About Fireblocks

The Fireblocks mission is to enable every business to easily and securely support digital assets and cryptocurrencies. Its digital custody, transfer, and settlement platform enables businesses to manage digital asset operations and build innovative businesses on the blockchain. Its multi-layer security approach eliminates single points of failure and insulates digital assets from cyberattacks, internal collusion, and human error, making it an ideal solution for companies looking to maximize security in their digital asset technology stack.

As a technology provider, Fireblocks offers critical infrastructure for a wide range of recognized institutions and cutting-edge startups looking to build out digital asset operations, including gaming companies, fintechs, banks, and FMIs. Its commitment to delivering a secure, easy-to-use, and scalable solution for emerging market entrants and use cases such as stablecoin issuance, NFT treasury management, and digital asset payments has established it as a leader in the blockchain infrastructure space. Fireblocks is widely considered one of the most secure custody technology solutions available, and its technology has become widely adopted by financial institutions such as BNY Mellon, SIX Digital Exchange, ANZ Bank, and Checkout.com.

Fireblocks is the most scaled and battle-tested digital asset platform in the market. As of November 2023, Fireblocks is trusted by over 1,800 institutional clients globally. It has secured over $4 trillion in digital assets and its clients have created more than 130 million wallets using the platform.

In September 2023, Fireblocks announced its acquisition of BlockFold, a smart contract development and consulting firm specializing in advanced tokenization projects for financial institutions. Integrating BlockFold enriches Fireblocks’ tokenization capabilities and ongoing innovation, enabling tier-1 financial institutions to bring more advanced tokenization projects into production as the market matures and evolves.

This paper illustrates the uniformity of money in a world of digital assets. It adds to the debate around privately and publicly issued digital currencies and the different backing models in the monetary system today. It features a model of convertibility between fractionally-backed tokenized deposits issued by banks and fully-backed stablecoins issued by fintechs or non-banks. It includes high-level smart contract code and illustrative flows to explain how this interoperability is achieved in practice, and is accompanied by video demonstrations to show how this all comes together on the Fireblocks platform.

The Evolution of Digital Assets To Date

Digital Assets are Hitting the Mainstream

Developments in the digital asset industry have caught the attention of every part of the financial system. In response to investor demand, the biggest banks and asset managers in the world have sought to offer access to crypto assets. Meanwhile, declines in crypto prices and speculative activity over the past 18 months have created space for corporates and financial institutions to focus on the utility offered by digital assets. Some of the largest corporations in the world, including Starbucks and Nike, are using non-fungible tokens (NFTs) to revolutionize brand loyalty. Others are exploring token-gated access to live events, including concerts and football matches.

Digital Representations of Money are Proliferating

To access and interact with digital assets efficiently means paying with digital forms of money. In the face of cryptocurrency volatility, privately-issued stablecoins have served as the gateway (on- and off-ramp) between traditional money and the digital asset ecosystem. Stablecoins have provided a stable store of value between transactions, and adoption has grown rapidly. It is estimated that stablecoins were used to settle more than $7 trillion in 2022.

However, recent events have called into question the credibility of stablecoins, not least the collapse of Terra’s algorithmic stablecoin but also the temporary de-pegging of Circle’s USDC and Tether’s USDT in times of market stress.

In response, banks have shown interest in stepping into the fold, offering to bring trust and credibility to the space as regulators start to define the rules more clearly. Banks in Australia, such as ANZ, have issued fully-backed Australian Dollar stablecoins, and there is increasing interest in tokenized deposits issued as a commercial bank liability, much like commercial bank money today.

Unlike fully-backed stablecoins, which ultimately lock up or drain liquidity from the banking system, tokenized deposits can enable credit creation and support economic growth. However, the recent collapse of Silicon Valley Bank in the U.S. and Credit Suisse in Switzerland has highlighted the inherent risks of commercial bank money in a fractional reserve banking system.

Central Banks See a Role for CBDCs

According to the Bank for International Settlements (BIS), around 90% of central banks around the world are exploring or actively developing their own CBDCs. Most major central banks have come to accept that digital assets are here to stay and have the potential to improve the financial system. Many also recognize that if stablecoins, NFTs, and other digital assets continue to proliferate, central banks must adapt to meet their duty to the public.

