Identity verification post payment (without providing email,username,pass,etc)

[lophie]

Hello, I have been working on something. I haven't finished it but I want your opinions on it. Thank you for the help and participation.

What I am working on is payer identity verification using signed messages with a controlled input address sent to the merchant that holds an address or a list of addresses he/she expects payments to.

Sadly the document is not done yet and plenty of sections are incomplete so I would rather not post it.  So I will try to convey my idea in this post.

First of all lets consider an event where money transaction occur between a customer and a merchant:



The idea is about referring to block chain txes records to confirm the identity of the claimer of a good or service as the actual payer instead of providing extra information like email, username, password, mobile number, etc.

Basically the implementation is suggested like this. I will add clearer description to the variables and implementation as soon as I get to complete that section of the document.




A quickly written implementation using the electrum client is the following:

- wallet.py:
      Added: contract_verify, contract_request_get_eligible_addresses, contract_request_verification
      Download: here
- bitcoin.py:
      Added: Transaction.get_input_value, Transaction.get_output_value, Transaction.has_input_address, Transaction.has_output_address,
      Download: here
- commands.py:
      Added: requestcontract, verifycontract
      Download: here



Test example (Can't be reproduced if you don't have the proper keys because electrum don't know about these transactions. Test with keys you own on transactions you have in your tx history):

In this tx: "3e6e77c5613e7ea6226208f4c1deb3919f2843102ecfd509ec49733749b0f1f1" I paid "1GNkDV5XwheQytoHLhWVDDDrsLoxDb7SYe" and the tx inputs included the address "1LophieEaKWKtqGWoTDp5TDhB7rGjneHep" which I am in control of.

The idea is the first command would produce an output that the second command can verify to be true, Proving that I am the payer, Without providing any other information.

1- python ./electrum requestcontract "1GNkDV5XwheQytoHLhWVDDDrsLoxDb7SYe" 237723 4000 500 7310000 0

2- python ./electrum verifycontract "3e6e77c5613e7ea6226208f4c1deb3919f2843102ecfd509ec49733749b0f1f1" "1LophieEaKWKtqGWoTDp5TDhB7rGjneHep" "1GNkDV5XwheQytoHLhWVDDDrsLoxDb7SYe" <Insert the signature here> 237723 4000 500 7310000


Sorry for the quickly written post. I have been very busy lately. Family comes first <_< , Then Bitcoin of course . Please tell me your precious opinions of this idea viability. Thank you.

[1714687861]

1714687861

[dipsy]

This is a cool feature and pretty much what we do to verify the unknown winners of auctions on our site:
http://blockrun.com

No need for user accounts, just bid to an address and only the winner is able to claim the prize & submit shipping details   We do ask for sign-up before submitting the signature, but there's a reason for this.

Also, message signing is only inter-compatible between 3 wallets that I know of: QT, Blockchain.info & Electrum.

[lophie]

This is a cool feature and pretty much what we do to verify the unknown winners of auctions on our site:
http://blockrun.com

No need for user accounts, just bid to an address and only the winner is able to claim the prize & submit shipping details   We do ask for sign-up before submitting the signature, but there's a reason for this.

Also, message signing is only inter-compatible between 3 wallets that I know of: QT, Blockchain.info & Electrum.

Well if the big wigs around here verified that I don't have major misunderstandings of how things works, I am going all on this feature.

[lophie]

working on the implementation for blockchain.info, multibit, maybe armory and bitcoind (Through api) later on. It is nice that for the merchant a watch only wallet can take care of this and for the customer he can create a wallet just for id verification purposes only without keeping any coins in it.

[dipsy]

Well if the big wigs around here verified that I don't have major misunderstandings of how things works, I am going all on this feature.

I certainly would not say I am a big wig around here! We have just used the sign message feature in a similar way to what you outlined

working on the implementation for blockchain.info, multibit, maybe armory and bitcoind (Through api) later on.

As far as I know, the Armoury signature / verifications is not yet compatible with the QT algorithm. I also didn't think that Multibit had this feature (?).