Table of Contents
Fetching ...

Digital Euro: Frequently Asked Questions Revisited

Joe Cannataci, Benjamin Fehrensen, Mikolai Gütschow, Özgür Kesim, Bernd Lucke

TL;DR

This critique analyzes the ECB's digital euro initiative, focusing on the online/offline two-tier design, privacy implications, security risks, liability, economics, and governance. It contends that the online path centralizes data and offers limited privacy, while the offline bearer model relies on opaque hardware and faces fundamental security and liability challenges, making it impractical. The authors identify six key issues (privacy, security, liability, economic incentives, societal benefits, and governance) and propose open, privacy-preserving, FLOSS-based alternatives with voluntary merchant participation. The work underscores the importance of transparency and open standards to ensure a cost-effective, trustworthy digital euro that genuinely adds value beyond existing payment options.

Abstract

The European Central Bank (ECB) is working on the "digital euro", an envisioned retail central bank digital currency for the Euro area. In this article, we take a closer look at the "digital euro FAQ", which provides answers to 26 frequently asked questions about the digital euro, and other published documents by the ECB on the topic. We question the provided answers based on our analysis of the current design in terms of privacy, technical feasibility, risks, costs and utility. In particular, we discuss the following key findings: (KF1) Central monitoring of all online digital euro transactions by the ECB threatens privacy even more than contemporary digital payment methods with segregated account databases. (KF2) The ECB's envisioned concept of a secure offline version of the digital euro offering full anonymity is in strong conflict with the actual history of hardware security breaches and mathematical evidence against it. (KF3) The legal and financial liabilities for the various parties involved remain unclear. (KF4) The design lacks well-specified economic incentives for operators as well as a discussion of its economic impact on merchants. (KF5) The ECB fails to identify tangible benefits the digital euro would create for society, in particular given that the online component of the proposed infrastructure mainly duplicates existing payment systems. (KF6) The design process has been exclusionary, with critical decisions being set in stone before public consultations. Alternative and open design ideas have not even been discussed by the ECB.

Digital Euro: Frequently Asked Questions Revisited

TL;DR

This critique analyzes the ECB's digital euro initiative, focusing on the online/offline two-tier design, privacy implications, security risks, liability, economics, and governance. It contends that the online path centralizes data and offers limited privacy, while the offline bearer model relies on opaque hardware and faces fundamental security and liability challenges, making it impractical. The authors identify six key issues (privacy, security, liability, economic incentives, societal benefits, and governance) and propose open, privacy-preserving, FLOSS-based alternatives with voluntary merchant participation. The work underscores the importance of transparency and open standards to ensure a cost-effective, trustworthy digital euro that genuinely adds value beyond existing payment options.

Abstract

The European Central Bank (ECB) is working on the "digital euro", an envisioned retail central bank digital currency for the Euro area. In this article, we take a closer look at the "digital euro FAQ", which provides answers to 26 frequently asked questions about the digital euro, and other published documents by the ECB on the topic. We question the provided answers based on our analysis of the current design in terms of privacy, technical feasibility, risks, costs and utility. In particular, we discuss the following key findings: (KF1) Central monitoring of all online digital euro transactions by the ECB threatens privacy even more than contemporary digital payment methods with segregated account databases. (KF2) The ECB's envisioned concept of a secure offline version of the digital euro offering full anonymity is in strong conflict with the actual history of hardware security breaches and mathematical evidence against it. (KF3) The legal and financial liabilities for the various parties involved remain unclear. (KF4) The design lacks well-specified economic incentives for operators as well as a discussion of its economic impact on merchants. (KF5) The ECB fails to identify tangible benefits the digital euro would create for society, in particular given that the online component of the proposed infrastructure mainly duplicates existing payment systems. (KF6) The design process has been exclusionary, with critical decisions being set in stone before public consultations. Alternative and open design ideas have not even been discussed by the ECB.
Paper Structure (38 sections, 2 figures, 3 tables)

This paper contains 38 sections, 2 figures, 3 tables.

Figures (2)

  • Figure 1: The two versions of the digital euro with highlighted design shortcomings, as described in the subsequent sections: The online version adds another layer of complexity to already existing payment systems, with no clear benefit for the user ( KF5), but with centralized control and monitoring of transactions at the ECB ( KF1). The offline version is supposed to allow for transitive and completely anonymous payments and aims to prevent forgery by the use of supposedly "secure hardware". However, it is unlikely that the wallet hardware will withstand all possible attacks given that it is under complete physical control of the wallet owner as a potential attacker ( KF2). A successful attacker can double-spend an unlimited amount of times, as the validity of the payment bearer can only be checked as soon as the payee reconnects to the Internet. The offline version has no clear definition of liability in case of such fraud ( KF3).
  • Figure 2: Secure offline payments require securing a piece of hardware against its owner. History suggests this is impractical for consumer-grade hardware ( KF2). Each box in the figure represents an attack that broke the security promises made by its vendor. Compromising Trusted Execution Environments (TEEs) has proven possible with software-only attacks, while successful attacks on Secure Elements (SEs) mostly required physical access to the device. Mitigations thus often require hardware changes. We cannot demand people to purchase new devices anytime a "secure hardware" proves vulnerable to attacks.