Many are considering wholesale CBDCs, in part because today’s regulation requires financial assets to be settled in central bank money, so there is a need to keep up with the emerging tokenization of financial assets. But they also recognize the potential efficiencies that could be achieved by upgrading the technology at the core of the financial system without really affecting consumers. According to the BIS, 16% of central banks consider it likely that they will have a wholesale CBDC within the next three years.

Retail CBDCs are politically more sensitive because they open up debates about how the central bank should and should not interact with the population, especially in an age where people are increasingly concerned about privacy. Despite these challenges, some central banks see it as their public duty to provide money in the form of retail CBDCs, in part to preserve the uniformity of money as spending moves away from banknotes into privately issued forms of money and towards a future of digital assets. The BIS survey suggests that 18% of central banks could have a retail CBDC within the next three years.

The Future of Digital Money

CBDCs issued as a liability of the central bank will be the ultimate “risk-free” asset in an economy, just as central bank money is today. They will likely serve as the fundamental unit of account in the digital asset ecosystem. Meanwhile, stablecoins may allow for programmability or be better suited for crossborder use cases, leveraging the blockchain’s ability to transcend national borders. Tokenized deposits could enable banks to continue to play their role in intermediating saving and borrowing, thereby creating credit and allocating it effectively. Together, all of these forms of money will enable consumers and investors to interact with the digital asset ecosystem of the future.

CBDCs at the Heart of a Vibrant Digital Asset Ecosystem

An Interoperable System of Digital Currencies

The concept of interoperability between different forms of tokenized money is not new. In June 2023, the DREX Pilot in Brazil started to explore how banks might issue tokenized deposits alongside non-bank payment institutions issuing stablecoins, each with different backing models reflecting their respective regulatory regimes and settled using a wholesale CBDC. The DREX proposals heavily informed the model presented in this paper.

In November 2022, the Regulated Liability Network (RLN) thesis described how the sovereign currency system comprises the liabilities of central banks and the liabilities of regulated private issuers (commercial banks and e-money issuers). It proposed that all the elements of today’s sovereign currency system could be upgraded to digital and represented on a single ledger. It explored the potential for a (global) FMI with a shared ledger to make central bank money interoperable with commercial bank money, e-money, and regulated stablecoins in a digital system, just as they are today. However, some argue that this concept of a single FMI and shared ledger is too difficult to coordinate. History shows it can take many years to agree on and implement a single standard, as recently illustrated by the rollout of the ISO 20022 messaging standard. Unlike the RLN thesis, this paper is the first of its kind to explore how the same outcome of interoperability can be achieved with a minimal degree of coordination.

In June 2023, the BIS proposed a similar concept of a unified ledger as a new type of FMI to achieve the singleness of money and support tokenization. The concept of a unified ledger is attractive, but again, it can only succeed if everyone agrees on a single infrastructure. Although it recognizes the importance of publicprivate collaboration to minimize friction and realize the benefits of tokenization, it overlooks the role of non-banks and stablecoins in the future of money.

Other work has focused on cross-border interoperability to explore whether digital assets can address the significant costs and delays associated with cross-border payments – widely recognized as the largest inefficiencies in the global financial system. The BIS’s project Mariana explores interoperability (bridges) between blockchains in different jurisdictions. Meanwhile, Swift’s experiment with Chainlink’s CCIP demonstrates the value of interoperability between blockchains to facilitate cross-border payments. Although this paper focuses on interoperability in a domestic context, a natural extension could include an externally sourced foreign exchange rate or enable interaction with an automated market maker.

We start with a simplified digital monetary system. For the purposes of this illustration, it is a closed economy with a single national currency. The central bank is responsible for authorizing and regulating banks, and has a credible regulatory regime that supports a fractional reserve banking system, as described in the previous section. The financial system also benefits from competition from non-bank fintechs, who are allowed to offer payment services to consumers. These fintechs or payment service providers are not permitted to perform maturity transformation and therefore do not present the same degree of risk to the financial system. Like the e-money regime that exists in many countries, customer deposits held by these fintechs must be fully-backed and bankruptcy-remote from the fintech in order to protect the consumer.

In this model, we have two banks, alpha and beta, and a non-bank fintech, gamma. Each has a set of customers. We highlight two customers of alpha (fiona and charlotte), one customer of beta (ivan) and one customer of gamma (alex).

