Author: Pieter Wuille 2015-06-15 10:00:52
Published on: 2015-06-15T10:00:52+00:00
The Proof of Payment (PoP) protocol is a way for a wallet to prove to a server that it has the ability to sign a particular Bitcoin transaction without revealing any personal information. This protocol would be useful in scenarios such as online video rental service, parking lot payment, and lottery payment, among others. The properties of a desirable PoP include generation on demand, usability only once to avoid theft, the ability to create PoP for any payment regardless of script type, proof of having enough credentials to unlock all inputs of the proven transaction, and ease of implementation by wallets and servers to ease adoption. There have been changes made to the PoP implementation, including having only one output and setting the sequence number of all inputs to 0.To use the PoP protocol, a proof of payment request is sent from the server to the wallet, containing a random nonce, destination to send the PoP, and data hinting the wallet which transaction to create a proof for. The wallet identifies a transaction T, creates an unsigned PoP (UPoP) for T, and asks the user to sign it. Once the UPoP(T) is signed by the wallet, creating PoP(T), it is sent to the destination specified in the PoP request. The server then receives the PoP and validates it, responding with either "valid" or "invalid." If an input script type is P2SH, any satisfying script should do, just as if it was a payment. For M-of-N multisig scripts, any set of M keys should be sufficient, not necessarily the same set of M keys that signed the transaction.The method of transferring the PoP request is not specified in this protocol. Instead, it is specified in separate specifications. The nonce must be randomly generated by the server for every new PoP request. There are concerns about assigning identities to payers and misunderstanding the intent of payment versus proof of access to certain coins.The Proof of Potential (PoP) is another mechanism used to verify a transaction in Bitcoin by providing proof of its existence. This protocol involves the creation of a special transaction, called the PoP, which includes all the inputs and one output with a value of 0 and an OP_RETURN script containing a hash of the transaction to be proven. The PoP is then sent to the recipient who can verify it by following a set of steps outlined in the protocol. Any deviation from these steps results in an "invalid" status.The steps to validate a PoP include checking the format of the PoP, ensuring that lock_time is 499999999, verifying there is only one output with a value of 0 and conforming to the OP_RETURN output format, checking that the nonce is the same as requested, confirming that the inputs are identical to those in the original transaction, running the scripts of all inputs and checking the txid in the PoP output against the desired transaction. Security considerations include the possibility of interception or tampering with the PoP request, which can be mitigated through the use of secure connections. There is also a risk of brute force attacks and theft of PoPs, requiring mechanisms to detect or slow down such attempts. Additionally, even wallets without funds may still be used as generators for PoPs, emphasizing the importance of wallet security.A reference implementation for the PoP protocol can be found on GitHub. In June 2015, changes were proposed to simplify the data structure of the PoP by removing real outputs and setting the sequence number of all inputs to 0, among other modifications. Suggestions were made to include a magic constant and version field, but these were ultimately not included.
Updated on: 2023-05-19T20:34:57.558823+00:00