Invoice address: Difference between revisions

From Bitcoin Wiki
Jump to navigation Jump to search
Wcoenen (talk | contribs)
updated difficulty of finding an address collision as compared to finding a block. I'm assuming 2^159 attempts are required on average, versus 2^52 for currently finding a block. 2^159 / 2^52 = 2^107
Luke-jr (talk | contribs)
BIP 179
 
(98 intermediate revisions by 30 users not shown)
Line 1: Line 1:
[[File:PubKeyToAddr.png|thumb|right|Conversion from ECDSA public key to Bitcoin Address]]
A '''Bitcoin invoice address''', or simply '''invoice''', is an identifier of 26-35 alphanumeric characters, beginning with the number <code>1</code>, <code>3</code> or <code>bc1</code> that represents a possible destination for a bitcoin payment.
A '''Bitcoin Address''' is a 160-bit hash of the public portion of a public/private [[Wikipedia:Elliptic_Curve_DSA|ECDSA]] keypair. Using some mathemagic, you can "sign" data with your private key and anyone who knows your public key can verify that the signature is valid. See the [[Wikipedia:Public-key_cryptography|Wikipedia article]] for more information about how this works. See [[Protocol_specification#Addresses|protocol specification]] for details on how a bitcoin address is formed.
Invoices can be generated at no cost by any user of Bitcoin.
It is also possible to get a Bitcoin invoice address using an account at an exchange or online wallet service.


A new keypair is generated for each receiving address. Bitcoin addresses (the public keys) and their associated private keys are stored in the [[wallet]] data file. This is the only file you need to [[backup|back up]]. A "send" transaction to a specific Bitcoin address requires that the corresponding private key exist in the recipient's wallet. This has the implication that if you create a receiving address and receive coins to that address, then restore the wallet from an earlier backup, before the address was generated, then the coins associated with that address are lost. Addresses are added to an address [[key pool]] prior to being used for receiving coins. If you lose your wallet entirely, all of your coins are lost and can never be recovered.
There are currently three [[List_of_address_prefixes|invoice address formats]] in use:
# [[Transaction#Pay-to-PubkeyHash|P2PKH]] which begin with the number <code>1</code>, eg: <code>1BvBMSEYstWetqTFn5Au4m4GFg7xJaNVN2</code>.<!-- tails donation address -->
# [[Pay_to_script_hash|P2SH]] type starting with the number <code>3</code>, eg: <code>3J98t1WpEZ73CNmQviecrnyiWrnqRhWNLy</code><!-- anyone-can-spend, null script -->.
# [[Bech32]] type starting with <code>bc1</code>, eg: <code>bc1qar0srrr7xfkvy5l643lydnw9re59gtzzwf5mdq</code>.<!--some example LN wallet-->


"Generate" transactions happen in the same way as a send transaction: each batch of 50 generated coins is "sent" to a unique address that you generate just for that purpose. These addresses are also stored in your wallet, but they are not shown in the "your receiving addresses" section.
==A Bitcoin invoice address is a single-use token==
Like e-mail addresses, you can send bitcoins to a person by sending bitcoins to one of their invoice addresses.
However, ''unlike'' e-mail addresses, people have many different Bitcoin invoice addresses and [[Address reuse|for privacy and security reasons]] a unique invoice should be used for each transaction.
Most Bitcoin software and websites will help with this by generating a brand new invoice each time you create an invoice or payment request.


Bitcoin allows you to create as many addresses as you want, and each one is completely separate. There is no "master address": the "Your Bitcoin address" area in the Bitcoin UI has no special importance. It's only there for your convenience, and it will change automatically from time to time to enhance your anonymity. All of your other addresses will continue to work forever. They're listed in the "your receiving addresses" section. Each address takes up only about 500 bytes, so having a large number of addresses in your wallet is generally not a problem.
A naive way to accept bitcoin as a merchant is to tell your customers to send money to a single invoice address. However this does not work because Bitcoin transactions are public on the [[block chain]], so if a customer Alice sends you bitcoins then a malicious agent Bob could see that same transaction and send you an email claiming that he paid. You would have no way of knowing whether it was Alice or Bob who send coins to your invoice. This is why each customer must be given a brand new invoice.


