Nicolas Dorier and Mr Kukks rejoin me on the show to talk about updates with BTCPay Server, such as P2EP (Pay to End point), which will assist bitcoin accepting merchants to PayJoin with customers, adding to the privacy on Bitcoin.

This will be live on YT and Periscope 10th May 2020 5pm Sydney AEST time, 9am CEST, 4pm JST (time converter link here). YouTube embedded below.

Links: 

Earlier appearances:

Sponsor links:

Stephan Livera links:

Podcast Transcript:

Stephan Livera:

Hi everyone, welcome to the show. So we have Nicolas Dorier and Kukks on for an episode about BTCpays. I’ve got my BTCpay, shirt on. So welcome everyone. And so today I think most of my listeners are well aware of Nicolas and Kukks who are past guests on the show. But just for those of you who are a little new or you don’t know who they are, Nicolas Dorier works at DG lab in Tokyo and he is the creator of BTCPay server, which is a Bitcoin full node and it’s basically like a stack. It’s a full stack that you can use as your payment processor alongside other things as well. And Kukks also a past guest on the show. He’s a big contributor to BTCPay and he is also sponsored by BTSE of the Bitcoin exchanges. So welcome. Welcome guys.

Stephan Livera:

So guys, I know you’ve done a lot of work recently. There’s been big updates on BTCPay and we’ve got Pay to end point coming into BTCPay and a range of other things as well. But first let’s just start with with you Nicolas, tell us a little bit about what’s come in and this recent update and perhaps why you were looking into pay to endpoint.

Nicolas Dorier:

Yeah, so P2EP, it’s more Kukks who got the initial idea, so maybe I should refer to him about this. But yeah, basically the last release, there’s been lots of works going so they, there was a PayJoin port that I will let Kukks go because he’s the one that developed first implementation and then decided to put it in there. And there is also also website redesign that so there’s many people that worked on it. Actually I can’t cite all of them because

Nicolas Dorier:

But on my side, actually I didn’t contribute too much on the design. But yeah, there is a new checkout page. There is a new like homepage so lots of UX improvements.Then yeah, so the dark mode, like scroll a little bit, I don’t remember. Yeah. So the checkout design.

Nicolas Dorier:

So basically it’s like a long term goal in BTCPay these days as well is like to try to unify it. Also different design. We have different websites everywhere, so we try to unify also colors with design everywhere. So that was part of this.

Stephan Livera:

Excellent.

Nicolas Dorier:

Yeah. So there’s lots of improvement on the website. So I will let Kukks go because actually it’s him as well that developed the new wallet improvement as well.

Stephan Livera:

Excellent. Kukks Do you want to tell us a bit about yeah, some of your work on that?

Kukks:

Yeah, so back like midway to last year, Blockstream contacted me to add liquid support on BTCPay and to add support for that, I needed to add we needed to add a feature called hot wallet feature, so that they could set up a liquid node and liquid wallets with it. And I think it was in November, December, the whole idea about PayJoin and P2EP (Pay to End point) started pumping again. So I think in November I was looking at it at one point, just a brief overview of what’s available in the market and what specifications have been made around it. So I started looking into it and with the addition of the hot wallet system Nicolas pointed out that it should be quite straight forward to actually start working on doing PayJoin, at least it became possible to do it.

Kukks:

And Blockstream contacted me and they said they wanted to get the idea moving forward to add it into BTCPay and that they would sponsor me to work on it. So that was a good kick at least to get it started. So the work started in January, so, yeah.

Stephan Livera:

Fantastic. And so, look, let’s start talking a little bit about the BTCPay server, Payjoin. And so I’m just for the audio listeners, I’ve got on the screen PayJoin implementation notes. So Kukks, can you just talk us through a little bit around what was the scene existing in terms of PayJoin at the time and what was, you know, what’s the idea with BTCPay and what path did you go down?

Kukks:

Yeah, so I looked at what’s available what was available in I think, November, October last year. And it was, I think there was two or two or three implementations. There’s the Stowaway from Samourai, there’s the PayJoin from join markets. And then there was Bustapay. But I think it went, I don’t think it was live anymore for awhile. But Bustapay had a BIP with with the specifications for it. So that was a good starting point at least. I started off by pretty much implementing BIP79 Bustapay. And reading through to feedback of Adam Gibson and a few other people which was basically add PSBT support and some other features here and there. And I pretty much agreed with most of them. So I went that route. I think it took maybe a month or two to do that and afterward Nicholas started reviewing it and he did some small changes. So, yeah.

Stephan Livera:

So let’s talk a little bit about then, differences and what’s going into this. So actually first off maybe we should just clarify just for listeners who are unaware, PayJoin as a transaction where you are. So if you’re used to doing Bitcoin transactions where you just scan and pay, that’s just like a standard send to the receiver. But with a PayJoin transaction, you’re actually coordinating that back and forward with the merchant or with the other party. So perhaps Kukks, you could tell us a little bit about how, how, how does that collaboration work in Pay to End point with BTCPay?

Nicolas Dorier:

Just a little thing that these days I’m writing a proper proper implementation proposal. So I would just share the link. It’s a private chat so you can show it because there is there is a nice graph that explains a high level view of the protocol. So I sent you in the private chat.

Stephan Livera:

Yep. One second.

Nicolas Dorier:

Okay. This one? Yeah. Okay. You can go ahead. Sorry.

Kukks:

Yeah, no worries. So the PayJoin implementation and BTCPay is actually quite simple in terms of collaboration. It’s literally, I think it’s just one HTTP request from the sender to receiver. So there’s two parties in this always, a sender and the receiver. And and in our implementation to receivers as a merchant who has an always on server, so it’s quite simple for the sender to communicate with the receiver. So the sender just since the, so the receiver creates a payment invoice, which is a BIP21 payment requests. So it’s Bitcoin colon address and then some additional parameters. We just added a flag there similar to how Bustapay does it, but we changed it from Bustapay to PayJoin. And as soon as the client, the sender sees it, he just notices that there’s PayJoin support. And if they support PayJoin they send the transaction that they wanted to do to the server, to the, merchant instead of just sending it on the Bitcoin network. And the receiver, if they can do something with it or if they can provide a PayJoin transaction or proposal, they’ll send it back to the sender and they can sign it again and do it on the Bitcoin network. And it’s really just a one HTTP request to the receiver. Yup.

