UK national digital currency prototype principles and mechanisms

The success of Bitcoin and the popularity of the blockchain concept have made the distributed ledger technology based on blockchain regarded by the central banks of many countries as one of the important technical options for national digital currencies. my country's central bank is also actively exploring blockchain technology, and the national digital currency project team has been formally established and is raising the banner of recruitment. From a global perspective, the Bank of England is a little faster and has completed a proof of concept of a distributed ledger digital currency system called RSCoin. This article will interpret the principles and mechanisms of the central bank digital currency white paper published by the UK, which can be inspiring to domestic blockchain practitioners.

Central banks have different goals for issuing digital currencies, but the principles they need to follow are surprisingly consistent: the issuance volume and issuance process of digital currencies cannot be uncontrolled by the central bank like Bitcoin, and digital currencies do not affect the current dual mechanism of currency issuance between the central bank and commercial banks. From a technical perspective, the biggest limitation of Bitcoin at present is that transaction throughput is the key issue that needs to be solved. The Bitcoin network supports 7 transactions per second. In comparison, the actual payment system in operation, PayPay can process 100 transactions per second, Visa can process 2,000-7,000 transactions per second, and the peak of domestic Alipay on Double 11 has long been greater than 50,000 transactions. From a technical point of view, due to the different complexity of business logic and different application environments, simply comparing throughput has no practical significance, but from a practical application perspective, 7 transactions per second is far from enough to support the central bank's digital currency system.

Based on the above principles, the ultimate goal of RSCoin is to provide a digital currency with superior performance that is controlled and issued by the central bank. In order to achieve this goal, RSCoin fully draws on the mechanisms of various digital currencies, credit cards, etc. in the design process to create a unique digital currency prototype. This is mainly reflected in the following aspects:
1) Double-layer chain architecture
2) Improved 2PC consensus
3) Cross-validation mechanism Below we will analyze in detail the principles and mechanisms of this currency prototype.

Overall structure

First of all, RSCoin divides the block into two layers, the higher-lever block and the low-lever block. The higher-lever block is controlled by the central bank, and its main responsibilities are: 1) controlling the issuance of currency 2) authorizing, reviewing and motivating nodes 3) maintaining the overall ledger. However, it does not handle specific transactions. The low-lever block is maintained by commercial banks or institutions authorized by the central bank. Each node is called a "mintette". The main responsibilities of the node are: 1) processing user transaction requests and verifying legitimacy 2) recording transactions and updating ledgers 3) cross-verifying each other. This two-layer design is not the first of RSCoin. The author mentioned that it was inspired by the design of Factom. In addition, the biggest difference from the digital currency architecture such as Bitcoin and Ethereum is that the transaction data is not synchronized between the nodes. It is equivalent to each node having its own chain, but the chain contains the information of other node chains for cross-verification, and the transactions over a period of time are unified and merged into the higher-level block. The important reason for doing this is that it greatly reduces the communication load between nodes, which is of great help in improving performance.

Two-tier architecture (from the original text)

Consensus Algorithm

A very important factor affecting Bitcoin throughput is the proof-of-work mechanism (POW) used by Bitcoin. Since Bitcoin is an open network, the basic assumption is that both honest nodes and malicious nodes can enter and exit the network at will. In order to avoid witch attacks, obtaining the right to record accounts through computing power competition is an effective way to ensure the security of the entire network. In RSCoin, this assumption becomes: the possibility of the central bank doing evil is very small, and other nodes are all authorized and known nodes by the central bank. Under this assumption, the requirements for the overall security of the system can be relatively reduced, and the design is more inclined to performance considerations.

