The Reserve Bank of India prefers a centrally-controlled, conventional database infrastructures for CBDC (central bank digital currency) instead of DLT (distributed ledger technology)-based infrastructure due to the latter’s limitations.

While both conventional and DLT-based infrastructures store data multiple times and in separate physical locations, the key difference is in how data is updated. In conventional databases, data is stored over multiple physical nodes, controlled by one authoritative central entity, which ensures resilience.

On the other hand, in DLT-based systems, the ledger is usually managed jointly by multiple entities in a decentralised manner and each update needs to be harmonised amongst the nodes of all entities. This consensus mechanism requires additional overhead owing to which DLTs enable lower volumes of transactions, RBI said in its CBDC concept note, issued in October. 

“Given the above, DLT at this point of time, is not considered suitable technology except in very small jurisdictions, given the probable low volume of data throughput,” the central bank said.

However, DLT could be considered for the indirect or hybrid CBDC architecture, RBI said, adding that it may also be possible that some layers of the CBDC technology stack be on the centralised system and remaining be on distributed networks. 

The choice of technology architecture for CBDC will need to factor in the resource intensiveness, energy efficiency, cyber security, technical stability and resilience, business continuity planning, and sound technical governance, the RBI said.

Cyber risks

In terms of cyber risks, both infrastructures pose challenges as public blockchains preserve transparency but don’t provide security. On the other hand, centralised systems are more secure but have the same cyber security concerns as existing FPS (Fast Payment Systems), it said.

RBI added that the CBDC should be developed as a large scale, enterprise-class, digital platform which is highly scalable to support high volumes and rate of transactions, is robust to ensure stability of the financial ecosystem, has tamper-proof access control protocols and cryptography for safety of data, allows for cross-platform support, has the ability to integrate with other IT platforms, and has a highly evolved fraud monitoring framework.