eCurrency and Crunchfish are partnering to offer an offline CBDC solution
eCurrency and Crunchfish are partnering to offer an offline central bank digital currency (CBDC) solution. The eCurrency retail CBDC platform enables central banks to issue secure digital bearer instruments utilizing the Digital Symmetric Core Currency Cryptography (DSC3) technology and supporting tiered distribution through existing banking and fintech ecosystems. Crunchfish offers digital cash solutions where payments can be made completely offline without compromising personal privacy.
Crunchfish’s Digital Cash Solutions are built on two-tier offline vs. online settlement architecture. The heart of the solution is an offline wallet that may either use the secure element provided by the mobile OS or run as a trusted applications in V-OS virtual secure element. The offline wallet securely maintains an offline balance that is utilised for offline transactions. The transactions are cryptographically signed by the payer, assigned to the payee and guaranteed as they are debited against the offline balance. The payee verifies the guaranteed offline payments in an application running on a mobile, card terminal or personal computer. Transaction logs are settled when either party goes online.
I highlight that last bit because the Crunchfish solution isn’t what I have in mind when I think about offline payment systems. What I have in mind is a stored value platform that would take the form of a card or a device on which prepaid values are stored locally and transferred peer-to-peer without ever having to be online. Such a platform would be of interest for countries or regions where large population segments are excluded from the formal financial sector or internet access. The concept is technically quite feasible – WhisperCash already offers such a credit card-sized device.
Attempts to implement such systems during the 1990s via rechargeable smart cards like MintChip, Mondex and VisaCash failed to develop enough customer acceptance to become viable (see Matonis, 2012 and Bátiz-Lazo and Moretta, 2016). Also, at the time, computer scientists argued that such smartcards could never be strong enough to support existing currency schemes (Stalder, 2002). However, rapid technological progress since then is likely to have addressed some of these security concerns, such as the complex offline capable dynamic data authentication/combined dynamic data authentication security features for stored value cards.
In fact, the Bank of Canada is exploring such a custom universal access device (UAD) to securely store and transfer CBDC. Such a device would be manufactured at a low cost and issued by the Bank to ensure maximum inclusion, and be network-independent and operate for long periods on a local power source. If there is an infrastructure failure, a UAD may prevent the interruption of digital transactions.
Premium on Grayscale’s GBTC Drops
Following the recent bitcoin price pullback, the latest Skew data now indicates that the premium rate on Grayscale’s GBTC is under 10%. Institutional and accredited investors who placed an arbitrage trade on the premium (short the underlying bitcoin and buy GBTC) having to close out their positions (buyback bitcoin and sell GBTC) causing downwards pressure on the premium. Also, retail demand may be leveling off after the recent bitcoin dip, and competition is increasing (e.g., 3iq and Osprey’s Bitcoin Trust).
Analysts warn of ‘institutional exhaustion’ with Bitcoin price back below $32K
Analysts at QCP Capital, a team of traders in Asia, see several signs of “institutional exhaustion.” They did a timezone analysis which broke down BTC moves into Asia hours vs. US hours (12 hours each). Since March last year, the clear pattern has been relentless US buying while Asian whales and miners have been on the offer.
* The views expressed herein are those of the author and should not be attributed to the International Monetary Fund, its Executive Board or its management.
WhisperCash's Razvan Dragomirescu (on Twitter) expressed some discomfort with Crunchfish's V-OS Virtual Secure Element. That's a software emulation of a secure element without the tamper resistance (currently certified at FIPS 140-2 Level 1. https://www.v-key.com/services/security-assurance-through-certifications-and-penetration-tests/
He also wonders whether a simple device backup before a payment, then a restore would allow a double spend attack offline since the terminal would be reverted to its previous state. Obfuscation doesn't really help there, the attacker wants to turn back time, not extract a key.