Digital Euro Association Blog

A successful implementation of a Digital Euro depends on solving the “CBDC Design Trilemma”

Blockchain can be defined as a system that sometimes sacrifices performance for the sake of increased security and decentralisation (Nakamoto, 2008). To become a useful retail CBDC, any chosen digital euro implementation should perform as fast as other competing payment systems such as credit cards. Also, if a CBDC is to compete with cryptocurrencies as the cross-border payment mechanism of choice, it is probably desirable for the CBDC to out-perform most cryptocurrencies (Krishnamachari, et al., 2020). To achieve this goal, we need to solve the “Blockchain Trilemma”. This is a term used to describe the challenge of increasing performance, security, and decentralisation at the same time. Current enterprise blockchains are not truly decentralised (Krishnamachari, et al., 2020). They may be structurally decentralised, but are operationally centralised. By reversing this, having structurally centralised, but operationally decentralised architecture (Yun, 2020a), a digital euro can achieve a high-performance blockchain.

A digital euro or any blockchain-based CBDC should not only solve the blockchain trilemma, but also the CBDC design trilemma, which notes that identity, privacy, and programmability (Martinez et al., 2020a) cannot be easily enhanced at the same time. A digital euro cannot ignore privacy for the sake of achieving legal compliance and implementing programmable money.

From an expertise point of view, the answer to this trilemma is the use of a decentralized identity system such as self-sovereign identity (SSID) to find the perfect equilibrium (see Medvinsky & Neuman, 2002 for the CBDC design trilemma. Self-sovereign identity is very popular for its advanced privacy protection. By having an SSID-based blockchain system, a digital euro can incorporate both privacy and transparency into the blockchain-based CBDC system. Additionally, a use of zero-knowledge encryption to protect the transaction privacy of blockchain data is highly recommended for any future digital euro implementation.

1. Privacy
From a functional perspective, a digital euro will not have the same features and characteristics as physical cash today. Going digital has both advantages and disadvantages (Chen and Micali, 2017). One major benefit of having a digital euro is the possibility of using the internet to send and receive money. This is not possible with physical cash. However, this additional benefit has potential side effects too. If we make the future digital euro fully anonymous, we may end up expanding the underground economy, allowing money laundering (ML), financing of terrorism (FT) and illegal trading on a global scale. While it is technically possible to design fully-anonymous cash similar to cryptocurrency, this is not advisable (Eyal et al., 2016). We have a legal imperative to satisfy the regulatory framework of the financial system, especially the FATF travel rules and other AML and CFT regulations (Krishnamachari, et al., 2020). Therefore, we need to devise a solution that balances between privacy and AML/CFT obligations.

When it comes to CBDC, privacy is a fundamental consideration and design choice. The Swedish Riksbank’s e-Krona pilots provide an example of CBDCs experiments that have focused on exploring the extent to which privacy (referred to as banking secrecy) and personal data issues can be addressed. The information contained in an e-krona transaction about parties other than the customers and participants involved in the transaction, must therefore be protected in such a way as to uphold banking secrecy and to avoid revealing personal data (Riksbank, 2021). The ECB has also listed privacy as a high design priority, and any eventual issuance of a digital euro will need to be fully compliant with the EU General Data Protection Regulation (GDPR) (Eurogroup, 2022).

Many banks and financial institutions still use a centralized public key infrastructure (PKI) system, which can lead to security issues since, for example, a single point of failure is inherent in such systems. A digital euro deployment might seek to address these issues through incorporation of a decentralized public key infrastructure (DPKI) and identity blockchain in the system design. (Martinez et al., 2020a).

Technically, the ideal equilibrium in designing the privacy aspect of the digital euro would be to retain the ability to trace the sender and receiver without revealing the user’s private information (Adleman & Schmidt, 2018). In practice, this would enable most transactions to be encrypted and anonymous (Medvinsky & Neuman, 20023). However, when there is a need to identify a user, this could be achieved with a supplementation of ‘off-chain’ information from a legal authority (Medvinsky & Neuman, 2002, p. 17). For example, a hacker could be identified and traced through acquisition of information from the issuer of the original certificate for that particular user. In summary, no personal information can be retrieved from the blockchain but with the aid of side-chain data, we can identify the users of the digital cash. This kind of separation of the network enables a good balance of achieving the right level of privacy while preventing any kind of illegal activities.

