Certified Hardware Requirements Undermine Digital Currency

Design approaches based on certified hardware have featured prominently in the recent debate concerning the deployment of large-scale digital currency systems in general and systems to support central bank digital currency (CBDC) in particular. Certified hardware is a cornerstone of the so-called "trusted computing" paradigm, wherein a user carries a device designed to operate in a manner that respects the will of a third party in preference to the will of the user. The justification for such approaches is usually given in terms of the perceived need to facilitate offline payments or to facilitate the recovery of lost assets. In this article, we critically assess the essential problems that digital currency solutions are being proposed to solve, particularly with respect to the future of payments and the future of cash. Next, we examine the characteristics of trusted computing within the context of its application to digital currency systems and its potential impact on the power relationships between the users of devices, the manufacturers of devices, and other powerful actors such as corporations and the state. Finally, we assess the validity of common justifications for certified hardware in the context of alternative designs, limitations, and trade-offs. We conclude that the interests of consumers would be better served by design approaches to digital currency that do not require the use of trusted hardware.