Bitcoin is due for an overhaul of its payment mechanism to make it more merchant-friendly, but the core dev team is working with an imperfect system, they say.
The basic idea behind the Payment Request initiative is to give Bitcoin a mechanism for sending verified payments directly between people. This doesnât take transactions away from the blockchain, but it does provide an extra layer of security between merchant and customer. It also makes payments more user-friendly.
In the traditional bitcoin payment system, bitcoins are sent by manually pasting a long, gibberish alphanumeric address into a bitcoin client. Some clients allow for QR codes of addresses to be scanned.
âItâs great technically but it looks like a monkey banging on a keyboard to the average person,â says core developer Jeff Garzik. Aside from being difficult for the average non-techie to understand or use, the gobbledygook address format makes a number of attacks possible. âFor example you donât know whether the bitcoin address I gave you is really mine,â he points out.
There is a danger that the address is either inaccurate, or simply fraudulent. I could pretend to be a known legitimate merchant online, or perhaps send a phishing attack asking you for money. If you fell for the scam and paid me, your money would be gone. After all, bitcoin payments are irreversible.
The other problem with existing bitcoin payments is while they are permanently registered in the blockchain, theyâre not easy to document when theyâre happening. There is no metadata encoded in the payment information itself that says what itâs for. Neither is there any information about a return address for refund purposes. Any refunds have to be arranged separately. And if you want to confirm immediately that your bitcoin payment reached its recipient, then you have to get separate confirmation from them.
All of this may have seemed reasonable in 2009, but things have moved on. We need something more robust now, argues Pieter Wuille, one of Bitcoinâs seven core developers. âIn almost all cases, you are already visiting the merchantâs website in order to make an order. Itâs pretty strange that weâre now relying on the (slow, unreliable, expensive and unflexible) peer-to-peer network to get his payment to him, while we could just send it to him directly (faster, cheaper, ability to add metadata to the transaction, and most importantly, an instant confirmation from the merchant that they received it).â
The Payment Requests mechanism will attempt to do just that. Instead of having to send payments to a cumbersome bitcoin address, someone wanting to pay for something in bitcoins can simply wait for a request to be emailed by the merchant, or served via a website. The customerâs bitcoin client uses the information contained in the Payment Request to make a payment, making the payment process more secure.
Payment Requests use digital certificates to try and solve the problem, in the same way that websites use them to prove that the sites are owned and operated by the true owners of a business.
In the dark old days of the Internet, it was easy to visit a web site that you thought was owned by a certain company, (www.microsoft.com, say) only to end up on a fraudulent site run by a scammer (perhaps www. m1cros0ft.com). Many people fell vulnerable to phishing attacks thanks to this flaw. So the industry introduced digital certificates. Sites would serve up these certificates, which were obtained from trusted third party companies called certificate authorities. Browsers would look for the certificates, and throw up an error if it didnât find them.
The core developers want to use the same basic premise for payments. A merchant will send a payment request to the customer, signed with a digital certificate. It can include information such as an expiry date for the payment, merchant-specific data such as an invoice number, a plain text note, and a URL to send payment to. None of this information was available in a standard bitcoin payment before, because there wasnât a payment request. The customer would simply send bitcoins off into the ether, hoping that they were landing with the right person.
In the new system, the customer will send their payment to the merchant, encoded with extra information, including some of the information in the payment request as a reference, along with a refund address in the event that the merchant needs to send funds back.
Itâs all very grown-up, and something that Bitcoin has long needed, which is why itâs been on the drawing board for the last year or two. But the system that it will be built on is far from perfect, admit the core devs.
Certificates are difficult to do well. What happens if a certificate is fraudulent, as happened here, here, and here? What happens if a certificate has been revoked?
âIn general, public key trust infrastructure is a very hard problem, and there is no silver bullet for it, unfortunately. The SSL PKI is sort of the worst existing system, after all others,â admits Wuille.
SSL is the colloquial name for X.509, the certificate standard that will be used for the Payment Request mechanism. Experts have long criticized it for its flaws. Dan Kaminsky and Moxie Marlinspike are demigods in the security business. They blew the lid off X.509 security vulnerabilities at the infamous Defcon hacker conference in 2009.
Other problems with X.509 include certificate revocation. Certificates can be revoked for a number of reasons, including certificate holders providing false documents, or doing other specious things online. X.509 uses a system called the Online Certificate Status Protocol (OCSP) to see which certificates have been revoked.
âThe consensus among experts is that the certificate revocation system (OCSP) doesnât work,â says lead developer Gavin Andresen. âThere just arenât strong enough incentives for the certificate authorities to invest in the infrastructure to support millions of users constantly querying their OCSP servers and asking âIs this certificate revoked? No? How about now?â.â
So, at least two of the seven core developers admit that X.509 has cracks in it. Why are they using it? Like it or not, pretty much the entire Internet uses SSL, and in practice, the core devs donât really have a choice in this. If youâre an online merchant, you probably have an SSL certificate. Even if the core dev team had the capacity to tackle the public key infrastructure problem and build a better mousetrap, theyâd have to get people to use it. Itâs enough of a struggle getting merchants interested in bitcoin in the first place, without making them register for another certificate all over again.
Nothing in tech is perfect, and as Andresen says, web-based merchants donât rely on OCSP in practice either. X.509 is still more secure than the bitcoin addresses in use today. Any step forward is better than nothing.
A better payment mechanism would bring significant benefits to Bitcoin. The enhancements to the user experience shouldnât be underestimated. One day, Andresen would like to see the bitcoin addresses currently used disappear forever. âHopefully, eventually,â he says. âBitcoin addresses are not very user-friendly.â
Bitcoin addresses wonât be officially deprecated, says core developer Nils Schneider, but they might very well be used less when dealing with merchants, especially given that they currently have to generate separate bitcoin addresses for each transaction.
âAs of now, using a different address for each transaction is the preferred way to keep transactions apart. This means creating and storing a private key for each transaction,â he explains. âWith payment requests, you may use the same key multiple times and still be able to tell different transactions apart and know which customer sent the money.â
There is a lot of infrastructure already built on standard bitcoin addresses, says Wuille. Thatâs a lot of inertia to deal with. But he hopes that the superior customer experience will make it worthwhile. âLetâs focus on trying to get e-business transactions to use it first, and weâll see about the rest.â
So, when is all of this likely to happen? The core devs arenât committing to much. Theyâre shooting for payment requests in Bitcoin v0.9, but itâs not a dead cert, says Wuille. âWe make releases whenever necessary. In case thereâs an important security update, there can be new releases of the 0.8.x series before 0.9,â he says. âThe plan is to have payment protocol support in 0.9, but if this turns out to need significant and unexpected delays, perhaps 0.9 can be released without.â
Payment Requests may face its challenges, but itâs good for bitcoin, and itâs a bold move from a notoriously conservative development team. Anything that can make the process of sending the cryptocurrency between parties more securely and effectively will be a good thing.
