Friday Nov 22, 2024
Monday, 8 April 2024 03:18 - - {{hitsCtrl.values.hits}}
eCurrency Mint CEO Jonathan Dharmapalan
The Bank of Jamaica, harnessing technology from eCurrency Mint, was one of the first countries to launch a nationwide central bank digital currency (CBDC). Now, more than 100 central banks are engaged in CBDC work.
But reaching historic landmarks in the evolution of money and pioneering new technology comes with inherent risks. Central Banking’s Fintech Benchmarks 2024 revealed four in five institutions believe a CBDC increases cyber risks. Operational risk can also compromise security, as illustrated by the Eastern Caribbean Central Bank’s prolonged CBDC outage between January and March 2022, due to an expired certificate on the underlying permissioned blockchain.
eCurrency’s CBDC technology strives to offer seamless interoperability with existing wholesale and retail payments infrastructure via bank and non-bank financial intermediaries. For example, the Bank of Jamaica’s ‘Jam-dex’ CBDC is distributed to businesses, merchants and individuals. To ensure security for the Jamaican central bank, the tech company pioneered and operationalised digital symmetric core currency cryptography (DSC) technology, which ensures the digital bearer instrument contains layers of security to prevent counterfeit, including protection against attacks by quantum computers.
Bank of Jamaica’s governor Richard Byles told Central Banking eCurrency DSC technology through several “rigorous” tests.
To ensure the CBDC technology was secure, the central bank’s own technology team plus “an external third party that tests for potential cyber-attacks” assessed how it stood up to threats from malicious actors. Further, eCurrency’s solution “had to pass tests for audit,” Byles added.
In 2022, the Jamaican parliament amended the Bank of Jamaica Act to include a digital form of the Jamaican dollar and the Bank of Jamaica launched Jam-dex. The parliament also enacted necessary prohibitions against counterfeiting of the new form of currency.
“The use of symmetric key cryptography, along with layers of additional security measures, is an effective safeguard against quantum computing exposure,” Jonathan Dharmapalan, CEO of eCurrency Mint, tells Central Banking. “We helped the BoJ achieve its goal of minting and issuing a noncounterfeitable digital bearer instrument.”
Symmetric cryptography
Asymmetric cryptography, popular in blockchain technology and cryptocurrencies such as bitcoin, is the process by which separate keys – a public key and a private key – are used to decrypt messages. But this poses an important concern, says Dharmapalan: “The problem with that is that if a malicious actor gets a hold of your key, they’re able to reverse engineer, and corrupt or decrypt a message [that was never intended for them].”
In symmetric cryptography, the same key is used to encrypt and decrypt data. But eCurrency ‘shards’ this key, meaning it is broken into multiple pieces, similar to the pieces of a shattered mirror. Then, the codes on the message are layered and, additionally, keep changing. The ability for someone that is not the intended recipient to catch up becomes “near impossible”, claims Dharmapalan.
While quantum computers powerful enough to break current encryption methods do not at the moment appear to exist, technologists and central banks are preparing for a future in which they do. It is generally understood – although not proven – that symmetric key systems are more quantum attack-resistant than asymmetric key systems. One way in which eCurrency makes CBDCs “further fraud or hacking proof” is “by not knowing what the keys are.” adds Dharmapalan.
Then, the company further secures a CBDC “by hiding the creation and the destruction of the keys in hardware.”
Dharmapalan explains there are many symmetric key levels as to how the security is created and enforced. “So, you have to break through lots of barriers, lots of locks,” he says. If a hacker was to break through, “the keys change”. The technology is also “tamper evident”, meaning if somebody tries to break through “you can see it if someone tries to change it,” Dharmapalan claims.
eCurrency also built its CBDC technology to ensure privacy is protected as the public transacts in Jam-dex. This capability was important for the Bank of Jamaica as a trusted entity and the sole issuer of digital currency in Jamaica.
The Bank of Jamaica does not have access to, nor does it retain, information about the users of CBDC. “The technology and security protocols are built in such a way that the currency is protected without exposing information about the holder. As a result, the central bank can ensure the security of the currency without knowing the identity of the user,” says Dharmapalan.
In many ways, the safeguarding of the central bank digital currency started before eCurrency was chosen as Bank of Jamaica’s technology partner. The central bank partnered with eCurrency for a CBDC experiment in 2021 after a tender process with more than 40 applicants.
“Even in the selection process of eCurrency, we were rigorous and applied specific standards that had to be met from about 40 applicants,” Byles said.
“We’re satisfied that we have done our due diligence in that respect.” While Bank of Jamaica is eCurrency’s first public live project, its DSC technology was developed after consultation with more than 45 central banks.
Speaking of the period since the company’s founding in 2011, “we foresaw that money was becoming digital and were convinced at the time, probably a few years early, that central banks will eventually issue a sovereign digital currency,” says Dharmapalan.
eCurrency’s service also uses a secure and ISO20022-based application program interface, or API, to enable easy integration to existing national and multilateral cross-jurisdiction financial infrastructure.
In 2023, eCurrency partnered with RTGS and payments services provider, CMA. Grigory Shiyan, a CMA director, said at the time that “eCurrency’s unique and mature enterprise-grade CBDC solution” could facilitate the next generation of central bank payments and money.
“It took quite a while for central banks to begin rolling out CBDC,” Dharmapalan says of the company’s vision. “I think the time for CBDC is now here, and we are seeing a wave of central banks moving forward.”