Each institution is allowed to issue digital tokens, alpha coin, beta coin and gamma coin respectively. The monetary system is governed by a Central Bank that issues a wholesale CBDC.

Although we focus on a wholesale CBDC for simplicity, the model can be generalized to include a retail CBDC that could be held in customer wallets alongside alpha coin, beta coin and gamma coin. Most central banks that are considering retail CBDCs also intend to implement holding limits to allow for retail CBDCs to exist alongside privately issued digital money.

Consistent with e-money regimes, the digital tokens offered by gamma serve as a pure payment token. They are fully-backed by the wholesale CBDC. This 1:1 backing with a CBDC is hard-coded into the smart contract and helps to address the primary challenge around proof of reserves faced by today’s most popular stablecoins. Because of the comprehensive regulatory regime applied to banks, and the desire to preserve a fractional reserve banking model, alpha and beta are allowed to issue fractionally-backed digital tokens. We assume a fixed ratio of 10:1 for mathematical simplicity in this model and to align broadly with bank capital ratios.

This setup is intended to mimic the existing monetary system in that commercial banks, under the supervision of a central bank/regulator can create commercial bank money, while e-money providers can offer payment services but do not create money. Financial systems that are overly reliant on banks have proved to be less competitive and less resilient to financial shocks. At the other extreme, an excess of customer funds in e-money accounts would drain the financial system of credit and is therefore undesirable. This regime attempts to balance these extremes to ensure equivalent outcomes for the consumer, while offering diversity and choice.

Anti-Money Laundering (AML) and Know Your Customer (KYC) regulations require each of these financial institutions to identify customers they interact with and this prevents non-customers from holding the coins they have issued. To ensure the institutions can continue to comply with these regulations, the CBDC is used as a settlement asset here, in the same way that central bank money is used to settle outstanding balances between banks at the end of each business day.

Context

A smart contract is a piece of code on a blockchain platform. It defines rules, conditions, and functions, like any other software. However, it is their self-executing nature that sets smart contracts apart.

When certain conditions specified in the smart contract’s code are met and verified on the blockchain, the contract automatically triggers the pre-programmed actions. These actions could involve transferring digital assets between parties, updating data on the blockchain, or executing complex multi-step processes.

Standards like Ethereum Request for Comment 20 (ERC-20) play a crucial role in the blockchain ecosystem by providing a common framework and rules for creating and interacting with tokens on the Ethereum platform.20 They improve interoperability and ease of adoption. With this objective in mind, we have adopted the ERC-20 token standard for all fungible tokens (units of account) within our model.

The following section describes how our model of a simplified Digital Monetary System is implemented at the smart contract level. It highlights the standards used as well as the governance and design considerations needed to achieve the goal of uniformity between different forms of tokenized money.

Design

The primary goal is to design a set of smart contracts that ensure tokens with different backing ratios are interchangeable and behave according to a set of pre-programmed rules to preserve uniformity of value. For example, the transfer of $100 from a fractionally-backed unit of account must yield $100 for the recipient regardless of whether the recipient holds that $100 in a fractionally-backed or fully-backed unit of account.

In terms of the unit of account, the model uses two types:

The model places no requirements on the backing ERC-20 other than ERC-20 compliance. To this end, the model can use either a new ERC-20 implementation or an existing ERC-20 implementation (i.e., USDC) as a backing unit of account.

The fractionally-backed ERC-20 token is created with the following details:

• Name
• Symbol
• Backing ERC-20
• Reserve Address (used for inter-token transfers/conversion)
• The backing fraction (e.g. 0.1 for 10% backing, 1.0 for 100% backing)

The fractionally-backed ERC-20 smart contract does not implement the minting or burning functions that are commonly available in ERC-20 implementations, because this is not aligned with the backing nature of the token. Rather, the intent of the fractionally backed smart contract is to facilitate the transfer of tokens according to the backing fraction. Instead, the smart contract implements the deposit and withdraw functions, where the deposit is the action of depositing a specified amount of the backing token and stating the intended recipient of the face value fractionally-backed ERC-20.

From the snippet above, we can also see that the deposit function is controlled by the ISSUER_ROLE, which is held by a very select set of addresses. In our illustrative case, the holders of this role are limited to the Treasury EOA (External Owned Address) and the Converter Smart Contract (see below for more detail).

