Wholesale Central Bank Digital Currency with Confidential Payment

The wholesale central bank digital currency (CBDC) sample application and related packages are also available in a version that supports confidential payments.

The confidential payments feature of the enhanced version of Blockchain App Builder supports user privacy and transaction confidentiality.

You can use confidential payments with fungible tokens that use the extended Token Taxonomy Framework standard. For more information about working with the extended Token Taxonomy Framework standard supported by Blockchain App Builder, see Token Taxonomy Framework in Blockchain App Builder for Oracle Blockchain Platform.

For information on configuring and installing the sample wholesale CBDC application (both the generic and the confidential versions), see: Oracle Database View Definitions for Wholesale CBDC and Wholesale CBDC Sample Application and Analytics Package.

The confidential payments feature uses role-based visibility of transaction data to balance the needs for privacy, compliance, and transparency, operating at three basic scopes:

Users

A regular user operates at the user-level scope and can see only information that is directly relevant to them, such as their own minted tokens, or transfer information when they are the sender or receiver. User privacy is protected and sensitive transaction details are not disclosed unnecessarily.

Organization Administrators

Organization administrators operate at the organization-level scope and can oversee activities involving their institution for audit, compliance, and reconciliation purposes. They can view all transactions that are related to their organization, but not other transacations.

Token Administrators

Token administrators operate at the network scope and can view all transactions across the network for regulatory oversight and system risk monitoring.

Only essential business information is recorded on the shared ledger, while method inputs and private parameters are not exposed. Data visibility is role-based, but all data on the shared ledger is tamper-evident and independently verifiable by the parties that are entitled to see it. This strategy guarantees trust without sacrificing confidentiality.

Methodology

The confidential payments feature stores sensitive and non-sensitive information separately to ensure that only authorized users can access protected data. Non-sensitive information includes basic transaction details and organizational account information, which is stored in the public ledger (the state database). Pedersen commitment values represent account balances and on-hold balances without exposing actual amounts. Sensitive information (user IDs, actual balance values, and blinding factors) is stored securely in each organization’s private data collection. Chaincode methods get this sensitive information via a transient map, ensuring that it is never stored in the public ledger. To allow for public verification while maintaining privacy, zero-knowledge proofs and Pedersen commitments are used, which enable proof of balances without revealing the underlying values.