Bitcoin Forum
December 08, 2016, 10:11:01 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: payment with a message  (Read 2339 times)
flatfly
Hero Member
*****
Offline Offline

Activity: 938


View Profile
March 29, 2012, 09:34:40 AM
 #1

I was just wondering, is there any Bitcoin client that supports including a short message in a payment transaction (such as "donation", "thanks", "gym subscription", whatever)?

If not, is it in theory feasible in the future (i.e., does the current protocol and blockchain format allow for it?)

1111127SpvabYpoeDoiz5L7QPkfiSh2Q. Only donate if you have a reason to.
1481191861
Hero Member
*
Offline Offline

Posts: 1481191861

View Profile Personal Message (Offline)

Ignore
1481191861
Reply with quote  #2

1481191861
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481191861
Hero Member
*
Offline Offline

Posts: 1481191861

View Profile Personal Message (Offline)

Ignore
1481191861
Reply with quote  #2

1481191861
Report to moderator
1481191861
Hero Member
*
Offline Offline

Posts: 1481191861

View Profile Personal Message (Offline)

Ignore
1481191861
Reply with quote  #2

1481191861
Report to moderator
2_Thumbs_Up
Sr. Member
****
Offline Offline

Activity: 323


View Profile
March 29, 2012, 11:26:52 AM
 #2

Possible: https://en.bitcoin.it/wiki/Script#Transaction_with_a_message

Preferably the message should be encrypted using the recipients public key as well so it's not stored in clear text in the block chain. I don't know how that would work with more advanced transactions though, such as multisig transactions.
Etlase2
Hero Member
*****
Offline Offline

Activity: 798


View Profile
March 29, 2012, 12:00:42 PM
 #3

unfortunately ECDSA does not work for encryption

however, a hash of a receipt would be fairly private and it would allow the receiver to know what transaction it is

Pieter Wuille
Legendary
*
Offline Offline

Activity: 1036


View Profile WWW
March 29, 2012, 12:18:55 PM
 #4

In my opinion, it is not the right solution to attach the message to the bitcoin transaction itself.

I'll explain why: everything you attach to the transaction is forever part of it, and will be stored forever (or at least until it can be pruned) by every single node in the system. Yes, this is the intended behaviour for transactions, but there is no need for them to be more than the bare minimum for the network to verify its validity.

When you want to attach a message to a transaction, this is essentially some private communication between you and the receiver of the transaction. Showing it to the world is both a burden, and a decrease of privacy. Indeed it would be possible to encrypt it, but that will not make it anymore necessary.

Realize that in most cases, you as sender of a transaction are already communicating with the receiver by other means. Be it a website, e-mail, instant messaging, real-life communication, .... There is no need to replace this existing communication with the blockchain, which is a very slow and expensive beast to maintain, and it would benefit us all not making it even more expensive than it already is.

Now, only the receiver actually cares about your transaction. In fact, he should be the one responsible for getting it into the block chain if he wants that, and not the sender. The current network and the architecture around it seem to have settled for using the blockchain both for confirming transactions as for getting them to their destination. This is not necessary, as you could easily envision prepared transactions being files that you can just send to someone (who will then verify it, and send it to the p2p network if he cares) via an http protocol, or via e-mail, ...; essentially reusing the communication channel you already had (imagine a merchant's website, you click "click here to pay", that opens your bitcoin client/ewallet, creates the transaction, and sends it directly to the merchant). In such a system, it would be easy to attach whatever message you or the merchant wants you to attach to it to that file. It would travel along with the transaction, and could be checked easily. However, it doesn't need to ever end up in the block chain itself. Nobody cares about it there.

Clearly this requires a different way of using bitcoin than we currently do, but it is closer to how Satoshi envisioned it (the currently deprecated send-to-IP system was how he intended transactions to take place, not via send-to-address). Still, I believe this is how transactions will happen at some point in the future.

aka sipa, core dev team

Tips and donations: 1KwDYMJMS4xq3ZEWYfdBRwYG2fHwhZsipa
cbeast
Donator
Legendary
*
Offline Offline

Activity: 1722

Let's talk governance, lipstick, and pigs.


View Profile
March 29, 2012, 01:09:32 PM
 #5

A unique payment address adequately identifies a bill of sale. Payment to that address is verifiable in the blockchain. A message in the transaction itself is of very limited use because they are small.

Any significantly advanced cryptocurrency is indistinguishable from Ponzi Tulips.
Hawkix
Hero Member
*****
Offline Offline

Activity: 517



View Profile WWW
March 29, 2012, 05:04:55 PM
 #6

While it is advised to use a different address with each payment, sometimes it is not possible. For example, donation address. Or cases, where you want to show an address, but the viewer may not decide to pay at all. Keeping all that private keys just in case the payment will show up may require a lot of SAFE storage.