Stephan Livera:

Okay. Gotcha. And so in terms of some of the parts that go into it, we have a PSBT as well, so that’s partially signed Bitcoin transactions. So for listeners who are unfamiliar and you want some more detail, go back and see Episode 99 with Andrew Chow, the creator of PSBT. But maybe just a simple way to think of it is your Bitcoin wallet is sort of proposing certain transactions and it has to sign them. And then the other side has to take that and then also sign with its own inputs. Would you guys agree that’s basically like a kind of a high level summary of what’s going on there?

Nicolas Dorier:

Yeah. So basically just imagine that you want several people to send the same transaction. What would happen before is that somebody takes the transaction in bytes and give it to somebody else to contribute to it. But the problem is that in a transaction bytes, there is lots of missing informations where if you give it to those person, there is lots of work for them to do to add their own signature on top of it. So basically like PSBT is like a new standard of a way to represent the transaction with all the data that is needed for the signer. So it’s easier for each party to verify it and then to sign it. And it has been a huge contribution to Bitcoin. It’s not a consensus layer change, it is not a peer to peer layer change, but it definitely changed the game. Yeah,

Stephan Livera:

Right, it’s also used in other things like say it could be used in multisignature or where you have, say a hardware wallet and you want to be able to use the software on your computer to communicate with the software or with that hardware wallet. And so that’s where PSBT is a useful standard. A wallet interchange format I think is like the technical term for it. And so let’s talk a little bit about the process of putting this into BTCPay. So maybe you just want to tell us a little bit about what had to change in BTCPay to make PayJoin work with it Kukks.

Kukks:

Yeah. Well, I mean not that much honestly, since we already have PSBT support like all across in there. We support sending, so we have a full featured wallets in there so that you can send your money through BTCPay without using another software. We added hot wallet support a few versions back. So now we can also automate sending money and you can also sign transactions on demand. So in terms of that it wasn’t too bad. We already generated BIP 21 payment requests. So we already had a checkout page where you can do a collaboration and show the QR to the to the clients, to the customer.

Kukks:

Yeah. So in terms of BTCpay, not much change, we just added a little bit more codes. Basically, the end point where the sender has to connect to collaborate on the PayJoin.

Stephan Livera:

Yep. Can you tell us little bit about BIP21 the payment link?

Kukks:

Yeah. So BIP21 is quite an old standard at this point. I think it’s from 2012 or something or maybe even older. It’s basically a way to say that you want to pay in Bitcoin to this specific address, this specific amount, and then some additional data so you can add like a label or a message. Or in our case, we added PJ flags or PayJoin and you tell it where to connect to actually do the collaborations.

Kukks:

But yeah, it’s quite a widely used standard so it felt good to just, it felt natural to just go for that.

Stephan Livera:

Yup. Yup. And let’s talk through, I think it might be PayJoin guide, so let me just pull that up. Well, so here, this is how you actually do it. So for those of you who have BTCPay or if you just trying to figure out how that works, you have to enable it. So Nicolas, do you want to just talk us through a little bit about the process around how you do it?

Nicolas Dorier:

I just want to add something about the change to BTCPay that we needed actually. So to make it work for current version, it was quite simple as I said, but there was some adjustment that we needed to do. Actually very often what happened when we add feature on BTCPay, we start running into stuff that before were edge cases that we didn’t care. And one of the edge cases was in BTCPay. So when you pay an invoice on BTCPay, actually people can do RBF replacement. So imagine that, you send a transaction to the merchant, there is not enough fees. You can bump the transaction to increase the fees. So normally it was supporting this, but it turns out that there was a bug and the second transactions were like increasing the fees of the invoice.

Nicolas Dorier:

So this kind of program, basically when we implemented PayJoin and like it starts surfacing again and like we needed to clean that up. And then because it’s a privacy feature, Adam Gibson pointed out lots how can I say fingerprints of BTCPay’s transactions. So for example, we were not properly setting up the sequence of the input of the very specific details, but that can show up on the blockchain. That can leak some privacy on the blockchain, so this kind of stuff needed to be fixed as well. But yeah, other than this, it was not too much to change.

Stephan Livera:

Right? Yeah. Yeah. And we will absolutely get into some of the fingerprinting and some of those privacy components. But I think it would be good to just just walk through just for listeners who maybe they haven’t used BTCPay before. Let’s talk through some of that process. Did you want to talk through some of that?

Nicolas Dorier:

Yeah, so first thing to know is that in PayJoin you cannot use PayJoin if your store is tied to a hardware wallet. So in BTCPay, you can, when you create a new store, you can say, okay, all the money go to my hardware wallets, you can do this. However, if you do that, you cannot choose PayJoin. Because in PayJoin, there is this collaboration between the sender and the receiver and the receiver needs ability to sign a new transaction, new PayJoin transaction automatically. So it means that when you create a store on BTCPay you need to create your store. Go to derivation scheme and say I want to create a new hot wallet. So what you see here. Then once you, have created the hot wallet things you can just, so yeah, you can scroll.

Nicolas Dorier:

So there is, it’s kind of normal set up and once you create it, there is a check box area that you can check on your store and say, okay, I want to enable PayJoin. I’m starting to think maybe in the next release or so maybe we will, put that on automatically, but I’m not really sure because it’s. So I wish to enable this PayJoin automatically, but it’s, I don’t know if it’s a good idea because say like it’s a hot wallet, so we don’t want to sign something without the explicit permission of the merchant. So we might need to do something new. X, Y is to make that easier. But yeah

Stephan Livera:

Or maybe it’s like two separate wallets that are there. So they would put in their hardware wallet one and then have another one that’s just a PayJoin one, all part of the same store kind of thing.

