Skip to content

Instantly share code, notes, and snippets.

@boukeversteegh

boukeversteegh/BADPS.md

Last active November 7, 2015 16:53
Show Gist options
  • Star 4 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save boukeversteegh/9550387 to your computer and use it in GitHub Desktop.
Save boukeversteegh/9550387 to your computer and use it in GitHub Desktop.
Download ZIP
[DRAFT] Bitcoin Address Discovery Protocol over SMS
Raw
BADPS.md

Bitcoin Address Discovery Protocol over SMS

Title:   Bitcoin Address Discovery Protocol over SMS
Author:  Bouke Versteegh <info@boukeversteegh.nl>
Status:  Draft
Created: 2014-03-14

Table of Contents

  • Summary
  • Problem
  • Proposed Solution
  • Existing Solutions
  • Demonstration
  • Protocol
    • ADDRESS_REQUEST
    • PAYMENT_REQUEST
  • Other ideas
  • Possible issues

Summary

Concept of a protocol that allows mobile bitcoin-clients to communicate their addresses and request payments to eachother, using SMS. It is based on the BIP0021 Bitcoin URI-scheme, with extra parameters.

Problem

Alice has a mobile Bitcoin-client, such as Mycelium or Schildbach's Bitcoin Wallet. She wants to send Bitcoin to one of her contacts, Bob. She has his phone-number but not his Bitcoin address. Right now, she can request Bob's address in the following way:

  • Contact Bob by texting or calling to ask for his address.
  • Bob opens his Bitcoin-wallet and sends an address to Alice by SMS.
  • Alice copies the address, and pastes it into her Bitcoin client.

This process is bothersome and time-consuming. Furthermore, this process has to be repeated each time Bob can't or doesn't want to reuse the previous addresses.

Proposed Solution

The previously described process could easily be automated by a simple SMS-based communication protocol. A Bitcoin-client implementing this protocol will automatically ask Bob for his address, and processes Bob's manual or automated response. I will tentatively refer to this protocol as Bitcoin Address Discovery Protocol over SMS (BADPS).

Existing Solutions

A service related to Bitcoin and SMS is 37coins. This service allows users to send and receive Bitcoin through SMS by sending instructions to a 37coin-gateway. It solves the problem of address discovery, because Bitcoins can be sent directly to a phone number. However, users' Bitcoins are stored on the gateways, and users don't have access to their private keys. This undermines the peer-to-peer nature of Bitcoin and re-introduces reliance on a trusted third party.

Other apps allow users to send Bitcoin to added friends. However, this requires both users to have the same app installed or have registered accounts with the same service. Examples are:

  • KncWallet — Works in a similar way to Whatsapp, by recognizing contacts that have the app installed
  • Glyph - Lets users connect a blockchain wallet to their Glyph-account

Demonstration

Alice wants to send Bob some Bitcoin, and she uses a mobile Bitcoin-client that supports BADPS, called "BtcWallet".

  • Alice opens "BtcWallet", and clicks Send
  • Alice selects Bob from her phone's contacts
  • Alice inputs 0.01BTC as the amount to send and clicks Confirm.

"BtcWallet" doesn't know a Bitcoin address for Bob, but it knows his phone number.

  • "BtcWallet" sends an ADDRESS_REQUEST SMS to Bob's phone number
  • The SMS is both human- and machine-readable

Case 1 — Bob's phone doesn't support BADPS:

  1. Bob reads the SMS
  2. Bob sends Alice an SMS containing his address
  3. "BtcWallet" on Alice's phone recognizes Bob's SMS, and the address in it
  4. "BtcWallet" sends the Bitcoin to Bob's address

Case 2 — Bob's phone does support BADPS:

Bob's phone has a mobile Bitcoin-client or special-purpose app that supports BADPS, called "SomeApp".

  1. "SomeApp" recognizes the ADDRESS_REQUEST SMS
  2. "SomeApp" automatically replies with a PAYMENT_REQUEST SMS, containing Bob's address
  3. Same as case 1
  4. Same as case 1

In the end, based on Bob's response, "BtcWallet" could (temporarily) store Bob's address for later use. The process would be not need to be repeated until Bob's address expires.

Protocol

The below description is just a rough idea of how the protocol could work. Names and message types are not final at all. Comments and suggestions are welcome. The additional Bitcoin-URI parameters are just some of the possibilities. Not all may be necessary.

ADDRESS_REQUEST — AREQ

This SMS text-message is send to request the recipient to reply with a Bitcoin-address. It contains both a human-readable message and a BIP0021 Bitcoin-URI. The message is generated from a template, perhaps set by the user or created by the BtcWallet based on the user's language. The Bitcoin-URI contains an extra parameter badps-cmd=AREQ that tells the receiver that it is an ADDRESS_REQUEST. The Bitcoin-URI contains Alice's receive address, which Bob can use.

Example:

Hi Bob!
I want to send you 0.01 Bitcoin, please reply with your Bitcoin address.
Alice.
bitcoin:1A7iC334fj8w5o4sfleufhgdor6gs95ef&badps-cmd=AREQ&badps-amount=0.01

Bitcoin-URI Parameters:

  • 1A7iC334fj8...6gs95ef — Alice's address.
  • badps-cmd=AREQ — This message is a request message
  • badps-amount=<AMOUNT> — Tells the recipient the amount that will be sent
  • badps-amount=? — Requests the recipient to specify desired amount.

Example template:

Hi NAME!
I want to send you AMOUNT Bitcoin, please reply with your Bitcoin address.
MYNAME

PAYMENT_REQUEST — PREQ

A Payment-request is sent in response to an ADDRESS_REQUEST, or when the user wants to request a payment to a contact. This text-message is free-format, but must contain a single valid Bitcoin-address or BIP0021 Bitcoin-URI. In case the request isn't a response to an ADDRESS_REQUEST, the message must be a BIP0021 Bitcoin-URI as described below.

Free format with Bitcoin Address

Typed by Bob:

Hi Alice!
Thanks so much! This is my address:
1Bob54ddr355sk57ors38r54ha0dhs49ef57945
Yours, Bob

BIP0021 Bitcoin-URI:

bitcoin:1Bob54ddr355sk57ors38r54ha0dhs49ef57945&badps-cmd=PREQ

Parameters:

  • badps-cmd=PREQ — Payment request.
    Optional when in response to ADDRESS_REQUEST.

BADPS Extended Parameters [*just some suggestions]

  • badps-reuse=no — Address should be used once only and not be remembered
  • badps-reuse=yes — Address may be used multiple times
  • badps-expires=<DATETIME> — Indicates until when the address may be used.

Optional Parameters (see BIP0021):

  • amount=... — Specifies the requested amount
  • message=... — Includes a message to show to the recipient

Other Ideas

  • Sending raw transactions over SMS

Possible Issues

SMS-spoofing:

An attacker could trick a phone to connect to his cellular antenna, intercept ADDRESS_REQUEST-messages and reply with his own address.

Address reuse

A recipient may store the address in their contact-entry and send Bitcoin at a later date, when the target may no longer have control over that address. The suggested Extended Parameters are intended to limit this problem by expiring addresses or letting the recipient declare their address should be used once only.

Fees

The sending of SMS messages may incur fees to the user. Users should be notified that the client will send SMS messages to discover the recipient's address.

@brockhager
Copy link

Hey @boukeversteegh this is really cool!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment