SlideShare a Scribd company logo

Digital Pound Consultation Response

A
AztecLabs

- Aztec Labs is a UK-based software company focused on developing privacy-enhancing technologies like zero-knowledge proofs (ZKPs). - They submitted a response supporting the use of ZKPs for the digital pound as it would enable strong privacy protections in compliance with data protection laws. - ZKPs allow one party to prove statements about encrypted data without revealing the underlying data, and could enable privacy-preserving features like anti-money laundering checks and tiered access for the digital pound.

Technology
1 of 21
Download to read offline
12 June 2023 EU-DOCS43801795.10 THE DIGITAL POUND – CONSULTATION AND TECHNOLOGY WORKING PAPER RESPONSE 1. INTRODUCTION 1.1 Spilsbury Holdings Limited t/a Aztec Labs (“Aztec Labs”) wishes to respond to the Bank of England (the “Bank”) and His Majesty's Treasury (the “Treasury”) 'The digital pound: a new form of money for households and businesses?' consultation paper dated February 2023 (the “Consultation”) and the accompanying 'The digital pound: Technology Working Paper' dated February 2023 (the “Technology Working Paper”). 1.2 On 15 December 2022, Aztec Labs announced that it raised US$100,000,000 in a Series B round led by, amongst others, a16z. We are one of the largest technology start-ups in the world focused on researching and developing advanced cryptographic techniques, specifically zero- knowledge proofs (“ZKPs”), which permit applications on certain systems to confirm facts without sharing and compromising the underlying data that proves those facts. We wish to add our voice in support of a privacy-focused digital pound and contribute suggestions as to its technical development. We believe that our proposals will enable the digital pound to advance the protection of consumer privacy to a greater degree than existing technological methods, in alignment with the requirements under data protection laws. The open-sourced infrastructure for the digital pound which we suggest below brings further advantages, as the transparency it facilitates will enable proposals to improve the system, and further financial inclusion. 1.3 Aztec Labs is a U.K. headquartered software development company, which builds open-source, blockchain-based software, with a focus on ZKPs. Aztec Labs has a proven track record in developing ZKP related products1 and is currently developing: (a) an open-source programming language that allows for the safe, seamless construction of privacy-preserving ZKP cryptography circuits (“Noir”). Noir will enable an easier way for people without a PhD in cryptography to write encrypted smart contracts that utilise complex cryptographic primitives; and (b) the first open-source encrypted and programmable zero-knowledge rollup on Ethereum, enabling decentralised applications (“Apps”) to benefit from encryption and faster and cheaper transactions (“Aztec”). Developers will write smart contracts on Aztec using Noir. 1.4 Our team of world-class cryptographers and engineers is developing Aztec to be launched as a credibly neutral2 and decentralised protocol, which will be operated and maintained by a distributed community of infrastructure providers and stakeholders. Aztec, as a base layer protocol utilising ZKPs, will enable a myriad of use cases / Apps to be built on top of it, which will enable the encryption of: (i) identities, (ii) voting, and (iii) transactions. 2. EXECUTIVE SUMMARY 2.1 ZKPs have the ability to act as the key privacy-enhancing feature of the digital pound, facilitating the Bank and Treasury’s aim of implementing ‘data privacy by design’. This paper 1 Note: On 7 July 2022, Aztec launched Aztec Connect, an open-source Ethereum layer 2 network utilising ZKPs with up to 100x cost savings. On 13 March 2023, Aztec announced its decision to sunset Aztec Connect to focus on the development of Noir and Aztec. 2 Note: https://nakamoto.com/credible-neutrality/.
EU-DOCS43801795.10 explains what ZKPs are, the advantage they offer over other privacy-enhancing technologies (“PETs”), and a comparison of available ZKP tools to demonstrate the efficacy of our ZKP tool, Noir, in enabling the practical implementation of ZKPs. 2.2 Whilst there are many use cases for ZKPs, a clear use case in the context of the digital pound is its anti-money laundering (“AML”) and counter-terrorist financing (“CTF”) capabilities, through providing regulators such as the Bank with a holistic overview of AML and CTF data without compromising important privacy features of the digital pound. A further use case for ZKPs is in enabling tiered access to the digital pound. We have set out specifically how ZKPs can be used in combination with the digital pound to counter money-laundering and terrorist financing and facilitate tiered access at section 4.3 below. 2.3 ZKPs can be used in distributed ledger technology, allowing interoperability with existing financial infrastructure. This enables the issuance of at least part of the digital pound on the open-sourced Ethereum blockchain, a proposition that we strongly support, as this would enable the availability of the digital pound to anyone with internet access, with transformative consequences for both innovation and financial inclusion. 3. ENCRYPTION AND DIGITAL PRIVACY 3.1 Overview (a) Since its inception in 19833 , the internet has undergone significant transformations driven by advancements in encryption. These improvements have not only reshaped the way we communicate and conduct business but also laid the foundation for the current global economy, the existing financial system and the financial systems of the future. (b) The first wave of encryption began with the encryption of information, transforming the potential of private, online communications as secure messages became a possibility; and, in time, this developed into more advanced encryption techniques for the exchange of data between web browsers and servers. ZKPs are the next stage of these developments. As discussed below, one of Aztec’s main applications for ZKPs is to enhance privacy on public blockchains where transactions are otherwise publicly visible, but their application isn't limited to distributed ledger technology – as identified in the Consultation. Through the use of cryptography, ZKP tools can minimise the risk of personal data exposure and maximise data security on centralised applications as well as blockchain technologies. (c) Since the genesis blocks of Bitcoin and Ethereum in 20094 and 20155 , respectively, blockchain technology has not benefited from improvements in encryption in the same way as the internet. The vast majority of transactions (including on Ethereum), albeit pseudo-anonymous, remain fully visible to the public and are not encrypted. Using a pseudo-anonymous “public address” instead of an e-mail address or personal name provides little protection as it is relatively easy to connect public blockchain addresses with real life identities (as firms are already doing). Furthermore, a lack of encryption stops meaningful know-your-customer (“KYC”) checks happening via a blockchain as sensitive KYC data cannot be broadcast to a public ledger for many reasons (including, for example, data protection legislation like the UK GDPR). Encryption solves this. It 3 Note: 1 January 1983 being considered by most as the “birth date” of the internet when the Internet Protocol Suite (TCP/IP) was permanently activated. See https://www.usg.edu/galileo/skills/unit07/internet07_02.phtml#:~:text=January%201%2C%201983%20i s%20considered,Protocol%20(TCP%2FIP). 4 Note: https://www.blockchain.com/explorer/blocks/btc/0. 5 Note: https://etherscan.io/block/0.
EU-DOCS43801795.10 allows users to tie their identity to blockchain accounts and have a trustless blockchain administer KYC checks based on the programmed smart contract logic of an application running on top. (d) We believe that encrypted blockchain transactions will drive innovation in the same way advancements in internet encryption protocols revolutionised internet use cases. 3.2 The Internet and Encryption (a) In 1991, the Pretty Good Privacy (“PGP”) encryption protocol, developed by Phil Zimmermann, allowed individuals and businesses to send secure messages through email, fostering collaboration and real-time communication with intended recipients only. Following this, the global system for mobile communication (“GSM”) encryption enabled encrypted phone calls and texts, making information readily accessible while maintaining privacy. Business and the economy could thrive; information was at our fingertips. (b) In 1995, Netscape introduced the Secure Sockets Layer encryption security protocol (“SSL”). This enabled secure data exchange between users' web browsers and servers, paving the way for social media, allowing users to create online profiles with secure login credentials. Further, it also facilitated online transactions by enabling the encrypted transmission of credit card details, thus giving rise to e-commerce. This was the beginning of e-commerce. (c) Recently, new encryption techniques are transforming the internet. Enter ZKPs. 3.3 Zero-Knowledge Proofs (a) ZKPs are cryptographic techniques that allow one party (the prover) to prove to another party (the verifier) that a statement is true, without revealing any additional information beyond the validity of the statement itself. The “statement” will typically include claims about encrypted information. In essence, ZKPs enable the prover to demonstrate knowledge of a secret without actually disclosing the secret. (b) Although this form of encryption has been around for over 30 years6 , recent breakthroughs have made it practical for web-based applications (such as databases) and blockchain validation.7 (c) ZKPs will facilitate a wide range of uses. For example, Aztec, utilising ZKPs, will enable the following use cases / Apps to be built on top of Aztec, including: (i) Encrypted Identity. Secure and privacy-preserving identity management. Users will be able to prove their identity or specific attributes (e.g. age, citizenship, or credit score) without revealing the actual data (passport / ID), minimising the risk of identity theft or unauthorised access to personal information; (ii) Encrypted Voting. Private on-chain democratic voting (currently any voting on blockchains is public, allowing anyone to see who voted for what proposal); and 6 Note: http://people.csail.mit.edu/silvio/Selected%20Scientific%20Papers/Proof%20Systems/The_Knowledge_ Complexity_Of_Interactive_Proof_Systems.pdf. 7 Note: https://ethereum.org/en/zero-knowledge-proofs/.
EU-DOCS43801795.10 (iii) Encrypted Transactions. Private on-chain financial instruments / transactions8 (e.g. regulated loan origination, bonds, contracts). Businesses will be able to transact confidentially, on-chain, without revealing sensitive trade secrets, pricing data and other sensitive information, without intermediaries. (d) The integration of ZKPs into digital applications and networks has the potential to unlock a new era of innovation, financial inclusion, and economic growth, in a similar way PGP, GSM and SSL encryption protocols transformed the internet by enabling e- commerce and social media. We believe that ZKPs, as one of the PETs discussed in the Consultation and the Technology Working Paper, are best suited to address the Bank’s needs while unlocking innovation, financial inclusion, and economic growth. 4. THE DIGITAL POUND AND ZERO-KNOWLEDGE PROOFS 4.1 Privacy Enhancing Technologies (a) ZKPs are one of the many available PETs the Bank can utilise as it develops the digital pound infrastructure architecture. Set out below in Table 1 – Comparison of Privacy- Enhancing Technologies; , we provide a high-level comparison of ZKPs and other PETs. While the comparison is meant to serve as a general frame of reference instead of an exhaustive comparison of each PET, we do believe it fairly highlights the strengths of ZKPs over other PETs. 8 Note: Aztec Labs started in 2017 by focusing on building Ethereum rails for syndicated and direct lending assets; we quickly realised this was unachievable without privacy, given most traditional financial transactions are fully private.
EU-DOCS43801795.10 TABLE 1 – COMPARISON OF PRIVACY-ENHANCING TECHNOLOGIES9;10 Zero knowledge proofs (ZKP) Pseudonymisation Private information retrieval (PIR) Attribute-based encryption (ABE) Differential privacy Secure multi- party computation (SMPC) Federated learning Homomorphic encryption Trusted execution environment (TEE) Description A cryptographic technique where one party (the prover) can prove to another party (the verifier) that a given statement is without revealing all / any inputs that build up the statement. High level design approach of replacing information that identifies an individual with pseudonyms. A cryptographic technique that enables information retrieval from a server / database without revealing which item is retrieved. A generalisation of encryption schemes where decryption of a ciphertext is only possible if the user key’s attributes match the attributes of the ciphertext (e.g. account ID, email address). A cryptographic technique that shares information about a dataset without revealing information about individuals in the dataset. A cryptographic technique that enables different parties to jointly compute a function over certain inputs while keeping the inputs private. A distributed machine learning approach enabling multiple parties to collaboratively train a model without sharing their data with each other. A cryptographic technique that enables computation over encrypted private data, which decryption returns a result identical to if the computation was performed over plaintext. A secure area of a computation processor that guarantees code and data loaded inside are protected with respect to confidentiality and integrity. Used in production " # First proposed in the 1980s, the technology is securing >$1b of assets on DLTs combined. " # Common way to comply with the GDPR in traditional web development. $ Most PIR protocols are still in research and development. " # First proposed in the 1980s and growingly adopted in businesses. " # Adopted across different companies. " # Applied in different large- scale projects. " # Adopted across different companies. $ Homomorphic encryption schemes are mostly in research and development. " # Adopted across different fields. 9 Note: The actual trade-offs heavily depend on implementations of each PET of choice (e.g. different SMPC implementations can have different scalability and trustlessness trade-offs). The table is intended to serve as a general frame of reference, rather than an exhaustive description of each PET. 10 Note: ZKPs could be combined with one or more PETs to also enable the various benefits of the alternative PETs.
EU-DOCS43801795.10 Zero knowledge proofs (ZKP) Pseudonymisation Private information retrieval (PIR) Attribute-based encryption (ABE) Differential privacy Secure multi- party computation (SMPC) Federated learning Homomorphic encryption Trusted execution environment (TEE) Interoperable between existing banking infrastructure and DLTs " # Proofs are easily verifiable both offline and with DLTs. $ Prone to privacy leaks with fully transparent DLTs. $ Applications with DLTs are mostly in research and development. " # Encrypted private data can be stored in both databases and/or on DLTs. $ Applications with DLTs are mostly in research and development. " # Applied across both general computing and DLTs. $ Applications with DLTs are mostly in research and development. $ Applications with DLTs are mostly in research and development. " # Applied across both general computing and DLTs. Privacy- respecting AML compliance " # AML analysis can be programmed into the statement being proved without revealing any information that is desirable to remain private. " # AML analysis can be performed on pseudonymised data. $ AML analysis can’t be performed within PIR itself. It has to be added before or after the retrieval outside PIR if needed. $ AML analysis can only be performed on decrypted data. $ AML analysis would be ineffective, as it can be performed on grouped datasets but not on individuals. " # AML analysis can be confidentially performed on private data. $ AML analysis can be performed, but by the payment service provider with full knowledge of the data that is being analysed. $ Analysis of encrypted private data cannot be performed with the technology, just computation over them. " # AML analysis can be confidentially performed on private data. Computation over private data " # Computation can be performed over private data fed as private inputs to the ZK program. " # Minimal added limitations on computations over data. $ PIR could support computations over data during the data retrieval process, but in an inefficient manner. $ ABE does not support computations over encrypted private data. " # Computation can be performed over differential privacy datasets. " # Computation can be performed over private data. $ Computation is learnt from distributed local data using the technology, but not on those data. " # Computation can be performed over encrypted private data. " # Computation can be performed over private data.