Bitcoin addresses contain a built-in check code, so it's generally not possible to send Bitcoins to a mistyped address. However, if the address is well-formed but no one owns it (or the owner lost their wallet.dat), any coins sent to that address will be lost forever.
==Invoices can be created offline==
Creating invoices can be done without an Internet connection and does not require any contact or registration with the Bitcoin network.
It is possible to create large batches of invoices offline using freely available software tools.
Generating batches of invoices is useful in several scenarios, such as e-commerce websites where a unique pre-generated invoice address is dispensed to each customer who chooses a "pay with Bitcoin" option.
Newer [[Deterministic wallet | "HD wallets"]] can generate a "master public key" token which can be used to allow untrusted systems (such as webservers) to generate an unlimited number of invoices without the ability to spend the bitcoins received.


Addresses can contain all alphanumeric characters except 0, O, I, and l. Normal addresses currently always start with 1, though this might change in a future version. Testnet addresses usually start with ''m'' or ''n''. Mainline addresses can be 25-34 characters in length, and testnet addresses can be 26-34 characters in length. Most addresses are 33 or 34 characters long, though.
==Invoice addresses are often case sensitive and exact==
Old-style Bitcoin invoice addresses are case-sensitive. Bitcoin invoices should be copied and pasted using the computer's clipboard wherever possible. If you hand-key a Bitcoin invoice address, and each character is not transcribed exactly - including capitalization - the incorrect invoice address will most likely be rejected by the Bitcoin software. You will have to check your entry and try again.


It is also possible to send Bitcoins directly to an [[IP address]].
The probability that a mistyped invoice is accepted as being valid is 1 in 2<sup>32</sup>, that is, approximately 1 in 4.29 billion.


Since Bitcoin addresses are basically random numbers, it is possible, although extremely unlikely, for two people to independently generate the same address. This is called a [[Wikipedia:Collision_(computer_science)|collision]]. If this happens, then  both the original owner of the address and the colliding owner could spend money sent to that address. It would not be possible for the colliding person to spend the original owner's entire wallet (or vice versa). If you were to intentionally try to make a collision, it would currently take 2^107 times longer to generate a colliding Bitcoin address than to generate a block. As long as the signing and hashing algorithms remain cryptographically strong, it will likely always be more profitable to collect generations and [[transaction fee|transaction fees]] than to try to create collisions.
New-style [[bech32]] invoices are case insensitive.
 
==Proving you receive with an invoice address==
Most Bitcoin wallets have a function to "sign" a message, proving the entity receiving funds with an invoice has agreed to the message.
This can be used to, for example, finalise a contract in a cryptographically provable way prior to making payment for it.
 
Some services will also piggy-back on this capability by dedicating a specific invoice address for authentication only, in which case the invoice address should never be used for actual Bitcoin transactions.
When you login to or use their service, you will provide a signature proving you are the same person with the pre-negotiated invoice address.
 
It is important to note that these signatures only prove one receives with an invoice.
Since Bitcoin transactions do not have a "from" address, you cannot prove you are the ''sender'' of funds.
 
Current standards for message signatures are only compatible with "version zero" bitcoin invoice addresses (that begin with the number 1).
 
==Invoice address validation==
If you would like to validate a Bitcoin invoice address in an application, it is advisable to use a method from [https://bitcointalk.org/index.php?topic=1026.0 this thread] rather than to just check for string length, allowed characters, or that the invoice starts with a 1 or 3.  Validation may also be done using open source code available in [http://rosettacode.org/wiki/Bitcoin/address_validation various languages] or with an [http://lenschulwitz.com/base58 online validating tool].
 
==[[Multisignature|Multi-signature]] invoice addresses==
Invoices can be created for keys that require a combination of multiple private keys.
Since these take advantage of newer features, they begin with the newer prefix of 3 or bc1 instead of the older 1.
These can be thought of as the equivalent of writing a check to two parties - "pay to the order of somebody AND somebody else" - where both parties must endorse the check in order to receive the funds.
 
The actual requirement (number of private keys needed, their corresponding public keys, etc.) that must be satisfied to spend the funds is decided in advance by the person generating this type of invoice, and once an invoice is created, the requirement cannot be changed without generating a new invoice.
 
==What's in an invoice==
Most Bitcoin invoice addresses are 34 characters.
They consist of random digits and uppercase and lowercase letters, with the exception that the uppercase letter "O", uppercase letter "I", lowercase letter "l", and the number "0" are never used to prevent visual ambiguity.
 
