[Bitcoin-development] Proof of Payment

Natanael natanael.l at gmail.com
Fri Mar 13 20:30:01 UTC 2015

Den 13 mar 2015 20:57 skrev "Kalle Rosenbaum" <kalle at rosenbaum.se>:
> Hi all,
> I've been thinking about how a person can prove that she has made a
payment. I came up with an idea I call Proof of Payment (PoP) and I would
highly appreciate your comments. Has something like this been discussed
somewhere before?
> Use cases
> There are several scenarios in which it would be useful to prove that you
have paid for something. For example:
> A pre-paid hotel room where your PoP functions as a key to the door.
> An online video rental service where you pay for a video and watch it on
any device.
> An ad-sign where you pay in advance for e.g. 2-weeks exclusivity. During
this period you can upload new content to the sign whenever you like using
> A lottery where all participants pay to the same address, and the winner
of the T-shirt is selected among the transactions to that address. You
exchange the T-shirt for a PoP for the winning transaction.
> These use cases can be achieved without any personal information (no
accounts, no e-mails, etc) being involved.
> Desirable properties:
> A PoP should be generated on demand.
> It should only be usable once to avoid issues due to theft.
> It should be able to create a PoP for any payment, regardless of script
type (P2SH, P2PKH, etc.).

Relevant: https://idemix.wordpress.com/

Anonymous Credentials allows an issuer to declare that you have certain
rights. For example, upon paying the service provider could issue you the
credentials for using their service up until a certain date.

When challenged to prove a statement about what credentials you have, you
can prove the fact that you've got the right credentials without revealing
anything else. You don't even reveal you're the same person as the last
time, if you prove the right to access a VPN multiple times there's no data
in it that links the different sessions together.

The main difference is that issuance of Anonymous Credentials aren't
"atomic" with the payment transactions, which can open up the risk for
certain types of dishonest behavior by the seller. You could however use a
proof in court of having paid for the credentials but not getting them
issued to you (maybe throw in usage of Factom to log issuance of
credentials?). With this construction of using both these methods, you add
stronger privacy for the usage of the services while simultaneously keeping
a degree of accountability for the payment.

The Zerocoin developers also got a paper on a blockchain version,
"Distributed Anonymous Credentials".
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20150313/d6964566/attachment.html>

More information about the bitcoin-dev mailing list