EU-DOCS43801795.10 Zero knowledge proofs (ZKP) Pseudonymisation Private information retrieval (PIR) Attribute-based encryption (ABE) Differential privacy Secure multi- party computation (SMPC) Federated learning Homomorphic encryption Trusted execution environment (TEE) Scalable " # Verification effort stays near constant for arbitrarily large computations proved. Simple programs are possible on user devices in seconds. Larger programs proving efforts; distributed and aggregated with recursion. " # Minimal added effects on scalability. " # Overhead scales sub-linearly with the amount of data involved. " # Encryption and decryption overhead is insignificant. " # Mature techniques were developed for application over large datasets. " # Computation and communication complexity can scale sub-linearly with the right designs. " # Various large- scale systems based on the technology are in production. " # Large computation overhead. These computations can be outsourced to data centres without compromising data privacy, but with a cost. " # Computation overhead is insignificant. Trustless / ensures data protection " # Implementations are cryptographically secured and should be open sourced. $ Privacy integrity largely depends on whether the service provider is managing data storage and transit correctly. " # Implementations are cryptographically secured and should be open sourced. " # Implementations are cryptographically secured and should be open sourced. " # Implementations are cryptographically secured and should be open sourced. $ Privacy integrity depends on the number of colluding parties not exceeding a certain threshold. $ Local federated learning nodes (e.g. payment service providers) are trusted to respect and upkeep its users’ privacy. " # Implementations are cryptographically secured and should be open sourced. $ Chip manufacturers are trusted to construct their TEEs as safe from privacy- exposing loopholes, backdoors, and attacks. A # of vulnerabilities of TEEs already disclosed to date.
EU-DOCS43801795.10 (b) As shown in Table 1 – Comparison of Privacy-Enhancing Technologies; above, ZKPs offer significant advantages over other PETs in particular as to their: (i) use in production (and not just largely at theoretical R&D stage such as homomorphic encryption); (ii) use for compliance purposes; (iii) interoperability between existing banking infrastructure and distributed ledger technology; and (iv) trustless-ness and ability to ensure data protection, as implementations are cryptographically secured. As ZKPs can offer significant advantages, it is important to understand the available ZKP tooling that the Bank could utilise in the digital pound infrastructure. 4.2 ZKP Tooling (a) ZKP tooling is required to enable the practical use of ZKPs in the digital pound, both by the Bank and by private sector Payment Interface Providers (“PIPs”). There are several ZKP tools available that the Bank can utilise as it develops the digital pound infrastructure architecture and by PIPs, to grow and innovate on the digital pound infrastructure system. Set out in Table 2 – Comparison of ZKP Tooling below, we provide a high-level comparison of available ZKP tooling that we think the Bank should consider, illustrating the comparative strength of our ZKP tooling, Noir.
EU-DOCS43801795.10 TABLE 2 – COMPARISON OF ZKP TOOLING Noir Circom ZoKrates Halo2 Leo Description Noir is an open-source, Rust-based programming language that facilitates the safe and seamless construction of privacy- preserving zero-knowledge programs. Circom is a novel domain- specific language for defining arithmetic circuits that can be used to generate zero-knowledge proofs. ZoKrates is a toolbox for zkSNARKs on Ethereum, which enables the use of verifiable computation in decentralised applications, facilitating the specification of a program in a high-level language and generating proofs of computation to verify proofs in Solidity. Halo2 is a proving system packaged as a Rust crate for constructing, proving and verifying zkSNARKs in Rust. Leo is a functional, statically typed programming language built for writing private applications. Leo is a high- level programming language that compiles down to low-level Aleo Instructions. Offline / Decentralised Ledger Technology (DLT) Interoperability " # Proofs constructed are verifiable: • locally on other machines; and/or • in any Ethereum Virtual Machine (EVM) " # Proofs constructed are verifiable: • locally on other machines; and/or • in any EVM. " # Proofs constructed are verifiable: • locally on other machines; and/or • in any EVM. " #* Proofs constructed are verifiable: • locally on other machines; and/or • in any EVM.* * Certain forked versions of Halo2. $ Proofs constructed are verifiable and only verifiable on the Aleo blockchain. Simple syntax " # Rust-like syntax, similar to writing general computer programs. $ Syntaxes are designed to define arithmetic circuits, like writing logical representations of electronic circuits. " # Python-like syntax, similar to writing general computer programs. $ Functions have to be explicitly called through libraries. " # Functional and statically typed, similar to writing general computer programs.
EU-DOCS43801795.10 Noir Circom ZoKrates Halo2 Leo Upgradable proving system ● Switching ● Integrating ● Customisable " # Proving systems are dynamically switchable. Integration with new proving systems is straightforward, as the language compiles down to a standardised intermediate representation for proving systems to integrate with. Integration with new proving systems is also highly customisable and performant, as black box functions that directly utilise native implementations of functions from the proving system are supported. $ Proving systems are dynamically switchable. But integration with new proving systems can be complicated, as there is no standardised intermediate interface. $ Proving systems are dynamically switchable. Integration with new proving systems is straightforward, as the language compiles down to a standardised intermediate representation for proving systems to integrate with. Integration is however less customisable and performant, as every instruction has to go through the intermediate representation layer. $ Proving system is not switchable. The Rust crate Halo2 is a packaged version of the Halo2 proving system itself. $ Proving system is not switchable. Made in England " # Born and bred. $ $ $ $
EU-DOCS43801795.10 (b) Our ZKP tool, Noir, is an open-source programming language which we believe is transformational for ZKP development due to the combination of its technological capabilities and usability. By abstracting away underlying cryptographic complexity while retaining all the power and flexibility of other circuit-building languages, Noir allows any developer, and not just those with cryptography knowledge, to focus solely on the design of the logic behind ZKP applications during construction. (c) Ensuring ease of access is fundamental for mobilising the widespread adoption and use of ZKPs, empowering those who do so to access the benefits associated with these technologies. Noir’s intuitiveness is made possible by the improvements it offers over alternative circuit writing languages, including a package management system that allows dependency management (therefore enabling developers to separate the dependencies of their Noir circuits and the project integrating those circuits) and simpler circuit debugging, as well as its library of widely-used, complex algorithms that grant developers a high level of circuit efficiency while interacting with a simple, easy to use abstraction layer. In particular, Noir allows simple integration with new proving systems as the language compiles down to a standardised intermediate representation for proving systems to integrate with. This means that it is compatible with any SNARK-based proving system according to need.11 Integration with new proving systems is also highly customisable and performant, as black box functions that directly utilise native implementations of functions from the proving system are supported. This allows ZKPs written in Noir to be “future proof”; allowing quick integration with newer cryptographic proving systems12 (as and when they are developed), which will seamlessly unlock: (i) Better Scalability: cryptographic advancements on proving technology, better user experience and lower energy costs; (ii) Increased Security: flexibility to choose more secure implementations of proving technology; and (iii) Lower Maintenance Costs: minimal changes to the ZKP program source code needed to perform a proving system upgrade. (d) In short, Noir allows developers to write code and not circuits. Noir would allow the Bank to achieve its design considerations for the digital pound while enabling PIPs to innovate on the digital pound infrastructure. 4.3 Applicability of ZKPs to the Digital Pound (a) In a privacy preserving payments system, there is an inherent tension between ensuring the adequacy of AML and CTF measures (which require a holistic understanding of 11 Note: ZK-SNARK is an acronym for ‘Zero-Knowledge Succinct Non-Interactive Argument of Knowledge’. Zero-knowledge means that the verifier can validate the integrity of a statement without knowing anything else about it; succinct refers to the fact that the ZKP is smaller than the statement which is input into the protocol (known as a ‘witness’) and can be verified quickly. The proof is ‘non-interactive’ because the prover and verifier only interact once, and ‘argument’ refers to the fact that the proof satisfies the ‘soundness’ requirement, so cheating is impossible without breaking core cryptographic primitives that are widely understood. The ZKP is ‘(of) knowledge’ as it cannot be constructed without access to the witness. Again, without breaking cryptographic primitives it is impossible for a prover who doesn’t have the witness to compute a valid ZKP. Please see https://ethereum.org/en/zero-knowledge- proofs/#verifiable-computation for further detail. Note that Noir can also be integrated with any STARK- based proving systems as well (i.e. not just SNARK). 12 Note: “Proving” is computationally intensive and newer proving systems will improve computational efficiency over time and security as they may operate with different Elliptic curves or hash functions.
EU-DOCS43801795.10 transactions occurring within the system) and preventing a central authority such as the Bank from obtaining private data relating to individuals for data privacy reasons. We believe that ZKPs are the solution, which allow the Bank to achieve the dual objectives of strong AML-CTF measures and better privacy-enhancing features. (b) Tools such as Noir that facilitate the practical implementation of ZKPs have transformative potential for the digital pound's design model, in order to advance the Bank and Treasury’s aim of implementing ‘data privacy by design’. ZKPs enable the Bank to build technological requirements into the system which act as a means to perform the full lifecycle of AML and CTF checks, including KYC and transaction monitoring, over the holistic data comprising all transactions within the digital pound, without compromising the privacy of individual customers, providing a level of security and data privacy that supersedes the current proposals. (c) In the current financial system, comprehensive information relating to a customer is only held by their commercial bank or payment services provider, and whilst there are mechanisms for the transfer of this information, this inhibits the degree to which other entities (such as the Bank) can obtain a holistic view. However, and as identified in the Consultation and the Technology Working Paper, rigorous standards of privacy and data protection are fundamental to trust and confidence in the central bank digital currency system, and the suggestion of the Bank or the Government holding large quantities of public data is neither a publicly acceptable proposition, nor in accordance with data minimisation principles. If ZKPs are integrated into the design of the digital pound, the regulatory benefits of a central institution having oversight across the currency are enabled, whilst ensuring privacy and data protection in relation to the underlying data. (d) ZKP tools, including Noir, would enable the Bank to create ZKPs which verify that requirements with respect to the issuance of the digital pound as recorded in its core ledger have been met at the end-user level without the need to rely on information about end-users being provided by PIPs, such as commercial banks and payment service providers, who will act as intermediaries between the Bank and the end-users. Under this proposed model, all that the PIP would need to provide is the resulting proof produced by the ZKP, the parameters and requirements of which would be coded by the Bank, and the Bank, as the verifier, would only need to check if certain properties of the proof hold true to be assured that the underlying statement also holds true. (e) As a practical example, it is possible for the Bank to define a program, written as a ZKP using a tool such as Noir, that checked the following statements are true before a state update to the Bank’s central balance ledger is made: (i) each end consumer who is a party to the transaction is registered with a valid PIP and the transaction comes with a valid proof of the KYC check as produced by the ZKP; (ii) neither party is on a sanctions list defined by the Bank or regulatory body; (iii) the aggregate flow of value between the two parties for a given period is below a limit mandated by the bank for the user's account type; (iv) the total transaction outflow from the sending user for a given period is below a limit mandated by the bank for the user's account type; and (v) any other checks that can be represented as code.
EU-DOCS43801795.10 (f) It would take seconds for an end consumer to create the zero-knowledge proof proving the above statements, and such a proof can accompany a transaction and could be verified by the Bank or any PIP’s required in milliseconds before any state updates are made. (g) Not only does this remove the need for the Bank to have visibility of the underlying data, even on an anonymised basis (as the proof itself would verify the individual's eligibility), but the introduction of technological means to ensure these requirements are met mitigates the risk to which the Bank may be exposed were it otherwise to wholly rely on whether PIPs have effectively complied with regulatory obligations, and facilitates greater oversight of the operation of the digital pound as a whole. (h) It is important to note that the use of ZKPs does not mean that the digital pound will be anonymous, as regulatory oversight of and access to the personal data held by PIPs in limited circumstances will still be possible, as required by law. (i) ZKPs can interoperate with existing payment infrastructures as well as decentralised designs based on distributed ledger technology, ensuring compatibility with legacy systems and future proofing for interoperability with emerging systems, including blockchain based designs. This is particularly important given the benefits of deploying the digital pound on the Ethereum blockchain, as discussed in our responses below. AML and CTF requirements (j) An example of the integration of ZKPs with the digital pound is the capabilities these tools enable to define the specific AML and CTF checks, such as KYC and transaction monitoring, which are required for the use of the digital pound which can then be verified by intermediaries, namely the PIPs who facilitate the transaction with the end- user. (k) Under this model, all that would need to be shared with the Bank and other ecosystem participants is the resulting proof produced guaranteeing that the requirements have been met. This enables the Bank to verify that certain KYC steps have been undertaken by the intermediaries without the need for users to disclose their identity directly to the Bank, thereby preserving privacy and ensuring data protection. ZKPs also enable the Bank to rely on the efficacy of the technology, rather than the implementation of the PIP’s AML and CTF checks. Were this to be implemented, we believe that the Consultation’s objective of ensuring that the digital pound has the same level of privacy as current forms of digital money would not just be met but would be exceeded, as only the proof would need to be shared with the Bank, rather than any form of data. This is illustrated in the following graphic. (l) Please see below a table showcasing the various AML, CTF, KYC, and other laws/regulations which are or may be required for the digital pound. Set out next to these laws/regulations, we provide certain high-level examples of how ZKP solutions could address these laws, while retaining privacy for the user:
EU-DOCS43801795.10 Existing Laws and Regulations Description of Law / Rule Example ZKP Solution(s) Customer Due Diligence (“CDD”) PIPs will be obliged to comply with CDD requirements under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017/692 (“MLRs”) in order to identify the user and verify their identity. This includes undertaking an assessment of the purpose and nature of the business relationship or occasional transaction and obtaining further information on this where appropriate. CDD must be carried out where a PIP 'establishes a business relationship', meaning a relationship between a PIP and a user which is expected to have an element of duration. It is also required where occasional transactions are carried out that exceed €1,000, where money laundering or terrorist financing are suspected, or if there are any doubts as to the veracity or adequacy of any documents or information provided for identification or verification. The MLRs permit simplified customer due diligence, following a risk assessment, and require enhanced due diligence in specified circumstances, as set out below. To perform an occasional transaction above €1,000 or to access certain PIP wallet functions, a user, using the digital pound ZKP supported infrastructure, would have to prove to their PIP in zero knowledge13 that they have all requisite documentation in order to meet CDD identification and verification requirements. As noted in the Consultation, ZKPs can be used by a PIP to attest to completion of CDD checks, as the PIP would then only have to disclose the resultant proof to the Bank, which would confirm that these obligations have been complied with, rather than sharing any form of the underlying data (including anonymised data). Enhanced Due Diligence (“EDD”) EDD refers to further due diligence measures which are necessitated by specified high-risk circumstances set out under the MLRs. The triggers for EDD include where a higher risk of money laundering or terrorist financing is identified, where a business relationship is established with a person in a high-risk third country, or where the customer, their family member or known close associate is a politically exposed person, amongst others. If triggered, examples of additional due diligence obligations include the requirement to obtain additional information on the customer, their beneficial owner and their source of wealth and funds. The digital pound system could be designed to ensure that users comply with EDD as and when necessary. For example, if a user sends a transaction to a person in a country pre-identified in the digital pound infrastructure as ‘high-risk’, the user, using the digital bank ZKP supported infrastructure would have to prove in zero knowledge that they have all additional required documents and information that meet the EDD requirements. As with CDD, the resultant proof confirming that compliance with EDD obligations has been met is all that would need to be provided to the Bank, rather than the underlying data itself. 13 Note: The way a user (the prover) accomplishes this is by first encoding the statement to be proved as a series of polynomials (the sum of a series of algebraic terms) that are identically zero if and only if the statement is true. This encoding – often called the “arithmetization” of the statement – is the step that makes zero-knowledge proofs possible. The user (the prover) then convinces the PIP (the verifier) that the polynomials are indeed identically zero. See above graphic in 4.3(k)).
