This paper is a working draft

Abstract: We propose, implement, and evaluate two extensions to OpenCBDC, an open-source transaction processor designed for central bank digital currency. First, we enable the central bank to audit the monetary supply. This feature reduces the trust required in sentinels – the most exposed components of this architecture – so that it can in principle be outsourced to intermediaries. Second, we leverage Pedersen commitments and zero-knowledge range proofs to hide transaction amounts while maintaining auditability. This feature improves privacy beyond the level offered by the original OpenCBDC design. Performance measurements show that auditability and privacy reduce the throughput of the shards to 30 % of the original, but the scalability remains close-to-linear in the number of shards. For example, 8 shards can process peak loads of ≈135,000 transactions per second. By adjusting resources, CBDC operators can meet their throughput goals with auditability and privacy