Payment Protocol has helped to make Bitcoin commerce payments smoother and more secure than ever. Now it's easier for wallet developers to implement in their own apps.

We're excited to announce that the open source JSON Payment Protocol interface now enables wallets to verify Payment Protocol payment requests authenticated with ECDSA (Elliptic Curve Digital Signature Algorithm) signatures – the same cryptographic signatures used in Bitcoin transactions.

This new support for ECDSA signatures significantly reduces the development effort required for wallets to support Payment Protocol. The original BIP-70 Payment Protocol spec requires wallet developers to write code to support and verify a PKI/X.509 SSL certificate authority (CA) chain. This can be complex and difficult for many wallets to implement. With BitPay's JSON Payment Protocol interface, wallets can choose to verify the details of payment requests signed by ECDSA signatures, without the need to support X.509 certificate validation.

This change streamlines one of the most important features of Payment Protocol.

Why payment requests need signatures

Bitcoin addresses are by nature pseudonymous - meaning that they aren't always matched to a physical identity. For person to person transactions and for purchasers, pseudonymity is a great thing. It gives users greater privacy in payments and eliminates the categories of fraud common with legacy payment methods like credit cards – specifically, identity theft.

Still, every purchaser wants to know that the address they're sending to actually belongs to the person or business they're trying to pay. Fraudsters can impersonate businesses or people or even conduct man in the middle attacks – using viruses, malicious plugins, or other attack vectors to insert their own Bitcoin addresses on webpages and collect money from unsuspecting Bitcoin users.

In 2013, two Bitcoin Core developers introduced Payment Protocol, or BIP-70, in part to solve this problem. When a wallet fetches a payment request (with payment details like address, amount, etc) from a merchant like BitPay.com, it also fetches a digital signature from the merchant which proves the authenticity of the payment request. The signature shows that details claiming to be from the merchant really are from the merchant.

How Payment Protocol solves the problem

In its standard BIP-70 implementation, Payment Protocol uses SSL web certificates (based on the widely-used PKI/X.509 standard to verify that a payment request belongs to the true recipient. These certificates work really well, and most sites on the web use SSL to verify their own identity.

Have you ever seen those little green check marks in your browser bar? They let you know that you're at the certified Twitter.com, Facebook.com, Google.com, or Amazon.com – rather than imposter sites trying to steal your information.

Payment Protocol uses SSL certificates similarly. Typically wallets will show something like the same green check-mark on the payment request with details about the owner of the address in the payment request.

**Example: how Payment Protocol verifies a payment request's authenticity.**

How ECDSA signatures make Payment Protocol better

X.509 SSL certificates are a great way to verify payment request details. They work smoothly and securely for many BIP-70 Payment Protocol-compatible secure wallets. Still, they add complexity for wallets that want to benefit from Payment Protocol's security and usability benefits.

It is difficult for some hardware wallets to do a full verification of X.509 SSL certificates. Other wallets verifying payment requests might not want to have to rely on SSL certificates issued by trusted third parties like DigiCert.

For most wallets, the pain comes from having to write code to check the authenticity of the other SSL certificates (the chain starting with the original SSL issuer or "certificate authority") that verify the merchant's SSL certificate used on payment requests. Wallets have to keep a list of all certificate authorities and keep them updated.

By enabling wallets to verify payment requests signed with ECDSA signatures, the JSON Payment Protocol interface provides an alternative. It doesn't solve the identity problem (wallets still need to verify the ECC keys used to sign payment requests), but it makes the development work for verifying payment requests much simpler. ECDSA uses the same kind of public key cryptography used in Bitcoin itself, so developers don't have to go to the effort of implementing the entire X.509 certificate path validation algorithm. ECDSA signatures also make the signature data on payment requests much simpler and faster for wallets to parse with less memory.

This change (and the JSON interface) makes supporting Payment Protocol extremely simple for hardware wallets and other non-BIP70 wallets that want a robust way to secure and verify blockchain payments. BitPay.com's own payment requests (what you see when you pay a BitPay merchant) now themselves all use ECDSA signatures as well as X.509 certificates. In the coming months, we hope we can work with more wallets that want a way to make more secure payments to businesses on the web.

Ready to get started? Developers, check out the documentation for verifying ECDSA-signed payment requests (and verifying BitPay's ECC signing keys) in your wallet apps.

Have questions or feedback about this release? View or fork the code or send us an issue report on GitHub.

UPDATE, 9/26/18: View our full list of frequently asked questions about BitPay and Payment Protocol.