EU-DOCS43801795.10 Existing Laws and Regulations Description of Law / Rule Example ZKP Solution(s) The use of ZKPs in this context would also present the opportunity for the Bank to prescribe specific additional CDD checks which users of the digital pound must meet or which PIPs must satisfy in certain circumstances that the Bank deems to present a higher risk of money laundering, as this can be programmed directly into the statement to be proved. Ongoing Transaction Monitoring Ongoing transaction monitoring is a separate, but related obligation from the requirement to apply CDD and EDD measures. PIPs will be required to conduct ongoing monitoring of the business relationship (including scrutinising transactions) throughout the course of the relationship, in order to ensure the continued legality of the relationship and assist law enforcement if required. The information that should be monitored and the frequency of the review will be ascertained in accordance with the determination of money laundering and terrorist financing risk and, in circumstances where EDD is required, firms will also need to conduct enhanced monitoring of the business relationship. The digital pound system could be designed to require certain additional checks to be performed if specific objective criteria are met. Those criteria could, for example, be that an account has made numerous and consecutive under-threshold payments (with respect to the threshold for occasional transactions), or received multiple refunds or a single substantial refund, requiring higher levels of disclosure from the user. In these circumstances, access to the digital pound or the account might be suspended until the PIP provides proof of further checks to the Bank by way of a specific ZKP proved by the user, such as proving in zero knowledge that multiple refunds to an account were in relation to legitimate transactions. A ZKP could be coded in relation to each trigger which requires proof of appropriate additional checks by the PIP, which may include CDD or other objective checks relating to the nature of the transaction. Suspicious Activity Reporting Suspicious activity reports must be made by a PIP’s nominated officer regarding information where they know or suspect (or have reasonable grounds for the same), that a person is engaging in, or attempting to engage in money laundering or terrorist financing. Members of staff must report the grounds for their knowledge or suspicion that a person or customer is engaging in, or attempting to engage in, money laundering or terrorist financing, and the nominated officer must consider each report and determine whether it gives grounds for knowledge or suspicion. As above, using ZKPs the digital pound infrastructure could be coded such that where certain objective criteria are met in relation to activity to or from an account, the infrastructure could require a PIP to either prove in zero knowledge that a check has been performed which indicates that a transaction isn’t suspicious, or
EU-DOCS43801795.10 Existing Laws and Regulations Description of Law / Rule Example ZKP Solution(s) that they have submitted a report to the relevant authority in relation to the transaction. The use of ZKPs in the digital pound infrastructure could require the user to prove the legitimacy of the transaction in zero knowledge, as required by the varying parameters which indicate that a transaction is suspicious. Sanctions Screening In order to ensure compliance with applicable sanctions regimes, PIPs will need to screen customers against lists of sanctioned individuals prior to providing services, and potentially thereafter. It is a criminal offence to make payments, or to allow payments to be made to sanctions targets, and as such, PIPs will need to have appropriate prevention and detection procedures in place. The digital pound system could be designed to provide automatic sanctions screening based on applicable SDN or other sanctions lists. For example, if a user is depositing into a PIP wallet, the user, using the digital pound ZKP supported infrastructure, would have to prove in zero knowledge that the funds were not deposited in violation of applicable sanctions regimes, with the resultant proof being shared with the Bank to verify compliance without revealing the user’s identity.
EU-DOCS43801795.10 Tiered Access (m) A further example of the use of ZKPs within the digital pound's design is its ability to enable the Consultation’s stated aim of tiered access, thereby facilitating financial inclusion. (n) The Consultation envisages that tiered access would allow for different levels of user access and functionality based on the amount of identification (“ID”) a user is willing or able to provide. The stronger ID information a user provides, the more types and higher values of payments they would be able to undertake. For example, users might be able to open a basic digital pound wallet with limited ID, which would allow for limited functionality, low-value payments. For more advanced and higher value services, users would provide more or stronger forms of ID. This tiered approach would link the strength of a user’s proof of identity to the transaction amounts and types permitted in their digital pound wallet. (o) ZKPs could be used to determine the level of ID that a user provides and ascertain the features of the account, and value of payments that a user is therefore entitled to. For example, to access certain PIP wallet functions, a user, using the digital pound ZKP supported infrastructure would have to prove in zero knowledge that they have all requisite ID documents required to access further tiers. The efficacy of data protection and privacy by design that ZKPs enable is essential in order to support uptake of the digital pound. 5. SUMMARY OF RESPONSES 5.1 Against this backdrop, we have provided responses to the Consultation and Technology Working Paper in Schedules 1 and 2 which are summarised as follows: (a) the use of ZKP tooling-products as PETs; (b) how these tools could be used to ensure AML, CTF, KYC, and transaction monitoring requirements in relation to the digital pound are guaranteed; (c) the practical integration of such tools into the design for the digital pound and their role in the interplay between PIPs and the Bank; and (d) suggestions as to how ZKPs could play a role in facilitating the deployment of the digital pound on the Ethereum blockchain, and the advantages of this approach.
EU-DOCS43801795.10 SCHEDULE 1 – Responses to the Consultation Consultation Questions Aztec Labs Responses 3 Do you agree that the Bank should not have access to users’ personal data, but instead see anonymised transaction data and aggregated system-wide data for the running of the core ledger? What views do you have on a privacy- enhancing digital pound? ● We agree that the Bank should not have access to users’ personal data, and suggest that instead of anonymised transaction data, ZKP tools are implemented into the design of the digital pound. As set out in Table 1 – Comparison of Privacy-Enhancing Technologies; , and discussed more fully in paragraph 4.3(l), the PIP will only need to share the proof confirming that AML, CTF, KYC and transaction monitoring requirements have been met with the Bank. ● Currently, digital transactions like debit card purchases or bank transfers generate personal data in relation to location, time and date, method of payment and transaction value. In its current technological form, such data is not entirely secure and, therefore, any leaks could lead to a breach of UK data protection laws. ● Accordingly, we believe that not only should the digital pound have the same level of privacy as a bank account, and allow users to make choices about data use, but it should in fact have much more robust levels of privacy embedded in it, to become truly privacy enhancing, given that existing technologies such as ZKPs facilitate this securing of information while enabling generic visibility of data required in order to enable holistic oversight of systemic risks and to effectively counter money-laundering and terrorist- financing. For an analysis of the relative strengths of the ZKP tools available to implement this functionality, and in particular the capabilities of our product Noir, please see Table 2 – Comparison of ZKP Tooling. 4 What are your views on the provision and utility of tiered access to the digital pound that is linked to user identity information? ● Please see our comments in the main body of this response at paragraph 4.3(m), which indicate that we agree with the utility of tiered access to the digital pound as linked to user identity information, provided that ZKPs are used for such tiered access, as the PET which ensures that the highest standards of data privacy are incorporated in the design of the digital pound. Table 1 – Comparison of Privacy-Enhancing Technologies; illustrates the features of ZKPs which ensure an advantage in enhancing privacy over alternative PETs, particularly their use for compliance purposes, trustless-ness and ability to ensure data protection. ● ZKP tools offer the functionalities to be coded such that they ascertain the level of ID provided by the user, and permit access in accordance with the pre-determined tiers that
EU-DOCS43801795.10 are coded into the system, allowing lower values of digital pounds to be spent with lower data collection requirements. ● In the current financial system, different thresholds are relevant as to when AML requirements such as CDD apply to transactions, and we don’t think this should be different from the digital pound. We note that the Consultation suggests that as the digital pound would have lower frictions than physical cash (the physical nature of which makes it harder to make large payments, or store large quantities), the anonymity permitted for smaller cash payments isn’t appropriate. ZKPs offer the possibility to introduce the requisite checks to hinder financial crime (e.g. to ensure users are not in a sanctioned country, on a sanctions list or subject to money-laundering offences, and that the transaction doesn’t trigger high-risk factors) whilst still preserving the user’s anonymity, and therefore justify reconsidering this proposed limitation. ● As set out in the table at paragraph 4.3(l) above, ZKP tools facilitate transaction monitoring, meaning they could be designed to automatically flag specific triggers, such as numerous and consecutive payments under the applicable threshold that are being sent to a single user, and require appropriate objective checks relating to the nature of that transaction. 5 What views do you have on the embedding of privacy-enhancing techniques to give users more control of the level of privacy that they can ascribe to their personal transactions data? ● Given our agreement with the Consultation’s recognition of privacy as a critical consideration for the success of the digital pound, we support the embedding of privacy- enhancing techniques, as further outlined in the Technology Working Paper, which give users more control over the level of privacy that they can ascribe to their personal transactions data. ● It is particularly encouraging to note the recognition of ZKPs as a proposed PET. We believe that ZKPs offer a unique opportunity for the digital pound as the PET which achieves the Bank’s policy objectives and protects privacy most effectively, as shown in the features of ZKPs set out in Table 1 – Comparison of Privacy-Enhancing Technologies; . The capabilities of ZKPs, as implemented through ZKP tooling products are outlined in further detail in the table at paragraph 4.3(l), demonstrating how regulatory compliance and privacy can both be ensured. ● This solution provides a significant benefit for end-users and the Bank. Whilst the anonymised data which is proposed to be provided to the Bank under the current model is not personal data, where only PIPs receive the requisite data, and then provide the
EU-DOCS43801795.10 proof produced by the ZKP tool to the Bank, this nevertheless mitigates the risk of inadvertent access to, or interpretation of the underlying data. Further, the Bank is able to act in reliance on the ZKP tools, and the proofs they produce (with the opportunity for the Bank to define specific additional checks to be met), rather than having to defer to the efficacy of the PIP’s AML, CTF, KYC, and transaction monitoring checks. This offers the opportunity to enhance security, without compromising privacy. ● Privacy is still possible even where the digital pound is deployed on a public blockchain network such as Ethereum (the benefits of which are discussed in further detail below). The technological breakthroughs utilising ZKPs which allow encryption on blockchain networks, such as those developed by Aztec to facilitate encrypted identity and transactions, mean that users can prove their identity without revealing the actual data on the blockchain network, limiting any risk of unauthorised access to this information. 11 Which design choices should we consider in order to support financial inclusion? ● The issuance of at least part of the digital pound supply on the Ethereum blockchain would have a transformative impact on the overall development of the digital pound. Doing so would open-up the use of the digital pound to anyone with internet access. When considered in tandem with the tiered access envisaged by the Consultation, this offers a further route for those with limited ID documents or means to access PIPs to access the digital pound. ● Further, deployment on the Ethereum blockchain, as an open-sourced network will spur private sector innovation due to the transparency enabled, leading to improvements in the digital pound’s design, and supporting job creation as developments proliferate. Such a digital pound could supplant U.S. dollar stablecoins such as USDC and USDT as the default fiat currency on the Ethereum blockchain, which would lead to significant benefits to the U.K. economy as the industry grows and matures, elevating the role and significance of the pound in a global digital economy.14 14 Note: On Tue 6 June 2023, United States Securities and Exchange Commission (“SEC”) Chair Gary Gensler noted that “We already have digital currency. It’s called the U.S. dollar. It’s called the euro or it’s called the yen; they’re all digital right now.” (See: https://www.cnbc.com/2023/06/06/sec-chair-gensler-doubts-the-need- for-more-digital-currency.html). While these remarks were made in the context of certain SEC complaints, SEC’s omission of the pound from this list is telling and may imply a major U.S. governmental institution such as the SEC does not view the pound as digitally relevant in comparison to the dollar, the euro and the yen.
EU-DOCS43801795.10 SCHEDULE 2 – Response to the Technology Working Paper Technology Working Paper Question Aztec Labs Responses 2 Which privacy-enhancing technologies, or other privacy mechanisms, might support the proposed policy objectives, and how might they be used? ● ZKPs, as a highly effective PET, support the privacy objectives for the digital pound set out in the Consultation. Not only do they ensure that neither the Government nor the Bank would have access to digital pound users’ personal data, but they provide an enhanced level of privacy that is more effective than the current proposal to only provide anonymous data to the Bank for the purposes of it running the core ledger, as only the proof itself will need to be provided in order to demonstrate that regulatory requirements have been met; ZKPs also present an advantage over alternate PETs suggested in the Technology Working Paper, as compared in Table 1 – Comparison of Privacy-Enhancing Technologies; , due to their widespread use in production, ability to ensure privacy- respecting AML compliance and trustless-ness. ● The use of ZKPs does not inhibit the identification and verification of users to prevent financial crime, as this information will still be provided to produce the proof, meaning the digital pound should not be construed as anonymous. However, please note our comments in relation to a threshold below which we believe ZKPs can facilitate cash- analogous anonymous transactions. ● We have set out the ability of ZKPs to navigate varying levels of ID, and to vary the features of a user’s digital pound account, and the value of payments in section 4.3 above. ● Designing ZKPs into the digital pound infrastructure and making it composable in this regard (which is enabled by the customisable nature of Noir, discussed further in Table 2 – Comparison of ZKP Tooling) has the potential to enable additional services and benefits for customers, as the resultant proofs enable a holistic view of the data whilst ensuring the user’s privacy.

