Category Archives: Getting Technical

Bitcoin Payment Protocol Explained

What do you do with bitcoin? Why, you spend it of course! Or more precisely you pay for something or some service using it. The specific process to pay using bitcoin is called the Bitcoin Payment Protocol and it is codified in a document called BIP70.  A BIP is a Bitcoin Improvement Proposal and is one of the mechanisms used by the Bitcoin “core developers” to improve Bitcoin.  There are all sorts of BIPS on lots of great topics but let’s not get diverted. Go to:  and check them out yourself.

Now back to BIP70 the payment protocol. The description is at: and is the basis for the technical content  of this article.  The abstract of the payment protocol states:

This BIP describes a protocol for communication between a merchant and their customer, enabling both a better customer experience and better security against man-in-the-middle attacks on the payment process.

Note that a man-in-the-middle (sometimes abbreviated MITM) attack is when a customer connects to a merchant, and it turns out that the customer is not really talking to the merchant. Rather the customer is talking to a man sitting in between (in the middle) the customer and the merchant. This “man” can see all of the traffic going between the customer and the vendor and is thus able to get the user names, passwords and credit card info and all that sort of personal stuff, by imitating the vendor.  With a good imitation the customer will likely be non the wiser. MITM attacks are insidious and technologies (such as the BIP70 payment protocol) to prevent them are important.

Let’s break down the concept of a payment protocol.  First, a “payment” is the transfer of value from one individual to another. Second, a “protocol” is a specific process or sequence of messages that must take place in a particular order. As part of the process certain “conditions” might need to be validated for the process to run to successful completion. Sometimes a condition is not met and the process aborts or returns an error message, but the protocol itself should be able to handle all of these conditions, making it a “robust” protocol.

A payment protocol is a sequence of messages between the customer and the vendor, in a particular order, with an expected set of responses, or acknowledgements that are part of the messages.  Let’s look at a particular set of messages that I will call the “passing in the hallway protocol” (PITHP). If you work in a building and happen to pass by colleagues, it might go something like:

1.Sandy says:  Hey Sharon, how’s it going?

2. Sharon says: Hi Sandy, fine fine, and you?

3. Sandy says: “same old, same old”

and we’re done, exciting ayee?

That simple “passing in the hallway protocol” was a sequence of messages passed from one person to another in an expected order. Of course things might not go as expected in which case additional condition handling messages might be needed.

1. Sandy says: “Hey Judy, how’s it going?”

2. Judy says: “Hi Sandy, did you get me that status report yet?”

3. Sandy says: “Yes, I sent it yesterday, but let me check, damn email is acting up”

4. Judy says: “I need it by close of business today.”

5. Sandy says: “No prob. I’ll resend it.”

The code that implements the protocol must deal with all the various types of exceptions and conditions that can happen. ALL of them.

There is very informative illustration in BIP70:



Note that the customer sends messages to the merchant, however two other entities come into play. First the bitcoin wallet application itself, and the bitcoin network. You read the illustration from top to bottom which denotes the specific sequence  of messages.  The diagram however does not specify all of the possible options that the code must handle. For example, if the merchant server does not respond with a “PaymentRequest” message then the customer must do something such as repeat the “pay now?” message or abort the whole transaction.

Let’s walk through the diagram in plain english:

The customer clicks on a “pay now” button which sends a message to the merchant server. The merchant server requests a payment from the wallet application (belonging to the customer).  The wallet application asks the customer, “are you sure you want to authorize this payment?” To which the customer clicks, “OK”, sending a message to the wallet application. The wallet sends the payment to the merchant and possibly at the same time it initiates a transaction to the Bitcoin network. The Bitcoin network does it’s transaction thing causing the merchant to receive bitcoin. The merchant server acknowledges the payment sending a message to the wallet, and finally (optionally) the wallet sends a message back to the customer.

A very thorough, yet quite understandable, explanation of the details of the payment protocol was authored by Mike Hearn and is available at:   There are a LOT more details to the payment protocol I would simply suggest keeping in mind that point of the protocol as stated in the BIP070 abstract, is to make for a better and more secure customer experience. As more wallets and merchants provide more compete support for the payment protocol we will all benefit.



What is a Bitcoin address, and what does it mean to sign it?

Short Answer: A Bitcoin address is a unique number that “holds” bitcoin currency. You use the address to  receive and send bitcoins.

Medium Sized Answer:  A Bitcoin address is the public key half of the public-private key pair that enables the validation of ownership of that address.  WHOAH there, what in tarnation  does that mean??

Bitcoin addresses are created as part of a key generation process that creates a pair of keys. They are a matched set, where one is public and the other is private.  When you “sign” a bitcoin address you are running the public and private keys through an algorithm that checks to see that those keys belong together.  Usually signing is talked about in the context of a message. Someone sends you a signed message and you can verify that the message came from the genuine person.  You can verify the message because it was signed with their private key and you  matcht it to their public key.  When sending bitcoins the signed message is a portion of the bitcoin transaction and you do not explicitly see the message it is just part of the transaction. This let’s you validate the ownership of the address. The transaction (the transfer of value) was signed with the owner’s private key and you check that it’s valid using their public key.

A little diversion – public key cryptography is a really cool technology developed in the mid 1970′s. The amazing thing about public-private key pairs is that everyone can know the public key and the owner of the private key can prove that he is the owner of the message sent with the associated public key. For more information on PKI (Public Key Infrastructure) upon which much of bitcoin’s security is based see Mike Hearn’s (a core bitcoin developer) great description of many issues in “Why you think the PKI sucks…but can’t do any better“.

