Popular science | An article to explain the technical details of the central bank DC / EP

Author: Sunrye

Editor's Note: The original title was "Technical Research Report on Central Bank Digital Currency (DCEP)"

Recent news about the People's Bank's digital currency DCEP (Digital Currency Electronic Payment) has continued to emerge, coupled with Facebook's libra's contribution to digital currency, and the government's positioning of the blockchain as an important breakthrough in core technology independent innovation. In the limelight. After watching the analysis and comparison of DCEP and libra by Mr. Mu Changchun, the director of the Digital Currency Research Institute of the Central Bank, I am very curious about the top-level design of DCEP, but I am suffering from the current reports on DCEP that are based on the macroscopic aspect. As a technician Urgently want to know the intersection of DCEP and blockchain, so after carefully reading the patent of the digital currency system of the People's Bank, write a post as a technician or a blockchain practitioner to view some of DCEP's technology detail.

After reading the patent of the digital currency system, the overall feeling is that DCEP does not use blockchain technology, but a central bank-centric system. In fact, it can understand that after all, rights and obligations are equal, and the central bank bears The fiat currency's obligation to pay, so naturally this right to keep accounts should also be borne by him. Of course, in the eyes of some liberals, this approach seems to be not pure enough or Decentralization. But decentralization is not a silver bullet, and we cannot hope that he can solve all problems. On the contrary, whether to choose decentralization needs to be consistent with the main contradiction of the current scenario. If the demand for fairness or transparency becomes the main contradiction, then decentralization will be a good solution, but in many fields at present The demand for efficiency is still a major contradiction, so in these scenarios, the use of decentralization is not very good, but it will have the opposite effect of continuous consumption.

Next, this article will focus on the features of DCEP, implementation details, and offline payment scenarios based on the digital currency system patent.

DCEP characteristics

The characteristics of DCEP are mainly reflected in two aspects, one is financial characteristics, and the other is technical characteristics. The patent mainly describes the technical characteristics, and the financial characteristics are mainly derived from reports by Mr. Mu Changchun in public classes.

About financial characteristics

Replacement of M0 -First, DCEP is the replacement of M0, that is, the replacement of cash. The only reason to replace M0 is because M1 and M2 have been digitized. If M0 is also digitized, then the supervision of funds by the central mother It's more complete. In addition, part of the reason for starting with cash is because cash only assumes the function of money, so it will not have a great impact on society.

Two-tier operation model -refers to the upper layer is the People's Bank to commercial banks, and the lower layer is the commercial banks or commercial institutions to the people. In other words, the commercial bank delivers 100% of the reserve to the PBOC, and then the PBOC gives DCEP the same amount as the commercial bank, and then the user exchanges DCEP with the commercial bank through cash or deposit. If the PBC is directly oriented to the people, it is theoretically possible. In this case, the PBC needs to face all consumers in China, and he needs to design a system that meets both the user experience and the high performance requirements. Obviously, the PBC is not good at This, so the best way is determined by the market economy, that is, the user-facing end is given to a commercial bank or institution to give full play to market competition.

About technical characteristics

This block refers to several features that DCEP needs to meet in design. These features are similar to the concept of blockchain-based virtual currencies such as BTC. Of course, rather than being similar to the concepts of virtual currencies such as BTC, it is better to say that those that meet these basic characteristics are digital currencies.

Security -This requirement prevents any party in the business from changing or illegally using digital currency. This is more reflected in the supervision of the use of DCEP, and even that it can terminate an illegal transaction.

Non-repeatable spending -This means that digital currency can only be used once, and repetitive spending can be easily detected. The reason for mentioning this is because once the cash is digitized, it is inevitable to copy the data. For example, a user bought a movie ticket with a DCEP of 100 denominations, but copied such a DCEP Consumption is repeated spending on the same digital currency, so this is a basic feature for digital currencies. For BTC, it is through UTXO to prevent double spending, while for Ethereum and libra, it is through transaction seq to prevent double spending. For DCEP, it is a UTXO-like approach. As for the difference between UTXO and BTC UTXO, it will be introduced in the next article. However, due to the difficulty of forgery, only one copy can be physically guaranteed.

Controllable Anonymity -This means that even if commercial banks and merchants collude with each other, they cannot track the use of DCEP, in other words, no structure other than the issuer (Personal Bank) of DCEP can track the purchase behavior of users . Finally you can get rid of some privacy leaks.