2. Identity
Blockchains were originally designed with the concept of anonymity in mind. As such, adding identity to the existing blockchain system is an ad-hoc system at best. A major concern is that this type of ad-hoc system is not mathematically nor cryptographically secure. In other words, it is not recommended that an ad-hoc system for CBDC implementation be used because it is easily hackable.

To overcome this challenge, if a digital euro infrastructure is to be built on DLT or blockchain technology, then the architects should reconsider the original blockchain system design and completely redesign it from the identity point of view rather than anonymity (Martinez et al., 2020b).

However, just having an identity-based blockchain is not sufficient. We need to solve the oracle problem, i.e. current blockchains are not capable of pulling in data from or pushing data out to any external system as built-in functionality. Smart contracts need to connect to real data from the outside world to realize most of their potential use cases (Martinez et al., 2020b, p. 24). The way we connect that digital identity to the real people’s identity would be through a public decentralized identity Digital Identity (DID) or system. Financial institutions can also have a public identity DID and be able to register a public signature and easily perform financial transactions on the blockchain.

3. Programmability
Blockchain promises the possibility of programmable money. A digital euro can use smart contracts to implement programmability. However, one critical problem in the current smart contract design is that it runs on the network in a very centralized manner (Yun, 2015). Therefore, if we are to apply smart contracts to a user’s private information, we need to collect and transfer the data to the blockchain. 

A digital euro needs to decentralize smart contract operations to prevent the collection of user private information. From a technological point of view, the ideal solution is to use smart contracts that can run the transactions on the edge of the blockchain, which means the user’s device such as a smartphone, and can apply the user information on the edge (Yun, 2020b). Therefore, there will be no need to gather all user’s information on the blockchain. This is a great improvement in the design of blockchain and smart contract structure.


  • Adleman, L. and R. Schmidt (2018). Designing Money [Extended Abstract]. In aurum-digital-currency/.
  • Chen, J. and S. Micali (2017). Algorand: A secure and efficient distributed ledger. In arXiv report abs/1607.01341.
  • Eurogroup (2022). The euro as a digital currency – state of play. Eurogroup, European Central Bank, Frankfurt, Germany.
  • Eyal, I., A. Gencer, E. Sirer, and R.van Renesse (2016). Bitcoin-NG: A Scalable Blockchain Protocol. In Proceedings of the 13th USENIX Symposium on Networked Systems Design and Implementation.
  • Krishnamachari, B., Kiamari, M., Naveed, M., and Yun, S., “Blizzard: Distributed Consensus for Mobile Devices using Online Brokers”, In IEEE International Conference on Blockchain and Cryptocurrency, 2020
  • Martinez, M. et al. (2020a). Mobile Encounter-based Social Sybil Control. In The Seventh International Conference on Software Defined Systems (SDS-2020).
  • Martinez, M. et al. (2020b). Mitigating Mobile Device-based Sybil Attacks using Supervised Machine Learning and Generative Adversarial Networks. In IEEE Conference on Computer Communications.
  • Medvinsky, Gennady, Neuman, B.C.,NetCash: A design for practical electronic currency on the Internet,The Journal of Electronic Publishing 2002
  • Riksbank (2021). Report e-Krona Pilot- Phase One. The Swedish Riksbank, Stockholm, Sweden.
  • Yun, S. (2015). Secure Chat Method using Distributed Key Exchange Protocol and Self-Defense Security. KR10-1596479, PCT/KR/2016/000887.
  • Yun, S. (2020a). Blockchain System that includes Bank Nodes each having separate Ledgers for Identity, Digital Currency, and other functions, and operation method thereof. KR10-2020-0110742.

This article was prepared by the author. The views expressed in this article are the author’s own and do not necessarily reflect the views of the Digital Euro Association.


No Comments Yet

Let us know what you think