As the pilot for Drex, Brazil’s forthcoming central bank digital currency (CBDC), moves into its second phase, the country’s central bank has said that ensuring user privacy remains its biggest challenge.
This week, the Central Bank of Brazil (BCB) published a new report that wraps up phase one of the Drex pilot and initiates phase two.
Having been testing Drex since 2023, the BCB struck a cautious tone on the overall development of the CBDC, noting that it will require “major adaptation” before it is ready for launch.
In particular, the BCB spoke of a “trilemma” it has faced in its attempts to ensure that Drex, and the distributed ledger technology (DLT) it runs on, can ensure oversight, programmability and user privacy.
The DLT platform selected for the Drex pilot is the Ethereum Hyperledger Besu. It is a permissioned network that allows for a degree of privacy and for compliance and regulatory functions to be integrated when executing transactions.
However, although the pilot successfully completed hundreds of transactions, the BCB found that its use of privacy-enhancing solutions conflicted with its efforts to ensure oversight.
The BCB tested multiple privacy solutions, including zero-knowledge proofs, and found that use of these solutions added to the complexity of the underlying smart contracts and made oversight difficult, even for the validators of the network.
Meeting international standards
One of the requirements of the Drex build-out is that it must be able to meet international norms and standards on the prevention of money laundering and terrorist financing, said the BCB.
This includes, for example, the ability to ensure compliance with court orders to track illicit acts and activity.
According to the BCB, the pilot did not identify a solution that could ensure both user privacy and continued oversight within a defined regulatory framework.
“Despite important advances in anonymisation, the solutions tested presented limitations that would compromise their adoption in the context of commercial usage,” said the central bank.
“These challenges highlight the need for continuous development and close collaboration between regulators, developers, academia and other stakeholders.
“Only through a collaborative effort will it be possible to adapt and evolve these technologies so that they can meet the requirements of a modern and efficient financial system.”
The second phase of the pilot will therefore focus on answering these privacy questions, with participants invited to suggest broader use cases where the latest solutions can be tested.