Unforgeability -It is better to understand that except for the issuer, you cannot fake digital currency. For cash, it is guaranteed by physical anti-counterfeiting methods. For DCEP, the approach is relatively simple, that is, only the signature of the central bank's private key is the real DCEP. Aside from that, before Google broke the news of quantum computing, the currency circle was all kinds of self-confidence, I think BTC would be cracked, and quantum computing really came out. Even if his attack target is not a nuclear weapon, it must be at the level of the central bank. The currency circle really takes itself seriously.

Fairness -The payment process is fair, ensuring that the transaction process of both parties to the transaction either succeeds or fails, and it is more appropriate to meet the atomicity of the transaction.

Compatibility means that the issuance and circulation of DCEP should refer to the issuance and circulation of cash as much as possible.

DCEP implementation details

The implementation details here mainly explain the above characteristics.

Currency model

Based on the research on current patents, it can be roughly determined that DCEP is a currency model similar to UTXO structure. There are three ways to issue DCEP (here for simplicity we call the digital currency issued by the central bank D currency) 1. Generated according to the minimum denomination, for example, the total amount issued by the central bank is 100 yuan, and the minimum denomination is 1 cent, then the central bank will Issuance of 10,000 D coins with a denomination of 1 cent; 2. Produced according to the specific withdrawal amount of the user, for example, a user received D currency of 12.34 yuan through a transfer, then the central bank is equivalent to issuing a D currency of 12.34 denomination; 3. It is generated according to the actual currency denomination in circulation, which is closest to the current actual cash. For example, the central bank issues D currency with denominations of 100, 50, 20, 10, 5, 1 yuan, etc., then these are used in the subsequent circulation process. Denomination of D coins is circulated. Regarding the structure of UTXO, this one is very different from BTC. UTXO represents an unspent transaction. In BTC, this unspent transaction represents the balance you have.

For example, Alice transfers a BTC to Bob. For Bob, if he did n’t spend the BTC, then Bob has a UTXO with an amount of 1 BTC. Like cash, Bob gets the paper money, as long as he does n’t spend it, then Is your money. How does Bob prove that he does own this UTXO? Simply put, who has the key to unlock the UTXO lock, who is this UTXO, as for which locks and how to unlock them, you can query P2PKH, P2SH and other information, we will also introduce in detail in the next article. In DCEP, the function of UTXO is completed through the registration center. As for how to do it, it will be described in detail below.

Core elements of the system

The systemic function of the central bank's DCEP is the transfer of legal digital currency. It is jointly operated by the central bank and various commercial banks. In general, the core elements of DCEP are: one currency, two types of libraries, and three centers.

One kind of currency : A kind of currency here refers to the legal digital currency issued by the central bank, which means that only the legal digital currency issued by the central bank can be transferred in the system. As mentioned earlier, only the private key signed by the central bank is the legal digital currency Therefore, our e-wallets and the like will have the public key of the central bank built in to verify whether the digital currency is issued by the central bank.

Two types of libraries : The two types of libraries are the distribution library and the commercial bank library. These two libraries are databases. For example, according to the total amount of digital currency issuance, the central bank uses its private key signature to generate digital currency corresponding to the total amount. At this time, these digital currencies are stored in the central bank's issuance library. If a commercial bank needs to withdraw a certain amount of digital currency, the system will send the corresponding digital currency to the commercial bank's bank of the commercial bank, that is, the transfer of digital currency from the issuing bank to the bank's bank. It should be noted that users wanting commercial banks to withdraw digital currency is the process of digital currency entering from bank vaults to electronic wallets, which is a circulation link.

Three centers : There are two types of three centers, one is a registration center, and the other is a certification center.

Registry centralism is responsible for managing the entire life cycle of digital currencies, including processes such as printing, transfer, destruction, and return. He mainly has two tables, one is the digital currency ownership registration form, and the other is the transaction flow meter. The function of this ownership registration form is to record who the digital currency of a denomination belongs to (as shown in the figure below). Whenever a digital currency transfer occurs, the owner of the corresponding digital currency will be changed in the registration center of the central bank. This table can be used to achieve the right query. The point here is that the registration center determines how much money the user actually has.

There are two types of certification centers, one is CA certification and one is IBC certification. CA certification is mainly used for relatively advanced institutions, while IBC certification is used for individuals. The reason for introducing a certification center here is that when a user or institution initiates a DCEP transfer, it needs to sign with its own private key, which means that the legality of the transfer is guaranteed by signature. In the general sense of BTC, Ethereum or Libra, the private key is created by the user and kept by himself, and the user's address is obtained by a series of operations (Hash, checksum), etc. from the public key corresponding to the private key. The advantage of this method is that the asset account and the private key are naturally bound, and if you own the private key, you will have its corresponding asset. However, in DCEP, due to the feature of supervision, asset ownership and private keys are separated. That is to say, after the user registers a DCEP wallet, the central bank will assign a private key to the wallet user through the authentication center. This private key is used To prove it is this user, as for whether this user owns digital currency, it is determined in the registration center. So the point here is that the user's private key is generated by the central bank.