A Longer Story: Let look at the sequence of actions to create and then use the key pairs.  First we need to generate the key pair, which will result in two keys the public and private keys. The Bitcoin address is actually a form of the public key (it’s a hash of the public key). From the Bitcoin protocol specification at:

A bitcoin address is in fact the hash of a ECDSA public key

Since anyone can know the public key and really the Bitcoin address is the public key,  it’s perfectly OK to give out the Bitcoin address. So now we have a Bitcoin address, what’s next?

Let’s say that I want to get paid for something, say writing this article! I can advertise a Bitcoin address, and since you are all so thrilled to read this, you have an overwhelming urge to send me some coins. You would open up your Bitcoin wallet enter my address as the address to send bitcoins to; click send; and I would happily receive some bitcoins.  Recall that I and only I have the private key matching the public key (address) which enables me to be the only person that could spend the bitcoins I just received.

If you wanted to double check that I was actually the owner of the address before you sent me coins you could ask that I send a signed message associated with  address proving it’s mine. I could create a message and sign the address. You would then take the message I sent, and put it into your wallet along with my address to prove that I am the “owner” of the address. Bitcoin wallets usually contain this message signing and verification  functionality.

An address is used to “hold” bitcoins, however the concept of an address holding bitcoins or that you are the “owner” of a Bitcoin address is a misnomer. Recall that the address is one half of a public-private key pair. The reason you “own” an address and have control over the coins associated with that address is simply that you also know the other half of the public-private key pair, the private key.  If someone else learns the private key to an address then that person has just as much control and “ownership” over the address, as you. In other words that person can spend your bitcoins.  The solution is quite simple, make sure you and only you control the public keys to your bitcoin addresses. From a practical point of view this means that you create a good, not easy to guess, Bitcoin wallet password, and/or keep it in a safe place. Some excellent security practices are outlined at the Bitcoin Foundation’s site at:

Since Bitcoin addresses are one of the cornerstones to using Bitcoin, it is instructive to play around with addresses to get a better understanding of just what exactly a Bitcoin address is all about. A particularly good website to play around with is  After generating a new Bitcoin address play around with the various options and observe the public and private keys it generates. Just don’t go putting real bitcoins into an address while also displaying the private key. Keep the private key private!


I Sign, You Sign, We All Sign, Multi-signature Explained

Everyone is concerned about the security of their bitcoins, and we are constantly reading stories of one or another persons getting their bitcoins stolen. (Of course following bitcoin best practices should reduce your changes of being victimized. Advice such as described at: is a good start.) One big step forward in the improvement of bitcoin security is a little known, rarely used feature called “multi-signature”. The bitcoin core reference libraries support multi-signature capabilities and I expect to see a significant uptake in the usage of this important feature. Let’s explain, what multi-signature is all about.

Just like the name implies a multi-signature transaction requires more then one signature. Let’s say that Bella has some bitcoins and needs to pay Murray. In a regular bitcoin transaction Bella will simply use her wallet to enter one of Murray’s bitcoin addresses and “send” the bitcoin. Murray would see the new bitcoin in his wallet and that’s the end of the story. In a multi-signature transaction Bella would still be sending bitcoin to Murray, however in order for Murray to actually receive the bitcoin, a third party, Gail, would also have to sign the transaction. Note that this requirement for a third party, an arbitrator, also greatly improves the security of the bitcoins in your wallet. Even if a nasty party, found the private key for Bella, he still couldn’t spend the bitcoin without also knowing Gail’s private key, a much less likely event.

By the way a multi-signature address always begins with the number 3, and looks like: 34CRZpt8j81rgh9QhzuBepqPi4cBQSjhjr. This lets you quickly visually scan the address and verify that it is indeed a multi-signature transaction.

There is a good, more technical article, about multi-signature on BitcoinMagazine at: Multisig: The Future of Bitcoin by Vitalik Buterin. Multi-signature wallet capabilities are just beginning to fill the Bitcoin ecosystem and we can look forward to many new innovative wallets that will make the creation and usage of multi-signature transactions simple. There are a few multi-signature capable wallets, such as BitGo, Bitrated and the core reference Bitcoin-QT. Usage of multi-signature is still new and somewhat novel, so beware. However multi-signature transactions promises to greatly improve the security of Bitcoin and I’m very much looking forward to lots of user friendly implementations.

What’s this Bitcoin Public Ledger thing?

One of innovations to come out of Bitcoin is the notion that every financial transaction that happens is recorded in a distributed public ledger. This ledger is called the “block chain”. Every bitcoin transaction that occurs, or has ever occurred, is recorded on the block chain. In addition the block chain is distributed by Bitcoin “nodes”. Nodes talk to each other (peer 2 peer) and that’s how the block chain is communicated throughout the bitcoin network (that will have to be another post). When you run a full bitcoin client on your computer, you become a node.

Collections of transactions are grouped together into “blocks”. And blocks are placed one after another into a long “chain” of blocks, thus the name “block chain”. If you try to alter a block then the cryptographic computations which make valid transactions would not work indicating that a block has been altered. Thus we are ensured that all the transactions are correct. As a new block is placed onto the chain a new computation is created (a hash) that depends on all previous blocks. This is why the blocks are chained together.

Since the block chain is available to everyone, anyone can check that a transaction has actually happened. Just like a regular financial ledger you can check the entire history of bitcoin transactions by looking in the block chain. The validity of transactions is ensured by the distributed network of bitcoin nodes and the cryptography used ensures that all copies of the block chain are valid. Purty cool ayeee!