Assumptions to avoid when designing retail CBDC systems (Crunchfish)
Crunchfish published a paper that argues that virtual secure elements (SEs) provide better security to retail CBDC offline platforms than hardware-based SEs. It says that hardware-based SEs are less secure due to the separation from payment app that breaks the chain of trust between the two communicating endpoints. This can result in potential attacks by replacing either endpoint with malicious ones or tampering with them and modifying their behavior during runtime. As the hardware-based SE does not have full visibility of the payment app and the mobile operating system (OS), it cannot determine the identity of the app or whether the app has been tampered with, and must “blindly” trust the OS and the app. A trusted client application for offline payments implemented in an app-integrated virtual secure element, on the other hand, has no trust gap issues and runs securely even on rooted/jailbroken mobile devices. [Read more at Crunchfish]
CBDC can gain further adoption with eSIM (G+D)
G+D’s Lars Hupel writes that eSIMs replace traditional, removable SIM cards with an embedded SIM chip directly on the device. SIM cards no longer need to be physically replaced for an update. Instead, a new eSIM can be simply downloaded. Starting with the iPhone 14 in 2022, Apple has stopped shipping physical SIM trays in the US. New models use eSIM only. By 2030, the eSIM adoption rate will reach 80% in Latin America, Southeast Asia and the Eurozone, while Middle East and North Africa is expected to reach 70%. Secure central bank digital currency (CBDC) wallets could be run easily on eSIMs. https://www.gi-de.com/en/spotlight/digital-security/time-to-adopt-the-esim [Read more on LinkedIn and G+D]
Upcoming Speaking Engagements:
- Intertribal Foreign Affairs Council Forum 2024, Yidindji, August 30-31. The conference will bring together indigenous nations to showcase the excellence of their governance practices and generate new ideas for the future. I’ll be on a panel focused on the future of money and indigenous financial inclusion. [Find out more and register here]
- CBDC Conference, Istanbul, September 10-12. The conference will offer representatives of central banks, commercial banks, technology providers, policy makers and academics the perfect platform to learn about the latest CBDC developments, exchange ideas with experts and peers. [Find out more and register here][Central bank delegates may be eligible for free registration (email registration@cbdc-conference.com to find out more)]
- Digital Currency Conference, London, September 23-24. The conference will bring together policymakers, regulators, and technology and innovation experts to network and discuss all aspects of digital currencies. And enter the KiffmeisterDCC code at registration to get a 20% discount! [Find out more and register here]
And just a reminder that I produce a monthly digest of central bank digital currency (CBDC) developments exclusively for the official sector. So (only) if you work at a central bank, ministry of finance or international financial institution (e.g., the BIS, IMF, OECD, World Bank) and who would like to receive it by email on the first business day of every month, please DM me on LinkedIn or email me at john@kiffmeister.com.