In addition, here is a brief introduction to IBC authentication. IBC (Identity-Based Cryptograph) is an identity-based password system or an asymmetric key system. The biggest difference between it and CA certification is that it does not require a certificate, but passes the user identification. For example, the mobile phone number, mailbox, etc. are used as public keys, and the corresponding private key is generated by the IBC certification center based on the user ID. Since the user ID is a public key, the validity of the identity can be confirmed through the user ID, so there is no need to rely on certificates and Certificate management system. Of course, at this time, the public key of the central bank as well as the user's private key and certificate data are quite important, and this data needs to be stored in the SE area.

Through the introduction of one currency, two types of libraries, and three centers, you can roughly understand some of the top-level design principles of DCEP. Next, we will combine the specific scenarios to actually walk through the logic of the top-level design.

DCEP specific scenario description

In the currency model, there are three types of DCEP denominations. We will introduce the third fixed denomination here.


Compared to the printing process of banknotes, the printing of DCEP is actually to generate a series of numbers signed by the central bank. Here is how to generate this series of numbers according to the digital currency system patent.

1. The central bank's master password and denomination numbers 1, 5, 10, 20, 50, and 100 each generate 6 basic encrypted passwords. These 6 encrypted passwords are digital currencies for different denominations.

2. A system random number is generated by the Hash algorithm. This random number is the same as the crown number on the banknote.

3. The basic encryption password and random number generated in step 1 are encrypted to generate an encrypted password. This encrypted password actually corresponds to a digital currency with a specific prefix.

4. The central bank signs the encrypted password with the private key, and at this time a new legal digital currency is created.

The following figure is the printing process

User login

Here is a brief description of the login process. The commercial bank system connects the central bank's authentication center and registration center.

1. The user downloads the corresponding electronic wallet APP of a commercial bank;

2. The user registers relevant information on the APP's login page, such as name, ID number, mobile phone number, address, etc .;

3. The commercial bank uses the above registration information to register using the mobile phone number as the public key of the IBC. After the IBC completes the uniqueness verification, the IBC generates a private key for the user;

4. After the user logs in, download the user private key and central bank public key data, and store these data in the SE area.


Here we introduce the user to withdraw fiat digital currency (D currency) through a commercial bank account. For example, the user takes 150 yuan from his ICBC account and converts it into D currency.

1. The user logs in to the wallet app, selects "Withdraw Digital Currency", and selects ICBC, enters the bank account and the amount of digital currency exchanged.

2. The commercial bank verifies the legitimacy of the request: verify the account password, whether the user's account funds are sufficient, and whether the D currency in the bank's vault is sufficient. If it passes the legality check, the user ’s account in the commercial bank is deducted by 250 yuan, and the commercial bank spends D100 and D50 from the bank vault (D100 represents D currency with a denomination of 100) and sends this information to the central bank Digital currency system.

3. After the central bank digital currency system receives a request from a commercial bank's digital currency system, it performs core verification, such as judging whether the sent D100 and D50 belong to the commercial bank, and the corresponding signature verification. After the verification is passed, the registration center changes the owner's information of D currency sent by the commercial bank, changes the owner of ICBC to the user, and records the corresponding transaction flow. After completing the complete action, return the successfully processed information to the commercial bank.

4. The commercial bank sends the D currency to the user's mobile phone. At this point, the user's mobile phone has D100 and D50. It should be noted that the real decision on whether you own the 150 yuan D coins is not determined by your registration center instead of the 150 D coins stored on your mobile phone.

To diverge from this, in several other patents, we found that instead of changing the ownership relationship, we directly destroyed the original D currency and regenerated the new D currency, which means that the central bank is receiving After the request and verification pass, the 250 yuan D currency of the commercial bank is directly destroyed, and then a new 250 yuan D currency is regenerated. This has the advantage that as long as the central bank does not announce the transaction flow, it only publishes a digital currency. Confirm the right information, then the external cannot transfer the digital currency transfer information in series, this is not only in line with the anonymity, but also meets the supervision of the central bank, so it is possible to adopt a destruction plan in the future.


This refers to the online payment of D currency between user A and user B. Assuming that user A's e-wallet has D100 and D50 totaling 150 yuan of D currency, first 150 yuan needs to be paid to user B. The payment steps are as follows.

1. User A logs in to the app, selects the payment function, and enters: payment amount, payee (such as mobile phone number), and click Send.

