These days it seems like goodbye, and thanks for the memories, for crypto as we have come to know it. Memories like this gem from Binance’s chief compliance officer, cited in the SEC’s action this week against the company: “we are operating as a fking unlicensed securities exchange in the USA bro,” (here, item number 111).
Binance, like FTX and many others, will most likely cease to be relevant, or will change beyond recognition. But the innovations that crypto ushered into the world may yet find a more permanent place in the global monetary system. Under the bland heading “Project Cedar Phase II x Ubin+: Improving wholesale cross-border multi-currency payments and settlements,” the New York Fed and the Monetary Authority of Singapore are experimenting with crypto tech for a future world of central bank digital currency.
Below, I look at the paper’s key technical feature, the hashed timelock contract, which allows linked transactions on distinct ledgers to execute without any discretionary intervention.
Creating a payment chain with HTLCs
One of the mooted benefits of programmable contracts is that they could allow atomic transactions. In a chain of payments among correspondent banks, for example, an intermediary will only want to send funds if they can be assured of receiving funds. Confirming this is a laborious and time-consuming step under current practice. Hashed timelock contracts propose to automate and accelerate the task.
There is some novelty in the mechanics of HTLCs. In the first step, information propagates upstream along the chain of intermediaries, from the final recipient of funds, through any intermediaries, to the original sender of funds. First, the final beneficiary creates two messages, a secret and a hash. This is a standard cryptographic artifice: knowledge of the hash does not reveal the secret, but does allow the secret to be verified once the secret is revealed. Each participant in the chain communicates the hash upstream, all the way to the originator. Only information moves at this point: no credit relationships are created.
In the second step, a chain of contracts is created, propagating downstream this time, from the original sender of funds to the final beneficiary. When each successive intermediary sees that an incoming contract has been created, they create the next outgoing contract, until the final beneficiary is reached.
The T accounts below show one way to represent the credit relationships involved. This example starts with a generic “payable” from an originator to a beneficiary—payment due for exports, perhaps. For simplicity, I show a single intermediary. Both the originator and the intermediary begin the transaction with some central bank digital currency, the tokens which will eventually be used to complete the payment (1).
The originator creates a hashed timelock contract with its intermediary. The HTLC is a liability for the originator, because the funds are not collected immediately. An asset is also created, namely the payer’s right to recall the funds if the contract is not exercised. This I label “reclaim,” following the technical terminology of the paper. Symmetrically, the intermediary takes on a liability (the “claim”), namely the funds to be released if the contract is not exercised. This is shown in (2), and again in (3) for the next leg of the payment.
At this point, nothing has changed regarding the initial payable, and no central bank money has changed hands. Instead, a new set of credit relationships has been created. Line (4) shows the outstanding balance sheet entries for all three parties.
Redemption
Each hashed timelock contract is valid for a specified window, during which the recipient can claim the funds by providing the original secret message. The final beneficiary begins the process, executing the last contract in the chain by revealing the secret to the programmable contract. This destroys the HTLC as well as the corresponding claim and reclaim, and causes central bank to be transferred:
Importantly, the redemption process is automatic: the recipient exercises the contract by providing the secret message, and the contract causes the funds to transfer without any further intervention by any other party. Executing the HTLC also reveals the secret message to the intermediary, which can use it to claim payment from the next HTLC in the chain (3).
HTLCs are credit
The point is that these hashed timelock contracts involve credit creation. Each HTLC is a liability, outstanding for a period of time that is meant to be brief. During that time, there is a liquidity risk, namely the possibility that the CBDC tokens won’t be available when the contract is exercised. We should not take too much comfort from the fact that the timescales are brief, given that the entire redemption process is automatic. Things could get ugly fast.