Recommended

Aztec - His Majesty’s Treasury – Consultation Response - Dated 29 April 2023.pdf
Aztec - His Majesty’s Treasury – Consultation Response - Dated 29 April 2023.pdfAztec - His Majesty’s Treasury – Consultation Response - Dated 29 April 2023.pdf
Aztec - His Majesty’s Treasury – Consultation Response - Dated 29 April 2023.pdfAztecLabs
 
computerweekly.com 17-23 September 2019 16W hen people int.docx
computerweekly.com 17-23 September 2019 16W hen people int.docxcomputerweekly.com 17-23 September 2019 16W hen people int.docx
computerweekly.com 17-23 September 2019 16W hen people int.docxmccormicknadine86
 
jayesh_Blockchain.pptx
jayesh_Blockchain.pptxjayesh_Blockchain.pptx
jayesh_Blockchain.pptxJackTheMan1
 
REVIEW ON IMPLEMENTING BLOCKCHAIN ASSISTED PUBLIC KEY ENCRYPTION TECHNIQUE IN...
REVIEW ON IMPLEMENTING BLOCKCHAIN ASSISTED PUBLIC KEY ENCRYPTION TECHNIQUE IN...REVIEW ON IMPLEMENTING BLOCKCHAIN ASSISTED PUBLIC KEY ENCRYPTION TECHNIQUE IN...
REVIEW ON IMPLEMENTING BLOCKCHAIN ASSISTED PUBLIC KEY ENCRYPTION TECHNIQUE IN...IRJET Journal
 
A STUDY ON ADOPTION OF BLOCKCHAIN TECHNOLOGY IN CYBERSECURITY
A STUDY ON ADOPTION OF BLOCKCHAIN TECHNOLOGY IN CYBERSECURITYA STUDY ON ADOPTION OF BLOCKCHAIN TECHNOLOGY IN CYBERSECURITY
A STUDY ON ADOPTION OF BLOCKCHAIN TECHNOLOGY IN CYBERSECURITYIRJET Journal
 
What Web 2.pdf
What Web 2.pdfWhat Web 2.pdf
What Web 2.pdfMarnusharris
 
AN IDENTITY MANAGEMENT SYSTEM USING BLOCKCHAIN
AN IDENTITY MANAGEMENT SYSTEM USING BLOCKCHAINAN IDENTITY MANAGEMENT SYSTEM USING BLOCKCHAIN
AN IDENTITY MANAGEMENT SYSTEM USING BLOCKCHAINIRJET Journal
 
Block chain technology
Block chain technologyBlock chain technology
Block chain technologyRinshi Singh
 

Recommended

Aztec - His Majesty’s Treasury – Consultation Response - Dated 29 April 2023.pdf
Aztec - His Majesty’s Treasury – Consultation Response - Dated 29 April 2023.pdfAztec - His Majesty’s Treasury – Consultation Response - Dated 29 April 2023.pdf
Aztec - His Majesty’s Treasury – Consultation Response - Dated 29 April 2023.pdfAztecLabs
 
computerweekly.com 17-23 September 2019 16W hen people int.docx
computerweekly.com 17-23 September 2019 16W hen people int.docxcomputerweekly.com 17-23 September 2019 16W hen people int.docx
computerweekly.com 17-23 September 2019 16W hen people int.docxmccormicknadine86
 
jayesh_Blockchain.pptx
jayesh_Blockchain.pptxjayesh_Blockchain.pptx
jayesh_Blockchain.pptxJackTheMan1
 
REVIEW ON IMPLEMENTING BLOCKCHAIN ASSISTED PUBLIC KEY ENCRYPTION TECHNIQUE IN...
REVIEW ON IMPLEMENTING BLOCKCHAIN ASSISTED PUBLIC KEY ENCRYPTION TECHNIQUE IN...REVIEW ON IMPLEMENTING BLOCKCHAIN ASSISTED PUBLIC KEY ENCRYPTION TECHNIQUE IN...
REVIEW ON IMPLEMENTING BLOCKCHAIN ASSISTED PUBLIC KEY ENCRYPTION TECHNIQUE IN...IRJET Journal
 
A STUDY ON ADOPTION OF BLOCKCHAIN TECHNOLOGY IN CYBERSECURITY
A STUDY ON ADOPTION OF BLOCKCHAIN TECHNOLOGY IN CYBERSECURITYA STUDY ON ADOPTION OF BLOCKCHAIN TECHNOLOGY IN CYBERSECURITY
A STUDY ON ADOPTION OF BLOCKCHAIN TECHNOLOGY IN CYBERSECURITYIRJET Journal
 
What Web 2.pdf
What Web 2.pdfWhat Web 2.pdf
What Web 2.pdfMarnusharris
 
AN IDENTITY MANAGEMENT SYSTEM USING BLOCKCHAIN
AN IDENTITY MANAGEMENT SYSTEM USING BLOCKCHAINAN IDENTITY MANAGEMENT SYSTEM USING BLOCKCHAIN
AN IDENTITY MANAGEMENT SYSTEM USING BLOCKCHAINIRJET Journal
 
Block chain technology
Block chain technologyBlock chain technology
Block chain technologyRinshi Singh
 
TGC12 e book
TGC12 e bookTGC12 e book
TGC12 e bookSadiq Malik
 
A survey on security and policy aspects of blockchain technology
A survey on security and policy aspects of blockchain technologyA survey on security and policy aspects of blockchain technology
A survey on security and policy aspects of blockchain technologyTELKOMNIKA JOURNAL
 
IRJET- Smart Contracts using Blockchain
IRJET- Smart Contracts using BlockchainIRJET- Smart Contracts using Blockchain
IRJET- Smart Contracts using BlockchainIRJET Journal
 
Blockchain technology revolutionising technology
Blockchain technology revolutionising technologyBlockchain technology revolutionising technology
Blockchain technology revolutionising technologySuman Nayak
 
7 major problems in blockchain
7 major problems in blockchain7 major problems in blockchain
7 major problems in blockchainCeline George
 
Improved Particle Swarm Optimization Based on Blockchain Mechanism for Flexib...
Improved Particle Swarm Optimization Based on Blockchain Mechanism for Flexib...Improved Particle Swarm Optimization Based on Blockchain Mechanism for Flexib...
Improved Particle Swarm Optimization Based on Blockchain Mechanism for Flexib...BRNSSPublicationHubI
 
HDI - Blockchain White Paper
HDI - Blockchain White PaperHDI - Blockchain White Paper
HDI - Blockchain White PaperDavid MANSET
 
Use case of block chain unit 4 AKTU
Use case of block chain unit 4 AKTUUse case of block chain unit 4 AKTU
Use case of block chain unit 4 AKTURohit Verma
 
IRJET- Blockchain Technology in Cloud Computing : A Systematic Review
IRJET- Blockchain Technology in Cloud Computing : A Systematic ReviewIRJET- Blockchain Technology in Cloud Computing : A Systematic Review
IRJET- Blockchain Technology in Cloud Computing : A Systematic ReviewIRJET Journal
 
Unveiling the Landscape of Smart Contract Vulnerabilities: A Detailed Examina...
Unveiling the Landscape of Smart Contract Vulnerabilities: A Detailed Examina...Unveiling the Landscape of Smart Contract Vulnerabilities: A Detailed Examina...
Unveiling the Landscape of Smart Contract Vulnerabilities: A Detailed Examina...IJCNCJournal
 
Unveiling the Landscape of Smart Contract Vulnerabilities: A Detailed Examina...
Unveiling the Landscape of Smart Contract Vulnerabilities: A Detailed Examina...Unveiling the Landscape of Smart Contract Vulnerabilities: A Detailed Examina...
Unveiling the Landscape of Smart Contract Vulnerabilities: A Detailed Examina...IJCNCJournal
 
IRJET-Block Chain based Cyber Security System for Data Transfer
IRJET-Block Chain based Cyber Security System for Data TransferIRJET-Block Chain based Cyber Security System for Data Transfer
IRJET-Block Chain based Cyber Security System for Data TransferIRJET Journal
 
CRYPTOCURRENCY: TRADING MARKET
CRYPTOCURRENCY: TRADING MARKETCRYPTOCURRENCY: TRADING MARKET
CRYPTOCURRENCY: TRADING MARKETIRJET Journal
 
Scaling up Banking Operations: Harnessing the power of block chain Technology
Scaling up Banking Operations: Harnessing the power of block chain TechnologyScaling up Banking Operations: Harnessing the power of block chain Technology
Scaling up Banking Operations: Harnessing the power of block chain TechnologyIRJET Journal
 
Blockchain development security sharpening the cloud security
Blockchain development security sharpening the cloud securityBlockchain development security sharpening the cloud security
Blockchain development security sharpening the cloud securityMoon Technolabs Pvt. Ltd.
 