Nicolas Dorier:

Yes. Yeah. So right now you cannot do this right now. It’s like one store, one wallet but it’s our goal like later to be able to have several white for one store. I’m not quite clear how to do that yet, but after I would explain why it’s important as well for the fingerprinting aspects and yeah, that’s it. Yeah. And then you also need one more thing. So for PayJoin to works, you need some coins, some UTXO on your wallet. So you need to send yourself some money so that those UTXO can be used with PayJoin with somebody else.

Stephan Livera:

Kukks. Did you want to tell us about the process for doing a PayJoin? So let’s say I’ve got a BTCPay and I want to pay into another BTCPay to do a PayJoin?

Kukks:

Yeah. It should be fairly straightforward actually. It’s as if you’re not doing a PayJoin, so you get the payment link from the invoice from BTCPay you go on your on the send wallet screen of the of BTCPay for your wallet. You click yeah, the phase to BIP21, and you just give it the payment link and it’ll just populate all the data in there to pay the address and the amount. And it’ll also add a page join URL inside the advanced settings. And as soon as you sign it’ll just tell you that you can do a PayJoin or it can try to do a PayJoin or you can just skip PayJoin and altogether. And once you click that button, which is broadcast PayJoin and it’ll try to negotiate a PayJoin transaction and send it over the network.

Stephan Livera:

Fantastic. So, I guess just to summarize, so for listeners, if you’re used to using a BTCPay or paying into a merchant who has BTCPay in the copy tab at the bottom, there’ll be that little PayJoin link. So basically you copy that and then you paste that into your own BTCPay wallet or now there’ll be support with other wallets as well. Correct. So as I understand blue wallet are looking at it, Blockstream green. Obviously they sponsored some of this work so they’re going to get it into Blockstream green. I think Wasabi are looking at it as well. Can you tell us a little bit about that process there of the collaboration to make that happen?

Kukks:

Yeah, and one more thing as well. It’s not just payment link as well. You can also use the QR codes, which is what you always scan anyway nowadays if you’re on a phone. But yeah, in terms of collaboration, there’s Wasabi I think JoinMarket, green wallet, blue wallets

Nicolas Dorier:

There, there is also a nodeJS implementation that are in the works.

Kukks:

Yeah, that’s the one that’s being worked on for a blue wallet. So, but it works for both of them. So it’s just a library, a separate library being worked on by Jonathan Underwood from Bit bank and Luke Childs. So I started trying to mess around with the blue wallet implementation just to add it as a prototype. And I talked to some of the guys from blue audit about it and they seemed keen on it and they created some wire frames and UX. So I thought that was a good start to kind of just try tinkering with it a little bit. And then I asked Jonathan Underwood and Luke Childs for some help cause they’re more experienced with the node JS and JavaScript libraries. So with the Bitcoin JS based JavaScript libraries.

Kukks:

So yeah, they kind of did a lot more work than me at this point on it. So it’s all up to them pretty much doing, they’re pretty much doing all the work so far.

Stephan Livera:

Excellent.

Kukks:

And that’s on the blue wallet side. And basically if you have an open source or well, a JavaScript based wallet, now you can use that library and just implement PayJoin in as well. And then in terms of Wasabi, I did a very preliminary pull request there. Then Lucas Ontivero grabbed it. I don’t think he even grabbed it. I think he redid the whole thing and pretty much ported the logic from BTCPay himself. And since it’s in C#, Wasabi is in C# kind of works out pretty well for them. Yeah.

Stephan Livera:

Excellent. And so let’s talk a little bit about what merchants should think about right when they’re using this PayJoin because now they’re thinking in the past they might’ve had the cold wallet with, you know, let’s say their Trezor or a ledger or cold card, right? They take the xPub and put that into a BTCPay. So now they’re thinking more like, okay, I’ve got this continually, I’m receiving Bitcoins, but it’s now on my hot wallet, which I could have that on say the LunaNode VPS or I might have it in some device. What are the considerations there for the merchants?

Nicolas Dorier:

Yeah, so so activating hot wallet definitely like, raise the risk of attacks. So for the merchant that I know in general, anyway they are like kind of sometimes selling Bitcoin at the end of the day. So at the end of the day, they have all their receipt. They just do a transfer to the exchange and sell it. So for those people, it doesn’t risk that much in the sense that anyways, the money they have on this wallet is always very small. And for people where it’s more problematic. So one thing, one feature in BTCPay I want to add for wallets, is our autopilot is a automatic transfer. So the idea will be later that you can create your hot wallets and you can say to your hot wallets, okay, if it goes above a certain limits, then do a transaction that send that all on the hardware wallet. So this will decrease the maximum amount of money that you can lose. So yeah, we plan to work on this.

Stephan Livera:

Awesome. And Kukks, did you want to tell us a little bit about a transmuter and whether that might be something you’re looking at as well, although I understand that that is in an early stage, right?

Kukks:

Yeah. So the feature that Nicholas explained is kind of available right now in a plugin sort of way. So we have BTC transmuter, which is in alpha, at least kind of alpha. It lets you basically create hot wallets in there as well. We’ve had that in there for a long time and you can tell it to forward funds from one wallet to another. So at least you can kind of mitigate the risk right now by telling, by configuring BTC transmuter and telling it to transfer funds from the PayJoin hot wallet to your hardware wallet in you know, every X amount of time or when the balance reaches a certain amount or if you have any other criteria so at least you can kind of mitigate it through that for now. You can do plenty of other things. And right now we also recommend it for when you do email receipts and stuff like that.

