BIP 0020

From Bitcoin Wiki
Revision as of 04:06, 23 December 2011 by Luke-jr (talk | contribs)
Jump to navigation Jump to search
  BIP: -1 (pre-BIP)
  Title: URI Scheme
  Author: Luke Dashjr <luke+bip@dashjr.org>
          Nils Schneider <nils.schneider@gmail.com>
  Status: Final
  Type: Standards Track
  Created: n/a

Previous discussion was in this forum thread. x-btc specification is at x-btc.

RFC 3986

the following is taken from wikipedia

Internet standard STD 66 (also RFC 3986) defines the generic syntax to be used in all URI schemes. Every URI is defined as consisting of four parts, as follows:

<scheme name> : <hierarchical part> [ ? <query> ] [ # <fragment> ]

The scheme name consists of a letter followed by any combination of letters, digits, and the plus ("+"), period ("."), or hyphen ("-") characters; and is terminated by a colon (":").

The hierarchical part of the URI is intended to hold identification information hierarchical in nature. Usually this part begins with a double forward slash ("//"), followed by an authority part and an optional path.

  • The authority part holds an optional user information part terminated with "@" (e.g. username:password@), a hostname (i.e. domain name or IP address), and an optional port number preceded by a colon ":".
  • The path part is a sequence of segments (conceptually similar to directories, though not necessarily representing them) separated by a forward slash ("/"). Each segment can contain parameters separated from it using a semicolon (";"), though this is rarely used in practice.

The query is an optional part separated with a question mark, which contains additional identification information which is not hierarchical in nature. The query string syntax is not generically defined, but is commonly organized as a sequence of <key>=<value> pairs separated by a semicolon[1][2][3] or separated by an ampersand, for example:

Semicolon: key1=value1;key2=value2;key3=value3
Ampersand: key1=value1&key2=value2&key3=value3

The fragment is an optional part separated from the front parts by a hash ("#"). It holds additional identifying information that provides direction to a secondary resource, e.g. a section heading in an article identified by the remainder of the URI. When the primary resource is an HTML document, the fragment is often an id attribute of a specific element and web browsers will make sure this element is visible.

Specification

[] means optional, <> are placeholders

bitcoin:<address>[?][amount=<size>][&][label=<label>][&][message=<message>][&][send=<private key>]

Query Keys

  • label: Label for that address (e.g. name of receiver)
  • address: bitcoin address
  • message: optional message that is shown to the user after scanning the QR code
  • size: amount of base bitcoin units (cuBTCents/TBCᵇ-- NOT full DecimalBitCoins/BTC nor TonalBitCoins/TBC; see below)
  • private key: used to send bitcoin, rather than to request them

Transfer amount/size

If an amount is provided, it may be specified either in decimal or, when prefixed with a single "x" character, hexadecimal. The number SHOULD be followed by "X" <digits> to signify an exponent to the base multiplier. That is, "X8" multiplies your number by 100,000,000. For decimal values, this means the standard BTC unit. For hexadecimal values, this means ᵇTBC units (which are equivalent to 42.94967296 BTC). If exponent is omitted, implementations SHOULD assume X8 for decimal numbers, and X4 for hexadecimal numbers. I.e. amount=50.00 is treated as 50 BTC, and amount=x40 is treated as 40 TBC. When specifying bitcoin base units, "X0" SHOULD be used.

Examples

Just the address:

bitcoin:1NS17iag9jJgTHD1VXjvLCEnZuQ3rJED9L

Address with name:

bitcoin:1NS17iag9jJgTHD1VXjvLCEnZuQ3rJED9L?label=Luke-Jr

Request 20.30 BTC to "Luke-Jr":

bitcoin:1NS17iag9jJgTHD1VXjvLCEnZuQ3rJED9L?amount=20.3X8&label=Luke-Jr

Request 400 TBC:

bitcoin:1NS17iag9jJgTHD1VXjvLCEnZuQ3rJED9L?amount=x400X4

Request 4000 TBC:

bitcoin:1NS17iag9jJgTHD1VXjvLCEnZuQ3rJED9L?amount=x4X7

Request 5 uBTC:

bitcoin:1NS17iag9jJgTHD1VXjvLCEnZuQ3rJED9L?amount=5X2

Request 50 BTC with message:

bitcoin:1NS17iag9jJgTHD1VXjvLCEnZuQ3rJED9L?amount=50X8&label=Luke-Jr&message=Donation%20for%20project%20xyz