Donations: 1Hawkix7GHym6SM98ii5vSHHShA3FUgpV6
http://btcportal.net/ - All about Bitcoin - coming soon!
cbeast
Donator
Legendary
*
Offline Offline

Activity: 1722

Let's talk governance, lipstick, and pigs.


View Profile
March 29, 2012, 05:58:05 PM
 #7

While it is advised to use a different address with each payment, sometimes it is not possible. For example, donation address. Or cases, where you want to show an address, but the viewer may not decide to pay at all. Keeping all that private keys just in case the payment will show up may require a lot of SAFE storage.
If it is the type of donation that requires documentation, then the benefactor can use an app or service that generates unique addresses.

Any significantly advanced cryptocurrency is indistinguishable from Ponzi Tulips.
Meni Rosenfeld
Donator
Legendary
*
Offline Offline

Activity: 1890



View Profile WWW
March 29, 2012, 06:24:05 PM
 #8

@Pieter: I don't think it's too much to ask for a 32-byte hash to tie the transaction with the real world. The actual real-world data will be somewhere else but this connection is necessary to make the transaction meaningful.

The amortized cost of storing 32 bytes forever by all nodes is not very high, and can be covered by transaction fees. If anything, we may want to look into how to spread the transaction fees over more than just the first miner.

The receiver can't do anything anyway without the entire network being aware of the transaction (it could be deferred until he wants to spend, but still required), so I don't see the advantage of directly sending transactions.

1EofoZNBhWQ3kxfKnvWkhtMns4AivZArhr   |   Who am I?   |   bitcoin-otc WoT
Bitcoil - Exchange bitcoins for ILS (thread)   |   Israel Bitcoin community homepage (thread)
Analysis of Bitcoin Pooled Mining Reward Systems (thread, summary)  |   PureMining - Infinite-term, deterministic mining bond
Pieter Wuille
Legendary
*
Offline Offline

Activity: 1036


View Profile WWW
March 29, 2012, 07:19:01 PM
 #9

@Meni: I could probably live with a hash of some message being attached to the transaction itself, but I'm still unconvinced it is necessary.

aka sipa, core dev team

Tips and donations: 1KwDYMJMS4xq3ZEWYfdBRwYG2fHwhZsipa
RaggedMonk
Sr. Member
****
Offline Offline

Activity: 308



View Profile
March 29, 2012, 07:59:47 PM
 #10

The simplest way to do this is to SHA256(message) and then send 0.00000001 BTC to this new address in same transaction as your payment.
Etlase2
Hero Member
*****
Offline Offline

Activity: 798


View Profile
March 29, 2012, 08:20:30 PM
 #11

While it is advised to use a different address with each payment, sometimes it is not possible. For example, donation address. Or cases, where you want to show an address, but the viewer may not decide to pay at all. Keeping all that private keys just in case the payment will show up may require a lot of SAFE storage.

forget about donations, how about running a high volume business? A business simply cannot use a different address for each transaction via common sense. If they are ever going to pay for anything, hundreds or thousands of addresses would be combined into a single transaction costing them lots of money in tx fees. Obscurity through many addresses may work for private individuals, but it will not work on a large scale and does not offer any real additional anonymity.


@Pieter: I don't think it's too much to ask for a 32-byte hash to tie the transaction with the real world. The actual real-world data will be somewhere else but this connection is necessary to make the transaction meaningful.

32 bytes is way overkill. 8 bytes would be more than sufficient. That is 18,446,744,073,709,551,616 possible hash values, unlikely a hashed receipt or message would incur a collision. And it would also be large enough for a reasonable transaction number.

Meni Rosenfeld
Donator
Legendary
*
Offline Offline

Activity: 1890



View Profile WWW
March 29, 2012, 08:23:05 PM
 #12

@Pieter: I don't think it's too much to ask for a 32-byte hash to tie the transaction with the real world. The actual real-world data will be somewhere else but this connection is necessary to make the transaction meaningful.

32 bytes is way overkill. 8 bytes would be more than sufficient. That is 18,446,744,073,709,551,616 possible hash values, unlikely a hashed receipt or message would incur a collision. And it would also be large enough for a reasonable transaction number.
It needs to be impossible to fake.

