{"id":28348,"date":"2014-07-29T16:51:02","date_gmt":"2014-07-29T16:51:02","guid":{"rendered":"http:\/\/ci027cfe6e90042697"},"modified":"2014-07-29T16:51:02","modified_gmt":"2014-07-29T16:51:02","slug":"bitcoin-payment-protocol-explained-1406652662","status":"publish","type":"post","link":"https:\/\/bitcoinmagazine.com\/technical\/bitcoin-payment-protocol-explained-1406652662","title":{"rendered":"Bitcoin Payment Protocol Explained"},"content":{"rendered":"
<\/div>
<\/figure>\n

What do you do with bitcoin? Why, you spend it of course! Or more precisely you pay<\/strong> for something or some service using it. The specific process to pay using bitcoin is called the Bitcoin Payment Protocol and it is codified in a document called BIP70<\/strong>. A BIP is a Bitcoin Improvement Proposal and is one of the mechanisms used by the Bitcoin \u201ccore developers\u201d to improve Bitcoin. There are all sorts of BIPS on lots of great topics but let\u2019s not get diverted. Go to: https:\/\/github.com\/bitcoin\/bips\/ and check them out yourself.<\/p>\n

Now back to BIP70 the payment protocol. The description is at: https:\/\/github.com\/bitcoin\/bips\/blob\/master\/bip-0070.mediawiki and is the basis for the technical content of this article. The abstract of the payment protocol states:<\/p>\n

This BIP describes a protocol for communication between a merchant and their customer, enabling both a better customer experience and better security against man-in-the-middle attacks on the payment process.<\/p>\n

Note that a man-in-the-middle<\/strong> (sometimes abbreviated MITM) attack is when a customer connects to a merchant, and it turns out that the customer is not really talking to the merchant. Rather the customer is talking to a man sitting in between (in the middle) the customer and the merchant. This \u201cman\u201d can see all of the traffic going between the customer and the vendor and is thus able to get the usernames, passwords and credit card info and all that sort of personal stuff, by imitating the vendor. With a good imitation the customer will likely be none the wiser. MITM attacks are insidious and technologies (such as the BIP70 payment protocol) to prevent them are important.<\/p>\n

Let\u2019s break down the concept of a payment protocol. First, a \u201cpayment\u201d is the transfer of value from one individual to another. Second, a \u201cprotocol\u201d is a specific process or sequence of messages that must take place in a particular order. As part of the process certain \u201cconditions\u201d might need to be validated for the process to run to successful completion. Sometimes a condition is not met and the process aborts or returns an error message, but the protocol itself should be able to handle all of these conditions, making it a \u201crobust\u201d protocol.<\/p>\n

A payment protocol is a sequence of messages between the customer and the vendor, in a particular order, with an expected set of responses, or acknowledgements that are part of the messages. Let\u2019s look at a particular set of messages that I will call the \u201cpassing in the hallway protocol\u201d (PITHP). If you work in a building and happen to pass by colleagues, it might go something like:<\/p>\n

    \n
  1. Sandy says: Hey Sharon, how\u2019s it going?<\/li>\n
  2. Sharon says: Hi Sandy, fine fine, and you?<\/li>\n
  3. Sandy says: \u201csame old, same old\u201d<\/li>\n<\/ol>\n

    and we\u2019re done, exciting ayee?<\/p>\n

    That simple \u201cpassing in the hallway protocol\u201d was a sequence of messages passed from one person to another in an expected order. Of course things might not go as expected in which case additional condition handling messages might be needed.<\/p>\n

      \n
    1. Sandy says: \u201cHey Judy, how\u2019s it going?\u201d<\/li>\n
    2. Judy says: \u201cHi Sandy, did you get me that status report yet?\u201d<\/li>\n
    3. Sandy says: \u201cYes, I sent it yesterday, but let me check, darn email is acting up\u201d<\/li>\n
    4. Judy says: \u201cI need it by close of business today.\u201d<\/li>\n
    5. Sandy says: \u201cNo prob. I\u2019ll resend it.\u201d<\/li>\n<\/ol>\n

      The code that implements the protocol must deal with all the various types of exceptions and conditions that can happen. ALL of them.<\/p>\n

      There is very informative illustration in BIP70:<\/p>\n

      Note that the customer sends messages to the merchant, however two other entities come into play. First the bitcoin wallet application itself, and the bitcoin network. You read the illustration from top to bottom which denotes the specific sequence of messages. The diagram however does not specify all of the possible options that the code must handle. For example, if the merchant server does not respond with a \u201cPaymentRequest\u201d message then the customer must do something such as repeat the \u201cpay now?\u201d message or abort the whole transaction.<\/p>\n

      Let\u2019s walk through the diagram in plain english:<\/p>\n

      The customer clicks on a \u201cpay now\u201d button which sends a message to the merchant server. The merchant server requests a payment from the wallet application (belonging to the customer). The wallet application asks the customer, \u201care you sure you want to authorize this payment?\u201d To which the customer clicks, \u201cOK\u201d, sending a message to the wallet application. The wallet sends the payment to the merchant and possibly at the same time it initiates a transaction to the Bitcoin network. The Bitcoin network does its transaction thing, causing the merchant to receive bitcoin. The merchant server acknowledges the payment sending a message to the wallet, and finally (optionally) the wallet sends a message back to the customer.<\/p>\n

      A very thorough, yet quite understandable, explanation of the details of the payment protocol was authored by Mike Hearn and is available at: https:\/\/bitcointalk.org\/index.php?topic=300809.0<\/a> There are a LOT more details to the payment protocol I would simply suggest keeping in mind that the point of the protocol as stated in the BIP70 abstract, is to make for a better and more secure customer experience. As more wallets and merchants provide more complete support for the payment protocol, we will all benefit.<\/p>\n","protected":false},"excerpt":{"rendered":"

      What do you do with bitcoin? Why, you spend it of course! Or more precisely you pay for something or some service using it. The specific process to pay using bitcoin is called the Bitcoin Payment Protocol and it is codified in a document called BIP70. A BIP is a Bitcoin Improvement Proposal and is […]<\/p>\n","protected":false},"author":3653,"featured_media":28347,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[35],"tags":[2005,1687,1603,3575,477,330],"class_list":["post-28348","post","type-post","status-publish","format-standard","has-post-thumbnail","category-technical","tag-attacks","tag-bips","tag-messaging","tag-mike-hearn","tag-payments","tag-security"],"author_data":{"id":3653,"name":"Sandy Ressler","nicename":"sandy-ressler","avatar_url":"https:\/\/bitcoinmagazine.com\/wp-content\/uploads\/2024\/12\/cropped-bitcoin-schmitcoin-promo-image-1-2-96x96.png"},"featured_image_url":"https:\/\/bitcoinmagazine.com\/wp-content\/uploads\/2024\/11\/bitcoin-payment-protocol-explained.png","_links":{"self":[{"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/posts\/28348","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/users\/3653"}],"replies":[{"embeddable":true,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/comments?post=28348"}],"version-history":[{"count":0,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/posts\/28348\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/media\/28347"}],"wp:attachment":[{"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/media?parent=28348"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/categories?post=28348"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/tags?post=28348"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}