(3) Where’s Our Digital Public Infrastructure?

I am a long time proponent of Digital Public Infrastructure (DPI). A strong DPI has three foundational components: digital identity, electronic payments and data exchange. Implemented correctly, these are the basis of a safer, more secure and growing economy and I think that implementation should be a priority for any government that takes net welfare seriously.

This is why I was keen to read the The World Bank’s new report “Digital Wallets: A New Paradigm – Convergence of User-Centric Digital Identity, Data Sharing and Payments”, published in May. The report (written by Christopher Tullis, Adam Cooper and David Black) talks very realistically about the benefits of a wallet-centric approach but also about the attendant risks and how to deal with them. In particular, they note how the integration of AI agents into wallets could deliver major benefits by automating routine decisions. AI-powered assistants could also help users understand how their data is being used, for example, by simplifying complex consent forms by translating legal jargon into intuitive language.

Wallets used by AIs are what I would call smart wallets and they may be even more important than payment devices, money managers and digital drivers licence containers. As Kaliya Young and Lucy Yang put it, smart wallets are going to play an important role in an organization’s relationships and interactions with their customers. In common with many other people (eg, Jamie Smith) I would push even further and say that this other channel will become key to business and Jamie’s view of the digital wallet as a safe channel connecting the brand and customers seems a good way to think things.

Open Knowledge Repository

xxx

This document provides a conceptual and architectural framework for understanding digital wallets, verifiable credentials, and their role in transforming digital identity, data sharing, electronic signing, and digital payments. It is intended primarily for government decision-makers and practitioners seeking to design, regulate, or oversee wallet ecosystems, although many concepts are equally relevant for private-sector participants of these ecosystems – including financial institutions, trust service providers, and technology platforms. This paper focuses on how wallets work, what is new about them, and how they change digital identity, data sharing, electronic signatures, and payments. It also highlights the risks and challenges that implementers must address as these ecosystems grow.

From: Open Knowledge Repository.

xxx

POST Literacy

Financial literacy in Britain is at very low levels. In a recent survey, more than half of British adults questioned about Investment Savings Accounts (ISAs) were unable to explain the difference between a cash ISA and a stocks and shares ISA, which seems prettuy fundamental to me. For those aged 25-34 it was seven in 10. I can understand those surveyed when it comes to seemingly endless policy and tax changes that make it near imposisble for normal people to understand what exactly the rules on investing and saving are, but to be honest I cannot see how any kind of financial literacy programme might mitigate such in any imagineable timescale. Given that the survery also showed that a quarter of British adults don’t understand what an interest rate is and that three quarters of them don’t know what an index fund is, the only reaosnable strategy I can imagine is to stop them from managing their money compeltely and get AIs to do it for them instead.

If you think things might improve and that I am being unneccarily dismissive of Brit capabilities when it comes to money, then I must draw your attention to the fact that a third of  Gen Z consumers get their financial advice from TikTok and only a quarter seek advice from actual financial advisors. And how is that working out for them? Not well, it seems. And not only in the UK. Last year investors lost billions of dollars betting (sorry, “investing”) on a handful of US-listed Chinese stocks that plunged in value shortly after being heavily promoted on social media.

I remember when my good friend Ron Shevlin wrote in Forbes that whatever “financial literacy” might be, it seems to do little to improve the financial health of Americans. Same back home in the U.K. It’s time to give up on education and start investing in infrastructure. Instead of financial literacy, let’s get responsible AI into the loop. The idea that I might make a better choice of savings account than event the most rudimentary AI seems fundamentalyl flawed. This doesn’t just apply to savings by the way. Frankly if I never have to talk to a car insurance company ever again it will be too soon:  when it comes to cr, house, health and life insurance, I would cheerfully pay £9.99 per month for a bot to care of them for me in perpetuity.

