[Bitcoin-development] Proof of Payment

Kalle Rosenbaum kalle at rosenbaum.se
Thu Apr 23 14:39:15 UTC 2015

Hi Martin,

Thank you very much for your comments. See my answers inline:

Den 23 apr 2015 03:28 skrev "Martin Lie" <martin at datamagi.no>:
> Hej, Kalle.
> I love the idea of standardised PoPs, including a protocol for
requesting/sending them as an extension of BIP-70.

Me too!

> A couple of comments:
> 1. You admit that the txid is just a convenience and not strictly
necessary. Perhaps this should be reflected in the sequence of bits/bytes
in the record you're proposing, e.g. "OP_RETURN POP_LITERAL <nonce> <txid>"?

I was thinking that txid should be mandatory just as the nonce so the order
was arbitrarily chosen. I think you may be right that it's more intuitive
to put txid last if it's not mandatory in a future version. It makes sense
to swap order. I'll put that on my todo list.

> 2. Building on #1, perhaps there could be other identifying information
than a txid? Perhaps a txid field shouldn't be "hardcoded" into the
standard at all?
> How about taking the same approach as BIP-43 (and others) and use a
prefix that determines how the rest of the records should be interpreted,
i.e. a "type" (or "purpose" or "version" or whatever you'd like to call it)
field. This would allow for different purposes/versions of a PoP, including
as of now unforeseen ones.
> The new structure would then be:
> POP_PREFIX (? bytes): I'll leave it up to you to specify the exact bits
(and length) of the POP_PREFIX, but if your literal is used, it'd be 3
bytes: 0x506f50.
> Literals in Bitcoin protocols generally seem to be of the "binary" sort
as opposed to human-readable text, so perhaps the devs wouldn't ACK
something as "wasteful" as using 3 bytes just to identify it as a PoP
record? Obviously, this is a small detail that can be changed at short
notice, but as with all standards - once people start using it, you're
mostly stuck with what you have. ;)

Yes, maybe we could drop POP_PREFIX altogether. The server is expecting a
pop and can therefore just assume it's a pop. No need to explicitly write
that inside the pop. Can you think of a scenario where it is actually
needed. Keeping the POP_PREFIX makes sense only if other transaction-like
data structures with OP_RETURN appears in the same contexts as pops. What
do you think?

> POP_TYPE: (1 byte): 0x01 for your "standard" version, which would mean
that the payload contains a txid.

This is a good idea. Todo!

> POP_NONCE: (4 bytes): "2^32 re-uses should be enough for everyone", no? ;)

Euhm, well, I don't know... The bigger the better. If we drop POP_PREFIX we
could allow for 2 bytes version and 6 bytes nonce. Or 1 byte version and 7
bytes nonce.

> POP_PAYLOAD (32+ bytes): The contents of which is determined by POP_TYPE,
e.g. a txid or possibly extra nonce data. Or perhaps some text that makes
the purpose or context of this PoP human-readable? (This could then be
stored by wallets in order to show a list of what kind of proofs you've

For now I think I'll stick to "txid is mandatory".

> 3. I noticed that your post-OP_RETURN structure included exactly 40
bytes. Is that due to the 40-byte limitation on OP_RETURN's "data"? Are you
aware that it will be increased to 80 bytes? Cf. https://

Yes, I deliberately limited the data to 40 bytes for that reason. With
versioning, this may change in the future.

> :)
> Vennlig hilsen
> Martin Lie
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20150423/22c25248/attachment.html>

More information about the bitcoin-dev mailing list