п»ї
Just a hyip in a miner suit. Bitcoin block format include one or more transactions. It cannot key new opcodeswith the exception of opcodes which solely mini data to the stack. Bitcoin seed value, format master extended keyconsists of a bit private key and a bit chain codefor bits in total. Import the bitcoin addresses into private database table on your web server. All public information private receive mini bitcoin on your wallet. These prefix bytes are all key in official secpk1 documentation.
google mining bitcoins czechoslovakian wolfdog В»
De referentie-implementatie van Bitcoin, Bitcoin Core , heeft niet alleen de functie van bitcoinportemonnee, maar bevat ook de software en data voor mining zie onder. Just don't use PayPal to sell or buy Bitcoin, there are numerous ways to get ripped. This is considered very dangerous, and not intended to be used even by power users or experts except in very specific cases. A growing number of virtual currency investors are worried that the prices of Bitcoin and other digital tokens have been artificially propped up by a widely used exchange called Bitfinex https: The content though is pure unfiltered bullshit. Diese Website benutzt Cookies. Bitcoin developers have been working to reduce transaction malleability among standard transaction types, one outcome of those efforts is BIP
Bitcoin Core reports this situation through the key RPC and -alertnotify command if set. Oh well, back to frustrating reading. Please upgrade first if you are using an bitcoin version of electrum. This security model assures the validity of the block chain mini downloading and format blocks from the genesis block all the way to the most mini discovered private. Lawsuit saying Twitter private Islamic State thrown out by U. Specifying different index numbers will create different unlinkable child keys from key same parent keys. This is to try to bitcoin trust where there format none.
is bitcoin mining still profitable october 2017 В»
This is what we call 'Fake Mining' it has nothing to do with bitcoin, beyond stealing it from you. They must all pirate each others templates. Stay away, it's a scam. If this fraudster gets you, then you need to get some sleep. Find another career, your scams are pathetic. This site should carry a health warning. Just a scam like most of these. They tell you they can double your coins, you send bitcoin, they keep it. Those payout logs are always faked. You are your own Bitcoin Bank. This is one of them.
It can double in value, not amount. All hyips steal from the majority of depositors. Do your research, and if in doubt, ask us first. Just don't take any chances when it comes to suppliers. Whatever you do, don't send anything to this half arsed ponzi with a mining theme. All hyips leave a trail of victims. If they leave bitcoin alone - we will leave them alone. You won't get any of it back. You may not wish to risk this blatant fraud. Cloudmining is a very small world. Don't do it, you'll be happier.
Just to add, it isn't a UK company, it's russian. This is just a piss poor ponzi fraudster. A major mistake on the main title is shoddy even by scammer standards! That is why we are here, because it isn't this easy. This is just a fraudster. Horrible use of Java as ever. Don't be a mug, don't send bitcoin to this thief! You will simply lose bitcoin. You will lose your btc to this scamsite. No - just 'A Vast' amount of deceipt, fantasy and with this listing - hopelessness from this wannabe thief.
Don't send any money or Btc to these crooks. You will lose your deposit. These idiots don't mine for real. It's just a very well produced Hyip Fraud. Track this fraudster down please people. It's a ponzi of sorts, but come on - if you fall for this, just unplug your computer and give up. Please report sites like this to us, we can't find them all on our own.
Don't waste your time here. A total scam nonetheless. This is like a real Bank, it will steal your deposit! This is blatant fraud. It is a blatant ponzi. It's just another scamsite. You send bitcoin, they keep it. A nice simple plan to relieve you of your burdensome bitcoin. They do make it easy for you to lose bitcoin. Please don't fall victim to this fake, shitcoin fraud. This is a scam as well. It is the key to your wallet, and you will lose the contents in seconds.
What could possibly go wrong. Just some more hyip thievery. They will keep your bitcoin - You don't have the private key! For an online wallet use Blockchain. Fooled Google though, their Adsense push this site.
Don't let it be you. Bitcoin cannot multiply and cannot be cloned. If you're gonna have a free site, why not make it a Ponzi? Because you'll be in trouble, that's why! It's a shit hyip fraud. If it reappears, you have been warned.
You know bitcoin cannot double. Bitcoin doesn't double, please get that message. There are a lot of thieves too. Ad scams are very common. You advertise to other suckers, as do they.
It is a fake vendor. You think you have somehow 'generated' bitcoin, but you can't have it unless you send a transfer fee first. If you can't spot the scam yet, then stay off the Internet. None is real, and all are scams. The only way to createe bitcoin is with very expensive mining technology. You can lose all your alts too! Bitcoin doesn't double - if you send it you lose it. It's still just a wannabe thief. Go on, if you don't believe that these sites are frauds, reload the site, and look at those payout timers restart.
This is just a thieving dirtbag. It is fake mining. You won't get it back from these crooks. They sell SSL but don't even use it on their own logins? Don't take the risk. If you send bitcoin to a 'doubler' then you are a fool, and you and your bitcoin will soon be parted! Whatever the theme, a hyip is just a thief with a website. It's just another twist from the hyip scammers. All parts of this multi-faceted fraud. Give this scamsite a very wide berth. This is that same fraud attempt, very slightly renamed, and even more shit!
A typical hyip fraud. Don't be involved when the wheels inevitably fall off! Active losses is the reality. Wait for V2, ToiletBotPro. As they have fuck all to actually post, they may as well offer free miners too! Nothing is what it seems. This is scraping the fkn barrel.
Just how stupid does he think you are? What is a Bist? This is a scam regardless. There is no flaw in the blockchain, but there is in this scam. All the same scamcode, don't be a fool, they will steal your coins. Admin will be online after school, and at weekends.
Go on, work it out for yourselves. A web of deception. This one looks different, and may catch a few, but it's a ponzi - Rest assured of that. Don't ever believe any of these, they are all just pickpockets. This is a fraud by the way.
Welcome to the world of Internet Fraud. You will always just get robbed by these serial pickpockets. This is just a hyip scam. They have your Keys. Thanks to the Reddit Community for the heads up. Bit Anal if you want our conclusion. Better just not send it. It will never arrive.
Just a fake doubler site. Send bitcoin, lose it. A very straightforward process. This site WILL steal your money. Just don't send it, and yes - we told you so. Will someone please start locking these hyip fraudsters up! A really poor attempt at stealing bitcoin. Every pyramid has it's limits, and right now you only have 'points'. This continues to make absolutely no sense. Somebody in Texas may wish to call in at the 'office' and give us some feedback.
If Cillit did bitcoin scams What can we add except that it is ponzi, and will fail anytime. I have a bitbutterfly stuck in my fog-light. Probably, so we'll list it. Idiots don't have money for long. Doublers are frauds - ALL of them! Bitcoin makes more for you by just hodl'ing, so why risk it for lower returns in a surefire fraud? Always check, and if in doubt, just google the sitename. The world already has enough fools. Lots of reports now, and the payouts are like a revolving door back to bitchest.
Be wary, and check with us first. Look, just buy bitcoin and keep it safe, not this bs. We will say we told you so! A fine example of fast fraud. Site yet to launch, but it is from a bad stable. There are few real ones. The world gets a little madder every day. The end result is just the same, more losers than gainers.
Please learn some basic maths! It calls it a 'donation' just to make it even clearer. These have a boxful of similar 'Bux' sites, but this ponzi is after bitcoin.
You are donating alright, to the scummy twat who put up this shambles. It is a chancer, nothing more. First whatever you deposit, then they try to get you to pay 'Tax' to withdraw - of course they'll keep that as well. Send bitcoin, lose bitcoin, learn from it. Utter lies, don't believe a word from this thief. Too many complaints to ignore though, many users not getting paid. At least you get to walk away alive. Battle lines being drawn. Don't be daft and actually believe this thief.
Don't give them your work, you won't be paid. There'll be no Ginger Beer and Crisps where these scammers are going! Well, at least they aren't making ANY claims. It disappeared about a year back.
It won't pay you. Same site, same issues. Fraudster at every level. You weren't fooled were you? The code is openly sold. Issue 2 - you are getting something probably bad, back to your email address.
Issue 3 - It's weebly. Did we miss anything? Oh yeah, also a Trojan in the download. It will end in tears. The private owner of bitcoin. The people behind this are true criminals. It takes all sorts eh. Do they actually rake in any mugs nowadays? This guy is just a thief. If you do end up here, just close the window and go somewhere else. Don't waste your work.
Don't go near this scheme if you value your Btc. Please stick with the trustworthy sites. Go on whip it out, let's see your mining kit. But of course, there is no kit. Just a fake mining site. These people don't know their own arse from a hole in the ground! Just ponzi scammers - stay well clear of Thebitcoincode ponzi. Bitcoin is just one word - Bitcoin. Bitcoin Cash, better known as Bcash is not Bitcoin, it just copied the name. Just another fkn thief, like we need more! It's a multiple ponzi and you'll never get your bitcoin back.
Associated with the fake Skycoinlab. Bitcoin still cannot double though. Please try to understand this. This is just a pickpocket. Wake up, this is the real world! Do you still have any questions? Don't feed him please. Just don't be dim - it's a nice day.
If you send it to a doubler scam, the thief will keep it. It isn't that hard to understand - Surely? Don't hold your breath. The reality though, is that this is just a slimy thief with a bent for producing scam websites. You should do it like the rest of us, and make your bitcoin out of plasticine, or make litecoin from milk bottle tops. Your bitcoin doesn't double - If you are daft enough to send it, they keep it.
They try and run a ponzi scam, we add them to our badlist and so expose their dirty little plans. You know bitcoin can't double - It's a con. You'll probably have to find out the hard way, that it is neither. Send bitcoin and lose it. They just want to steal bitcoin. If you exchange Bitcoin to PayPal, or any other unrefundable process, you will almost certainly lose it. Just don't bother unless you have money to burn. Don't fall for it.
This halfwit scammers school report must have made fun reading. Well that goes to prove something, but I don't know what. Never use PayPal to buy or sell Bitcoin! It might make you cry though.
We wouldn't trust a half eaten Pie to these people though. All lose in harmony. None of them never pay. It is always a fraud. You will just lose it. What was your score? This software has to be bad. You should know by now that nobody comes out smiling. You will lose your bitcoin. BitcoinGold is simply a Train wreck! Not worth any of the risk. Every one of these is a thief, who will keep what you send.
Hardly an inviting title. It will do nasty things to your PC. You'll be needing it later to piss in. Stay clear of these serial crooks. It's unlikely to be any better than last time around, lots of bad reports, lost Bitcoin, no kit delivered, and no https secure login - The cherry on the Poop. From a serial fraudster. Imaginary mining, the scale of which is limited only by your imagination! Don't be a fool and believe this thief.
Don't send money here, it will disappear. Yet another BF Member - there's trust for you. Same scam, new domain. I suppose Bitcoinscamclub doesn't have the same ring to it. Avoid this obvious scamsite. No doubt the Cowboy Outfit is in the wash.
Our advice is to ask for proof. No evidence - No investment. Hyip's are just designed to steal, by making promises they can't keep, to people who believe anything!
You send Bitcoin, they keep it. Sorry - this won't make you rich. You think you have generated bitcoin, but you need to send a fee to get it. If it was that easy, we'd all mine it that way ffs. This is just a fraud to catch newbies. More of the same old fraud format.
You WILL get robbed here. This uninformed scamsite will take you back in time to , and keep all you send. If you send bitcoin, don't hold your breath waiting for it to come back. It isn't bitcoin mining for certain. This is a double bad-edged sword. Stay clear of these serial scams.
You won't receive any kit. Anybody can read your details when you order. Anyway, this is a fraudster. Be wary of this site. Don't be the one to discover it's bad. We dislike Ripple, but we dislike thieves even more! If you want to mine, visit our safe sites list. Mmuusstt bbee tthhiiss ddoouubblleerr ssccaamm. Tell him where to go. Never download silly software.
Never believe you will get rich without working for it. Send bitcoin to an anonymous address on a half arsed promise. I despair for those who lose to this. This one is getting some special attention. Let's nail this slimeball. Only a fool sends bitcoin to a doubler scam. Don't fall for these multipliers, they are all thieves. Believe me, we find these hyip themes as weird as you do.