Stephan Livera:

Yup. Yup. And so I guess for listeners who might not be as familiar if you’ve ever used something like ‘if this then that’ it’s kind of like you can set up certain rules or recipes in the transmuter and then it will then automatically execute those. And so, like you’re saying, you can set up a hardware wallet and periodically flush out the balance from that. But I suppose if we are thinking about from a privacy perspective, right, that merchant also has to start thinking about, well, do I need to do CoinJoins out of, on the way out? Right? So I’m doing Payjoins with my customer. Let’s say I’m a merchant. Then that’s periodically accumulating, but then I’ve got depending on again, who I’m trying to be private from, I might need to do CoinJoins before sending that out. So that’s another thing to think about as well. Right?

Nicolas Dorier:

Yeah. So that’s an interesting point where if you want to Coinjoin before sending to your hard wallet actually there is a, the way we designed the protocol is very flexible for what the receiver can do actually. So the receiver has lots of flexibility to create a PayJoin transaction. And one of the possibility can do is bundle is his own payments inside the PayJoin transactions. So, which means that actually like the process of sending money to hard wallet. Don’t have to be in a different transaction. It can be just a customer that paid. So the customer tried to pay you create a PayJoin on with him, but inside the PayJoin at the same time you sent, you send all your UTXO to a hardware wallet. And so in one transaction, basically you get the customer that paid you and knew that sent to, you know, I don’t know, exchange or like, or to your hardware wallet. So this is something that will be possible.

Stephan Livera:

Right. And also I guess you could try and let’s say you’re the merchant, you could try doing a PayJoin into your own hardware wallet potentially if you found a way to make the PSBT for that work also. Right. You

Nicolas Dorier:

You can’t because like as as when you want to do a PayJoin your the receiver or want to sign, so you need in hot wallets. Yeah. So that’s a problem.

Stephan Livera:

I see. Yeah. No, that makes a lot of sense. Yeah.

Nicolas Dorier:

And even like they, because so PayJoin is very good if you rehab a normal payments, if you’re transferring between two wallets, like a chainalysis can still kind of get,

Stephan Livera:

Figure it out and cluster that altogether potentially. Yeah. And while we’re on this whole idea of fingerprinting, right? So just for listeners who are a little bit newer, part of the aspect of privacy is trying to break certain heuristics and certain assumptions that are used by an external observer or potentially an observer with inside information. So let’s say the chain surveillance company has KYC data from the exchange. And so there’s information sharing going on. And so they would know, okay, Stephan Livera withdrew this amount from this exchange and it went to this address. And so we know that’s his coin, that kind of thing. And so it gets into some of this aspect of how can these heuristics be broken? And so I think one of the important ones that Kukks, you were mentioning earlier, was BIP69, which is in relation to the output ordering.

Stephan Livera:

Correct. So the transactions have inputs and outputs and then BIP69, I think it has some guidance on how to order those outputs. Could you tell us a little bit about that and how that’s working in with this?

Kukks:

Well with the initial implementation I had done, it was a, I think it was just by default following BIP69, but Nicolas refactored that and made it randomize both inputs and outputs, if I remember correctly. And I think that was also some of the feedback from Adam Gibson on making sure it didn’t kind of follow that standard.

Nicolas Dorier:

So main problem if we followed the standards, it means that any transaction that doesn’t follow the standard are not, PayJoin. So it will have been pretty bad. So yeah, that’s why I removed it.

Kukks:

So that’s a, I see a specific fingerprint on its own.

Stephan Livera:

So yeah, and that’s, I guess that’s part of the broader difficulty around coordination. Right. So I think on the whole, like I think this is a great step forward in terms of people being able to use PayJoin, but we have to sort of understand as well that there are limitations there and that coordinating cross wallet can be sort of difficult and as long as there’s one leak somewhere, then it can be sort of fingerprinted in a way. And they can say, Oh look, say I think that’s a wallet A type of transaction or no, that’s what it would be. Because they, they did some other flagging or they did some different n sequence number. Right?

Nicolas Dorier:

Yeah. So there, there is so

Nicolas Dorier:

When we implemented PayJoin, I say that there has been lots of fingerprinting things that have been reported in the BTCPay server wallet and I start wondering like how Wasabi wallet was doing. And I think Wasabi wallet that has the, right, so Wasabi people are trying to concentrate on how do we do for making all wallet behaving like they are the same but it’s not really possible because you cannot coordinate between people and different wallet to force this kind of behavior. However what you can do and it’s what Wasabi Wallet is doing and I think it’s pretty great idea. And we are also implementing BTCPay is to randomize your fingerprints. So basically the basic idea is that you check on the blockchain like all the different fingerprinting way of also different transaction. You create a statistic on this, then when you need to create a new transaction, you say, okay, maybe 50% of the transaction had locktime zero.

Nicolas Dorier:

And so 50% of the time you create a transaction that has a locktime zero. And so by doing this, basically you, you don’t, you don’t hope that, Oh well I do the same. You don’t really care. You just add that inaudible to what majority of the network is doing. And I think it’s a, it’s a right approach to this. And there is also another thing that I’m interested in is what I call fingerprint poisoning. So all those different heuristics are very well known and we know that Chainalysis are like following that. So if you know that, it means that you can trick them by using those heuristic to draw them in the wrong conclusion. So one of the PayJoin idea for example, is that imagine that in your wallet you have very small amount of change. So having a very small coin inside your wallet can happen in several ways.

Nicolas Dorier:

So one of the ways that Chainanalysis very often send very little amount of Bitcoin to your wallet like for example, 500 Satoshi. And when you receive this coin, if you don’t, if you make mistake to spend this coin along with another of your coin and then Chainalysis know that this other coin belongs to you. So the idea is with like fingerprinting poisoning is okay, what if we allow this user to make a PayJoin transaction with this small 500 Satoshi? And if they send this 500 Satoshi to another developer or trainers or service that support PayJoin the service will like mix its own input. And like now the Chainanalysis, we say, Oh, this was our input like belongs to the same words, but it’s not the case actually it’s belonging to the person, to another person.

Nicolas Dorier:

So it’s kind of like a way to trick them. There is no other way, like for example, Chainalysis. Very often when you have a transaction, two outputs, if there is one output, that type of a round number. So, for example, 0.1 Bitcoin, they think that its the payment and the other one is a change. So like if you know this you can take advantage of this heuristic to reverse to reverse it where the change had the wrong amount. So we are doing already that. And the basic idea is that they cannot really know who is doing PayJoin. They cannot really know how many people do PayJoin. But nevertheless there is always this little doubts. That’s all their analysis is poisoned and it’s might be enough to to prevent them from using their data in a productive manner.

Stephan Livera:

Yup. Kukks, did you have anything to add in terms of that whole discussion around fingerprinting?

Kukks:

No, I mean it makes sense as well. And even once we add the batch transactions being bundled inside the inside the PayJoin itself, it’s going to be more than, it actually becomes more than just a two party coin join. Right? You can have, I mean, you can batch like five transactions in one and you’ll send, you know, you’ll all of a sudden you have a five CoinJoin happening in a PayJoin. So at that point you can’t really say that Wallet A and Wallet B be you know, there are different than that. You can trust it or something or that it’s a paycheck because of it.

Stephan Livera:

Yeah, that sounds great. And yeah, so I think just touching back to what you were saying, Nicolas there around the drunk wallet or kind of randomize wallet, I think that’s an interesting idea as well because I think

Stephan Livera:

Trying to align across all of these different wallets is just not feasible, right? Because as soon as one wallet updates or as soon as one wallet tries to have a new feature, then boom, now they’re not in alignment. And as soon as, and unless you can maintain perfect alignment and maintain it’s just not a realistic way to proceed. So I think the approach there of the randomizing and putting different fingerprints is probably the right one. I think the other approach I’ve heard of is trying to mimic a well known wallet. So things like mimicking Bitcoin core or mimicking Electrum as an as an example as well.

Nicolas Dorier:

Well, it’s not also a good idea because actually Bitcoin coins what, maybe 10% of the transaction of the network, so maybe it’s popular, it’s not that much as well, so.

Stephan Livera:

Right.That’s a good point as well. Yeah.

Nicolas Dorier:

Yeah. I think trying to mimic another wallet is the same problem of trying to do everybody’s the same. I think the best ways really to randomize those fingerprints and do it in a dynamic manner. So like right now wasabi wallet, for example, hard-coded the probabilities of some of some of fingerprints I think it should be like, you know, adaptive on the condition of the network. But yeah. Yeah, I think it’s a better approach.

Stephan Livera:

That’s the work. Yeah, that’s the direction to go in. Okay. okay. I think the other interesting one is around privacy in terms of perhaps who do we want privacy against, right? So it comes down to maybe the ideal privacy way of doing PayJoin is between let’s say end user to end users, let’s say. Whereas if one of those parties is a regulated party, then payjoining with that person might not necessarily give that much of a benefit because, well, depending how things go because they might be that regulated party might have some kind of information sharing agreement with say chain surveillance. Right? But what, what do you guys think? Do you guys agree, disagree? Does it make more sense from an end user to end user?

Nicolas Dorier:

Always. The thing is that PayJoin information about what’s happening is local. It’s local, so it’s not global. So even if you are doing a coinjoin with a regulated entity and this entity is sharing data with Chainalysis is not sharing this data with everybody. Anybody else. So like, it’s still better than just having everybody in the world network knowing what’s going on. You know, like they have kind of silo’ed information and they cannot really easily share with each other because it’s their business model. If they share about it, then it’s bad for them as well. So I think that even if you are payjoining with irrigated entity, it’s still a benefit.

Stephan Livera:

Yeah. Yeah. And Kukks, did you have anything to add there or do you feel similar?

Kukks:

I mean, I highly doubt that regulated entities are going to be offering PayJoin as well in any case. I mean it’s too much effort on their own, on their end and some companies can’t even support SegWit so I doubt they’re going to go for PayJoin.

Stephan Livera:

Yep. So it’ll maintain, it’ll be sort of more like independent merchants and you know, the self-sovereign user types who really want to use PayJoin.

Nicolas Dorier:

Well, one thing I will really like to see and I should try to pin it, it changes doing it for deposit money. So it will be very nice. If one exchange, like allow PayJoin for deposits. But yeah, Like Kukks said, I don’t know if it’s realistic or not. Maybe we can try to ask. We’ll see.

Stephan Livera:

Well, the other argument I have heard is that potentially, and there are different views I’ve heard in the Bitcoin world on this, that it can potentially save chain space by like having a kind of a snowball accumulating UTXO that that may potentially save on chain space and therefore exchanges could potentially try and offer that, not from a privacy perspective, but from a chain efficiency perspective. What’s your view there?

Nicolas Dorier:

Yeah, that’s correct. So right now, like the fees are kind of low, so it’s doesn’t work. But imagine that fees become very expensive. It becomes very profitable to batch your UTXO consolidation with PayJoin people. So they can be a huge advantage of several dollars per transaction if fees starts to rise. So yeah, that’s a good point. And that’s why also the protocol allow some flexibility to the receiver because it’s also gives some so take for example Lightning network. So when you are transacting on the lightning network, everything is private between the two parties they might be theoretical way to know where the money goes. But it’s so complicated that I’m pretty sure like no, chainalysis company is doing that. So yeah. So even if from a privacy perspective, lightning network is way better than PayJoin, like regulated entity will still supported. Why? Because like they can say, Oh, it’s not for privacy perspective. It’s for the utility of sending payment for cheap. So I think it’s an important point. Yes. And later on, I don’t know how it will go because it’s too, maybe I still don’t fully understand everything on this, but when we will have Schnorr signature into Bitcoin and we can aggregate signature into one it may be even possible to make larger savings around this. So it will be interesting.

Stephan Livera:

Yeah. And so I guess it might be the defense, let’s say somebody who wants to enable PayJoin could just be, look, I’m not just doing it for privacy. It’s also this saving of costs. And so therefore it is the cheapest way to do it. And also because of not just that mostly will do it just because it will save them costs. And so then if a lot of people do it, then it kind of drives the incentive for a lot of people to use PayJoin which in turn helps break the common input ownership heuristic which is what people were trying to break at the start. Right. Which brings us back to what were, what were we doing this for? Right. So yeah. Did you have anything to add on that idea Kukks or shall we?

Kukks:

No. It’s completely correct, yeah.

Nicolas Dorier:

One of the things that we plan on doing in the next release of BTCPay will be as the refund. A refund mechanism formations, easier refund mechanism. And actually we want to try to plug that to PayJoin. So think about, you might imagine that a merchant wants to submit a refund, what will happen is that it will give a link to the user and the user will go to this link and put his own address to receive the refund. And what will happen is that in the database, we’ll save, okay, this customer try ask for a refund of this amount and put it somewhere in the wallet interface of the merchants. And imagine that you have like 10 customers doing this kind of requests. Like what will happen is that until the merchant like so we will require the merchant to accept it. And when it accepts them, we will allow him to say, okay, do it in the next PayJoin transaction. So when on the next PayJoin will comes in, then all those refunds will be bundled inside it. And like you make even more of a mess for Chainalysis on this,

Stephan Livera:

Right? And it’s more chain efficient too, right?

Nicolas Dorier:

And it’s even more inaudible sense. It’s finally a way of doing batching in a user friendly way. I think.

Stephan Livera:

Yeah, I guess just for listeners, maybe you’re a little bit newer, you’re not clear what we’re talking about there. The idea is in Bitcoin transactions you are generally charged based how many, like we quote it normally how many Satoshis per byte, right? And so the idea is normally in each transaction, the thing that drives the size of it is the number of UTXOs the pieces of Bitcoin. And so what you’re getting at there is that because you’re aggregating across, let’s say 10 pieces of Bitcoin, the signature data and all those other bits of data, you’re sort of amortizing that cost and spreading it. And so that’s where we’re talking about you’re getting a chain efficiency benefit because you’re basically costing, you’re taking up less bytes on Bitcoin’s blockchain. And that’s the saving just for listeners who are a bit newer. So let’s talk a little bit about some of the other new features.

Stephan Livera:

I noticed you’ve got coin selection now in the BTCPay wallet. So, can you tell us a little bit about that? Maybe Kukks.

Kukks:

Yeah, sure. We’ve I think it was actually quite a simple thing to do cause we had, there’s so much support in Bitcoin to do it in NBXplorer and all our services already. So it was really just the Lightning and we just never exposed it, I think. But Nicholas did all the work like maybe over a year ago for this stuff. So I just plugged it in the UI and worked out pretty nice. We also had the labeling for the coin selection, so it was already in, in BTCPay. It was just not widely use. I think it was just something to list in the transactions that you receive so you can label them before.

Kukks:

So that came on. Nice. so now when, you know, when you go spend the PayJoin or something, you can actually use the wallet, toggle coin selection and say you want to send only transactions that came from an invoice or multiple invoices. So that’s great as well. In terms of a merchant using the same wallet from incoming funds versus his exchange funds or whatever in case he doesn’t want to expose specific data to a merchant.

Stephan Livera:

Yeah. And speaking of exposure as well, I think that just reminded me as well, this idea of the probing attack, right? So when you do a PayJoin there’s that coordination and one party is showing the other, Hey, here’s one of my UTXOs. So Kukks, I understand you’ve got there’s some coding in there in BTCPay around showing just the same one and not kind of showing all the different UTXOs as well.

Kukks:

Initially it was showing just the same one. Actually it was somebody does a request to PayJoin and they send you a transaction? You grab a UTXO based on some model we try to focus on using some heuristics that I think Laurent had written down in a gist somewhere. But we only prioritize by that if we don’t find something that matches pretty good in terms of that. We grabbed one deterministically I think Nicholas did that part. So we grabbed one based on the type of transaction that is being presented, if I remember correctly. And we return that and if somebody runs away with that UTXO it’s still in the next attempt because of the determinist because of how the UTXO was selected. I think Nicholas can expand on this a bit.

Nicolas Dorier:

So basically like the probate, the basic of the probing attack is that somebody sends you a normal transaction. So you reply with a PayJoin transaction by replying with the PayJoin on transaction, right? Exposing one year of your inputs. But then the person that’s creating this request can decide to broadcast the original transaction, making the PayJoin like invalid. But at the end of the day, it means that’s this party you learned about one of your inputs. So it’s kind of somebody that is targeting you can easily find out your UTXO. So and so we cannot really prevent that 100% but we can make it more difficult for them to achieve this. And the way we, we do this is if we detect that the original transaction could broadcast it and render the PayJoin invalid. So you input that we’ll use for this PayJoin will be reused in priority for the the next time however.

Nicolas Dorier:

It’s not 100% sure because if it was 100% sure, then it means that you have a notification mechanism that the attacker can use to know who’s the next person that paid you. But still in priority. So, yeah, it’s, we cannot prevent it 100%. You know, like if the attack create like 10,000 invoice in one second, they tried to get us surrendering this and doing this, then they will learn all your UTXOs or there is no way to prevent that 100%, but we still in need to be targeted. And if you do that is spending money on teas. So and like if lots of merchant is doing like you don’t get lots of information on network in general and even if you gain this information as a network, it’s only the attacker who will know, it’s not the whole network. So it’s still better.

Stephan Livera:

Right? Yeah. Yeah, it makes a lot of sense. And I guess just with coin selection and labeling, that’s also interesting. If you are a merchant who is more privacy conscious, you might say, Oh, this came from a KYC exchange and you might label those, okay. Or these just came from customers and so on. And you might tag them and use them in a way that you see fit. And there’s some other features as well. So there’s a new API. So do you want to just tell us a little bit about that and what’s the direction that you’re going for with that?

Kukks:

Yeah, sure. Oh, you want to go? Okay. Yeah, it’s so it’s still quite early. We only have maybe three APIs so far, which is you can register a new user and you can create or edit a store, just the name actually for now. But the basics is there so we can expand upon everything in the UI. So the idea is that we can, anything you can do through the UI you can do through the API and maybe even more honestly. Cause we have a lot of features inside the BTCPay that we don’t completely expose in the UI. So that should be interesting as well to see what people can come up with. My, the way I’m going to be testing the API to see if it’s like useful is I think I’m going to be developing a small, well small, relatively small app like cross-platform. So you can use BTCPay as a wallet on your phone or as a desktop application to manage as a merchant. So that’s how I’ll be testing all the API stuff I’ll be working on. Well, we’ll be working on.

Nicolas Dorier:

Sure, the transmuter I guess that’s it.

Kukks:

Since we have a, since we also have the third party, well we have a plugin called BTC transmuter that connects to BTCPay. We can also just hook it up to all the new API stuff that’s available so you can trigger anything on the UI basically on it. Like for example, we have a full interoperability with with all the lightning nodes inside BTCPay like you can tell it to open channels or pay lightning invoices if we wanted it to, but we never exposed it. So actually with transmuter you can already do that, but I don’t advertise it much cause I haven’t tested it that much yet. But it would be nice to actually build all these things inside a nice UI form or separate application that uses BTCPay under the hood.

Nicolas Dorier:

Right. Yeah. One other thing that we plan on doing in this API as well as he’s mentioned is that a, so in Lightning in you have like five different implementation or something like eclair, LND, c-lightning, ptarmigan, like whatever, it’s growing with time. And the thing is that all those different implementation had their own specific features. But there is a core feature that everybody has, which is create an invoice, pay it, connect to a peer and create a channel or like whatever implementation you are doing, they all do these core features. So in BTCpay, we already did the work to abstract all of this. So like basically no code, there is no condition. If lnd do this, c-lightning do that, we don’t do that at all. We have a common interface, a common abstraction where whatever the implementation is, we just create the invoice, send the payment or like do this kind of operation of normal lightning network. So this we will expose this API. So it means that people that will integrate with this and that only need those common feature of lightning network. We’ll be able to support all different implementations of lightning network and add it to their app and it’ll just work.

Stephan Livera:

Awesome. So, yeah, so it can make it a little bit easier in terms of people who want to code up their additional feature. They don’t have to think about, Oh, what does LND, how does LND say this had a C lightening say this, how does Electrum say this? Or whatever else. It’s kind of all part of the one thing. And there is also BTCPay Vault. So did you want to just tell us a little bit about that and where’s that at this point?

Nicolas Dorier:

Yeah, so it’s a feature we added like maybe, I don’t know, six months ago, so it’s not very new, but for a long time BTCPay Server was only supporting ledger wallet. Ledger wallet when it was implemented, yeah, it’s technical detail, but yeah, U2F protocol and U2F protocol normally it’s used for authentication. You know, it’s like when you plug in, when you try to log in to your Google accounts, you can use like this, plug your USB key like this and then click on the button to authenticate you. So it’s like a two factor authentication and basically ledger wallet for example, was hacking this protocol to transmit data to their hardware wallet, which was a great idea. The problem with this is that Microsoft with an update like broke it. Because now every time you send a message to this device, there is a popup that is coming up on windows and this popup basically makes the process so slow that it completely broke the integration.

Nicolas Dorier:

Like for signing your transaction, you will need to wait five minutes in front of your computer while your pop-up, like go up and down and you could not click anywhere. So it was a disaster. There was also web USB but web USB like don’t work. Like depending on if you are on Linux or Windows or Mac, like there’s shit that’s going on. So we completely stopped using it. So the idea was how can we do this? How can we support any wallet in a way that we are sure that nobody broke. And there’s been like Andrew Chow that created PSBT actually one of the reasons he created PSBT was to try to sort of abstraction over hardware wallets. And on top of PSBT created this project that is called HWI project.

Nicolas Dorier:

It’s a command line application that allow you to always use the same interface with PSBT to sign your transaction, whatever it is, your wallet, you plugged into your computer. So, but problem is that it’s a command line application so people cannot, normal people don’t choose it. So what we did when we create it. It’s called a BTCPay Vault. So BTCPay Vault is a desktop application that you run and this, desktop application. And there’s a hood is basically using this HWI utility developed by Andrew Chow. And what this application is also doing is opening a communication channel. That’s your browser can talk with. So basically what’s happening is that you open the BTCPay Server Vault then in your BTCPay websites, you can say, okay, I want to sign with hardware wallets. And from the JavaScript of your browser, we would communicate with the BTCPay Vault and basically we can sign any transaction of any hardware wallet supporting UI that are supported by HWI. So it has been a huge step in usability of hardware wallets. Now you can use any hardware wallet you want and it just works. They’ve never any problems on this. And yeah, it has been an awesome,

Kukks:

Yeah, and you have to keep in mind as well that you can also use other applications with the BTCPay Vault because it’s just an API, right? So you just need some Javascript so you can build your own app and you can just connect to BTCPay Vault for hardware wallets signing and fetching configuring wallets or whatever.

