Abstract:The European Central Bank is preparing for the potential issuance of a central bank digital currency (CBDC), called the digital euro. A recent regulatory proposal by the European Commission defines several requirements for the digital euro, such as support for both online and offline payments. Offline payments are expected to enable cash-like privacy, local payment settlement, and the enforcement of holding limits. While other central banks have expressed similar desired functionality, achieving such offline payments poses a novel technical challenge. We observe that none of the existing research solutions, including offline E-cash schemes, are fully compliant. Proposed solutions based on secure elements offer no guarantees in case of compromise and can therefore lead to significant payment fraud. The main contribution of this paper is PayOff, a novel CBDC design motivated by the digital euro regulation, which focuses on offline payments. We analyze the security implications of local payment settlement and identify new security objectives. PayOff protects user privacy, supports complex regulations such as holding limits, and implements safeguards to increase robustness against secure element failure. Our analysis shows that PayOff provides strong privacy and identifies residual leakages that may arise in real-world deployments. Our evaluation shows that offline payments can be fast and that the central bank can handle high payment loads with moderate computing resources. However, the main limitation of PayOff is that offline payment messages and storage requirements grow in the number of payments that the sender makes or receives without going online in between.

What problem does this paper attempt to address?

The core problem that this paper attempts to solve is to design a central bank digital currency (CBDC) system that complies with the regulatory requirements of the digital euro of the European Central Bank, especially the design and implementation of the offline payment function. Specifically, the paper focuses on the following points: 1. **Security and privacy of offline payments**: The paper points out that existing research solutions, including those based on secure elements, are insufficient in preventing payment fraud. Therefore, a new CBDC system needs to be designed that can provide strong privacy protection in an offline environment and can effectively detect and prevent double - spending and counterfeiting currency behavior. 2. **Regulatory compliance**: The paper emphasizes that the new CBDC system needs to meet the regulatory requirements proposed by the European Commission, including supporting cash - like privacy protection, local payment settlement, and implementing regulatory goals such as holding limits. 3. **Reliability of secure elements**: The paper points out that existing solutions based on secure elements cannot provide sufficient guarantees when the elements are breached, which may lead to serious payment fraud. Therefore, the new system needs to maintain the robustness and security of the system even when the secure elements are breached. 4. **Performance and scalability**: The paper also focuses on the performance and scalability of the system, ensuring that offline payments can be carried out quickly and that the central bank can handle high - load payment requests. To achieve the above goals, the paper proposes a new CBDC design scheme - PayOff. The main contributions of PayOff include: - **Local settlement of offline payments**: PayOff allows users to make payments offline, and these payments can be locally settled on the user's device. - **Strong privacy protection**: PayOff ensures the confidentiality of payment amounts and user identities, payments are unlinkable in different offline sessions, and are unlinkable within the same session through cryptographic means. - **Achievement of regulatory goals**: PayOff supports complex regulatory goals such as holding limits and implements fraud and double - spending detection mechanisms. - **Robustness to secure element failures**: PayOff designs new protection mechanisms, such as de - anonymization of forged receivers, to increase the robustness of the system when the secure elements are breached. In general, this paper aims to solve the key challenges in current CBDC design through the PayOff system, especially in terms of the security and privacy protection of offline payments.

PayOff: A Regulated Central Bank Digital Currency with Private Offline Payments

Offline Digital Euro: a Minimum Viable CBDC using Groth-Sahai proofs

Towards a Two-Tier Hierarchical Infrastructure: An Offline Payment System for Central Bank Digital Currencies

A novel central bank digital currency framework design for offline and foreign transactions based on blockchain

A Scalable Architecture for Electronic Payments

Best Before? Expiring Central Bank Digital Currency and Loss Recovery

Benchmarking the performance of a self-custody, non-ledger-based, obliviously managed digital payment system

Print Your Money: Cash-Like Experiences with Digital Money

Payments Use Cases and Design Options for Interoperability and Funds Locking across Digital Pounds and Commercial Bank Money

A central bank digital currency in a heterogeneous monetary union: Managing the effects on the bank lending channel

How to Issue a Central Bank Digital Currency

Designing Central Bank Digital Currencies

OPTIMAL CENTRAL BANK DIGITAL CURRENCY DESIGN FOR EMERGING ECONOMIES

The offline digital currency puzzle solved by a local blockchain

Central Bank Digital Currency: New Opportunities for Cross-Border Payments

Central bank digital currency: Payment choices and commercial bank profitability

A non-custodial wallet for digital currency: design challenges and opportunities

Self-Balancing Semi-Hierarchical PCNs for CBDCs

Central Bank Digital Currency and Banking: Macroeconomic Benefits of a Cash-Like Design

The Economics of Central Bank Digital Currency

Opportunities and challenges associated with the development of FinTech and Central Bank Digital Currency