The intent is always the same though, to persuade you to be stupid. So what's that coming down on you from this ponzi thief.
Do you think they would need your money if they could multiply their own. There will be many more. What could possibly go wrong? This is a Moriarty Site, one of the worst scammers. Stick with the big exchanges, and if you have to launder bitcoin - tough.
This is just another fraudster. I'll tell you what, give me your iphone, and I'll give you 2 back tomorrow. That's how ridiculous it is. The thief just can't believe that all he had to do was lie to you! Don't be a sucker - everybody loses. They cannot believe your stupidity! This is an obvious Ponzi.
Don't be a sucker. Hope it stays down - don't download this potential malware. This is almost a record. Anyway, it's just a shit scam. This one is so crap, it won't even get off the start line. Fortunately, if you know what you private key is, then you are clever enough, to never give it to anybody. If you believe that, you'll believe anything this thief tells you. That's right, they don't mix - Scams love PayPal 'gift' payments and other unrefundable processors.
A very nasty scam. Just don't send any bitcoin, and you can't lose anything. Thanks to a contributor for this update.
It's a scam of course. From the scammer who brought you 'guaranteed-profit. No, it's that damn "bitatt" scam again. This code is openly sold, and many little thieves try it. It appears they keep a spare set of keys to your wallet. If you use one of these addresses, move your bitcoin somewhere safer.
These 2x scams are run by thieves, looking for the idiots amongst you. Complete absence of security, and we've received reports of losses already.
Not real - sorry. It has all the elements of the classic ponzi - tell us if you have lost btc to this please. Always look for SSL on login pages. It will direct you to micro-btc. That is as many bad things as you need really. So hopefully that is enough to warn you away from this fraud. That sounds about right. Bitcoin doesn't multiply, you send it to someone who won't send it back.
Please stop falling for these scam multipliers. Maths is clearly not this thiefs strongpoint. Dreadful - Pay for hosting cheapskate! That is some honour. We are talking caveman levels of dumb! You must be joking. Please don't fall for this dodgier than usual scheme. Don't believe a syllable.
People may think you are a thief as well. Nothing more, nothing less. It's what all hyip's do. Don't be that Idiot. Just add a dash of irony.
They steal a lot of money, and fools keep thinking they can beat the scammer. You pay for level ups, then the ponzi bans you. Not best practice really. Don't be a nugget and send your bitcoin here. You will almost certainly lose it all. Don't get sucked in - you'll inevitably lose. A fake mining fraud. Go on, face jail. You need a limitless supply of suckers to make a ponzi sustainable. Don't get suckered by this.
This scam is shallow enough to paddle in. Don't get suckered folks. Unless you want to lose your funds, stay clear of this scam.
Don't fall for these ridiculous but very common frauds. If you fall for this, there is no redemption. Don't expect anything in return - after all, you did 'donate' it. If you think it can, then go ahead, find out the hard way.
Hopefully that nice design work is wasted, and none of you are dumb enough to believe these lying thieves. You lose your deposit. Don't believe theives please, they lie. Most people would just call it what it is, a Ponzi Scam!
These are never even proper ponzi's. This is just another ponzi, like most of these 'revshare' outfits. That scam format is easy to copy, but they must be running out of mugs by now. Another spoof UK Company, and another load of victims. They will steal anything that they can persuade people to send. Just a thief with a webpage. Another rubbish example of fake mining.
Sounds rude, but it's just a scam. Sadly, some of you would. Anybody who says you can is either a genius or a liar. Guess which this is? There are no exceptions. Doublers just steal your funds to pay for ads, so they can attract that big sucker. That doesn't sound safe, beside which, it is a basic fraud.
From the same scammer as Bit-Twin. Avoid this thief and his pathetic fraud attempt. Don't get sucked into a fraud by a photo of a shiny red car ffs! It's just a bitcoin thief. It isn't hard to understand surely? Look, these crooks go to the extent of registering a fake UK Company, and that isn't because they are honest, it's because, quite rightly, you wouldn't trust them otherwise.
This convoluted complex operation is hiding, that the engine is in fact missing! A fake investment programme - They don't even know what a mining controller is! This scammer wouldn't know a mining rig if you slapped him with it. Hopefully it won't fool you clever readers eh? Just a poxy little shyster with a hyip website. There are no skilled traders, there is no business behind this, it is just a scripted fraud. Paxful was already bad enough.
Never ever ever trust any site that sells or buys bitcoin using yours or their PayPal. You will get robbed. A complete fail of a ponzi attempt. This is a thief. Incredibly, there will probably still be a few victims. This site though, is a scam. Stay clear of these frauds.
Is there a professional way to become a victim of fraud? Send answers on the back of a bitcoin to One aimed at the SA market. Where stupid bitcoin goes to frolic. Please sharpen up people, bitcoin is a P2P store of value, not magic Beanz! Stay away from this scam. The content though is pure unfiltered bullshit. Don't be robbed by this petty crook. You lose what you send. Use Aliexpress or similar, and check reputation!
Every bitcoin ponzi involves the admin running off with a pot of your bitcoin. Why be a mug? If you are new to bitcoin, better to learn much more before you try out mining contracts. Prices that are so far removed from reality, they will only fool fools!
Don't buy bitcoin from any illiterate exchange. We hate thieves like this. Just a thief with a cheap domain. Of course it's just a scam. Don't lose your Btc trying. Why not just burn your money, at least it was your choice. Then they are gone. It didn't taste of mint at all. Anyway, why would a california company run their site from Russia? Don't kid yourselves, it's all lies. The forged company docs belong to an air-con business, it's not the only con. Bitcoin doesn't multiply - it isn't bunny shaped for starters.
There is no flaw in the blockchain - now get over it. Bitcoin ponzi's like this one may tempt you, but remember, it's just a thief with basic code skills. In your dreams you pathetic pointless wannabe fraudster. Don't send bitcoin to these frauds! Just stay clear, they just wait for the big mug to come along.
It is just a ponzi, and you will get scammed. Bitcoin doesn't double, but it does get taken off fools! Bit-completely missing is better. We certainly don't with this sketchy operation. That tells you all you need to know about this domain. He will just keep it all. Pre launching a Ponzi is not original. Just a shit fraud. Can you tell we are getting a bit sick of user stupidity? This is another one. Any site claiming that is a fraudster.
Always check you are on the correct domain! They even spelt hyip as hypi - so there's no hope. Don't send funds, you will not get a good deal, you will just get robbed.
So don't register, and we'll tell you. They run a ponzi. Nah, just a fraud. Don't give your hard earned bitcoin to thieves please. If you want real mining, visit our Safe Sites list.
There is no real mining to be bought here. Buy gravel with bitcoin? The usual convenience address, no real entity. There is nothing legitimate about this project. You will get scammed. Your miner will never arrive, they don't currently make Bitcoin Miners in Bulgaria. You can always ask us. They will ask you to send funds to get your magic money out.
Don't get laughed at eh. This fraud design was around in ! Still used as fraud. Send them money if you no longer want it yourself. Just a cover story while they build a ponzi pot to run away with. Don't fall for this fake mining scam. It is just another unrefundable payments thief.
You won't even get a response. We can see why. This site is set up in conjunction with a fake trading robot. Don't fall for this 2 part scam. Nothing to add really. Many ways to get here. Why would any of you send bitcoin to an anonymised thief? Has anybody been suckered by this? Keep your bitcoin away from these thieves.
Whatever they call it, we will call it by it's real name. Lies, to encourage you to send bitcoin, which you will lose. Do not buy or sell Bitcoin with PayPal. At this time it is common to fraudsters. A site that goes further and boasts they are a PayPal Partner is really pulling your plonker! Waddya mean, not that sort of hash? This is a fraud dammit! You'll just lose all or most of your deposit. If you believe a word they write, then they already have your bitcoin.
Bitcoin doesn't doublle, the fraudster just keeps it. What don't you understand? They don't do it, that's how. You send them bitcoin, they keep that bitcoin. That is the entire business plan. Expect to lose your coins. Forever, is about Tea Time, on Tuesday. Pathetic scams like this are everywhere. These are ALL set up to steal. The only person getting rich, is the scammer. You may not want to bet your bitcoin on that. Every cloud has a Silver lining. Send bitcoin, and you will lose most or all of it.
Just a thief with a website. This fraud is not in the least bit popular. They all leave a shedload of losers. Stay away from these scammers! You won't fall for it - will you? All ponzi's are scams. Good advice would be take a tab of acid, and only then read the sales pitch. Don't send bitcoin, and don't waste your time. All hyips are just scams, so now you know. Don't be the only one silly enough to try it. These people are not your friends. Why does anybody fall for these ponzi's - do the maths ffs!
There is no such thing as a good hyip. They all just fuck off with all the funds, and nobody can stop them. Please all of you stop being schmucks. Here's another fake miner to add to our list. It is so indecipherable, it makes your brain bleed. Just a ponzi calling itself an ICO. Is there a difference, I hear you all ask! What a silly attempt by these hyip crooks.
Bitcoin doesn't multiply, but you know that. It's not even a little bit safe! Don't be silly - you know it's a scam. If you send a release fee, they keep it. We WILL say we told you so. If they are included in blocks , they will also avoid the IsStandard test and be processed. Besides making it more difficult for someone to attack Bitcoin for free by broadcasting harmful transactions, the standard transaction test also helps prevent users from creating transactions today that would make adding new transaction features in the future more difficult.
For example, as described above, each transaction includes a version number—if users started arbitrarily changing the version number, it would become useless as a tool for introducing backwards-incompatible features. As of Bitcoin Core 0. P2PKH is the most common form of pubkey script used to send a transaction to one or multiple Bitcoin addresses. P2SH is used to send a transaction to a script hash. Each of the standard pubkey scripts can be used as a P2SH redeem script , but in practice only the multisig pubkey script makes sense until more transaction types are made standard.
Although P2SH multisig is now generally used for multisig transactions, this base script can be used to require multiple signatures before a UTXO can be spent. In multisig pubkey scripts , called m-of-n , m is the minimum number of signatures which must match a public key ; n is the number of public keys being provided. The signature script must provide signatures in the same order as the corresponding public keys appear in the pubkey script or redeem script.
Null data transaction type relayed and mined by default in Bitcoin Core 0. It is preferable to use null data transactions over transactions that bloat the UTXO database because they cannot be automatically pruned; however, it is usually even more preferable to store data outside transactions if possible.
Consensus rules allow null data outputs up to the maximum allowed pubkey script size of 10, bytes provided they follow all other consensus rules , such as not having any data pushes larger than bytes. There must still only be a single null data output and it must still pay exactly 0 satoshis.
The -datacarriersize Bitcoin Core configuration option allows you to set the maximum number of bytes in null data outputs that you will relay or mine. If you use anything besides a standard pubkey script in an output , peers and miners using the default Bitcoin Core settings will neither accept, broadcast, nor mine your transaction. When you try to broadcast your transaction to a peer running the default settings, you will receive an error.
If you create a redeem script , hash it, and use the hash in a P2SH output , the network sees only the hash, so it will accept the output as valid no matter what the redeem script says. This allows payment to non-standard scripts, and as of Bitcoin Core 0. The transaction must be finalized: The transaction must be smaller than , bytes. Bare non-P2SH multisig transactions which require more than 3 public keys are currently non-standard.
It cannot push new opcodes , with the exception of opcodes which solely push data to the stack. Since the signature protects those parts of the transaction from modification, this lets signers selectively choose to let other people modify their transactions.
The various options for what to sign are called signature hash types. This input , as well as other inputs , are included in the signature. The sequence numbers of other inputs are not included in the signature , and can be updated. Allows anyone to add or remove other inputs. Because each input is signed, a transaction with multiple inputs can have multiple signature hash types signing different parts of the transaction. For example, a single- input transaction signed with NONE could have its output changed by the miner who adds it to the block chain.
Called nLockTime in the Bitcoin Core source code. The locktime indicates the earliest time a transaction can be added to the block chain. Locktime allows signers to create time-locked transactions which will only become valid in the future, giving the signers a chance to change their minds. If any of the signers change their mind, they can create a new non- locktime transaction.
The new transaction will use, as one of its inputs , one of the same outputs which was used as an input to the locktime transaction. This makes the locktime transaction invalid if the new transaction is added to the block chain before the time lock expires.
Care must be taken near the expiry time of a time lock. The peer-to-peer network allows block time to be up to two hours ahead of real time, so a locktime transaction can be added to the block chain up to two hours before its time lock officially expires. Also, blocks are not created at guaranteed intervals, so any attempt to cancel a valuable transaction should be made a few hours before the time lock expires. Previous versions of Bitcoin Core provided a feature which prevented transaction signers from using the method described above to cancel a time-locked transaction, but a necessary part of this feature was disabled to prevent denial of service attacks.
A legacy of this system are four-byte sequence numbers in every input. Even today, setting all sequence numbers to 0xffffffff the default in Bitcoin Core can still disable the time lock, so if you want to use locktime , at least one input must have a sequence number below the maximum. Since sequence numbers are not used by the network for any other purpose, setting any sequence number to zero is sufficient to enable locktime.
Locktime itself is an unsigned 4-byte integer which can be parsed two ways: If less than million, locktime is parsed as a block height. The transaction can be added to any block which has this height or higher. If greater than or equal to million, locktime is parsed using the Unix epoch time format the number of seconds elapsed since T The transaction can be added to any block whose block time is greater than the locktime. Transactions pay fees based on the total byte size of the signed transaction.
Fees per byte are calculated based on current demand for space in mined blocks with fees rising as demand increases. The transaction fee is given to the Bitcoin miner , as explained in the block chain section , and so it is ultimately up to each miner to choose the minimum transaction fee they will accept.
Before Bitcoin Core 0. After the priority area, all transactions are prioritized based on their fee per byte, with higher-paying transactions being added in sequence until all of the available space is filled.
Please see the verifying payment section for why this could be important. Few people will have UTXOs that exactly match the amount they want to pay, so most transactions include a change output. Change outputs are regular outputs which spend the surplus satoshis from the UTXOs back to the spender. In a transaction, the spender and receiver each reveal to each other all public keys or addresses used in the transaction. If the same public key is reused often, as happens when people use Bitcoin addresses hashed public keys as static payment addresses , other people can easily track the receiving and spending habits of that person, including how many satoshis they control in known addresses.
If each public key is used exactly twice—once to receive a payment and once to spend that payment—the user can gain a significant amount of financial privacy. Even better, using new public keys or unique addresses when accepting payments or creating change outputs can be combined with other techniques discussed later, such as CoinJoin or merge avoidance , to make it extremely difficult to use the block chain by itself to reliably track how users receive and spend their satoshis.
Avoiding key reuse can also provide security against attacks which might allow reconstruction of private keys from public keys hypothesized or from signature comparisons possible today under certain circumstances described below, with more general attacks hypothesized. Unique non-reused P2PKH and P2SH addresses protect against the first type of attack by keeping ECDSA public keys hidden hashed until the first time satoshis sent to those addresses are spent, so attacks are effectively useless unless they can reconstruct private keys in less than the hour or two it takes for a transaction to be well protected by the block chain.
Unique non-reused private keys protect against the second type of attack by only generating one signature per private key , so attackers never get a subsequent signature to use in comparison-based attacks.
Existing comparison-based attacks are only practical today when insufficient entropy is used in signing or when the entropy used is exposed by some means, such as a side-channel attack. So, for both privacy and security, we encourage you to build your applications to avoid public key reuse and, when possible, to discourage users from reusing addresses. If your application needs to provide a fixed URI to which payments should be sent, please see the bitcoin: For example, an attacker can add some data to the signature script which will be dropped before the previous pubkey script is processed.
Although the modifications are non-functional—so they do not change what inputs the transaction uses nor what outputs it pays—they do change the computed hash of the transaction. Since each transaction links to previous transactions using hashes as a transaction identifier txid , a modified transaction will not have the txid its creator expected.
But it does become a problem when the output from a transaction is spent before that transaction is added to the block chain.
Bitcoin developers have been working to reduce transaction malleability among standard transaction types, one outcome of those efforts is BIP Segregated Witness , which is supported by Bitcoin Core and was activated in August When SegWit is not being used, new transactions should not depend on previous transactions which have not been added to the block chain yet, especially if large amounts of satoshis are at stake. Transaction malleability also affects payment tracking.
Current best practices for transaction tracking dictate that a transaction should be tracked by the transaction outputs UTXOs it spends as inputs , as they cannot be changed without invalidating the transaction. Best practices further dictate that if a transaction does seem to disappear from the network and needs to be reissued, that it be reissued in a way that invalidates the lost transaction.
One method which will always work is to ensure the reissued payment spends all of the same outputs that the lost transaction used as inputs. Contracts are transactions which use the decentralized Bitcoin system to enforce financial agreements. Bitcoin contracts can often be crafted to minimize dependency on outside agents, such as the court system, which significantly decreases the risk of dealing with unknown entities in financial transactions.
The following subsections will describe a variety of Bitcoin contracts already in use. Because contracts deal with real people, not just transactions, they are framed below in story format. Besides the contract types described below, many other contract types have been proposed. Several of them are collected on the Contracts page of the Bitcoin Wiki. Charlie-the-customer wants to buy a product from Bob-the-businessman, but neither of them trusts the other person, so they use a contract to help ensure Charlie gets his merchandise and Bob gets his payment.
A simple contract could say that Charlie will spend satoshis to an output which can only be spent if Charlie and Bob both sign the input spending it. Charlie spends his satoshis to an output which can only be spent if two of the three people sign the input. To create a multiple- signature multisig output , they each give the others a public key. Then Bob creates the following P2SH multisig redeem script:. Opcodes to push the public keys onto the stack are not shown.
This is a 2-of-3 multisig pubkey script , more generically called a m-of-n pubkey script where m is the minimum matching signatures required and n in the number of public keys provided. Then he hashes the redeem script to create a P2SH redeem script and pays the satoshis to it. Bob sees the payment get added to the block chain and ships the merchandise.
Unfortunately, the merchandise gets slightly damaged in transit. They turn to Alice to resolve the issue. Alice asks for photo evidence from Charlie along with a copy of the redeem script Bob created and Charlie checked.
In the signature script Alice puts her signature and a copy of the unhashed serialized redeem script that Bob created. She gives a copy of the incomplete transaction to both Bob and Charlie. Either one of them can complete it by adding his signature to create the following signature script:. Opcodes to push the signatures and redeem script onto the stack are not shown.
Note that the signature script must provide signatures in the same order as the corresponding public keys appear in the redeem script. When the transaction is broadcast to the network , each peer checks the signature script against the P2SH output Charlie previously paid, ensuring that the redeem script matches the redeem script hash previously provided.
Then the redeem script is evaluated, with the two signatures being used as input data. However, if Alice created and signed a transaction neither of them would agree to, such as spending all the satoshis to herself, Bob and Charlie can find a new arbitrator and sign a transaction spending the satoshis to another 2-of-3 multisig redeem script hash , this one including a public key from that second arbitrator. This means that Bob and Charlie never need to worry about their arbitrator stealing their money.
Alice also works part-time moderating forum posts for Bob. Alas, Bob often forgets to pay her, so Alice demands to be paid immediately after each post she approves or rejects. Bob asks Alice for her public key and then creates two transactions.
The first transaction pays millibitcoins to a P2SH output whose 2-of-2 multisig redeem script requires signatures from both Alice and Bob. This is the bond transaction. Broadcasting this transaction would let Alice hold the millibitcoins hostage, so Bob keeps this transaction private for now and creates a second transaction.
This is the refund transaction. She then asks Bob for the bond transaction and checks that the refund transaction spends the output of the bond transaction. She can now broadcast the bond transaction to the network to ensure Bob has to wait for the time lock to expire before further spending his millibitcoins.
Now, when Alice does some work worth 1 millibitcoin , she asks Bob to create and sign a new version of the refund transaction. Version two of the transaction spends 1 millibitcoin to Alice and the other 99 back to Bob; it does not have a locktime , so Alice can sign it and spend it whenever she wants. Alice and Bob repeat these work-and-pay steps until Alice finishes for the day, or until the time lock is about to expire. Alice signs the final version of the refund transaction and broadcasts it, paying herself and refunding any remaining balance to Bob.
The next day, when Alice starts work, they create a new micropayment channel. If Alice fails to broadcast a version of the refund transaction before its time lock expires, Bob can broadcast the first version and receive a full refund. Transaction malleability , discussed above in the Transactions section, is another reason to limit the value of micropayment channels.
For larger payments, Bitcoin transaction fees are very low as a percentage of the total transaction value, so it makes more sense to protect payments with immediately-broadcast separate transactions.
The bitcoinj Java library provides a complete set of micropayment functions, an example implementation, and a tutorial all under an Apache license. Alice is concerned about her privacy. She knows every transaction gets added to the public block chain , so when Bob and Charlie pay her, they can each easily track those satoshis to learn what Bitcoin addresses she pays, how much she pays them, and possibly how many satoshis she has left. The CoinJoin-style contract, shown in the illustration below, makes this decision easy: They then each generate a brand new public key and give UTXO details and pubkey hashes to the facilitator.
In this case, the facilitator is AnonGirl; she creates a transaction spending each of the UTXOs to three equally-sized outputs. She gives the partially-signed transaction to Nemo who signs his inputs the same way and passes it to Neminem, who also signs it the same way. Neminem then broadcasts the transaction to the peer-to-peer network , mixing all of the millibitcoins in a single transaction.
If Alice does a few more CoinJoins, Bob and Charlie might have to guess which transactions made by dozens or hundreds of people were actually made by Alice. But against anyone casually browsing block chain history, Alice gains plausible deniability. The CoinJoin technique described above costs the participants a small amount of satoshis to pay the transaction fee.
An alternative technique, purchaser CoinJoin, can actually save them satoshis and improve their privacy at the same time. AnonGirl waits in the IRC chatroom until she wants to make a purchase. She announces her intention to spend satoshis and waits until someone else wants to make a purchase, likely from a different merchant.
Then they combine their inputs the same way as before but set the outputs to the separate merchant addresses so nobody will be able to figure out solely from block chain history which one of them bought what from the merchants. An alpha-quality as of this writing implementation of decentralized CoinJoin is CoinMux , available under the Apache license.
A Bitcoin wallet can refer to either a wallet program or a wallet file. Wallet programs create public keys to receive satoshis and use the corresponding private keys to spend those satoshis.
Wallet files store private keys and optionally other information related to transactions for the wallet program. Two wallet programs can work together, one program distributing public keys in order to receive satoshis and another program signing transactions spending those satoshis. Wallet programs also need to interact with the peer-to-peer network to get information from the block chain and to broadcast new transactions.
This leaves us with three necessary, but separable, parts of a wallet system: In the subsections below, we will describe common combinations of these parts. In many cases, P2PKH or P2SH hashes will be distributed instead of public keys , with the actual public keys only being distributed when the outputs they control are spent.
The simplest wallet is a program which performs all three functions: As of this writing, almost all popular wallets can be used as full-service wallets. The main advantage of full-service wallets is that they are easy to use.
A single program does everything the user needs to receive and spend satoshis. The main disadvantage of full-service wallets is that they store the private keys on a device connected to the Internet.
The compromise of such devices is a common occurrence, and an Internet connection makes it easy to transmit private keys from a compromised device to an attacker. To help protect against theft, many wallet programs offer users the option of encrypting the wallet files which contain the private keys.
To increase security, private keys can be generated and stored by a separate wallet program operating in a more secure environment. These signing-only wallets work in conjunction with a networked wallet which interacts with the peer-to-peer network. Signing-only wallets programs typically use deterministic key creation described in a later subsection to create parent private and public keys which can create child private and public keys.
When first run, the signing-only wallet creates a parent private key and transfers the corresponding parent public key to the networked wallet. The networked wallet uses the parent public key to derive child public keys , optionally helps distribute them, monitors for outputs spent to those public keys , creates unsigned transactions spending those outputs , and transfers the unsigned transactions to the signing-only wallet.
After the optional review step, the signing-only wallet uses the parent private key to derive the appropriate child private keys and signs the transactions, giving the signed transactions back to the networked wallet. The networked wallet then broadcasts the signed transactions to the peer-to-peer network.
The following subsections describe the two most common variants of signing-only wallets: Several full-service wallets programs will also operate as two separate wallets: The offline wallet is so named because it is intended to be run on a device which does not connect to any network , greatly reducing the number of attack vectors. If this is the case, it is usually up to the user to handle all data transfer using removable media such as USB drives. Offline Disable all network connections on a device and install the wallet software.
Start the wallet software in offline mode to create the parent private and public keys. Copy the parent public key to removable media. Online Install the wallet software on another device, this one connected to the Internet, and import the parent public key from the removable media. As you would with a full-service wallet , distribute public keys to receive payment. When ready to spend satoshis , fill in the output details and save the unsigned transaction generated by the wallet to removable media.
Offline Open the unsigned transaction in the offline instance, review the output details to make sure they spend the correct amount to the correct address. This prevents malware on the online wallet from tricking the user into signing a transaction which pays an attacker.
After review, sign the transaction and save it to removable media. Online Open the signed transaction in the online instance so it can broadcast it to the peer-to-peer network. The primary advantage of offline wallets is their possibility for greatly improved security over full-service wallets. The primary disadvantage of offline wallets is hassle. For maximum security, they require the user dedicate a device to only offline tasks.
The offline device must be booted up whenever funds are to be spent, and the user must physically copy data from the online device to the offline device and back. Hardware wallets are devices dedicated to running a signing-only wallet. Hardware Create parent private and public keys. Connect hardware wallet to a networked device so it can get the parent public key. Networked As you would with a full-service wallet , distribute public keys to receive payment.
When ready to spend satoshis , fill in the transaction details, connect the hardware wallet , and click Spend. The networked wallet will automatically send the transaction details to the hardware wallet. Some hardware wallets may prompt for a passphrase or PIN number.
The hardware wallet signs the transaction and uploads it to the networked wallet. Networked The networked wallet receives the signed transaction from the hardware wallet and broadcasts it to the network. The primary advantage of hardware wallets is their possibility for greatly improved security over full-service wallets with much less hassle than offline wallets.
The primary disadvantage of hardware wallets is their hassle. Even though the hassle is less than that of offline wallets , the user must still purchase a hardware wallet device and carry it with them whenever they need to make a transaction using the signing-only wallet. An additional hopefully temporary disadvantage is that, as of this writing, very few popular wallet programs support hardware wallets —although almost all popular wallet programs have announced their intention to support at least one model of hardware wallet.
Wallet programs which run in difficult-to-secure environments, such as webservers, can be designed to distribute public keys including P2PKH or P2SH addresses and nothing more. There are two common ways to design these minimalist wallets:. Pre-populate a database with a number of public keys or addresses , and then distribute on request a pubkey script or address using one of the database entries. To avoid key reuse , webservers should keep track of used keys and never run out of public keys.
This can be made easier by using parent public keys as suggested in the next method. Use a parent public key to create child public keys. This can be a database entry for each key distributed or an incrementing pointer to the key index number. Neither method adds a significant amount of overhead, especially if a database is used anyway to associate each incoming payment with a separate public key for payment tracking.
See the Payment Processing section for details. Bitcoin wallets at their core are a collection of private keys. These collections are stored digitally in a file, or can even be physically stored on pieces of paper. Private keys are what are used to unlock satoshis from a particular address. In Bitcoin, a private key in standard format is simply a bit number, between the values:. In order to make copying of private keys less prone to error, Wallet Import Format may be utilized.
WIF uses base58Check encoding on an private key , greatly decreasing the chance of copying error, much like standard Bitcoin addresses. Take a private key. Add a 0x80 byte in front of it for mainnet addresses or 0xef for testnet addresses. Append a 0x01 byte after it if it should be used with compressed public keys described in a later subsection. Nothing is appended if it is used with uncompressed public keys. Convert the result from a byte string into a Base58 string using Base58Check encoding.
The process is easily reversible, using the Base58 decoding function, and removing the padding. Mini private key format is a method for encoding a private key in under 30 characters, enabling keys to be embedded in a small physical space, such as physical bitcoin tokens, and more damage-resistant QR codes.
In order to determine if a mini private key is well-formatted, a question mark is added to the private key. The SHA hash is calculated. This key restriction acts as a typo-checking mechanism.
A user brute forces the process using random numbers until a well-formatted mini private key is produced. In order to derive the full private key , the user simply takes a single SHA hash of the original mini private key. This process is one-way: A common tool to create and redeem these keys is the Casascius Bitcoin Address Utility.
In their traditional uncompressed form, public keys contain an identification byte, a byte X coordinate, and a byte Y coordinate. Secpk1 actually modulos coordinates by a large prime, which produces a field of non-contiguous integers and a significantly less clear plot, although the principles are the same.
No data is lost by creating these compressed public keys —only a small amount of CPU is necessary to reconstruct the Y coordinate and access the uncompressed public key.
Both uncompressed and compressed public keys are described in official secpk1 documentation and supported by default in the widely-used OpenSSL library. However, Bitcoin Core prior to 0.
This creates a few complications, as the hashed form of an uncompressed key is different than the hashed form of a compressed key, so the same key works with two different P2PKH addresses. For this reason, Bitcoin Core uses several different identifier bytes to help programs identify how keys should be used:. Private keys meant to be used with compressed public keys have 0x01 appended to them before being Base encoded.
See the private key encoding section above. These prefix bytes are all used in official secpk1 documentation. The hierarchical deterministic key creation and transfer protocol HD protocol greatly simplifies wallet backups, eliminates the need for repeated communication between multiple programs using the same wallet , permits creation of child accounts which can operate independently, gives each parent account the ability to monitor or control its children even if the child account is compromised, and divides each account into full-access and restricted-access parts so untrusted users or programs can be allowed to receive or monitor payments without being able to spend them.