1EofoZNBhWQ3kxfKnvWkhtMns4AivZArhr   |   Who am I?   |   bitcoin-otc WoT
Bitcoil - Exchange bitcoins for ILS (thread)   |   Israel Bitcoin community homepage (thread)
Analysis of Bitcoin Pooled Mining Reward Systems (thread, summary)  |   PureMining - Infinite-term, deterministic mining bond
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218


Gerald Davis


View Profile
March 29, 2012, 08:23:28 PM
 #13

forget about donations, how about running a high volume business? A business simply cannot use a different address for each transaction via common sense. If they are ever going to pay for anything, hundreds or thousands of addresses would be combined into a single transaction costing them lots of money in tx fees. Obscurity through many addresses may work for private individuals, but it will not work on a large scale and does not offer any real additional anonymity.

Paying with 1000 inputs from one address is going to have the same size and face the same fees as it would if you paid using 1000 inputs from 1000 addresses.

Bitcoin works on inputs and outputs.  Ultimately no matter how many addresses are used same # of inputs = same size.
Etlase2
Hero Member
*****
Offline Offline

Activity: 798


View Profile
March 29, 2012, 08:24:48 PM
 #14

derp, you're right, but there is still essentially nothing gained in anonymity, so why bother

DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218


Gerald Davis


View Profile
March 29, 2012, 08:29:08 PM
 #15

derp, you're right, but there is still essentially nothing gained in anonymity, so why bother

So you often claim.

Please tell me how many coins are controlled by Satoshi.

I will get you started I know he had at least at one time access to the private key linked to this address:
http://blockchain.info/address/1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa

Etlase2
Hero Member
*****
Offline Offline

Activity: 798


View Profile
March 29, 2012, 08:31:33 PM
 #16

It needs to be impossible to fake.

what would be gained by faking a transaction message? All it needs to do is let the receiver tie a transaction to a purchase.

So you often claim.

Please tell me how many coins are controlled by Satoshi.

I will get you started I know he had at least at one time access to the private key linked to this address:
http://blockchain.info/address/1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa


So I often claim? I've never claimed that before. And I believe I said it works for private individuals, but not businesses. When and if satoshi decides to crash the market for his big payday, you will certainly be able to link many of his public keys.

DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218


Gerald Davis


View Profile
March 29, 2012, 08:35:02 PM
 #17

So I often claim? I've never claimed that before. And I believe I said it works for private individuals, but not businesses. When and if satoshi decides to crash the market for his big payday, you will certainly be able to link many of his public keys.

Will you? 

Or is it someone who bought coins off Satoshi and hundreds of other early adopters over the course of years? 
Or was it actually Satoshi who moved coins around making it look like someone else acquired coins off him and other early adopters for years?
Etlase2
Hero Member
*****
Offline Offline

Activity: 798


View Profile
March 29, 2012, 08:38:07 PM
 #18

ok broseph if you want to believe having a different address for every transaction you receive adds some significant amount of anonymity go right on ahead

I don't understand why you are so mouth-foamy about bitcoin

Meni Rosenfeld
Donator
Legendary
*
Offline Offline

Activity: 1890



View Profile WWW
March 29, 2012, 08:55:09 PM
 #19

It needs to be impossible to fake.
what would be gained by faking a transaction message? All it needs to do is let the receiver tie a transaction to a purchase.
Someone other than the sender of the transaction can usurp him.

ok broseph if you want to believe having a different address for every transaction you receive adds some significant amount of anonymity go right on ahead
Using different addresses helps casual anonymity. For secure anonymity you need mixing transactions.

1EofoZNBhWQ3kxfKnvWkhtMns4AivZArhr   |   Who am I?   |   bitcoin-otc WoT
Bitcoil - Exchange bitcoins for ILS (thread)   |   Israel Bitcoin community homepage (thread)
Analysis of Bitcoin Pooled Mining Reward Systems (thread, summary)  |   PureMining - Infinite-term, deterministic mining bond
BubbleBoy
Sr. Member
****
Offline Offline

Activity: 322



View Profile
March 29, 2012, 09:17:33 PM
 #20


Clearly this requires a different way of using bitcoin than we currently do, but it is closer to how Satoshi envisioned it (the currently deprecated send-to-IP system was how he intended transactions to take place, not via send-to-address). Still, I believe this is how transactions will happen at some point in the future.


A similar thought pattern let me to make the Friendly address proposal. The address server is always online and records any transaction requests along with their metadata ("payment message"). This info has no place in the blockchain. An interesting twist would be to make the address server responsible for broadcasting the transaction.


Quote from: Eltase2
Obscurity through many addresses may work for private individuals, but it will not work on a large scale and does not offer any real additional anonymity.

Quite the contrary, it greatly reduces the information available in the block chain. If a business uses a single address for all customer payments, it's very easy for a competitor to see things like monthly revenue, expenditures and available cash. That's very sensitive data. If each customer payment has it's own address, and multiple customer payments are aggregated only when a purchase must be made, extracting similar data as in the previous case becomes impossible.
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!