POST Tokenised Deposits On The Way

The big U.S. banks are launching a tokenised deposit network to connect traditional payment rails with digital asset infrastructure. It will be operated by The Clearing House (TCH), which is of course owned by those big banks. The digital asset infrastructure will work through a partnership with an as-yet-undefined vendor with the goal of serving large multinational corporation with use cases including programmable treasury operations, real-time liquidity management and cross-border payments. Banks tend to favor tokenized deposits over stablecoins because they are simply traditional bank deposits represented as digital tokens on the blockchain ,which means that they can provide digital asset payment services within the existing regulatory framework and keep deposits within the banking system.

Banks elsewhere are getting inolved in similar schemes, 

According to the Wall Street Journal, the head of global payments solutions at Bank of America (Mark Monaco) said that customers aren’t necessarily “beating down the door” for tokenized deposits. That may simply be because tokenised deposits are new and bank customers don’t really understand them, or it could be because the bank customers would prefer to see exisiting instant payment networks interconnected.

POST Digital Money Means Institutional Change

The Centre for Economic Policy Research (CEPR) has just published the eighth report in its “The Future of Banking” series, part of the Banking Initiative at IESE Business School, which examines the challenges digital technology poses to the framework governing money creation. The authors set out a fundamental challege, which I will paraphase as follows:

Central banks issue public money, while commercial banks create most of the money used in day-to-day transactions by issuing deposits. This arrangement is sustained by a set of public institutions that allow private bank liabilities to circulate as money at par with public liabilities. This is seen as a natural state of affairs, even though it is, in fact, a historically contingent institutional settlement. New technology means that we must ask whether this settlement remains desirable, especially as cash recedes and new digital liabilities proliferate.

Publications | CEPR

xxx

Barcelona 8: Digital Money
Stephen Cecchetti Dirk Niepelt Hélène Rey Xavier Vives

From: Publications | CEPR.

xxx

“The point of departure is the contemporary two-tier monetary system. In modern
economies, central banks issue public money, while commercial banks create most
of the money used in day-to-day transactions by issuing deposits tied to lending. This
arrangement is sustained by a set of public institutions – convertibility into central bank
money, prudential regulation, deposit insurance, and lender-of-last-resort support – that
allow private bank liabilities to circulate as money at par with public liabilities. This
structure is often treated as natural, even though it is, in fact, a historically contingent
institutional settlement.”

Post | LinkedIn

xxx

First: digital ID credentials are going into Google Wallet at scale. Aadhaar in India, enabling over a billion citizens to verify identity across services. Mobile driver’s licenses in the US. My Number Card in Japan. Google-issued ID passes derived from passport data in Brazil and the UK. And a plan to expand to many more countries by end of year.

But the most interesting signal was what Linarducci said next: Google Wallet is expanding beyond government-issued IDs to support privately issued credentials from banks and other institutions. Sparkasse is the first. The major German savings bank, serving 50 million customers, is launching age verification directly inside Google Wallet.

Users can prove they are over 18 online using a bank-issued credential, cryptographically secured, with no name, address, or date of birth revealed.

Sparkasse is the first. It will not be the last.

From: Post | LinkedIn.

xxx

POST Private

Bitcoin is the cryptocurrency that everyone has heard about, but it is only one kind of cryptocurrency. There are many others, and some of them work in different ways. One of the ones that has always interested me is Zcash. In my book “The Currency Cold War” I used it to illustrate some points about privacy, because Zcash was specifically built to offer something Bitcoin does not: privacy. It uses clever cryptography (in the form of zero-knowledge proofs) to provide on‑chain privacy for people who want their balances and transaction details kept confidential. Users can move coins into “shielded pools” where addresses and amounts are hidden, but every transaction comes with a cryptographic proof that no money has been created or destroyed and that the spender is authorised

Orchard is the most recent of these pools and unfortunately it tuirned out to have a bug. In simple terms, the mathematical “circuit” that checked whether a private transaction in Orchard was valid had a subtle error in it, means that an attacker could construct a transaction that passed all the network’s checks while quietly creating new digital currency out of thin air.

