(KF2) Security: ignoring obvious attack vectors
The ECB’s envisioned concept of a secure offline version of the digital euro offering full anonymity is in strong conflict with the actual history of hardware security breaches and mathematical evidence against it.The ECB promises “secure instant payments (…) even when you have (…) no network reception” (Q7), i.e., reliable offline operation without double-spending risks. This contradicts the mathematically proven CAP theorem [1], which states that no distributed system can be partition-tolerant (being disconnected), available (still work), and consistent (without double-spending) at the same time. The ECB hopes to overcome mathematics with “secure hardware”, in this case meant to “protect the information stored on the device” from its owner [2], ignoring the fact that hardware security history has made it evident that consumer-grade hardware eventually cannot withstand physical attacks. Focusing on dedicated devices like secure elements (SEs) and eSIMs and excluding Trusted Execution Environments (TEEs), as recently declared by the ECB in [3], does not solve this critical issue: While physical attacks are typically needed to compromise such hardware, the potential return by unlimited digital euro duplication will likely outweigh the necessary investment costs. Note that there is a key difference in the attack scenario on hardware for the offline digital euro compared to other typical usages of “secure hardware” such as payment card details or private keys for two-factor authentication: Owners of such hardware have no interest in regaining information—as they already own it— and being resistent to remote software or unnoticeably fast hardware attacks is sufficient. In contrast, the offline digital euro requires protecting information from the physical owner of the device who has unlimited time to break it.
The ECB’s approach of just hiding details about the used proprietary technology [4] is promising “security by obscurity”, which contradicts Kerckhoffs’ principle—a fundamental concept in cryptography which asserts that the security of a system should not depend on the secrecy of its algorithm [5]. G+D’s platform, the selected solution for the offline digital euro implementation [6] which proposes exactly such a system, has been ranked as “low” in a recent survey due to secrecy being the main line of defense against double-spending [7]. By proposing a “forgery check during defunding” [2], the ECB acknowledges the risk of hardware-level attacks or implementation bugs, but thereby contradicts the claim of offline payments being “safe and instant”, and further puts the promised complete anonymity of offline transactions into question.
The “reverse waterfall” mechanism, the automatic digital euro funding without user intervention, poses another significant security threat as a compromised digital euro account could be used to obtain unlimited money from the linked commercial bank account. The ECB promises “state-of-the-art technologies” to counter cyberattacks on the digital euro (Q25). This term is doubly misleading: First, no other large-scale deployment of digital offline payments exists today—as the ECB asserts in [3]. Second, it does not imply the application of the most modern or secure solutions available, but rather just “what everybody else does”. The central database of all (online) digital euro transaction being such a high-value target for cyberattacks (KF1), this is most probably not enough.
- S. Gilbert and N. Lynch,
Brewer’s conjecture and the feasibility of consistent, available, partition-tolerant web services,
SIGACT News, vol. 33, no. 2, pp. 51–59, 2002. doi:10.1145/564585.564601 - European Central Bank, State of play on offline digital euro—11th ERPB technical session on digital euro. https://www.ecb.europa.eu/euro/digital_euro/timeline/profuse/shared/pdf/ecb.degov240411_item3updateofflinedigitaleuro.en.pdf, 2024.
- European Central Bank, Progress on the preparation phase of a digital euro: Closing progress report. Publications Office of the European Union, 2025. [Online]. Available: https://data.europa.eu/doi/10.2866/3423337 [Accessed: Jan. 19, 2026].
- A. Giovannini and M. Stibane, Euro 2.0 – der euro wird (auch) digital - oesterreichische nationalbank. Statement on stage in discussion with audience, https://mastodon.social/@taler/112084243675777718, 2024.
- A. Kerckhoffs,
La cryptographie militaire,
Journal des sciences militaires, vol. IX, pp. 5–38, 161–191, 1883. - Giesecke+Devrient, New survey indicates digital euro must also work offline. https://www.gi-de.com/en/group/press/press-releases/new-survey-indicates-digital-euro-must-also-work-offline, 2024.
- Chavanette Advisors, Galactic grid: Your guide to the complex landscape of retail central bank digital currency technology providers. Chavanette Advisors, 2024.