P5 to blockchain or not to blockchain
P5 to blockchain or not to blockchainP5 to blockchain or not to blockchain
P5 to blockchain or not to blockchaindevid8
 
IRJET- Secure Online Voting Systems using Block of Chunks
IRJET- Secure Online Voting Systems using Block of ChunksIRJET- Secure Online Voting Systems using Block of Chunks
IRJET- Secure Online Voting Systems using Block of ChunksIRJET Journal
 
blockchain and insurance.pdf
blockchain and insurance.pdfblockchain and insurance.pdf
blockchain and insurance.pdfakshay pateriya
 
Creating An E-Commerce web application using Blockchain
Creating An E-Commerce web application using BlockchainCreating An E-Commerce web application using Blockchain
Creating An E-Commerce web application using BlockchainIRJET Journal
 
Cto eng
Cto engCto eng
Cto enggary wang
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 

More Related Content

Similar to Digital Pound Consultation Response

A survey on security and policy aspects of blockchain technology
A survey on security and policy aspects of blockchain technologyA survey on security and policy aspects of blockchain technology
A survey on security and policy aspects of blockchain technologyTELKOMNIKA JOURNAL
 
IRJET- Smart Contracts using Blockchain
IRJET- Smart Contracts using BlockchainIRJET- Smart Contracts using Blockchain
IRJET- Smart Contracts using BlockchainIRJET Journal
 
Blockchain technology revolutionising technology
Blockchain technology revolutionising technologyBlockchain technology revolutionising technology
Blockchain technology revolutionising technologySuman Nayak
 
7 major problems in blockchain
7 major problems in blockchain7 major problems in blockchain
7 major problems in blockchainCeline George
 
Improved Particle Swarm Optimization Based on Blockchain Mechanism for Flexib...
Improved Particle Swarm Optimization Based on Blockchain Mechanism for Flexib...Improved Particle Swarm Optimization Based on Blockchain Mechanism for Flexib...
Improved Particle Swarm Optimization Based on Blockchain Mechanism for Flexib...BRNSSPublicationHubI
 
HDI - Blockchain White Paper
HDI - Blockchain White PaperHDI - Blockchain White Paper
HDI - Blockchain White PaperDavid MANSET
 
Use case of block chain unit 4 AKTU
Use case of block chain unit 4 AKTUUse case of block chain unit 4 AKTU
Use case of block chain unit 4 AKTURohit Verma
 
IRJET- Blockchain Technology in Cloud Computing : A Systematic Review
IRJET- Blockchain Technology in Cloud Computing : A Systematic ReviewIRJET- Blockchain Technology in Cloud Computing : A Systematic Review
IRJET- Blockchain Technology in Cloud Computing : A Systematic ReviewIRJET Journal
 
Unveiling the Landscape of Smart Contract Vulnerabilities: A Detailed Examina...
Unveiling the Landscape of Smart Contract Vulnerabilities: A Detailed Examina...Unveiling the Landscape of Smart Contract Vulnerabilities: A Detailed Examina...
Unveiling the Landscape of Smart Contract Vulnerabilities: A Detailed Examina...IJCNCJournal
 
Unveiling the Landscape of Smart Contract Vulnerabilities: A Detailed Examina...
Unveiling the Landscape of Smart Contract Vulnerabilities: A Detailed Examina...Unveiling the Landscape of Smart Contract Vulnerabilities: A Detailed Examina...
Unveiling the Landscape of Smart Contract Vulnerabilities: A Detailed Examina...IJCNCJournal
 
IRJET-Block Chain based Cyber Security System for Data Transfer
IRJET-Block Chain based Cyber Security System for Data TransferIRJET-Block Chain based Cyber Security System for Data Transfer
IRJET-Block Chain based Cyber Security System for Data TransferIRJET Journal
 
CRYPTOCURRENCY: TRADING MARKET
CRYPTOCURRENCY: TRADING MARKETCRYPTOCURRENCY: TRADING MARKET
CRYPTOCURRENCY: TRADING MARKETIRJET Journal
 
Scaling up Banking Operations: Harnessing the power of block chain Technology
Scaling up Banking Operations: Harnessing the power of block chain TechnologyScaling up Banking Operations: Harnessing the power of block chain Technology
Scaling up Banking Operations: Harnessing the power of block chain TechnologyIRJET Journal
 
Blockchain development security sharpening the cloud security
Blockchain development security sharpening the cloud securityBlockchain development security sharpening the cloud security
Blockchain development security sharpening the cloud securityMoon Technolabs Pvt. Ltd.
 
P5 to blockchain or not to blockchain
P5 to blockchain or not to blockchainP5 to blockchain or not to blockchain
P5 to blockchain or not to blockchaindevid8
 
IRJET- Secure Online Voting Systems using Block of Chunks
IRJET- Secure Online Voting Systems using Block of ChunksIRJET- Secure Online Voting Systems using Block of Chunks
IRJET- Secure Online Voting Systems using Block of ChunksIRJET Journal
 
blockchain and insurance.pdf
blockchain and insurance.pdfblockchain and insurance.pdf
blockchain and insurance.pdfakshay pateriya
 
Creating An E-Commerce web application using Blockchain
Creating An E-Commerce web application using BlockchainCreating An E-Commerce web application using Blockchain
Creating An E-Commerce web application using BlockchainIRJET Journal
 

Similar to Digital Pound Consultation Response (20)

TGC12 e book
TGC12 e bookTGC12 e book
TGC12 e book
 
A survey on security and policy aspects of blockchain technology
A survey on security and policy aspects of blockchain technologyA survey on security and policy aspects of blockchain technology
A survey on security and policy aspects of blockchain technology
 
IRJET- Smart Contracts using Blockchain
IRJET- Smart Contracts using BlockchainIRJET- Smart Contracts using Blockchain
IRJET- Smart Contracts using Blockchain
 
Blockchain technology revolutionising technology
Blockchain technology revolutionising technologyBlockchain technology revolutionising technology
Blockchain technology revolutionising technology
 
7 major problems in blockchain
7 major problems in blockchain7 major problems in blockchain
7 major problems in blockchain
 
Improved Particle Swarm Optimization Based on Blockchain Mechanism for Flexib...
Improved Particle Swarm Optimization Based on Blockchain Mechanism for Flexib...Improved Particle Swarm Optimization Based on Blockchain Mechanism for Flexib...
Improved Particle Swarm Optimization Based on Blockchain Mechanism for Flexib...
 
HDI - Blockchain White Paper
HDI - Blockchain White PaperHDI - Blockchain White Paper
HDI - Blockchain White Paper
 
Use case of block chain unit 4 AKTU
Use case of block chain unit 4 AKTUUse case of block chain unit 4 AKTU
Use case of block chain unit 4 AKTU
 
IRJET- Blockchain Technology in Cloud Computing : A Systematic Review
IRJET- Blockchain Technology in Cloud Computing : A Systematic ReviewIRJET- Blockchain Technology in Cloud Computing : A Systematic Review
IRJET- Blockchain Technology in Cloud Computing : A Systematic Review
 
Unveiling the Landscape of Smart Contract Vulnerabilities: A Detailed Examina...
Unveiling the Landscape of Smart Contract Vulnerabilities: A Detailed Examina...Unveiling the Landscape of Smart Contract Vulnerabilities: A Detailed Examina...
Unveiling the Landscape of Smart Contract Vulnerabilities: A Detailed Examina...
 
Unveiling the Landscape of Smart Contract Vulnerabilities: A Detailed Examina...
Unveiling the Landscape of Smart Contract Vulnerabilities: A Detailed Examina...Unveiling the Landscape of Smart Contract Vulnerabilities: A Detailed Examina...
Unveiling the Landscape of Smart Contract Vulnerabilities: A Detailed Examina...
 
IRJET-Block Chain based Cyber Security System for Data Transfer
IRJET-Block Chain based Cyber Security System for Data TransferIRJET-Block Chain based Cyber Security System for Data Transfer
IRJET-Block Chain based Cyber Security System for Data Transfer
 
CRYPTOCURRENCY: TRADING MARKET
CRYPTOCURRENCY: TRADING MARKETCRYPTOCURRENCY: TRADING MARKET
CRYPTOCURRENCY: TRADING MARKET
 
Scaling up Banking Operations: Harnessing the power of block chain Technology
Scaling up Banking Operations: Harnessing the power of block chain TechnologyScaling up Banking Operations: Harnessing the power of block chain Technology
Scaling up Banking Operations: Harnessing the power of block chain Technology
 
Blockchain development security sharpening the cloud security
Blockchain development security sharpening the cloud securityBlockchain development security sharpening the cloud security
Blockchain development security sharpening the cloud security
 
P5 to blockchain or not to blockchain
P5 to blockchain or not to blockchainP5 to blockchain or not to blockchain
P5 to blockchain or not to blockchain
 
IRJET- Secure Online Voting Systems using Block of Chunks
IRJET- Secure Online Voting Systems using Block of ChunksIRJET- Secure Online Voting Systems using Block of Chunks
IRJET- Secure Online Voting Systems using Block of Chunks
 
blockchain and insurance.pdf
blockchain and insurance.pdfblockchain and insurance.pdf
blockchain and insurance.pdf
 
Creating An E-Commerce web application using Blockchain
Creating An E-Commerce web application using BlockchainCreating An E-Commerce web application using Blockchain
Creating An E-Commerce web application using Blockchain
 
Cto eng
Cto engCto eng
Cto eng
 

Recently uploaded

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 

Recently uploaded (20)

Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 

Digital Pound Consultation Response

  • 1. 12 June 2023 EU-DOCS43801795.10 THE DIGITAL POUND – CONSULTATION AND TECHNOLOGY WORKING PAPER RESPONSE 1. INTRODUCTION 1.1 Spilsbury Holdings Limited t/a Aztec Labs (“Aztec Labs”) wishes to respond to the Bank of England (the “Bank”) and His Majesty's Treasury (the “Treasury”) 'The digital pound: a new form of money for households and businesses?' consultation paper dated February 2023 (the “Consultation”) and the accompanying 'The digital pound: Technology Working Paper' dated February 2023 (the “Technology Working Paper”). 1.2 On 15 December 2022, Aztec Labs announced that it raised US$100,000,000 in a Series B round led by, amongst others, a16z. We are one of the largest technology start-ups in the world focused on researching and developing advanced cryptographic techniques, specifically zero- knowledge proofs (“ZKPs”), which permit applications on certain systems to confirm facts without sharing and compromising the underlying data that proves those facts. We wish to add our voice in support of a privacy-focused digital pound and contribute suggestions as to its technical development. We believe that our proposals will enable the digital pound to advance the protection of consumer privacy to a greater degree than existing technological methods, in alignment with the requirements under data protection laws. The open-sourced infrastructure for the digital pound which we suggest below brings further advantages, as the transparency it facilitates will enable proposals to improve the system, and further financial inclusion. 1.3 Aztec Labs is a U.K. headquartered software development company, which builds open-source, blockchain-based software, with a focus on ZKPs. Aztec Labs has a proven track record in developing ZKP related products1 and is currently developing: (a) an open-source programming language that allows for the safe, seamless construction of privacy-preserving ZKP cryptography circuits (“Noir”). Noir will enable an easier way for people without a PhD in cryptography to write encrypted smart contracts that utilise complex cryptographic primitives; and (b) the first open-source encrypted and programmable zero-knowledge rollup on Ethereum, enabling decentralised applications (“Apps”) to benefit from encryption and faster and cheaper transactions (“Aztec”). Developers will write smart contracts on Aztec using Noir. 1.4 Our team of world-class cryptographers and engineers is developing Aztec to be launched as a credibly neutral2 and decentralised protocol, which will be operated and maintained by a distributed community of infrastructure providers and stakeholders. Aztec, as a base layer protocol utilising ZKPs, will enable a myriad of use cases / Apps to be built on top of it, which will enable the encryption of: (i) identities, (ii) voting, and (iii) transactions. 2. EXECUTIVE SUMMARY 2.1 ZKPs have the ability to act as the key privacy-enhancing feature of the digital pound, facilitating the Bank and Treasury’s aim of implementing ‘data privacy by design’. This paper 1 Note: On 7 July 2022, Aztec launched Aztec Connect, an open-source Ethereum layer 2 network utilising ZKPs with up to 100x cost savings. On 13 March 2023, Aztec announced its decision to sunset Aztec Connect to focus on the development of Noir and Aztec. 2 Note: https://nakamoto.com/credible-neutrality/.
  • 2. EU-DOCS43801795.10 explains what ZKPs are, the advantage they offer over other privacy-enhancing technologies (“PETs”), and a comparison of available ZKP tools to demonstrate the efficacy of our ZKP tool, Noir, in enabling the practical implementation of ZKPs. 2.2 Whilst there are many use cases for ZKPs, a clear use case in the context of the digital pound is its anti-money laundering (“AML”) and counter-terrorist financing (“CTF”) capabilities, through providing regulators such as the Bank with a holistic overview of AML and CTF data without compromising important privacy features of the digital pound. A further use case for ZKPs is in enabling tiered access to the digital pound. We have set out specifically how ZKPs can be used in combination with the digital pound to counter money-laundering and terrorist financing and facilitate tiered access at section 4.3 below. 2.3 ZKPs can be used in distributed ledger technology, allowing interoperability with existing financial infrastructure. This enables the issuance of at least part of the digital pound on the open-sourced Ethereum blockchain, a proposition that we strongly support, as this would enable the availability of the digital pound to anyone with internet access, with transformative consequences for both innovation and financial inclusion. 3. ENCRYPTION AND DIGITAL PRIVACY 3.1 Overview (a) Since its inception in 19833 , the internet has undergone significant transformations driven by advancements in encryption. These improvements have not only reshaped the way we communicate and conduct business but also laid the foundation for the current global economy, the existing financial system and the financial systems of the future. (b) The first wave of encryption began with the encryption of information, transforming the potential of private, online communications as secure messages became a possibility; and, in time, this developed into more advanced encryption techniques for the exchange of data between web browsers and servers. ZKPs are the next stage of these developments. As discussed below, one of Aztec’s main applications for ZKPs is to enhance privacy on public blockchains where transactions are otherwise publicly visible, but their application isn't limited to distributed ledger technology – as identified in the Consultation. Through the use of cryptography, ZKP tools can minimise the risk of personal data exposure and maximise data security on centralised applications as well as blockchain technologies. (c) Since the genesis blocks of Bitcoin and Ethereum in 20094 and 20155 , respectively, blockchain technology has not benefited from improvements in encryption in the same way as the internet. The vast majority of transactions (including on Ethereum), albeit pseudo-anonymous, remain fully visible to the public and are not encrypted. Using a pseudo-anonymous “public address” instead of an e-mail address or personal name provides little protection as it is relatively easy to connect public blockchain addresses with real life identities (as firms are already doing). Furthermore, a lack of encryption stops meaningful know-your-customer (“KYC”) checks happening via a blockchain as sensitive KYC data cannot be broadcast to a public ledger for many reasons (including, for example, data protection legislation like the UK GDPR). Encryption solves this. It 3 Note: 1 January 1983 being considered by most as the “birth date” of the internet when the Internet Protocol Suite (TCP/IP) was permanently activated. See https://www.usg.edu/galileo/skills/unit07/internet07_02.phtml#:~:text=January%201%2C%201983%20i s%20considered,Protocol%20(TCP%2FIP). 4 Note: https://www.blockchain.com/explorer/blocks/btc/0. 5 Note: https://etherscan.io/block/0.
  • 3. EU-DOCS43801795.10 allows users to tie their identity to blockchain accounts and have a trustless blockchain administer KYC checks based on the programmed smart contract logic of an application running on top. (d) We believe that encrypted blockchain transactions will drive innovation in the same way advancements in internet encryption protocols revolutionised internet use cases. 3.2 The Internet and Encryption (a) In 1991, the Pretty Good Privacy (“PGP”) encryption protocol, developed by Phil Zimmermann, allowed individuals and businesses to send secure messages through email, fostering collaboration and real-time communication with intended recipients only. Following this, the global system for mobile communication (“GSM”) encryption enabled encrypted phone calls and texts, making information readily accessible while maintaining privacy. Business and the economy could thrive; information was at our fingertips. (b) In 1995, Netscape introduced the Secure Sockets Layer encryption security protocol (“SSL”). This enabled secure data exchange between users' web browsers and servers, paving the way for social media, allowing users to create online profiles with secure login credentials. Further, it also facilitated online transactions by enabling the encrypted transmission of credit card details, thus giving rise to e-commerce. This was the beginning of e-commerce. (c) Recently, new encryption techniques are transforming the internet. Enter ZKPs. 3.3 Zero-Knowledge Proofs (a) ZKPs are cryptographic techniques that allow one party (the prover) to prove to another party (the verifier) that a statement is true, without revealing any additional information beyond the validity of the statement itself. The “statement” will typically include claims about encrypted information. In essence, ZKPs enable the prover to demonstrate knowledge of a secret without actually disclosing the secret. (b) Although this form of encryption has been around for over 30 years6 , recent breakthroughs have made it practical for web-based applications (such as databases) and blockchain validation.7 (c) ZKPs will facilitate a wide range of uses. For example, Aztec, utilising ZKPs, will enable the following use cases / Apps to be built on top of Aztec, including: (i) Encrypted Identity. Secure and privacy-preserving identity management. Users will be able to prove their identity or specific attributes (e.g. age, citizenship, or credit score) without revealing the actual data (passport / ID), minimising the risk of identity theft or unauthorised access to personal information; (ii) Encrypted Voting. Private on-chain democratic voting (currently any voting on blockchains is public, allowing anyone to see who voted for what proposal); and 6 Note: http://people.csail.mit.edu/silvio/Selected%20Scientific%20Papers/Proof%20Systems/The_Knowledge_ Complexity_Of_Interactive_Proof_Systems.pdf. 7 Note: https://ethereum.org/en/zero-knowledge-proofs/.
  • 4. EU-DOCS43801795.10 (iii) Encrypted Transactions. Private on-chain financial instruments / transactions8 (e.g. regulated loan origination, bonds, contracts). Businesses will be able to transact confidentially, on-chain, without revealing sensitive trade secrets, pricing data and other sensitive information, without intermediaries. (d) The integration of ZKPs into digital applications and networks has the potential to unlock a new era of innovation, financial inclusion, and economic growth, in a similar way PGP, GSM and SSL encryption protocols transformed the internet by enabling e- commerce and social media. We believe that ZKPs, as one of the PETs discussed in the Consultation and the Technology Working Paper, are best suited to address the Bank’s needs while unlocking innovation, financial inclusion, and economic growth. 4. THE DIGITAL POUND AND ZERO-KNOWLEDGE PROOFS 4.1 Privacy Enhancing Technologies (a) ZKPs are one of the many available PETs the Bank can utilise as it develops the digital pound infrastructure architecture. Set out below in Table 1 – Comparison of Privacy- Enhancing Technologies; , we provide a high-level comparison of ZKPs and other PETs. While the comparison is meant to serve as a general frame of reference instead of an exhaustive comparison of each PET, we do believe it fairly highlights the strengths of ZKPs over other PETs. 8 Note: Aztec Labs started in 2017 by focusing on building Ethereum rails for syndicated and direct lending assets; we quickly realised this was unachievable without privacy, given most traditional financial transactions are fully private.
  • 5. EU-DOCS43801795.10 TABLE 1 – COMPARISON OF PRIVACY-ENHANCING TECHNOLOGIES9;10 Zero knowledge proofs (ZKP) Pseudonymisation Private information retrieval (PIR) Attribute-based encryption (ABE) Differential privacy Secure multi- party computation (SMPC) Federated learning Homomorphic encryption Trusted execution environment (TEE) Description A cryptographic technique where one party (the prover) can prove to another party (the verifier) that a given statement is without revealing all / any inputs that build up the statement. High level design approach of replacing information that identifies an individual with pseudonyms. A cryptographic technique that enables information retrieval from a server / database without revealing which item is retrieved. A generalisation of encryption schemes where decryption of a ciphertext is only possible if the user key’s attributes match the attributes of the ciphertext (e.g. account ID, email address). A cryptographic technique that shares information about a dataset without revealing information about individuals in the dataset. A cryptographic technique that enables different parties to jointly compute a function over certain inputs while keeping the inputs private. A distributed machine learning approach enabling multiple parties to collaboratively train a model without sharing their data with each other. A cryptographic technique that enables computation over encrypted private data, which decryption returns a result identical to if the computation was performed over plaintext. A secure area of a computation processor that guarantees code and data loaded inside are protected with respect to confidentiality and integrity. Used in production " # First proposed in the 1980s, the technology is securing >$1b of assets on DLTs combined. " # Common way to comply with the GDPR in traditional web development. $ Most PIR protocols are still in research and development. " # First proposed in the 1980s and growingly adopted in businesses. " # Adopted across different companies. " # Applied in different large- scale projects. " # Adopted across different companies. $ Homomorphic encryption schemes are mostly in research and development. " # Adopted across different fields. 9 Note: The actual trade-offs heavily depend on implementations of each PET of choice (e.g. different SMPC implementations can have different scalability and trustlessness trade-offs). The table is intended to serve as a general frame of reference, rather than an exhaustive description of each PET. 10 Note: ZKPs could be combined with one or more PETs to also enable the various benefits of the alternative PETs.
  • 6. EU-DOCS43801795.10 Zero knowledge proofs (ZKP) Pseudonymisation Private information retrieval (PIR) Attribute-based encryption (ABE) Differential privacy Secure multi- party computation (SMPC) Federated learning Homomorphic encryption Trusted execution environment (TEE) Interoperable between existing banking infrastructure and DLTs " # Proofs are easily verifiable both offline and with DLTs. $ Prone to privacy leaks with fully transparent DLTs. $ Applications with DLTs are mostly in research and development. " # Encrypted private data can be stored in both databases and/or on DLTs. $ Applications with DLTs are mostly in research and development. " # Applied across both general computing and DLTs. $ Applications with DLTs are mostly in research and development. $ Applications with DLTs are mostly in research and development. " # Applied across both general computing and DLTs. Privacy- respecting AML compliance " # AML analysis can be programmed into the statement being proved without revealing any information that is desirable to remain private. " # AML analysis can be performed on pseudonymised data. $ AML analysis can’t be performed within PIR itself. It has to be added before or after the retrieval outside PIR if needed. $ AML analysis can only be performed on decrypted data. $ AML analysis would be ineffective, as it can be performed on grouped datasets but not on individuals. " # AML analysis can be confidentially performed on private data. $ AML analysis can be performed, but by the payment service provider with full knowledge of the data that is being analysed. $ Analysis of encrypted private data cannot be performed with the technology, just computation over them. " # AML analysis can be confidentially performed on private data. Computation over private data " # Computation can be performed over private data fed as private inputs to the ZK program. " # Minimal added limitations on computations over data. $ PIR could support computations over data during the data retrieval process, but in an inefficient manner. $ ABE does not support computations over encrypted private data. " # Computation can be performed over differential privacy datasets. " # Computation can be performed over private data. $ Computation is learnt from distributed local data using the technology, but not on those data. " # Computation can be performed over encrypted private data. " # Computation can be performed over private data.
  • 7. EU-DOCS43801795.10 Zero knowledge proofs (ZKP) Pseudonymisation Private information retrieval (PIR) Attribute-based encryption (ABE) Differential privacy Secure multi- party computation (SMPC) Federated learning Homomorphic encryption Trusted execution environment (TEE) Scalable " # Verification effort stays near constant for arbitrarily large computations proved. Simple programs are possible on user devices in seconds. Larger programs proving efforts; distributed and aggregated with recursion. " # Minimal added effects on scalability. " # Overhead scales sub-linearly with the amount of data involved. " # Encryption and decryption overhead is insignificant. " # Mature techniques were developed for application over large datasets. " # Computation and communication complexity can scale sub-linearly with the right designs. " # Various large- scale systems based on the technology are in production. " # Large computation overhead. These computations can be outsourced to data centres without compromising data privacy, but with a cost. " # Computation overhead is insignificant. Trustless / ensures data protection " # Implementations are cryptographically secured and should be open sourced. $ Privacy integrity largely depends on whether the service provider is managing data storage and transit correctly. " # Implementations are cryptographically secured and should be open sourced. " # Implementations are cryptographically secured and should be open sourced. " # Implementations are cryptographically secured and should be open sourced. $ Privacy integrity depends on the number of colluding parties not exceeding a certain threshold. $ Local federated learning nodes (e.g. payment service providers) are trusted to respect and upkeep its users’ privacy. " # Implementations are cryptographically secured and should be open sourced. $ Chip manufacturers are trusted to construct their TEEs as safe from privacy- exposing loopholes, backdoors, and attacks. A # of vulnerabilities of TEEs already disclosed to date.
