On the 24th, the Bank of Korea and the Personal Information Protection Commission held the '2nd Personal Information Technology Forum Seminar of 2024'.
MTN NEWS 2024-09-24
[Original Article] https://news.mtn.co.kr/news-detail/2024092415205490165
The "2nd Personal Information Technology Forum Seminar of 2024" held in the afternoon on the 24th at the Bank of Korea in Jung-gu, Seoul. From left: Yoo Sang-dae, Deputy Governor of the Bank of Korea; Choi Jang-hyuk, Vice Chairperson of the Personal Information Protection Commission; and Yom Heung-yeol, Chairperson of the Technology Forum. / Photo: Bank of Korea
Global central banks are ramping up efforts to develop Central Bank Digital Currencies (CBDC), a new form of currency system. While the Bank of Korea has not yet finalized specific decisions regarding the introduction or operation of CBDC, it is accelerating research on its overall development.
What is the most important aspect of a currency system implemented in a digital environment? Experts unanimously agree that "personal information protection" is of paramount importance. So, what does the personal information protection research being pursued by the Bank of Korea, academia, and the industry look like?
■ "Need to Secure Technologies Like PET and Off-chain for Ensuring Transaction Confidentiality"
On the 24th, the Bank of Korea and the Personal Information Protection Commission jointly held the "2nd Personal Information Technology Forum Seminar of 2024," where experts exchanged views on the topic of "Utilizing Personal Information Protection Technologies in Relation to CBDC."
In his congratulatory speech, Yoo Sang-dae, Deputy Governor of the Bank of Korea, stated, "At this point, it is difficult to specify the exact timing or decision regarding the introduction of CBDC," but added, "The Bank of Korea is conducting in-depth research on various technologies, such as Zero-Knowledge Proof and Homomorphic Encryption, to ensure that CBDC gains high trust from users in terms of personal information protection."
What direction is the Bank of Korea taking regarding personal information protection measures in its CBDC system? Lee Ji-eun, a manager at the Bank of Korea and the first speaker, addressed the topic of "The Direction and Current Status of the Bank of Korea’s Personal Information Protection Research Related to CBDC." She said, "The Bank for International Settlements (BIS) and central banks around the world are experimenting with various technologies and legal measures to ensure transaction anonymity (confidentiality) within CBDC systems," and added, "The Bank of Korea is considering privacy as a top priority (Privacy by Design) from the early stages of CBDC system design."
The Bank of Korea has been actively developing technologies to strengthen personal information protection in both general-purpose and institutional CBDC systems. Lee explained, "In the assumed general-purpose CBDC system, we are exploring ways to enhance user control over the information they generate and limit access to only the necessary minimum information on the distributed ledger for the stakeholders involved in the transaction."
Past experiments include:
- Anonymous remittance using Zero-Knowledge Proof technology (December 2021 to June 2022),
- Granting users control over their information using Homomorphic Encryption technology (April 2024 to September 2024),
- AML/CFT measures for anonymous transactions using Zero-Knowledge Proof technology (April 2024 to September 2024), and
- Experiments on transaction confidentiality in interbank remittances (October 2023).
Lee further discussed research plans, stating, "We plan to conduct experiments applying Privacy-Enhancing Technologies (PET) to explore the optimal combination of solutions," and added, "The design of a CBDC system centered on privacy protection will progress in areas such as payments, deposits, remittances, issuance of digital wallets, and transaction history storage."
Kim Do-yeop, a lawyer at Kim & Chang law firm and the second speaker on the topic "Legal and Technical Issues Related to CBDC from a Personal Information Protection Perspective," emphasized, "Since the information on the distributed ledger exists in an electronic file format, it should be permanently deleted in a way that cannot be recovered, in accordance with protection laws," and added, "We must ensure secure data utilization by applying PET technologies and consider policy approaches to support this."
■ "Alternatives Needed: Zero-Knowledge Proof, Homomorphic Encryption, Ring Signatures, etc."
There were concerns that PET technologies alone might not fully guarantee privacy protection. In the third presentation, Professor Choi Dae-seon from Soongsil University, speaking on "Utilizing Enhanced Privacy Protection Technologies for CBDC," emphasized that "PET technology does not completely satisfy transaction confidentiality requirements," and suggested that "various improvements, such as off-chain utilization and legal interpretation of distributed ledgers, are necessary."
He highlighted various privacy protection tools, such as Ring Signatures, which mix multiple users' signatures, Zero-Knowledge Proof, which proves knowledge of information without revealing the secret itself, Homomorphic Encryption, which allows calculations to be performed on encrypted data without decryption, and off-chain transactions, which record activities outside of the blockchain.
In the fourth presentation, Shin Joon-bum, Chief Technology Officer (CTO) of Cryptolab, discussed "Methods for Granting Users Control Over Their Information Using Homomorphic Encryption." He suggested that by applying homomorphic encryption to CBDC, institutions not involved in the transaction would be prevented from viewing transaction data, thereby protecting transaction confidentiality. He also mentioned that this method would facilitate real-time transaction processing while minimizing performance degradation of the distributed ledger.
In the final presentation, Oh Hyun-ok, CEO of ZKRYPTO, discussed "Designing AML/CFT (Anti-Money Laundering/Counter-Terrorist Financing) Technology for Anonymous Transactions Using Zero-Knowledge Proof." Zero-Knowledge Proof is a key technology that allows public verification of data integrity while maintaining privacy, as it proves the existence of information without disclosing the secret itself.
CEO Oh explained, "In achieving one of the CBDC’s goals of facilitating international remittances, we are designing technologies that use Zero-Knowledge Proof to manage the sender's personal information." He added, "By using zk-SNARK technology, we can ensure privacy while verifying the integrity of transactions."
ZKRYPTO's zk-SNARK technology minimizes the risk of personal information leakage while proving the legitimacy of the user. ZKRYPTO has applied zk-SNARK in its design of AML/CFT technology to prevent money laundering and terrorist financing. A whitelist system proves that the funds are not linked to illegal activities or terrorism, allowing users to remit amounts under a certain limit without revealing their personal information.
CEO Oh concluded, "In anonymous transactions conducted through the CBDC system, users can protect their personal information by generating their own creditworthiness proofs using privacy-enhancing AML/CFT techniques."
Reporter: Lim Tae-sung, Money Today Broadcasting (MTN)
Comments