Bitcoin payment protocol overhaul nears implementation

bitcoin-large
6 October 2013

The bitcoin community is getting closer to the merchant-friendly payment system that we first wrote about in July. Now, it’s a matter of months away from being backed into the official bitcoin client – and other wallets will support it, too.

The core devs originally announced an initiative to introduce a bitcoin payment message (BPM) specification into bitcoin in July. Since then, it became a Bitcoin Improvement Proposal (BIP).

BIPs make things more concrete. “BIP is as close as we come to a formal specification,” said bitcoin core developer Jeff Garzik.

Ideas for new bitcoin features generally move through three stages: an idea, discussed informally on the bitcoin development mailing list, or on IRC, followed by a rough draft. In that case, someone writes an informal document, which is what the BPM document was.

“If people are generally agreed that work should continue, a BIP is written,” said Garzik. The BPM was deprecated, and BIP 70 became the go-to specification for enhanced bitcoin payments.

On September 24, Mike Hearn (a core contributor to bitcoin) posted on the BitcoinTalk forum that support for BIP 70 (and two other payment-related BIPs, 71 and 72) was being folded into Bitcoin-QT, the main bitcoin client and wallet.

This is important for both merchants and customers. Until now, making payments in bitcoin has been a bare bones experience, and not always a secure one.

When a customer makes an ecommerce transaction, the merchant generates a unique payment address associated with the customer’s order (there are so many possible bitcoin addresses that the chances of duplicating one are extremely small).

The customer then copies the address into their own wallet (or, if they’re lucky, scans a QR code). They authorize the payment in their wallet, and it is broadcast to the bitcoin network to be verified. The server then detects payment, and possibly waits for the network to confirm it.

This carries some significant drawbacks. According to Hearn, addresses “lead to privacy leaks, they are inflexible and tough to extend with new features, they aren’t authenticated and they’re one-way only.”

The BIP 70 payment protocol will be smoother, richer, and more secure. It replaces tortuous bitcoin addresses with human-readable addresses. It also enables ‘payment received’ messages, so that the customer isn’t left hanging.

refundAmong the other features of the new payment protocol is the option for refunds. The buyer-sender will be able to submit some refund addresses to the seller-recipient while buying goods/sending coins. This automatically tells the merchant where to send a refund if needed, rather than having to do it manually.

Then, there are the security benefits. Security is a worry in bitcoin payments at present.

“Bitcoin is a difficult project partly because we’re moving money around with general purpose computers that can be hacked or get viruses,” writes Hearn. “VISA and MasterCard have moved everyone (outside the USA) to special-purpose hardware like chip cards and dedicated readers which can’t have random apps installed on them.”

Hearn’s concern is that dynamically generated address come from computers that could have been compromised by an attacker, who could then change that address to one that they control.

Instead of messing about with bitcoin addresses, the new payment protocol relies on payment requests. When the customer makes a transaction, the merchant will send a message to the customer requesting payment for the appropriate amount.

This message will be signed using a digital certificate, which is a small electronic file provided by a third-party certificate authority (CA). The CA confirms that the certificate was given to a particular person or organization.

Here’s what the process looks like.

When Mike makes a transaction for 0.5 BTC from Bob, Bob sends the customer a payment request for 0.5 BTC, signed with Bob’s certificate. This message may include other information, such as a memo describing the purchase.

Mike’s bitcoin wallet will see this message, and can check that certificate’s validity with the CA. Then, Mike will know that Bob is making the request, and not a random attacker.

Mike’s wallet will then make the payment, sent in its own message, along with other optional information such as bitcoin addresses for potential refunds, making it easier for the merchant to process that, should that become necessary later.

On receipt of that message, Bob will send an automatic payment request acknowledgement to the wallet, which can then tell Mike that the payment is complete, putting his mind at rest.

But certificates are not foolproof. They have been obtained by imposters in the past.

“This is actually relatively easy to do,” says John Hopkins University cryptography expert Mathew Green, co-author of the ZeroCoin protocol, because not all certificate authorities are trustworthy.

“If you are big enough and spend enough money,” Green says, “you can actually get them to give you your own signing key” – the signature that they use to certify websites. “This is actually relatively easy to do because there are so many certificate authorities – between 100 and 200.”

computer securityBut concerns over certificate security irritate Hearn. “The reality is that [certificate technology] is the best we’ve got, it’s being improved via initiatives like cert transparency, and it has a track record of stopping worst case adversaries.”

We know from the Snowden leaks that the rising usage of SSL (a digital certificate technology) in recent years worried intelligence agencies who were finding it difficult to break the PKI infrastructure, Hearn points out.

“When you have agencies with the might of the NSA and GCHQ freaking out because people use CAs more, it’s bizarre for people to claim the entire infrastructure is broken,” he says.

One thing that would help is the use of extended validation certificates. Defined by a non-profit group called the CA/Browser Forum, EV certificates require more extensive verification of an organization or individual’s identity before they are granted, using rules defined here.

“The current code in Bitcoin-Qt doesn’t support EV certificates,” admits Garzik. “It should do, and there’s a TODO in the code, and if merchants get EV certs then at some point wallets will start using the friendly names they contain. But it’s yet more code.”

Either way, the payment protocol is coming back, “but with a better design,” ensures Hearn. “The hope is that over time this will come to replace bitcoin addresses for most usages.”

BIP 70 also provides a secure proof of payment, which the customer can use in case of a dispute with the merchant.

Support for this payment protocol will be introduced in the next version of Bitcoin-QT/bitcoind, which is 0.9.0.  “With the code push into our git repository, the payment protocol (BIP 70) will definitely be in the next release,” said Garzik.

The supporting Bitcoin-QT version, according to Jeff Garzik, is not expected to come out for at least a month, with similar features available on MultiBit/Android Bitcoin Wallet and CoinPunk planned as well.

Support for BIP 70 is also being built on the merchant side, as both parties to a transaction have to collaborate to take advantage of it.

BitPay has already agreed to adopt it, meaning at least 10,000 businesses will have access to the updated feature, enabling them to send payment requests using BIP 70 message formats.

All of this will mean a more merchant-friendly payment system. Is bitcoin finally growing up as an ecommerce payment platform?

This article was co-authored by Justin O’Connell and Danny Bradbury.