[Bitcoin-development] Payment Protocol for Face-to-face Payments

Andreas Schildbach andreas at schildbach.de
Fri Feb 7 23:15:43 UTC 2014

I have refreshed the Bitcoin Wallet preview version with beta version
3.32. It now implements BIP72 aka "URI extension for payment protocol".

There is one important deviation from the standard though: Bitcoin URI
address and amount fields need to correspond to the data from the
payment request. The makes sure the signature really signs the URI
(which you've gotten directly from the payee) and not a malicious
payment request introduced by a MITM. Note the memo isn't protected like
that, so it can still be MITM'ed.

I know this means that for the time being Bitcoin URIs must be
"backwards compatible". That should not be an issue since we will be in
transition phase for many months anyway. Until then, I hope we will have
agreed on a more sophisticated approach, e.g. a separate hash in the URI.


(also published to the corresponding channels on Google Play)

On 01/30/2014 11:46 AM, Andreas Schildbach wrote:
> Just a small update. I merged the code to my bitcoinj-0.11 branch and
> put up binary .apk files for experimentation. Just make sure to tick
> "BIP70 for tap-to-pay/scan-to-pay" in the labs settings.
> Source:
> https://github.com/schildbach/bitcoin-wallet/commits/bitcoinj-0.11
> Binaries:
> https://github.com/schildbach/bitcoin-wallet/releases/tag/v3.30-bitcoinj0.11
> On 01/27/2014 12:59 PM, Andreas Schildbach wrote:
>> As promised I'd like to present my work done on leveraging the payment
>> protocol for face-to-face payments. The general assumption is that
>> individuals don't own X.509 certificates. Their devices may be only
>> badly connected to the internet or in some cases not at all. I've
>> implemented a prototype on a branch of Bitcoin Wallet. It is using
>> bitcoinj 0.11 (not released).
>> https://github.com/schildbach/bitcoin-wallet/commits/payment-protocol
> ------------------------------------------------------------------------------
> WatchGuard Dimension instantly turns raw network data into actionable 
> security intelligence. It gives you real-time visual feedback on key
> security issues and trends.  Skip the complicated setup - simply import
> a virtual appliance and go from zero to informed in seconds.
> http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk

More information about the bitcoin-dev mailing list