The withdraw function is implemented in 2 guises; one implementation enacts a withdrawal, where the face value of the backed ERC-20 is burned, and the fractionally-backed ERC-20 is transferred to the caller. This implementation is typically used by the bank or fintech to transfer funds.

A second implementation of the withdraw function is a delegated withdrawal, where the withdrawal is enacted on behalf of a third party. This implementation is used by the Converter Smart Contract. We use the default ERC-20 allowance mechanism to realize this function.

Once we have a plurality of fractionally-backed ERC-20 tokens informed by a shared backing ERC-20 token, we have the building blocks to help us move closer to the uniformity of tokenized money.

Intra-token transfers (e.g., move alpha coin from fiona to charlotte) require no custom consideration. Inter-token transfers (e.g., send alpha coin from fiona and deliver beta coin to ivan) require withdrawal from the source coin, supplementing from reserve for a shortfall (if any) to reach face value of the transfer and then deposit the destination coin, with a surplus (if any) being placed in reserve.

In service of this, the model implements a Converter Smart Contract controlled by the provider (i.e., a central bank). The Converter Smart Contract is designed as a public good in that it is not profit seeking. The only fee incurred in using the Converter Smart Contract is the gas of the underlying network (for gas-driven networks).

The Converter Smart Contract guarantees inter-token transfers are atomic in nature and will always yield face value equivalence. This Converter Smart Contract is the workhorse of this model and the main smart contract innovation offered by this paper.

At the heart of the conversion process we employ the following illustrative processing:

The flow illustrated above is, in effect, executing exchange settlement on a per-transaction basis. This is key to the operating assumption that the face value being transferred is matched in the backing ERC-20 per transaction.

To control which fractionally-backed ERC-20 tokens can operate in the ecosystem, the Converter Smart Contract makes available a registry of tokens allowed to engage in conversion.

The interplay between each institution’s reserve account, their respective coins, and the pre-configured allowances is a critically important part of the configuration. The Converter Smart Contract needs sufficient allowance to withdraw from the reserve to achieve both symmetric and asymmetric conversion uniformity.

Additionally, we need to revisit the ISSUER_ROLE discussed earlier. To achieve uniformity in conversion, the Converter Smart Contract must hold the ISSUER_ ROLE in terms of both the delegated withdrawal and deposit required.

At a glance the control dimensions are:

Governance

From a governance and controls perspective, our model has three personas: the central bank, the bank/fintech, and the end users. The end users have no escalated privileges in this context.

The bank/fintech has privileges allowing it to hold the backing currency and having the role of ISSUER_ROLE for their respective fractionally-backed ERC-20s.

The central bank has escalated privileges spanning the mint and burn of the backing currency and participation therein. Over and above these privileges, the central bank controls the Converter Smart Contract, which maintains the curated set of fractionally-backed ERC-20s that are allowed to execute uniform transfers.

This is referred to as the registry of fractionally-backed ERC-20s, and the central bank holds the REGISTRY_ADMIN_ROLE, enabling it to curate eligible smart contract deployments.

The model requires that fractionally-backed ERC-20 make their backing currency available via the backingToken attribute. The backingToken attribute signals the backing token of the fractionally-backed ERC-20 (the CBDC for the purposes of this illustration). For uniformity of tokenized money to be applicable, the respective fractionally-backed ERC-20s must be backed by the same token (i.e., the CBDC). The Converter Smart Contract uses this, in combination with the caller (the central bank for our purposes), to allow for addition to and removal from the participating fractionally-backed ERC-20 registry.

The following is an illustrative implementation of the registry curation functions:

The model presented here does not consider privacy in any real depth, but privacy is a top priority for most central banks. Commercial banks and other financial intermediaries would be unwilling to interact with an infrastructure that revealed their balances and transactions to their competitors. In times of stress, there are arguments for central banks being able to act as the lender of last resort privately in order to stabilize, rather than to exacerbate a precarious situation.

More importantly, many central banks know that, given a choice, the public will only adopt a retail CBDC that guarantees their privacy. In a world of surveillance and big data, people are highly sensitized to the idea that governments could use this new technology to monitor their activity and restrict how they spend their money. Once an obscure four-letter acronym, CBDCs have become highly politicized in a number of countries around the world.

