I finally made the first (quick and dirty) implementation of this service.
HERE IT IS:
https://github.com/jsbitcoin/bpp-clientWhat is it? :
* A mean to receive and send bitcoins on a unique address that resemble a email address.
* A mean to attach some datas with each payments like an invoice number, a reference, a comment or even an order form... whatever you want!
* A payment manager with the history of payments and all its data and return address for each payments available with an RPC-API. (Later...)
* Very light and fast! Based on electrum.
* Secure without having to rely on a PKI, a security code is embedded directly on the address to verify the signature of all communications.
To test it create your own account on a xmpp server (just click create new account and enter a new address), add some funds on your receipt address, send payments, and have fun...
For testing purposes you can create two copies of it in different folders and launch them for sending money between the two clients. The Tx fee is set to 0.0001 by default. Currently the ONLY?! public xmpp server I have found on the internet with Vcards feature enabled is sibergad.ru , So dedicated servers must be made available by me and anyone that want to create services based on it.
To receive money all you have to do is to publish your secure BPP address like mine: bppmaster@sibergad.ru&bf8FrAWCgFtJuVfbrC5wUiEKVW . The security part (after the &) is optional, you can send payment to an address without it but the signature of information can not be verified (in case of compromised server)! For each payments you will receive bitcoins in a brand new Bitcoin address, so you can print your BPP address on a QR code on a static medium safely.
The derived keys (BIP32) are generated randomly from what it get on the vcard of the recipient address at payment time. The Vcards and all messages are stored on the xmpp servers. If the recipient is offline there are ~2 billions possible keys that can be generated. When a client is online his Vcard is updated with a new Master Public Key each 5min. So an online merchant will have always enough MPKs to process an gigantic flow of payments without collisions/reuse of the same Bitcoin address.
Each MPK on the Vcard is signed by a unique Bitcoin private key and it's address is the "security code". It is shared with the BPP address so when someone want to send a payment to it, the client will check that the security code correspond to the signature of the MPK on the Vcard. No need to use a Public Key Infrastructure like SSL. All is embedded on the address itself. So as long as you trust the source from which you have got the address, it's safe. Like with any Bitcoin address today.
Of course you can enter a regular bitcoin address for sending funds too. It is in alpha and need much more work but all the basic functions are there. I plan to evolve/extend this to build a complete system based on "tokens" (coins) which I will sell at a fixed price for bitcoins and rebuy them for bitcoins too, this is for enabling an ecosystem for donations, game/apps credits, micro payments and more...
Take a look at the code in the /gui/bpp.py file especially, all the protocol and mechanisms are there.