Nicolas Dorier:

Yes. So yeah, like you said, it’s, it’s open to any website that wants to integrate with it. They can do quite easily. And an important point as well is that this work of hardware wallet integration is done basically by Andrew Chow. So it’s doing also integration of all hardware wallets. And, I hope that we will find a new, by making HWI used more and more. I hope it will – the tendency where new hardware wallet it maker will integrate themselves to HWI because they want to be supported by a bunch of services that only supported HWI. And it will be great because hardware wallet it maker in general or not software developer, so it’s better if they can just concentrate on doing the hardware and then just do this small kind of integration and then they can just integrate to any application that support HWI. And I think it’s a great idea and it’s Andrew Chow that worked to reach this point today and it took lots of time and I think it’s finally getting, starting to get the benefit of this approach right now.

Stephan Livera:

Yeah, I haven’t had a chance to use BTCPay Vault. I actually will have a look at it next after this. But in terms of using it, are you able to, is it able to just ingest the Xpub out of like when you plug it into your computer and then it does a lookup against, you know, full node and then says, okay, this is your balance these are your transactions. And then you’re able to,

Nicolas Dorier:

When you create a new store on BTCPay server, like you need to say, okay, where does the money goes? So, and then the option is say, okay, use a BTCPay Vault. And so if you choose this, the BTCPay Vault will just show you a pop-up to know that, to ask you, do you really want to expose this kind of data to this website? So if you click yes, then we as a BTCPay server fetch xPub directly from your hardware wallet and then populate all the data that is needed for the integration to work. So it’s UX way better than saying to the user or if before that we would say to the user, if you have ledger, you need to open ledger live to go to this app, to copy paste this data and to put it there. And it was very complicated. Now it’s just like start a vault and that’s it.

Kukks:

Yeah, if you wanted to compare the vault or something, it would be Trezor has a dedicated app as well that you run on your computer. I think it’s called Trezor bridge. And it works almost exactly the same way except the bridge only handles Trezor, obviously.

Stephan Livera:

Right so this works cross wallets.

Nicolas Dorier:

Wallets don’t allow any other application inaudible can choose it.

Kukks:

Yeah. You can only use it with Trezor that UI also

Stephan Livera:

Yeah. Okay. Gotcha. Are there any other tips that you guys have for merchants out there? So let’s say a merchant is listening and they want to use BTCPay or they are using BTCPay, have you got any tips for them in terms of what to do, how to do it with?

Nicolas Dorier:

Well, like we are more interested in reverse the feedback that they can get, like what kind of problem we can solve for them. I think the next big problem that we can solve for them is a reformed UX flow. So also if you’re a Bitcoin or merchant Bitcoiner, and I would like that you start allowing PayJoin and that you advertise it so that we can retweet this and I guess you will have like interested user that will, buy something just for the fact that they will, they will mix their their UTXOs. So it would be pretty great.

Stephan Livera:

Awesome. Kukks. Any, anything from you that you would like BTCPay users to know?

Kukks:

Yeah, I mean we get a lot of questions sometimes about the conversion to fiat and whatever. So we also have plugins BTC transmuter and all those similar things. We also have the configurator that you can use to either edit your existing deployment in BTCPay or configure exchanges to set to transfer your incoming Bitcoin to market, sell or trade. I’m always looking for feedback on that as well. So it was always the reverse kind of thing. But if you want these kind of features, they are available. They just need feedback from people to refine them.

Stephan Livera:

Excellent. And look, just for the last question, we’re obviously coming up to the halving very soon, right? So we’re recording this 10th of May 2020, and we’ve got the halving coming up in, you know, two days or whatever. So have you guys got any reflections or any thoughts on the halving and what’s coming in this next epoch?

Nicolas Dorier:

Well, on my side, I know Bitcoin is unpredictable. I have no fucking clue of what’s going on. So you know, from, so this halving every four years, like I was used to think that it was a technical mistake from Satoshi. I think it should have been more gradual, but at the end of the day, like it’s kind of a social event as well, you know, it’s like a fantastic, so it’s like, okay, it’s every four years. It could have been better on the, on the technical plan, but the occasion for the bitcoin community to celebrate and make some noise about it. So it’s not that bad.

Stephan Livera:

And Kukks.

Kukks:

Yeah, I mean, as long as I enjoy the bear market. I get more technical and work without having to worry about people. Ah, I lost my money or something. So it’s kinda nice. I’m excited to see what happens though.

Stephan Livera:

Awesome guys. So look, listeners, make sure you check out BTCPay. Let me just put this up on screenshare. So this is the website, BTCPayserver.org. Go and sign up. Go and use it. I use it myself on my own personal website and on ministry of nodes, we use BTCPay Server and obviously follow the guys. So Nicolas, he is on Twitter @nicolasdorier and Kukks is on Twitter @mrkukks anywhere else that you would like the guys to find you online or that’s pretty much it.

Nicolas Dorier:

So another place where you can find us is on chat.BTCpayserver.org so likes, it’s where the community signing out around and like if you have programming come here, we always check out this once a day. Like there is several of us to reply to questions so it’s, it could be great. And also Stephan, did you activate PayJoin for your donation page?

Stephan Livera:

I have, I just did, yeah.

Stephan Livera:

I have, I did. So I’ve got a little widget there so that’s actually a good tip as well because one thing I actually in fact I asked Nicolas himself one thing, if you already run BTCPay it’s a good way that you can help your friend who wants to take donations. You can just get them to set up an account on your BTCPay. And I’ve done that for other people. So I’ve done that for other people in the Bitcoin community. I won’t name them just to, not dox them, but they use, they’re kind of piggybacking off my BTCPay. So that’s something you can do. If you are, let’s say you know you’re a Bitcoin advocate and you want to use it and you want to help other people, then this is another way you can help your friends get started with accepting Bitcoin into their shop because you’re helping them. Just piggyback off your instance. So that’s probably the final tip. But look, I think that’s pretty much it for this episode. So thank you very much guys for joining me. Listeners, you can find me online @stephanlivera and subscribe at stephanlivera.com and subscribe on YouTube. That’s it guys. Thanks for joining.

Kukks and Nicolas:

Thanks!

Comments (2)

Leave a Reply to Jimbo Janglethorpe Cancel reply