Central banks like the Bank of England have made clear they have no interest in having access to personally identifiable information and transaction data, not least because of the operational and compliance implications that go with it. These central banks have also drawn a distinction between privacy and anonymity, noting that they could never implement a completely anonymous payment token, as it would break the rules in the financial system that seek to prevent money laundering and terrorist financing. In response to this nuanced message, conspiracy theories abound, speculating about what central banks and governments could do with the data.

Part of the challenge likely stems from the notion that blockchains are designed as shared ledgers and are transparent, as a foundational principle; the fact that digital currencies also enable “programmability” only adds to the skepticism. To address concerns over privacy and control, central banks therefore have to go to great lengths to reassure people, both through legislation and design.

As an example, some concerns can be addressed through the design, by maintaining the role of intermediaries in the financial system – to monitor transactions, prevent fraud and terrorist financing, and manage customer complaints. That creates a degree of separation between the individual and the state, but that separation is weakened if the central bank can still observe every transaction on a single ledger. Many central banks will attempt to reassure the public by reminding them of the privacy protections that are enshrined in law. But some will be bold enough to propose technological solutions that give individuals greater control of their data in a way that can both enable identification and enhance privacy.

Extending the Model in this Paper for Privacy

The model in this paper makes the simplifying assumption that everything takes place on one blockchain. It can then use a whitelist in the alpha coin, beta coin, and gamma coin smart contracts respectively to ensure that the banks and fintech in this model only interact with known customer wallets and thereby adhere to KYC rules.

A natural extension in the digital asset ecosystem would be to allow each entity to deploy and manage its own sub-chain. The Central Bank would own and maintain one sub-chain, on which it would interact with the intermediaries. alpha bank would own and maintain a sub-chain to interact with its customers, as would beta bank and gamma fintech. This would help to ensure that beta bank has no visibility of the transactions taking place in Alpha’s ecosystem, for example. It would also help to ensure an additional degree of separation, such that the central bank has no way of observing transactions taking place in the alpha bank blockchain, thus protecting the privacy of alpha bank’s customers.

Technologies Designed to Enhance Privacy

Cutting-edge technologies such as zero-knowledge proofs can provide an additional degree of privacy. Through encryption of wallet addresses and transaction details, these technologies can protect individuals’ identity and transactions from others on the blockchain while also enabling the sharing of specific information with the recipient or their wallet provider to comply with regulations.

Zero-knowledge proofs could also support the development of a powerful type of privacy-enhancing digital identity. By combining a form of on-chain digital identity with these zero-knowledge proof technologies, individuals would be able to reveal parts of their identity and relevant data to counterparties they wish to interact with and as required by law, while hiding their identity and data from everyone else. That differential data sharing is arguably the definition of privacy.

These technologies are not yet battle-tested or available at scale. But digital currencies that can harness these technologies will be able to enhance individual privacy, while complying with the rules in the financial system. That could be a highly valuable proposition for individuals in the near future.

This paper has explored the programmatic interaction between CBDCs, tokenized deposits, and stablecoins. It has illustrated a practical way to achieve uniformity of tokenized money through smart contracts.

It describes roles for:

• The central bank, which issues a digital currency (CBDC) as a backing asset;
• Commercial banks, which can issue fractionally-backed tokenized deposits; and
• Fintechs, which can issue fully-backed stablecoins.

It then illustrates a model of free convertibility between the fractionally-backed tokenized deposits and the fully-backed stablecoins, governed by rules set by the central bank, such that the consumer doesn’t notice the difference.

It leverages the Fireblocks infrastructure, upon which countless projects operate at scale in the digital asset and crypto industry, but it is by no means exclusive. It also benefits from the knowledge and experience gained through a number of strategic financial services projects, helping to define the state-of-the-art in tokenized money.

It should embolden central banks that are exploring CBDCs to build them on the blockchain and harness the programmatic benefits of this rapidly developing technology.

It should help commercial banks understand their role in the future of money and enable them to start developing tokenized deposits now, with a view to how they could interact with CBDCs in the future.

It should empower fintechs to continue innovating, while positioning their role in the future digital asset ecosystem.

We remain in the early stages of CBDC development around the world. In the hands of the decision makers at central banks, commercial banks, and fintechs, the ideas presented in this paper should take us one step closer to the future of money.