seen in the handbook for offline payments with CBDC as well as in the High-level design guide for offline payments published by BIS.
Get in touch
If you want to know more about our technology, please don't hesitate to schedule a free demo with our experts.
Read next
We actively engage in highly innovative projects. Explore our latest publications featuring our cutting-edge technology.
Preventing Forking, Cloning & Rollback Attacks
Forking, cloning, and rollback attacks threaten application security in TEEs like Intel SGX. Secretarium mitigates these risks.
Google Champions Secretarium
Secretarium has been recognised by Google as one of "16 startups using AI to make our world safer", highlighting our cutting-edge approach to secure and confidential computing.
Engineering Resilience: Redefining Fault Tolerance
How advanced consensus mechanisms like Secretarium's BFT-RAFT are pushing the boundaries of distributed computing.
Honest Computing
Systems that can't lie: Inside Secretarium's new "Honest Computing" technological solution.
Apple Intelligence
Apple believes Private Cloud Compute is "nothing short of the world-leading security architecture for cloud AI compute at scale".
Improving Secure Enclaves Interoperability
With the Secretarium SDK v3, we have introduced a radical improvement in enclaves communication.
Fraud & Scam
A collaborative approach to financial crime detection and prevention would significantly improve accuracy and efficiency.