RSCoin calls its consensus mechanism an improved version of Two-Phase Commit. First of all, nodes do not need to "mine", that is, they do not need to perform Hash random number calculations. One of the most important requirements of any trading system is to avoid "double spending" (the same money is spent twice). One case of "double spending" is that the user intentionally or unintentionally submits the same funds for two transactions, and the system does not recognize and approve these two transactions; another case is that malicious nodes or users attack the system, control the ledger, and make the system accept two transactions, or directly modify the ledger. Strictly speaking, the proof-of-work mechanism itself does not directly solve the first case, but is designed for the second case. As mentioned above, RSCoin's hypothetical situation is not as bad as Bitcoin, so it is not necessary to use proof-of-work to avoid double spending in the second case. The simplest way to solve the double spending in the first case is to check that the output of any transaction can only be based on the input of one other transaction at most when requesting a transaction. For this, RSCoin still uses the Bitcoin UTXO (unspent transaction output) model for accounting. The output here refers to the payer of the previous payment, and it is input for the payee. In order to avoid confusion, the output for the payee will be used to represent the content below.

Here, let's briefly introduce the UTXO model. Figure 1 below shows the traditional accounting model, and Figure 2 shows the UTXO accounting model. The difference between the two is that the traditional model ensures the accuracy of the balance by reconciling transaction records with the balance. When executing a payment, you only need to determine whether the balance is sufficient, and there is no need to recalculate where the balance comes from. In the UTXO model, the balance is the sum of the outputs marked by multiple previous payers. When paying, the output that needs to be spent is marked with its own mark and becomes the payee's output (this model is very similar to the endorsement transfer of a bank draft: each transfer is signed with the transferor's name and passed on). In this model, the way to avoid double spending is to check whether the UTXO related to this transaction has been spent by other transactions.

Below, we introduce the consensus process of RSCoin in detail.

First, in order to improve performance, transactions are not broadcast to the entire network, but are randomly assigned to different nodes for processing. Each node processes a part of the transactions, but each transaction will not be processed by only one node. It is worth mentioning that the concept of sharding processing has been proposed in the improvement plan for Ethereum to improve performance and will be implemented in the new version.

A brief introduction to some of RSCoin's identifiers and definitions.
addr represents the address, that is, the account number
addrid represents an output related to the address. addrid consists of the hash of the transaction (represented by tx), the index of the output address (represented by i), and the value of the transaction (v).
Addrid is recorded in three tables: UTXO list, which represents all unspent outputs; pset list, which represents UTXOs that have been associated with transactions but not recorded in a certain period of time; and txset list, which represents transactions recorded in the ledger. In simple terms, the three lists record the three different states of the same funds in a period of time: unspent, spent but not recorded, and recorded. Each list contains every fund in a period of time.

The entire consensus process is divided into two steps.

The first step occurs between the user and the node. The user initiates the transaction and automatically finds the management node (owner) of the output address corresponding to all UTXO in the transaction through the address index (centralized service). Different addresses correspond to different management nodes. The address index is a centralized service that allows users to quickly find the management nodes corresponding to different addresses. The management node will check the transaction submitted by the user: the legitimacy of the transaction, whether the address is managed by it, and whether the UTXO corresponding to the address is double-spent. The specific process of checking double spending is: first verify that the output under the address has not been spent (addrid is in the utxo list) and the output under the address is not associated with other transactions (addrid is not in the pset list); if the verification passes, the node will put the addrid from the utxo list into the pset list, which means that this addrid has been associated with the transaction. If other transactions are verified, they will find that this addrid has been double-spent. From a global perspective, if the majority of all responsible nodes return confirmation information, it means that the UTXO double-spending check has passed, and the user will send the transaction to the management node corresponding to the receiving address with the result signed by all confirmation nodes.

In the second step, the management node of the receiving address first confirms that the address is under its management, and then checks whether all outputs have been confirmed by the majority of nodes and whether their signatures are correct. If the check passes, the node adds these outputs to their utxo list (becoming a new UTXO) and adds the transaction to the txset list. The node will then notify the user that "the transaction will be added to the advanced block" (if it is not added, the user will use this as evidence to hold the node accountable). After a period of time, all nodes send the txset list to the central bank for merging.

During the transaction process, there is no direct communication between nodes, but it is completed between users and nodes, which reduces the load of network transmission and improves the overall performance of RSCoin.