(Note that the zero‑knowledge proofs worked correctly, the problem was to do with what the circuit was asking the proofs to certify. )

Now, as I am sure you are aware, bugs are discovered in the crypto world all the time. I looked at last year for a few examples. There were plenty of them, so here’s three of them to get you thinking. In February, Bybit lost about $1.4 billion after attackers tricked signers in its wallet workflow and redirected funds, process failure around approvals and signing infrastructure. For non-specialists, think of it like a bank where the vault is intact, but the people and systems authorizing transfers are manipulated. That makes operational security, approval checks, and key management just as important as the code itself. In May, the Cetus Protocol was exploited for more than $200 million because of a mathematical flaw in liquidity calculations whereby an attacker found a way to make the protocol misread numbers and treat an impossible situation as valid. In November Balancer v2 pools were exploited through a smart-contract access-control problem combined with a rounding/invariant manipulation issue that led to more than $100 million in losses when a hacker found a way to behave as if they had rights they did not really have and then used tiny calculation weaknesses to tilt the system in their favor.

OK, someone found another bug. No big deal. But this bug is particulary interesting because of the privacy angle. Since Orchard hides balances and flows, the bogus currency created out of thin air was effectively undetectable. In systems like Bitcoin, an arbitrary increase in supply would be obvious just by counting coin but in Orchard, the ledger is consistent by construction; the only signal that something is wrong would be an unexplained swell of coins leaving the shielded pool. A researcher built a proof‑of‑concept, showed that unlimited counterfeit ZEC could in principle be minted inside Orchard, and reported this privately to the Zcash developers. They coordinated an emergency patch and network upgrade, then disclosed the issue publicly a few days later. There is no public evidence that anyone exploited the flaw in the wild, but equally, the privacy design makes it impossible to prove with certainty that nobody ever did.

For the broader cryptocurrency sector, the incident is am interesting comment on the trade‑off between privacy and auditability. With Bitcoin, any node can verify the “money ski supply, track coin flows, and check the rules directly against what it sees on‑chain. As systems become more private and more complex, the burden shifts: the community must trust that the circuits and smart contracts faithfully encode the intended rules, because the chain itself no longer offers a simple, human‑readable audit trail. A single logic mistake in a zero‑knowledge circuit or a privacy‑preserving protocol can compromise the monetary integrity of the entire system without leaving obvious fingerprints.

What caught my eye though is *how* the vulnerability was found. The researcher used a state‑of‑the‑art AI model as an interactive co‑analyst. In practice, that meant feeding it protocol descriptions, code fragments and constraints then iteratively asking it to reason about vulnerabilities and then construct a concrete attack that satisfied all the apparent rules while still breaking conservation of value. The human attacker framed the questions and judged the answers, but the model accelerated the search through a very large and subtle design space.

This points to a step‑change in how protocol risk will be managed. Historically, the limiting resource in cryptographic protocol auditing has been expert attention: there are only so many people on the planet who can read a zero‑knowledge circuit or a complex smart‑contract system and spot the one edge case where something goes wrong. AI‑assisted analysis effectively multiplies that expertise. It can explore many more paths, propose candidate counterexamples, and cross‑check assumptions far faster than a human alone. That is exactly what happened with Orchard: a bug that had survived years of expert scrutiny surfaced once a human used AI as a force‑multiplier on their reasoning process.

This capability is available to all attackers. An adversary can point powerful models at public code and specifications, ask them to “find a way to break value conservation” or “construct a transaction that passes all checks but increases balance,” and iterate until something breaks. For protocols handling serious value and/or implementing serious privacy, AI will need to be to part of the defence: theorem theorem‑checking around critical invariants, continuous probing guided by models and formal specifications that models can reason against. This means that projects that invest early in AI‑assisted formal verification and red‑teaming will be much better placed to withstand the kind of scrutiny that the attackers will bring to the game.

For investors, exchanges, and regulators, the message is clear. Privacy coins and other sophisticated protocols can offer powerful features, but they also carry more complex failure modes. Monetary integrity is binary: either a system can credibly claim that its supply rules are unbreakable, or its long‑term value proposition is weakened. Going forward, projects will be judged not just on innovation but on the quality of their engineering governance: independent audits, formal methods, robust incident response, and transparent communication when things go wrong.

Design a site like this with WordPress.com
Get started