Send 1 BTC:

bitcoin:1NS17iag9jJgTHD1VXjvLCEnZuQ3rJED9L?amount=1X8&send=S4b3N3oGqDqR5jNuxEvDwf

Characters must be URI encoded properly.

BNF syntax

bitcoinurn      = "bitcoin:" bitcoinaddress [ ";version=" bitcoinversion ] [ "?" bitcoinparams ]
bitcoinaddress  = FIXME :)
bitcoinversion  = "1.0"
bitcoinparams   = *bitcoinparam
bitcoinparam    = amountparam | labelparam | messageparam | pkparam
amountparam     = "amount=" amount
amount          = amountdecimal | amounthex
amountdecimal   = digits [ "X" digits ]
amounthex       = "x" hexdigits [ "X" hexdigits ]
labelparam      = "label=" *uchar
messageparam    = "label=" *uchar
sendparam       = "send=" *uchar

Parsing amount

ECMAScript

reAmount = /^(([\d.]+)(X(\d+))?|x([\da-f]*)(\.([\da-f]*))?(X([\da-f]+))?)$/i;
function parseAmount(txt) {
	var m = txt.match(reAmount);
	return m[5] ? (
		(
			parseInt(m[5], 16) +
			(m[7] ? (parseInt(m[7], 16) * Math.pow(16, -(m[7].length))) : 0)
		) * (
			m[9] ? Math.pow(16, parseInt(m[9], 16)) : 0x10000
		)
	) : (
			m[2]
		*
			(m[4] ? Math.pow(10, m[4]) : 1e8)
	);
}

Python

m = re.match(r'^(([\d.]+)(X(\d+))?|x([\da-f]*)(\.([\da-f]*))?(X([\da-f]+))?)$', amount, re.IGNORECASE)
if m.group(5):
    amount = float(int(m.group(5), 16))
    if m.group(7):
        amount += float(int(m.group(7), 16)) * pow(16, -(len(m.group(7))))
    if m.group(9):
        amount *= pow(16, int(m.group(9), 16))
    else:
        amount *= 0x10000
else:
    amount = Decimal(m.group(2))
    if m.group(4):
        amount *= 10 ** int(m.group(4))
    else:
        amount *= 100000000

C#

Regex amountExpression = new Regex(@"^(([\d.]+)(X(\d+))?|x([\da-f]*)(\.([\da-f]*))?(X([\da-f]+))?)$", RegexOptions.IgnoreCase);
Match match = amountExpression.Match(value);
if (match.Success)
{
    if (match.Groups[5].Success)
    {
        long hexDecimal = 0;
        if (match.Groups[7].Success)
            hexDecimal = Convert.ToInt64(match.Groups[7].Value, 16) * (long)Math.Pow(16, -match.Groups[7].Length);

        long hexExponent = 0x10000;
        if (match.Groups[9].Success)
            hexExponent = (long)Math.Pow(16, Convert.ToInt32(match.Groups[9].Value, 16));

        Amount = (Convert.ToInt64(match.Groups[5].Value, 16) + hexDecimal) * hexExponent;
    }
    else
    {
        long decimalExponent = 100000000;
        if (match.Groups[4].Success)
            decimalExponent = (long)Math.Pow(10, int.Parse(match.Groups[4].Value));
        Amount = (long)(decimal.Parse(match.Groups[2].Value) * decimalExponent);
    }
}

Requirements

Payment identifiers, not person identifiers

In my opinion, the most basic idea of the URI scheme (as this is a currency) is to facilitate payment. So the URIs should represent first and foremost payments. If it represents something else, this needs to be specified. Thus bitcoin:1NS17iag9jJgTHD1VXjvLCEnZuQ3rJED9L represents a request for payment to me using my bitcoin address, not my bitcoin address itself. So after parsing the URI (via link/qr/whatever) the application should open a transaction window with the address filled in. You then need to add an amount and confirm the payment. If your application is smart, it will also have a button "just store the address". But the point I am trying to make is that the default use of the URI should be for payment, nor for exchanging addresses.

Sending money

To send a payment to someone else first construct a new keypair. You may want to use a mini private key format, or you may also use a full private key for more security depending on the amount being sent and how long you expect to pass before a claim. Now create and publish a transaction with an output of the amount you wish to send. Use this script in that output:

<pubkey> OP_CHECKSIG

Construct an address from the public key. Encode the URI as below:

bitcoin:<address>?send=<base 58 encoded private key>

You may optionally include amount or message fields as well. In a wallet to claim money sent this way search for an incoming transaction with the output script form above, where <address> matches the public key in the script. When you find the transaction create a claim transaction with an input script of this form:

<sig>

This claims the money you were sent. Until your claim transaction has confirmed the sender may take their money back.

Accessibility

Imported from the forum: I like the simplicity of bitcoin:xxxxxxxxxxxxx and very much approve of its accessibility. Should someone from the outside happen to see such a URI, the protocol name already gives a description. A quick google search should then do the rest. x-btc sounds much more cryptic; the chance that someone googles that out of curiosity are much slimmer. Also, very likely, what s/he will find are mostly technical specifications. Not a good introduction to bitcoin.

For the same reason I am for using '&' as a delimiter for key-value pairs. People know it from URLs. Make it easy for people to understand what is going on.

Keep it simple

Don't explicitly write down information that can be inferred. Don't mark the address as an address. If there is no address, this does lose much of its utility. We could, however, specify 'address' as a reserved word, so that bitcoin:address?amount=50X8 would initiate a transaction with the amount filled in, but with a blank address. I am not convinced that there is a use case, though.

Use-cases

Before the URI scheme is finalised one should think long and hard about use cases. in what circumstances will which people use this, and for what?

  • an online shop has a 'buy this' link, which uses the URI scheme.
    • PROBLEM: click on the link opens the application; how does the merchant notice this?
      • POSSIBLE SOLUTION: javascript can detect the click.
      • POSSIBLE SOLUTION: the checkout site checks its bitcoin account for payment via HTTP request.
    • PROBLEM: the time problem (~10 minutes) is very apparent here; nobody wants to wait 10 minutes for the transaction to be confirmed.
      • For micropayment-style digital content (songs, for example) it's probably not necessary to wait for any confirmation at all, since there is low risk of a double-spend attack for payments of a small amount.
      • For physical goods, the merchant can tell the client that their transaction is pending when it first notices the transaction, and that payment is complete when the number of confirmations is large enough. The buyer isn't going to sit there and wait anyway; nobody sits at their computer until their credit card gets charged when buying physical goods.
  • a person only has an online client, no actual application
    • PROBLEM: how to redirect the URI so that the online client gets a notice?
      • POSSIBLE SOLUTION: Small application and/or browser plugins to redirect the handler call to the designated online wallet.

Backwards compatibility

We want URIs generated in 2011 to still work in 2036. Think about extensibility. Of course we can make only educated guesses (and nothing more!) about the future, but don't act as if there is none. This should be the best we can do, but it should not be seen as set in stone. Make it possible for later generations to improve our work, to mend our errors, without breaking the URIs created now. Version incompatibility is the easiest thing to drive users crazy: "I just upgraded to this shiny new version. What? It doesn't support the old format? AAAAAAARRRGH!"

References

  1. RFC 1866 section 8.2.1 : by Tim Berners-Lee in 1995 encourages CGI authors to support ';' in addition to '&'.
  2. HTML 4.01 Specification: Implementation, and Design Notes: "CGI implementors support the use of ";" in place of "&" to save authors the trouble of escaping "&" characters in this manner."
  3. Hypertext Markup Language - 2.0 "CGI implementors are encouraged to support the use of ';' in place of '&' "