[bitcoin-dev] Travel rule, VASP UID and bitcoin URI - A new BIP

Karel Kyovsky karel.kyovsky at generalbytes.com
Fri Jul 16 14:35:21 UTC 2021


Hi There,
I would like to propose a standardization of the bitcoin URI parameter name
that could be optionally used to contain the unique id of VASP (Virtual
asset service provider as defined by FATF) hosting the user's wallet
address.
My question is: Should I prepare a completely new BIP or should I prepare a
modification of BIP21?
BIP21 status is FINAL so I guess it should be a completely new BIP that
would just extend the BIP21. I'm looking for confirmation of this approach.
Thank you for answering that.

Please let's NOT start a discussion whether the FATF travel rule is a good
thing or not. This could derail my initial question.

Background:
We are going to be soon working on travel rule integration for our Bitcoin
ATM product.
The current user scenario is that the user shows on his phone QR code to
the ATM with bitcoin URI containing an address, inserts cash and walks away
with BTC arriving to his wallet.

In a Travel Rule compliant scenario the ATM operator must perform the "best
effort" to find out who(VASP) is hosting the user's wallet, contact such
VASP and send VASP customer identity data. This can be achieved by:

a) ATM contacting every possible known VASP that is travel rule compliant
via some platform and ask him whether the address read from the QR code
belongs to him. Such search could be done also with bloom filter to protect
the privacy of a user. But of course this is very far from ideal.

or

b) ATM could use blockchain analytics tools to find who might be serving
this wallet (major exchange etc). If the wallet address is empty prior to
the purchase on the ATM this address would have to be monitored for some
time to find out if it doesn't fall into some exchange's(VASP) cluster and
that would have to be later contacted.

or

c) User will choose from the list of VASPs on the ATM screen to match his
wallet provider(imagine phonebook with search field - terrible). Most
people will select irrelevant VASP because they will not be willing to
spend time to search VASP's name on the screen.

or

d) The user could enable in settings of their mobile wallet that VASP UID
would be provided in URI as one of the parameters so that Bitcoin ATM
operator will not have to search for VASP and could communicate with VASP
immediately after scanning URI from QR code. In such a case options a) or
b) or c) would not have to be performed and user experience for ATM users
would stay the same as before travel rule compliance. In order to achieve
this all wallet providers need to use the same parameter name in URI so
that ATM will read this parameter - standardization of this parameter name
is the purpose of proposed new BIP.

VASP UID could be also a public key that could be used to encrypt the
customer's identity information before sending it to wallet provider VASP
from the bitcoin ATM. Directory of VASP UIDs, how VASP could be contacted,
method of transfer when one knows VASP UID should be all outside of scope
of this BIP. I expect this to be covered by 3rd party
tools/platforms/regulators.

Bitcoin ATM operators want to stay in business and for that they need to
stay compliant with US regulation. Therefore they ask us to improve our
products to comply with the FATF-Travel Rule.
The same probably applies to US custodian wallet service providers so I
envision that the majority of custodian wallets offered on Appstore/Google
play in the US would provide their VASP UID in bitcoin URI as a new default
with an option for users to turn it off.

Please note that Travel Rule doesn't apply for unhosted(non-custodian)
wallets.

Thank you,
Karel Kyovsky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20210716/51c92af6/attachment.html>


More information about the bitcoin-dev mailing list