Some Bitcoin invoice addresses can be shorter than 34 characters (as few as 26) and still be valid.
A significant percentage of Bitcoin invoice addresses are only 33 characters, and some invoices may be even shorter.
Technically, every Bitcoin invoice stands for a number.
These shorter invoices are valid simply because they stand for numbers that happen to start with zeroes, and when the zeroes are omitted, the encoded invoice address gets shorter.
 
Several of the characters inside a Bitcoin invoice are used as a checksum so that typographical errors can be automatically found and rejected.
The checksum also allows Bitcoin software to confirm that a 33-character (or shorter) invoice is in fact valid and isn't simply an invoice with a missing character.
 
==Testnet==
Invoice addresses on the Bitcoin Testnet are generated with a different prefix.
See [[List of address prefixes]] and [[Testnet]] for more details.
 
==Misconceptions==
===Address reuse===
 
Invoice addresses are not intended to be used more than once, and doing so has numerous problems associated.
See the dedicated article on [[address reuse]] for more details.
 
===Address balances===
 
Invoice addresses are not wallets nor accounts, and do not carry balances.
They only receive funds, and you do not send "from" an address at any time.
Various confusing services and software display ''bitcoins received with an invoice address, minus bitcoins sent in random unrelated transactions'' as an "address balance", but this number is not meaningful: it does not imply the recipient of the bitcoins sent to the address has spent them, nor that they still have or don't have the bitcoins received.
 
An example of bitcoin loss resulting from this misunderstanding is when people believed their invoice address contained 3 BTC. They spent 0.5 BTC and believed the address now contained 2.5 BTC when actually it contained zero. The remaining 2.5 BTC was transferred to a "change address" which was not backed up and therefore lost. This has happened on a few occasions to users of [[Paper wallets]].
 
==="From" addresses===
Bitcoin transactions do not have any kind of origin-, source- or "from" address. See the dedicated article on "[[From address|from address]]" for more details.
 
 
==Address map==
[[File:Address map.jpg|700px]]
 
 
==See Also==
* [[Technical background of Bitcoin addresses]]
* [[List of address prefixes]]
* [[Exit Address]]
 
== References ==
<references/>


[[Category:Technical]]
[[Category:Vocabulary]]
[[Category:Vocabulary]]
[[es:Dirección]]
[[de:Adresse]]

Latest revision as of 18:54, 23 October 2020

A Bitcoin invoice address, or simply invoice, is an identifier of 26-35 alphanumeric characters, beginning with the number 1, 3 or bc1 that represents a possible destination for a bitcoin payment. Invoices can be generated at no cost by any user of Bitcoin. It is also possible to get a Bitcoin invoice address using an account at an exchange or online wallet service.

There are currently three invoice address formats in use:

  1. P2PKH which begin with the number 1, eg: 1BvBMSEYstWetqTFn5Au4m4GFg7xJaNVN2.
  2. P2SH type starting with the number 3, eg: 3J98t1WpEZ73CNmQviecrnyiWrnqRhWNLy.
  3. Bech32 type starting with bc1, eg: bc1qar0srrr7xfkvy5l643lydnw9re59gtzzwf5mdq.

A Bitcoin invoice address is a single-use token

Like e-mail addresses, you can send bitcoins to a person by sending bitcoins to one of their invoice addresses. However, unlike e-mail addresses, people have many different Bitcoin invoice addresses and for privacy and security reasons a unique invoice should be used for each transaction. Most Bitcoin software and websites will help with this by generating a brand new invoice each time you create an invoice or payment request.

A naive way to accept bitcoin as a merchant is to tell your customers to send money to a single invoice address. However this does not work because Bitcoin transactions are public on the block chain, so if a customer Alice sends you bitcoins then a malicious agent Bob could see that same transaction and send you an email claiming that he paid. You would have no way of knowing whether it was Alice or Bob who send coins to your invoice. This is why each customer must be given a brand new invoice.

Invoices can be created offline

Creating invoices can be done without an Internet connection and does not require any contact or registration with the Bitcoin network. It is possible to create large batches of invoices offline using freely available software tools. Generating batches of invoices is useful in several scenarios, such as e-commerce websites where a unique pre-generated invoice address is dispensed to each customer who chooses a "pay with Bitcoin" option. Newer "HD wallets" can generate a "master public key" token which can be used to allow untrusted systems (such as webservers) to generate an unlimited number of invoices without the ability to spend the bitcoins received.