2. The APP of user A automatically selects D currency with a total amount of 150 according to the payment amount, and sends the information to the digital currency system of the commercial bank.

3. The commercial bank verifies the legitimacy of the payment information, such as the legitimacy of D100 and D50, whether the transaction amount is equivalent to the digital currency, and the relevant verification of the receiving user. After the verification is passed, the request is sent to the central bank's digital currency system.

4. After receiving the request from the central bank digital currency system, verify that D100 and D50 are transaction initiators, etc., change the owner of D100 and D50 to user B in the registration center, and record the corresponding flow. Finally, the success information is returned to the commercial bank's digital currency system.

5. After receiving the success message, the commercial bank sends D100 and D50 to the APP of user B, and sends the information of successful transaction to the app of user A and B, respectively.

The payment and withdrawal process here is basically the same, as long as it is clear that the owner information is modified in the registration center of the central bank.

How to achieve anonymity and supervision

Because of the anonymity of cash transactions, if DCEP cannot meet anonymity, there are many scenarios where ordinary users may choose to use cash, so DCEP must meet anonymity. However, another feature of DCEP is to meet regulatory requirements. Therefore, DCEP currently uses anonymity as the front-end anonymous background and real-name method.

Anonymous -In the payment scenario above, the transaction information M can be designed as M = transaction code || sender public key || D coin information || payment amount || recipient public key, and then use the Hash algorithm to make M information The digest is signed with the sender's private key to get m, and finally the information M || m is sent to the digital currency system of a commercial bank. Due to the anonymous treatment of both parties to the transaction, it is difficult for commercial banks and institutions to track the transfer of funds if the method of destroying and regenerating each transfer is adopted.

Supervision —Because the user needs to register the identity as a public key at the certification center, and the user uploads the corresponding information during registration, the central bank's background system is clear about the user information, and the registration center will record the transaction flow. Certain regulations can be achieved through big data analysis.

Analysis of dual offline payment scenarios

Compared with electronic payment such as Alipay, DCEP has a feature that is offline payment. This feature is very important, because DCEP is the digitization of cash, so it needs to have the characteristics of cash. It can be imagined that if one day an extreme situation such as a large earthquake or war makes the network unavailable, if DCEP does not support dual offline Paying, then it means that ordinary people cannot live a normal life. Therefore, even if the probability of a dual offline payment scenario is very small, this function must still be supported.

In the digital currency system patent, a solution for dual offline payments is mentioned. For example, user A has D100 in their e-wallet. Now users A and B need to pay D100 to user B when they are offline.

1. After user A opens the app, select the offline payment function, enter the payment amount and receiver information, and click pay.

2. User A uses the private key to sign the above information, and uses the mobile phone number of the payee or other information identifying the payee to perform encrypted transmission through near field communication such as NFC.

3. After receiving the encrypted information, the B user app decrypts and verifies the legality of D currency and whether the amount is equivalent. At this time, users A and B have completed the dual offline payment, but at this time B has not actually received the D coin that A transferred to him. On the APP interface, the D coin received should be for no reason. Normal state (not available). Next, the APP of user B will send the payment information to the digital currency system of the commercial bank after being online.

4. After receiving the payment information, the commercial bank will send this information to the central bank's digital currency system after verifying its legitimacy.

5. After the central bank digital currency system receives the payment information, after completing the same verification as online payment, it will change the owner, change the D currency originally belonging to A to B user, and finally return the result to the commercial bank.

6. After receiving the success message, the commercial bank notifies users A and B that the APP sends a message that the transaction is successful. At this time, the status of D currency received by user B will become available.

Therefore, if A is transferred to B, before B is connected, the D coins transferred from A to B cannot be transferred to C, and this dual offline payment cannot complete the chain payment. In general, this solution can only be used for temporary offline situations, such as paying in underground parking lots or places with poor networks.

In addition, in the dual-offline payment scenario, if the user implements the double spend by using certain loopholes, from the perspective of the patent, it is handled in the form of ex post accountability.

Why push DCEP

The reason for implementing DCEP is to strengthen the internal supervision of capital transfers, improve financial stability, and strengthen anti-corruption and anti-money laundering capabilities. Externally, it is conducive to the internationalization of the renminbi, but the internationalization of the renminbi will not be successful because of the digitization of the renminbi. Behind the internationalization will be China's strong national strength and insist on persuading people with truth. However, DCEP can lower the threshold for the use of international friends. As Chinese consumers go abroad to spend abroad, maybe in the near future, our international friends can also register a wallet through a mobile phone number and receive the payment directly, without having to By opening a bank account. In the near future, top-down persuasion will be used to persuade people, and bottom-up will drive international friends to use RMB through consumers.