  • 8. EU-DOCS43801795.10 (b) As shown in Table 1 – Comparison of Privacy-Enhancing Technologies; above, ZKPs offer significant advantages over other PETs in particular as to their: (i) use in production (and not just largely at theoretical R&D stage such as homomorphic encryption); (ii) use for compliance purposes; (iii) interoperability between existing banking infrastructure and distributed ledger technology; and (iv) trustless-ness and ability to ensure data protection, as implementations are cryptographically secured. As ZKPs can offer significant advantages, it is important to understand the available ZKP tooling that the Bank could utilise in the digital pound infrastructure. 4.2 ZKP Tooling (a) ZKP tooling is required to enable the practical use of ZKPs in the digital pound, both by the Bank and by private sector Payment Interface Providers (“PIPs”). There are several ZKP tools available that the Bank can utilise as it develops the digital pound infrastructure architecture and by PIPs, to grow and innovate on the digital pound infrastructure system. Set out in Table 2 – Comparison of ZKP Tooling below, we provide a high-level comparison of available ZKP tooling that we think the Bank should consider, illustrating the comparative strength of our ZKP tooling, Noir.
  • 9. EU-DOCS43801795.10 TABLE 2 – COMPARISON OF ZKP TOOLING Noir Circom ZoKrates Halo2 Leo Description Noir is an open-source, Rust-based programming language that facilitates the safe and seamless construction of privacy- preserving zero-knowledge programs. Circom is a novel domain- specific language for defining arithmetic circuits that can be used to generate zero-knowledge proofs. ZoKrates is a toolbox for zkSNARKs on Ethereum, which enables the use of verifiable computation in decentralised applications, facilitating the specification of a program in a high-level language and generating proofs of computation to verify proofs in Solidity. Halo2 is a proving system packaged as a Rust crate for constructing, proving and verifying zkSNARKs in Rust. Leo is a functional, statically typed programming language built for writing private applications. Leo is a high- level programming language that compiles down to low-level Aleo Instructions. Offline / Decentralised Ledger Technology (DLT) Interoperability " # Proofs constructed are verifiable: • locally on other machines; and/or • in any Ethereum Virtual Machine (EVM) " # Proofs constructed are verifiable: • locally on other machines; and/or • in any EVM. " # Proofs constructed are verifiable: • locally on other machines; and/or • in any EVM. " #* Proofs constructed are verifiable: • locally on other machines; and/or • in any EVM.* * Certain forked versions of Halo2. $ Proofs constructed are verifiable and only verifiable on the Aleo blockchain. Simple syntax " # Rust-like syntax, similar to writing general computer programs. $ Syntaxes are designed to define arithmetic circuits, like writing logical representations of electronic circuits. " # Python-like syntax, similar to writing general computer programs. $ Functions have to be explicitly called through libraries. " # Functional and statically typed, similar to writing general computer programs.
  • 10. EU-DOCS43801795.10 Noir Circom ZoKrates Halo2 Leo Upgradable proving system ● Switching ● Integrating ● Customisable " # Proving systems are dynamically switchable. Integration with new proving systems is straightforward, as the language compiles down to a standardised intermediate representation for proving systems to integrate with. Integration with new proving systems is also highly customisable and performant, as black box functions that directly utilise native implementations of functions from the proving system are supported. $ Proving systems are dynamically switchable. But integration with new proving systems can be complicated, as there is no standardised intermediate interface. $ Proving systems are dynamically switchable. Integration with new proving systems is straightforward, as the language compiles down to a standardised intermediate representation for proving systems to integrate with. Integration is however less customisable and performant, as every instruction has to go through the intermediate representation layer. $ Proving system is not switchable. The Rust crate Halo2 is a packaged version of the Halo2 proving system itself. $ Proving system is not switchable. Made in England " # Born and bred. $ $ $ $
  • 11. EU-DOCS43801795.10 (b) Our ZKP tool, Noir, is an open-source programming language which we believe is transformational for ZKP development due to the combination of its technological capabilities and usability. By abstracting away underlying cryptographic complexity while retaining all the power and flexibility of other circuit-building languages, Noir allows any developer, and not just those with cryptography knowledge, to focus solely on the design of the logic behind ZKP applications during construction. (c) Ensuring ease of access is fundamental for mobilising the widespread adoption and use of ZKPs, empowering those who do so to access the benefits associated with these technologies. Noir’s intuitiveness is made possible by the improvements it offers over alternative circuit writing languages, including a package management system that allows dependency management (therefore enabling developers to separate the dependencies of their Noir circuits and the project integrating those circuits) and simpler circuit debugging, as well as its library of widely-used, complex algorithms that grant developers a high level of circuit efficiency while interacting with a simple, easy to use abstraction layer. In particular, Noir allows simple integration with new proving systems as the language compiles down to a standardised intermediate representation for proving systems to integrate with. This means that it is compatible with any SNARK-based proving system according to need.11 Integration with new proving systems is also highly customisable and performant, as black box functions that directly utilise native implementations of functions from the proving system are supported. This allows ZKPs written in Noir to be “future proof”; allowing quick integration with newer cryptographic proving systems12 (as and when they are developed), which will seamlessly unlock: (i) Better Scalability: cryptographic advancements on proving technology, better user experience and lower energy costs; (ii) Increased Security: flexibility to choose more secure implementations of proving technology; and (iii) Lower Maintenance Costs: minimal changes to the ZKP program source code needed to perform a proving system upgrade. (d) In short, Noir allows developers to write code and not circuits. Noir would allow the Bank to achieve its design considerations for the digital pound while enabling PIPs to innovate on the digital pound infrastructure. 4.3 Applicability of ZKPs to the Digital Pound (a) In a privacy preserving payments system, there is an inherent tension between ensuring the adequacy of AML and CTF measures (which require a holistic understanding of 11 Note: ZK-SNARK is an acronym for ‘Zero-Knowledge Succinct Non-Interactive Argument of Knowledge’. Zero-knowledge means that the verifier can validate the integrity of a statement without knowing anything else about it; succinct refers to the fact that the ZKP is smaller than the statement which is input into the protocol (known as a ‘witness’) and can be verified quickly. The proof is ‘non-interactive’ because the prover and verifier only interact once, and ‘argument’ refers to the fact that the proof satisfies the ‘soundness’ requirement, so cheating is impossible without breaking core cryptographic primitives that are widely understood. The ZKP is ‘(of) knowledge’ as it cannot be constructed without access to the witness. Again, without breaking cryptographic primitives it is impossible for a prover who doesn’t have the witness to compute a valid ZKP. Please see https://ethereum.org/en/zero-knowledge- proofs/#verifiable-computation for further detail. Note that Noir can also be integrated with any STARK- based proving systems as well (i.e. not just SNARK). 12 Note: “Proving” is computationally intensive and newer proving systems will improve computational efficiency over time and security as they may operate with different Elliptic curves or hash functions.
  • 12. EU-DOCS43801795.10 transactions occurring within the system) and preventing a central authority such as the Bank from obtaining private data relating to individuals for data privacy reasons. We believe that ZKPs are the solution, which allow the Bank to achieve the dual objectives of strong AML-CTF measures and better privacy-enhancing features. (b) Tools such as Noir that facilitate the practical implementation of ZKPs have transformative potential for the digital pound's design model, in order to advance the Bank and Treasury’s aim of implementing ‘data privacy by design’. ZKPs enable the Bank to build technological requirements into the system which act as a means to perform the full lifecycle of AML and CTF checks, including KYC and transaction monitoring, over the holistic data comprising all transactions within the digital pound, without compromising the privacy of individual customers, providing a level of security and data privacy that supersedes the current proposals. (c) In the current financial system, comprehensive information relating to a customer is only held by their commercial bank or payment services provider, and whilst there are mechanisms for the transfer of this information, this inhibits the degree to which other entities (such as the Bank) can obtain a holistic view. However, and as identified in the Consultation and the Technology Working Paper, rigorous standards of privacy and data protection are fundamental to trust and confidence in the central bank digital currency system, and the suggestion of the Bank or the Government holding large quantities of public data is neither a publicly acceptable proposition, nor in accordance with data minimisation principles. If ZKPs are integrated into the design of the digital pound, the regulatory benefits of a central institution having oversight across the currency are enabled, whilst ensuring privacy and data protection in relation to the underlying data. (d) ZKP tools, including Noir, would enable the Bank to create ZKPs which verify that requirements with respect to the issuance of the digital pound as recorded in its core ledger have been met at the end-user level without the need to rely on information about end-users being provided by PIPs, such as commercial banks and payment service providers, who will act as intermediaries between the Bank and the end-users. Under this proposed model, all that the PIP would need to provide is the resulting proof produced by the ZKP, the parameters and requirements of which would be coded by the Bank, and the Bank, as the verifier, would only need to check if certain properties of the proof hold true to be assured that the underlying statement also holds true. (e) As a practical example, it is possible for the Bank to define a program, written as a ZKP using a tool such as Noir, that checked the following statements are true before a state update to the Bank’s central balance ledger is made: (i) each end consumer who is a party to the transaction is registered with a valid PIP and the transaction comes with a valid proof of the KYC check as produced by the ZKP; (ii) neither party is on a sanctions list defined by the Bank or regulatory body; (iii) the aggregate flow of value between the two parties for a given period is below a limit mandated by the bank for the user's account type; (iv) the total transaction outflow from the sending user for a given period is below a limit mandated by the bank for the user's account type; and (v) any other checks that can be represented as code.
  • 13. EU-DOCS43801795.10 (f) It would take seconds for an end consumer to create the zero-knowledge proof proving the above statements, and such a proof can accompany a transaction and could be verified by the Bank or any PIP’s required in milliseconds before any state updates are made. (g) Not only does this remove the need for the Bank to have visibility of the underlying data, even on an anonymised basis (as the proof itself would verify the individual's eligibility), but the introduction of technological means to ensure these requirements are met mitigates the risk to which the Bank may be exposed were it otherwise to wholly rely on whether PIPs have effectively complied with regulatory obligations, and facilitates greater oversight of the operation of the digital pound as a whole. (h) It is important to note that the use of ZKPs does not mean that the digital pound will be anonymous, as regulatory oversight of and access to the personal data held by PIPs in limited circumstances will still be possible, as required by law. (i) ZKPs can interoperate with existing payment infrastructures as well as decentralised designs based on distributed ledger technology, ensuring compatibility with legacy systems and future proofing for interoperability with emerging systems, including blockchain based designs. This is particularly important given the benefits of deploying the digital pound on the Ethereum blockchain, as discussed in our responses below. AML and CTF requirements (j) An example of the integration of ZKPs with the digital pound is the capabilities these tools enable to define the specific AML and CTF checks, such as KYC and transaction monitoring, which are required for the use of the digital pound which can then be verified by intermediaries, namely the PIPs who facilitate the transaction with the end- user. (k) Under this model, all that would need to be shared with the Bank and other ecosystem participants is the resulting proof produced guaranteeing that the requirements have been met. This enables the Bank to verify that certain KYC steps have been undertaken by the intermediaries without the need for users to disclose their identity directly to the Bank, thereby preserving privacy and ensuring data protection. ZKPs also enable the Bank to rely on the efficacy of the technology, rather than the implementation of the PIP’s AML and CTF checks. Were this to be implemented, we believe that the Consultation’s objective of ensuring that the digital pound has the same level of privacy as current forms of digital money would not just be met but would be exceeded, as only the proof would need to be shared with the Bank, rather than any form of data. This is illustrated in the following graphic. (l) Please see below a table showcasing the various AML, CTF, KYC, and other laws/regulations which are or may be required for the digital pound. Set out next to these laws/regulations, we provide certain high-level examples of how ZKP solutions could address these laws, while retaining privacy for the user:
  • 14. EU-DOCS43801795.10 Existing Laws and Regulations Description of Law / Rule Example ZKP Solution(s) Customer Due Diligence (“CDD”) PIPs will be obliged to comply with CDD requirements under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017/692 (“MLRs”) in order to identify the user and verify their identity. This includes undertaking an assessment of the purpose and nature of the business relationship or occasional transaction and obtaining further information on this where appropriate. CDD must be carried out where a PIP 'establishes a business relationship', meaning a relationship between a PIP and a user which is expected to have an element of duration. It is also required where occasional transactions are carried out that exceed €1,000, where money laundering or terrorist financing are suspected, or if there are any doubts as to the veracity or adequacy of any documents or information provided for identification or verification. The MLRs permit simplified customer due diligence, following a risk assessment, and require enhanced due diligence in specified circumstances, as set out below. To perform an occasional transaction above €1,000 or to access certain PIP wallet functions, a user, using the digital pound ZKP supported infrastructure, would have to prove to their PIP in zero knowledge13 that they have all requisite documentation in order to meet CDD identification and verification requirements. As noted in the Consultation, ZKPs can be used by a PIP to attest to completion of CDD checks, as the PIP would then only have to disclose the resultant proof to the Bank, which would confirm that these obligations have been complied with, rather than sharing any form of the underlying data (including anonymised data). Enhanced Due Diligence (“EDD”) EDD refers to further due diligence measures which are necessitated by specified high-risk circumstances set out under the MLRs. The triggers for EDD include where a higher risk of money laundering or terrorist financing is identified, where a business relationship is established with a person in a high-risk third country, or where the customer, their family member or known close associate is a politically exposed person, amongst others. If triggered, examples of additional due diligence obligations include the requirement to obtain additional information on the customer, their beneficial owner and their source of wealth and funds. The digital pound system could be designed to ensure that users comply with EDD as and when necessary. For example, if a user sends a transaction to a person in a country pre-identified in the digital pound infrastructure as ‘high-risk’, the user, using the digital bank ZKP supported infrastructure would have to prove in zero knowledge that they have all additional required documents and information that meet the EDD requirements. As with CDD, the resultant proof confirming that compliance with EDD obligations has been met is all that would need to be provided to the Bank, rather than the underlying data itself. 13 Note: The way a user (the prover) accomplishes this is by first encoding the statement to be proved as a series of polynomials (the sum of a series of algebraic terms) that are identically zero if and only if the statement is true. This encoding – often called the “arithmetization” of the statement – is the step that makes zero-knowledge proofs possible. The user (the prover) then convinces the PIP (the verifier) that the polynomials are indeed identically zero. See above graphic in 4.3(k)).