Invoice addresses are often case sensitive and exact

Old-style Bitcoin invoice addresses are case-sensitive. Bitcoin invoices should be copied and pasted using the computer's clipboard wherever possible. If you hand-key a Bitcoin invoice address, and each character is not transcribed exactly - including capitalization - the incorrect invoice address will most likely be rejected by the Bitcoin software. You will have to check your entry and try again.

The probability that a mistyped invoice is accepted as being valid is 1 in 232, that is, approximately 1 in 4.29 billion.

New-style bech32 invoices are case insensitive.

Proving you receive with an invoice address

Most Bitcoin wallets have a function to "sign" a message, proving the entity receiving funds with an invoice has agreed to the message. This can be used to, for example, finalise a contract in a cryptographically provable way prior to making payment for it.

Some services will also piggy-back on this capability by dedicating a specific invoice address for authentication only, in which case the invoice address should never be used for actual Bitcoin transactions. When you login to or use their service, you will provide a signature proving you are the same person with the pre-negotiated invoice address.

It is important to note that these signatures only prove one receives with an invoice. Since Bitcoin transactions do not have a "from" address, you cannot prove you are the sender of funds.

Current standards for message signatures are only compatible with "version zero" bitcoin invoice addresses (that begin with the number 1).

Invoice address validation

If you would like to validate a Bitcoin invoice address in an application, it is advisable to use a method from this thread rather than to just check for string length, allowed characters, or that the invoice starts with a 1 or 3. Validation may also be done using open source code available in various languages or with an online validating tool.

Multi-signature invoice addresses

Invoices can be created for keys that require a combination of multiple private keys. Since these take advantage of newer features, they begin with the newer prefix of 3 or bc1 instead of the older 1. These can be thought of as the equivalent of writing a check to two parties - "pay to the order of somebody AND somebody else" - where both parties must endorse the check in order to receive the funds.

The actual requirement (number of private keys needed, their corresponding public keys, etc.) that must be satisfied to spend the funds is decided in advance by the person generating this type of invoice, and once an invoice is created, the requirement cannot be changed without generating a new invoice.

What's in an invoice

Most Bitcoin invoice addresses are 34 characters. They consist of random digits and uppercase and lowercase letters, with the exception that the uppercase letter "O", uppercase letter "I", lowercase letter "l", and the number "0" are never used to prevent visual ambiguity.

Some Bitcoin invoice addresses can be shorter than 34 characters (as few as 26) and still be valid. A significant percentage of Bitcoin invoice addresses are only 33 characters, and some invoices may be even shorter. Technically, every Bitcoin invoice stands for a number. These shorter invoices are valid simply because they stand for numbers that happen to start with zeroes, and when the zeroes are omitted, the encoded invoice address gets shorter.

Several of the characters inside a Bitcoin invoice are used as a checksum so that typographical errors can be automatically found and rejected. The checksum also allows Bitcoin software to confirm that a 33-character (or shorter) invoice is in fact valid and isn't simply an invoice with a missing character.

Testnet

Invoice addresses on the Bitcoin Testnet are generated with a different prefix. See List of address prefixes and Testnet for more details.

Misconceptions

Address reuse

Invoice addresses are not intended to be used more than once, and doing so has numerous problems associated. See the dedicated article on address reuse for more details.

Address balances

Invoice addresses are not wallets nor accounts, and do not carry balances. They only receive funds, and you do not send "from" an address at any time. Various confusing services and software display bitcoins received with an invoice address, minus bitcoins sent in random unrelated transactions as an "address balance", but this number is not meaningful: it does not imply the recipient of the bitcoins sent to the address has spent them, nor that they still have or don't have the bitcoins received.

An example of bitcoin loss resulting from this misunderstanding is when people believed their invoice address contained 3 BTC. They spent 0.5 BTC and believed the address now contained 2.5 BTC when actually it contained zero. The remaining 2.5 BTC was transferred to a "change address" which was not backed up and therefore lost. This has happened on a few occasions to users of Paper wallets.

"From" addresses

Bitcoin transactions do not have any kind of origin-, source- or "from" address. See the dedicated article on "from address" for more details.


Address map


See Also

References