Author: Kalle Rosenbaum 2015-06-06 15:05:36
Published on: 2015-06-06T15:05:36+00:00
The Proof of Payment (PoP) BIP proposed by Kalle Rosenbaum is a method for wallets to prove their ability to sign a transaction to a server. This can be used in situations where it is necessary to prove payment has been made, without revealing personal information. The PoP has the same structure as a bitcoin transaction but includes an added OP_RETURN output inserted at index 0 and must be signed using the same process as a bitcoin transaction. A nonce is included to make stolen PoPs harder to use. The server validates the PoP before responding with "valid" or "invalid." However, security concerns such as intercepted PoP requests and brute force attacks need to be considered.The Bitcoin-development mailing list has discussed the security concerns surrounding the BIP0021 bitcoin payment protocol and identified three main issues. Firstly, the server can manipulate the amount being paid without the wallet's knowledge. Secondly, the server can redirect the payment to a different address without the user's consent. Lastly, if the server fails to provide a transaction id, the wallet will not be able to prove the transaction for the server. To mitigate these issues, wallets should listen for the transaction on the network and put that in its list of transactions instead of relying on the transaction ID. Using secure connections could help mitigate the first two issues. The mailing list referenced poppoc and Mycelium fork on GitHub as reference implementations for this type of payment protocol. Additionally, the mailing list provided links to BIP0021, URI Scheme, BIP0070, Payment Protocol, and btcpop scheme BIP as further references.
Updated on: 2023-06-09T22:25:28.807090+00:00