Decentralized Liquidity Savings Mechanisms with Privacy-Preserving Cryptography
In the context of the wCBDC discussion, there is a lot of focus on the standard lifecycle of the CBDC from issuance through to redemption but not as much consideration of the possible liquidity implications.
One of the most powerful concepts in financial markets is the concept of the Liquidity Savings Mechanism (LSM). The Bank of England describes
In essence, rather than settle all transactions between themselves on a gross basis, banks can use an LSM to match and offset payments (thus mitigating the need for any actual transfer of funds). This allows financial institutions to deploy funds elsewhere and, by doing so, create economic benefits and address risk. Even small increases in LSM efficiency can lead to significant benefits hence this remains an area of important research and innovation. For example, some fascinating work with Payments Canada explored even applications of quantum computing-based algorithms to liquidity optimisation (which they estimated could deliver approximately $240m of daily liquidity saving).
There are many examples but, to give a sense for the scale of the benefit, CHIPS settle approximately $2 trillion in payments every day however the participants only fund the system with 1/30th of this amount. In other words, for every $1 that a participant institution places in the network, they are able to settle nearly $30 in value in seconds.
The economic benefits of this should be clear, particularly in an environment, such as today, where interest rates are rising but also the use of LSMs removes risks by enabling more settlements to occur with finality earlier in the day than might be the case if everything was settled gross.
In a conventional payments platform, there is a central authority such as a clearing house that is managing the offsetting and settlement process. However, if we envision a more decenteralised model based around wCBDCs, then it raises a question of what will be the wCBDC-equivalent of an LSM since, as it stands, wCBDCs are pre-funded and gross settle which is likely to have a significant and material negative impact on bank liquidity.
There is, of course, one possible scenario where the existing LSMs remain but, for settlement, they trigger the transfer of a wCBDC post-netting but this would perhaps weaken the argument of a wCBDC as an instrument of atomic DvP settlement and would also limit the resiliency benefits of a decenteralised system (which is one of the oft cited arguments for a wCBDC versus a centralised Real Time Gross Settlement system).
Whilst there was some early consideration of Distributed Ledger-based multilateral offsetting algorithms in which the offsetting is orchestrated programmatically by smart contracts, the immediate challenge is counter-party privacy. Not all banks should see all the individual transactions, particularly transactions for which they are not counter-parties.
However, there is a field of cryptography focused on zero-knowledge that could enable the development of decenteralised, privacy-preserving LSM.
Consider a simplified example where there are three banks A, B, and C. Bank A owes B $10, B owes C $10 and C owes A $3.
- Compute Net Amounts: Each institution computes the net amounts owed to each of the counterparties.A owes B $10, and C owes A $3, so the net amount A owes is $10 - $3 = $7.B owes C $10, and A owes B $10, so the net amount that B owes is $10 - $10 = $0 (B does not owe any money, and is not owed any money).C owes A $3, and B owes C $10, so the net amount that C owes is $3 - $10 = -$7 (i.e. C is owed $7).
- Create Pedersen Commitments: Each bank creates Pedersen Commitments for each of the amounts owed. This cryptographic algorithm allows a party to commit to a certain value without revealing it to others but enabling it to be revealed later.
- Create zkSNARKs and Range Proofs: Each institution then creates zkSNARKs and Range Proofs, which together prove they know the net amount in the commitment and the blinding factor used to create that commitment (without revealing it), and that the net amount lies within some valid range (proven by the range proof).
- Share Commitments and zkSNARKs: Participants then share their commitments and zkSNARKs with their counter-party participants. Any observer, such as the network organiser or Central Bank, can validate without any information being disclosed.
- Verify zkSNARKs: The participants then verify the zkSNARKs of the other participants.
- Open Commitments: Once all the proofs have been validated, the banks open their commitments to reveal the net amounts and the blinding factors.
- Adjust Balances: The participants then adjust their balances based on the net amounts revealed. If these represent the payment legs of DvP transactions, then the movement of the assets would occur atomically at this point.
- Create and Share New zkSNARKs: Finally, participants create and share new zkSNARKs that prove their updated balances are correct, without revealing the actual amounts.
- Gross settlement. Finally, gross settlement would occur for the amounts owed, after the multilateral offsetting occurs. This could happen using a wCBDC or via the traditional payments infrastructure. In the example above, after multilateral offsetting, A would have to pay $7 to C (even though they didn't have an obligation to begin with).
In short, it is like that decenteralised multilateral offsetting algorithms can be implemented in privacy-preserving ways (albeit with some computational overhead). As Central Banks continue to explore how central bank money can be reimagined (or not) as a wCBDC, it is also important to explore how technological advances might enable new approaches to liquidity saving; taking advantages of some of the ongoing advances in the field of zero knowledge proofs and secure multiparty computation to do so in privacy-preserving ways
Anthony Butler Newsletter
Join the newsletter to receive the latest updates in your inbox.