  • 15. EU-DOCS43801795.10 Existing Laws and Regulations Description of Law / Rule Example ZKP Solution(s) The use of ZKPs in this context would also present the opportunity for the Bank to prescribe specific additional CDD checks which users of the digital pound must meet or which PIPs must satisfy in certain circumstances that the Bank deems to present a higher risk of money laundering, as this can be programmed directly into the statement to be proved. Ongoing Transaction Monitoring Ongoing transaction monitoring is a separate, but related obligation from the requirement to apply CDD and EDD measures. PIPs will be required to conduct ongoing monitoring of the business relationship (including scrutinising transactions) throughout the course of the relationship, in order to ensure the continued legality of the relationship and assist law enforcement if required. The information that should be monitored and the frequency of the review will be ascertained in accordance with the determination of money laundering and terrorist financing risk and, in circumstances where EDD is required, firms will also need to conduct enhanced monitoring of the business relationship. The digital pound system could be designed to require certain additional checks to be performed if specific objective criteria are met. Those criteria could, for example, be that an account has made numerous and consecutive under-threshold payments (with respect to the threshold for occasional transactions), or received multiple refunds or a single substantial refund, requiring higher levels of disclosure from the user. In these circumstances, access to the digital pound or the account might be suspended until the PIP provides proof of further checks to the Bank by way of a specific ZKP proved by the user, such as proving in zero knowledge that multiple refunds to an account were in relation to legitimate transactions. A ZKP could be coded in relation to each trigger which requires proof of appropriate additional checks by the PIP, which may include CDD or other objective checks relating to the nature of the transaction. Suspicious Activity Reporting Suspicious activity reports must be made by a PIP’s nominated officer regarding information where they know or suspect (or have reasonable grounds for the same), that a person is engaging in, or attempting to engage in money laundering or terrorist financing. Members of staff must report the grounds for their knowledge or suspicion that a person or customer is engaging in, or attempting to engage in, money laundering or terrorist financing, and the nominated officer must consider each report and determine whether it gives grounds for knowledge or suspicion. As above, using ZKPs the digital pound infrastructure could be coded such that where certain objective criteria are met in relation to activity to or from an account, the infrastructure could require a PIP to either prove in zero knowledge that a check has been performed which indicates that a transaction isn’t suspicious, or
  • 16. EU-DOCS43801795.10 Existing Laws and Regulations Description of Law / Rule Example ZKP Solution(s) that they have submitted a report to the relevant authority in relation to the transaction. The use of ZKPs in the digital pound infrastructure could require the user to prove the legitimacy of the transaction in zero knowledge, as required by the varying parameters which indicate that a transaction is suspicious. Sanctions Screening In order to ensure compliance with applicable sanctions regimes, PIPs will need to screen customers against lists of sanctioned individuals prior to providing services, and potentially thereafter. It is a criminal offence to make payments, or to allow payments to be made to sanctions targets, and as such, PIPs will need to have appropriate prevention and detection procedures in place. The digital pound system could be designed to provide automatic sanctions screening based on applicable SDN or other sanctions lists. For example, if a user is depositing into a PIP wallet, the user, using the digital pound ZKP supported infrastructure, would have to prove in zero knowledge that the funds were not deposited in violation of applicable sanctions regimes, with the resultant proof being shared with the Bank to verify compliance without revealing the user’s identity.
  • 17. EU-DOCS43801795.10 Tiered Access (m) A further example of the use of ZKPs within the digital pound's design is its ability to enable the Consultation’s stated aim of tiered access, thereby facilitating financial inclusion. (n) The Consultation envisages that tiered access would allow for different levels of user access and functionality based on the amount of identification (“ID”) a user is willing or able to provide. The stronger ID information a user provides, the more types and higher values of payments they would be able to undertake. For example, users might be able to open a basic digital pound wallet with limited ID, which would allow for limited functionality, low-value payments. For more advanced and higher value services, users would provide more or stronger forms of ID. This tiered approach would link the strength of a user’s proof of identity to the transaction amounts and types permitted in their digital pound wallet. (o) ZKPs could be used to determine the level of ID that a user provides and ascertain the features of the account, and value of payments that a user is therefore entitled to. For example, to access certain PIP wallet functions, a user, using the digital pound ZKP supported infrastructure would have to prove in zero knowledge that they have all requisite ID documents required to access further tiers. The efficacy of data protection and privacy by design that ZKPs enable is essential in order to support uptake of the digital pound. 5. SUMMARY OF RESPONSES 5.1 Against this backdrop, we have provided responses to the Consultation and Technology Working Paper in Schedules 1 and 2 which are summarised as follows: (a) the use of ZKP tooling-products as PETs; (b) how these tools could be used to ensure AML, CTF, KYC, and transaction monitoring requirements in relation to the digital pound are guaranteed; (c) the practical integration of such tools into the design for the digital pound and their role in the interplay between PIPs and the Bank; and (d) suggestions as to how ZKPs could play a role in facilitating the deployment of the digital pound on the Ethereum blockchain, and the advantages of this approach.
  • 18. EU-DOCS43801795.10 SCHEDULE 1 – Responses to the Consultation Consultation Questions Aztec Labs Responses 3 Do you agree that the Bank should not have access to users’ personal data, but instead see anonymised transaction data and aggregated system-wide data for the running of the core ledger? What views do you have on a privacy- enhancing digital pound? ● We agree that the Bank should not have access to users’ personal data, and suggest that instead of anonymised transaction data, ZKP tools are implemented into the design of the digital pound. As set out in Table 1 – Comparison of Privacy-Enhancing Technologies; , and discussed more fully in paragraph 4.3(l), the PIP will only need to share the proof confirming that AML, CTF, KYC and transaction monitoring requirements have been met with the Bank. ● Currently, digital transactions like debit card purchases or bank transfers generate personal data in relation to location, time and date, method of payment and transaction value. In its current technological form, such data is not entirely secure and, therefore, any leaks could lead to a breach of UK data protection laws. ● Accordingly, we believe that not only should the digital pound have the same level of privacy as a bank account, and allow users to make choices about data use, but it should in fact have much more robust levels of privacy embedded in it, to become truly privacy enhancing, given that existing technologies such as ZKPs facilitate this securing of information while enabling generic visibility of data required in order to enable holistic oversight of systemic risks and to effectively counter money-laundering and terrorist- financing. For an analysis of the relative strengths of the ZKP tools available to implement this functionality, and in particular the capabilities of our product Noir, please see Table 2 – Comparison of ZKP Tooling. 4 What are your views on the provision and utility of tiered access to the digital pound that is linked to user identity information? ● Please see our comments in the main body of this response at paragraph 4.3(m), which indicate that we agree with the utility of tiered access to the digital pound as linked to user identity information, provided that ZKPs are used for such tiered access, as the PET which ensures that the highest standards of data privacy are incorporated in the design of the digital pound. Table 1 – Comparison of Privacy-Enhancing Technologies; illustrates the features of ZKPs which ensure an advantage in enhancing privacy over alternative PETs, particularly their use for compliance purposes, trustless-ness and ability to ensure data protection. ● ZKP tools offer the functionalities to be coded such that they ascertain the level of ID provided by the user, and permit access in accordance with the pre-determined tiers that
  • 19. EU-DOCS43801795.10 are coded into the system, allowing lower values of digital pounds to be spent with lower data collection requirements. ● In the current financial system, different thresholds are relevant as to when AML requirements such as CDD apply to transactions, and we don’t think this should be different from the digital pound. We note that the Consultation suggests that as the digital pound would have lower frictions than physical cash (the physical nature of which makes it harder to make large payments, or store large quantities), the anonymity permitted for smaller cash payments isn’t appropriate. ZKPs offer the possibility to introduce the requisite checks to hinder financial crime (e.g. to ensure users are not in a sanctioned country, on a sanctions list or subject to money-laundering offences, and that the transaction doesn’t trigger high-risk factors) whilst still preserving the user’s anonymity, and therefore justify reconsidering this proposed limitation. ● As set out in the table at paragraph 4.3(l) above, ZKP tools facilitate transaction monitoring, meaning they could be designed to automatically flag specific triggers, such as numerous and consecutive payments under the applicable threshold that are being sent to a single user, and require appropriate objective checks relating to the nature of that transaction. 5 What views do you have on the embedding of privacy-enhancing techniques to give users more control of the level of privacy that they can ascribe to their personal transactions data? ● Given our agreement with the Consultation’s recognition of privacy as a critical consideration for the success of the digital pound, we support the embedding of privacy- enhancing techniques, as further outlined in the Technology Working Paper, which give users more control over the level of privacy that they can ascribe to their personal transactions data. ● It is particularly encouraging to note the recognition of ZKPs as a proposed PET. We believe that ZKPs offer a unique opportunity for the digital pound as the PET which achieves the Bank’s policy objectives and protects privacy most effectively, as shown in the features of ZKPs set out in Table 1 – Comparison of Privacy-Enhancing Technologies; . The capabilities of ZKPs, as implemented through ZKP tooling products are outlined in further detail in the table at paragraph 4.3(l), demonstrating how regulatory compliance and privacy can both be ensured. ● This solution provides a significant benefit for end-users and the Bank. Whilst the anonymised data which is proposed to be provided to the Bank under the current model is not personal data, where only PIPs receive the requisite data, and then provide the
  • 20. EU-DOCS43801795.10 proof produced by the ZKP tool to the Bank, this nevertheless mitigates the risk of inadvertent access to, or interpretation of the underlying data. Further, the Bank is able to act in reliance on the ZKP tools, and the proofs they produce (with the opportunity for the Bank to define specific additional checks to be met), rather than having to defer to the efficacy of the PIP’s AML, CTF, KYC, and transaction monitoring checks. This offers the opportunity to enhance security, without compromising privacy. ● Privacy is still possible even where the digital pound is deployed on a public blockchain network such as Ethereum (the benefits of which are discussed in further detail below). The technological breakthroughs utilising ZKPs which allow encryption on blockchain networks, such as those developed by Aztec to facilitate encrypted identity and transactions, mean that users can prove their identity without revealing the actual data on the blockchain network, limiting any risk of unauthorised access to this information. 11 Which design choices should we consider in order to support financial inclusion? ● The issuance of at least part of the digital pound supply on the Ethereum blockchain would have a transformative impact on the overall development of the digital pound. Doing so would open-up the use of the digital pound to anyone with internet access. When considered in tandem with the tiered access envisaged by the Consultation, this offers a further route for those with limited ID documents or means to access PIPs to access the digital pound. ● Further, deployment on the Ethereum blockchain, as an open-sourced network will spur private sector innovation due to the transparency enabled, leading to improvements in the digital pound’s design, and supporting job creation as developments proliferate. Such a digital pound could supplant U.S. dollar stablecoins such as USDC and USDT as the default fiat currency on the Ethereum blockchain, which would lead to significant benefits to the U.K. economy as the industry grows and matures, elevating the role and significance of the pound in a global digital economy.14 14 Note: On Tue 6 June 2023, United States Securities and Exchange Commission (“SEC”) Chair Gary Gensler noted that “We already have digital currency. It’s called the U.S. dollar. It’s called the euro or it’s called the yen; they’re all digital right now.” (See: https://www.cnbc.com/2023/06/06/sec-chair-gensler-doubts-the-need- for-more-digital-currency.html). While these remarks were made in the context of certain SEC complaints, SEC’s omission of the pound from this list is telling and may imply a major U.S. governmental institution such as the SEC does not view the pound as digitally relevant in comparison to the dollar, the euro and the yen.
  • 21. EU-DOCS43801795.10 SCHEDULE 2 – Response to the Technology Working Paper Technology Working Paper Question Aztec Labs Responses 2 Which privacy-enhancing technologies, or other privacy mechanisms, might support the proposed policy objectives, and how might they be used? ● ZKPs, as a highly effective PET, support the privacy objectives for the digital pound set out in the Consultation. Not only do they ensure that neither the Government nor the Bank would have access to digital pound users’ personal data, but they provide an enhanced level of privacy that is more effective than the current proposal to only provide anonymous data to the Bank for the purposes of it running the core ledger, as only the proof itself will need to be provided in order to demonstrate that regulatory requirements have been met; ZKPs also present an advantage over alternate PETs suggested in the Technology Working Paper, as compared in Table 1 – Comparison of Privacy-Enhancing Technologies; , due to their widespread use in production, ability to ensure privacy- respecting AML compliance and trustless-ness. ● The use of ZKPs does not inhibit the identification and verification of users to prevent financial crime, as this information will still be provided to produce the proof, meaning the digital pound should not be construed as anonymous. However, please note our comments in relation to a threshold below which we believe ZKPs can facilitate cash- analogous anonymous transactions. ● We have set out the ability of ZKPs to navigate varying levels of ID, and to vary the features of a user’s digital pound account, and the value of payments in section 4.3 above. ● Designing ZKPs into the digital pound infrastructure and making it composable in this regard (which is enabled by the customisable nature of Noir, discussed further in Table 2 – Comparison of ZKP Tooling) has the potential to enable additional services and benefits for customers, as the resultant proofs enable a holistic view of the data whilst ensuring the user’s privacy.