Cross Validation

Since each node has its own chain, RSCoin has designed a cross-validation method to ensure the integrity of the entire system. The node generates logs in strict order for each transaction-related operation. When a node completes a block, the log and the hash of the previous block header are used as its own block header. When the node communicates externally for transactions, the block header is sent as part of the signature information, which will be obtained by the nodes related to the transaction. When a node completes a block, the node's block also needs to include its own and the latest block headers of other node chains that have been obtained. In this way, a block of a low-level chain consists of the following parts: b = (h, txset, σ, mset), where h represents the hash of the block, txset transaction list, σ represents the node signature, and mset represents the latest block information of other nodes. In this way, different node chains "have me in you and you in me" to complete cross-validation.

The white paper also analyzes the security of cross-validation and concludes that the more shards there are, the higher the probability of system insecurity. The efficiency and number of shards need to be balanced when the system is actually running.

High-level chain

After the high-level chain merges the transactions of all nodes, a block consists of the following parts:

They represent the hash of the block, the transaction list, the central bank signature, and the node authorized by the next block. The high-level chain is responsible for the issuance of currency. The issuance amount and the recipient are controlled by the central bank. The process of generating new coins is to transfer them to the bank address that needs to receive them at the same time. The central bank that controls the high-level chain rewards the nodes by recording the number of times each node plays a role in the two steps of the transaction and the log of each node.

Test Results

The white paper conducted throughput tests on two types of transactions under LAN and WAN conditions, and selected two transaction modes: one input and two outputs, and two inputs and two outputs. The test results are shown in the figure below (excerpted from the original text). The test results also show that the throughput increases linearly with the increase in the number of nodes.

Future Expansion

Since the RSCoin described at present is only a minimal conceptual version, at the end of the RSCoin white paper, the author mentioned the possible expansibility of RSCoin in several aspects. A. Pruning: In order to prevent the central bank's ledger from being too large, the central bank can consolidate and net some small transactions and record the final netting results on the chain. Of course, the premise of doing so is that the central bank is completely honest. It should be noted that the current central bank clearing system in major countries is also based on trust in the central bank and mutual reconciliation, and the reconciliation process is the less efficient part of clearing. If pruning is performed, reconciliation is necessary. B. Node incentives: For the incentives of nodes, a mechanism similar to POS (proof of stake) can be introduced. Each node deposits currency in the central bank and arranges the number of transactions to be processed according to the amount of deposits. If there is any wrong behavior, a certain amount will be deducted from these pre-deposited currencies as a penalty. C. Multiple currency platforms: The author mentioned a bold idea that different central banks use the same platform to issue different digital currencies. This is more conducive to cross-border fund clearing and reduces the problem that cross-currency transactions cannot be directly carried out in current digital currencies such as Bitcoin. But the author believes that this is purely an ideal. Currency is related to national security and interests. Convenience and efficiency are not worth mentioning in the face of national interests. Unifying the currency issuance system is as difficult as unifying the currency.

In any case, RSCoin combines the sovereign government's requirements for the monetary system and performance. It combines a variety of ideas and experiences in the field of blockchain and digital currency, proposes a framework suitable for the central bank to issue digital currency, and demonstrates a rigorous attitude and scientific methods in principle analysis, experimental testing, etc.

This article is mainly based on the UK national digital currency prototype white paper:
“Centrally Banked Cryptocurrencies” by George Danezis and Sarah Meiklejohn

Written by: Lü Xujun and Yang Tao

Jack Lu
Founder and CEO of Wanglu Technology
Former co-founder and CTO of Factom, graduated from Peking University and Ohio State University. Master of Economics and Computer Science, MBA. More than 20 years of experience in Internet and software development and management. Has multiple entrepreneurial experiences in the United States, China and Europe.

Yang Tao is the product director of Wanglu Technology, focusing on the design of blockchain application products. He has many years of project and product practice experience in the fields of management software and the Internet, and is good at business system planning and design.