Why Public vs. Private Blockchain Debates Miss the Point for CBDCs

Central banks face an impossible choice: monetary sovereignty, programmability, and interoperability. Private chains offer control but create walled gardens; public chains offer composability but cede governance. The debate focuses on the wrong axis.

The answer is a layered approach: a permissioned wholesale ledger for central bank settlement, connected to programmable private/permissioned layers for commercial banks and regulated DeFi. This mirrors the existing two-tier banking system with crypto rails.

• Sovereign Core: Central bank maintains ultimate control over mint/burn.
• Programmable Edge: Smart contracts at the commercial layer enable instant, conditional payments.

Success isn't measured by TPS alone, but by how seamlessly the CBDC can interact with other payment systems and blockchains (e.g., SWIFT, ISO 20022, Ethereum, Solana). This requires standardized bridges and oracle networks for cross-chain asset movement and data verification.

• Critical for FX: Enables atomic cross-border settlements.
• Prevents Fragmentation: Avoids creating a new, isolated monetary silo.

e-CNY demonstrates that conditional programmability (expiring stimulus funds) and tiered privacy (anonymous for small transactions, KYC'd for large) are feasible on a centralized ledger. It proves the core innovation is in the monetary logic layer, not the consensus mechanism.

• Controlled Anonymity: User privacy balanced with regulatory oversight.
• Policy as Code: Fiscal and monetary tools are embedded directly into the currency.

The end-state isn't a simple digital token, but a CBDC integrated with permissioned Automated Market Makers (AMMs) and lending pools. This allows for programmable monetary policy (e.g., tiered interest rates) and creates a native capital market for sovereign digital assets.

• Liquidity Efficiency: Reduces reliance on fractional reserve banking.
• Real-Time Policy: Central banks can deploy liquidity directly to targeted sectors.

The winning design will be judged on cyber resilience, operational robustness, and developer adoption—not philosophical purity. It must be as reliable as RTGS and as composable as Ethereum. The chain is just plumbing; the monetary and fiscal applications built on top are the point.

• Adoption Driver: Developer SDKs and sandboxes are more critical than ledger type.
• Failure Cost: Downtime or a smart contract exploit is a systemic financial risk.

Framing the choice as 'public = open' vs. 'private = controlled' ignores hybrid architectures. Central banks need programmable monetary policy and transaction-level oversight, but also want to enable a vibrant private-sector ecosystem of wallets and DApps. A monolithic chain cannot serve both masters.

• Policy Layer: Requires finality, auditability, and sovereign control.
• Execution Layer: Needs scalability, low cost, and developer freedom.
• Settlement Assumption: Treating the base ledger as the only settlement layer limits design.

Decouples the centralized core ledger (controlled by the PBOC) from distributed transaction processing (handled by authorized commercial banks and fintechs). This is the dominant real-world blueprint.

• Tier 1 (Central Bank): Issues digital currency, maintains sovereign ledger, sets policy. ~0ms finality for issuance/redemption.
• Tier 2 (Intermediaries): Handle KYC, retail wallets, daily transactions. Enables ~50k TPS scalability.
• Key Insight: The 'blockchain' is often just the core settlement layer; user experience is built on permissioned, high-speed systems.

Targets interbank settlement and cross-border transactions using distributed ledger technology (DLT) among a closed group of regulated entities. Proves that 'private' DLT can coexist with public tokenized assets.

• Use Case: Settling tokenized securities or FX trades with central bank money on a common ledger.
• Key Benefit: Atomic Delivery-vs-Payment (DvP) eliminates counterparty risk, reducing settlement cycles from days to minutes.
• Interoperability Focus: Projects like mBridge explore multi-CBDC platforms for cross-border payments, prioritizing governance over pure tech stack.

The endgame isn't a closed ledger, but a regulated perimeter where CBDC becomes programmable fuel. Think Uniswap for FX with KYC'd pools, or AAVE for interbank lending with central bank collateral.

• Policy Levers: Central banks can program velocity limits, geofencing, or expiring stimulus directly into the money.
• Innovation Sandbox: Private developers build applications atop a standardized CBDC API, not the raw ledger.
• Critical Shift: The debate moves from 'which chain' to 'which rules' and 'which APIs' govern the monetary layer.

A purely private ledger creates a walled garden, but a public chain cedes monetary control. The solution is a hybrid architecture with a permissioned settlement layer and permissionless access points.\n- Sovereign Control: Central bank retains finality on the core ledger.\n- Programmable Access: DApps and bridges can connect via defined APIs, similar to how Polygon Supernets or Avalanche Subnets operate.

Citizens demand privacy, regulators demand auditability. Zero-knowledge proofs (ZKPs) are the non-negotiable primitive, moving beyond naive encryption.\n- Selective Disclosure: Users can prove compliance (e.g., AML) without revealing full transaction graphs, akin to zkSNARKs on Zcash.\n- Auditable Anonymity: The central bank holds a view key for oversight, ensuring the system isn't a black box.

CBDCs cannot exist in a vacuum; they must integrate with RTGS systems and commercial bank ledgers. The imperative is a modular design with clear interfaces.\n- Settlement Finality: The CBDC ledger becomes the atomic settlement layer for interbank transfers, reducing counterparty risk.\n- API-First: Banks and fintechs connect via standardized interfaces, avoiding the vendor lock-in of monolithic core banking software.

A single-entity validator set is a systemic risk. The model must be a permissioned-but-distributed network of vetted entities (e.g., major banks, audit firms).\n- Byzantine Fault Tolerance (BFT): Ensures liveness even if 1/3 of nodes are malicious or offline.\n- Geographic Distribution: Validator nodes are mandated across jurisdictions, preventing a single point of failure, inspired by Hedera's Council model.

The killer app isn't digital cash, but programmable fiscal policy. The architecture must natively support conditional logic and automated disbursement.\n- Smart Contract Sandbox: A controlled environment for authorized logic (e.g., time-locked stimulus, targeted tax rebates).\n- Direct Integration: Enables DeFi-like yield on government bonds or automated VAT collection, bypassing intermediary complexity.

A CBDC that cannot bridge to other digital assets is obsolete. The design must include standardized cross-chain message protocols at the protocol level.\n- IBC Protocol: Adopt an Inter-Blockchain Communication standard for sovereign CBDC interoperability, as seen in Cosmos.\n- Intent-Based Swaps: Allow users to seamlessly exchange CBDC for tokenized assets via embedded solvers, similar to UniswapX or CowSwap.