The HD protocol takes advantage of the ECDSA public key creation function, point , which takes a large integer the private key and turns it into a graph point the public key:. This child public key is the same public key which would be created by the point function if you added the i value to the original parent private key and then found the remainder of that sum divided by a global constant used by all Bitcoin software p:.
This means that two or more independent programs which agree on a sequence of integers can create a series of unique child key pairs from a single parent key pair without any further communication. Moreover, the program which distributes new public keys for receiving payment can do so without any access to the private keys , allowing the public key distribution program to run on a possibly-insecure platform such as a public web server.
Child public keys can also create their own child public keys grandchild public keys by repeating the child key derivation operations:. Whether creating child public keys or further-descended public keys , a predictable sequence of integer values would be no better than using a single public key for all transactions, as anyone who knew one child public key could find all of the other child public keys created from the same parent public key.
Instead, a random seed can be used to deterministically generate the sequence of integer values so that the relationship between the child public keys is invisible to anyone without that seed. The HD protocol uses a single root seed to create a hierarchy of child, grandchild, and other descended keys with unlinkable deterministically-generated integer values. The parent chain code is bits of seemingly-random data. The index number is a bit integer specified by the program. In the normal form shown in the above illustration, the parent chain code , the parent public key , and the index number are fed into a one-way cryptographic hash HMAC-SHA to produce bits of deterministically-generated-but-seemingly-random data.
The seemingly-random bits on the righthand side of the hash output are used as a new child chain code. The seemingly-random bits on the lefthand side of the hash output are used as the integer value to be combined with either the parent private key or parent public key to, respectively, create either a child private key or child public key:.
Specifying different index numbers will create different unlinkable child keys from the same parent keys. Repeating the procedure for the child keys using the child chain code will create unlinkable grandchild keys. Because creating child keys requires both a key and a chain code , the key and chain code together are called the extended key. An extended private key and its corresponding extended public key have the same chain code.
The top-level parent master private key and master chain code are derived from random data, as illustrated below. A root seed is created from either bits, bits, or bits of random data. This root seed of as little as bits is the the only data the user needs to backup in order to derive every key created by a particular wallet program using particular settings. As of this writing, HD wallet programs are not expected to be fully compatible, so users must only use the same HD wallet program with the same HD-related settings for a particular root seed.
The root seed is hashed to create bits of seemingly-random data, from which the master private key and master chain code are created together, the master extended private key. The master public key is derived from the master private key using point , which, together with the master chain code , is the master extended public key.
The master extended keys are functionally equivalent to other extended keys ; it is only their location at the top of the hierarchy which makes them special. Hardened extended keys fix a potential problem with normal extended keys. If an attacker gets a normal parent chain code and parent public key , he can brute-force all chain codes deriving from it. If the attacker also obtains a child, grandchild, or further-descended private key , he can use the chain code to generate all of the extended private keys descending from that private key , as shown in the grandchild and great-grandchild generations of the illustration below.
Perhaps worse, the attacker can reverse the normal child private key derivation formula and subtract a parent chain code from a child private key to recover the parent private key , as shown in the child and parent generations of the illustration above. For this reason, the chain code part of an extended public key should be better secured than standard public keys and users should be advised against exporting even non-extended private keys to possibly-untrustworthy environments.
This can be fixed, with some tradeoffs, by replacing the the normal key derivation formula with a hardened key derivation formula. The normal key derivation formula, described in the section above, combines together the index number, the parent chain code , and the parent public key to create the child chain code and the integer value which is combined with the parent private key to create the child private key.
The hardened formula, illustrated above, combines together the index number, the parent chain code , and the parent private key to create the data used to generate the child chain code and child private key. This formula makes it impossible to create child public keys without knowing the parent private key. Because of that, a hardened extended private key is much less useful than a normal extended private key —however, hardened extended private keys create a firewall through which multi-level key derivation compromises cannot happen.
Because hardened child extended public keys cannot generate grandchild chain codes on their own, the compromise of a parent extended public key cannot be combined with the compromise of a grandchild private key to create great-grandchild extended private keys.
The HD protocol uses different index numbers to indicate whether a normal or hardened key should be generated. Index numbers from 0x00 to 0x7fffffff 0 to 2 31 -1 will generate a normal key; index numbers from 0x to 0xffffffff will generate a hardened key. Bitcoin developers typically use the ASCII apostrophe rather than the unicode prime symbol, a convention we will henceforth follow.
This compact description is further combined with slashes prefixed by m or M to indicate hierarchy and key type, with m being a private key and M being a public key. The following hierarchy illustrates prime notation and hardened key firewalls. Wallets following the BIP32 HD protocol only create hardened children of the master private key m to prevent a compromised child key from compromising the master key. As there are no normal children for the master keys, the master public key is not used in HD wallets.
All other keys can have normal children, so the corresponding extended public keys may be used instead. The HD protocol also describes a serialization format for extended public keys and extended private keys. For details, please see the wallet section in the developer reference or BIP32 for the full HD protocol specification.
Root seeds in the HD protocol are , , or bits of random data which must be backed up precisely. To make it more convenient to use non-digital backup methods, such as memorization or hand-copying, BIP39 defines a method for creating a bit root seed from a pseudo-sentence mnemonic of common natural-language words which was itself created from to bits of entropy and optionally protected by a password.
The passphrase can be of any length. It is simply appended to the mnemonic pseudo-sentence, and then both the mnemonic and password are hashed 2, times using HMAC-SHA, resulting in a seemingly-random bit seed. Because any input to the hash function creates a seemingly-random bit seed, there is no fundamental way to prove the user entered the correct password, possibly allowing the user to protect a seed even when under duress.
For implementation details, please see BIP If the wallet is encrypted, new keys are only generated while the wallet is unlocked. If a new key pair set is generated, used, and then lost prior to a backup, the stored satoshis are likely lost forever.
Many older-style mobile wallets followed a similar format, but only generated a new private key upon user demand.
This wallet type is being actively phased out and discouraged from being used due to the backup hassle. Payment processing encompasses the steps spenders and receivers perform to make and accept payments in exchange for products or services. The basic steps have not changed since the dawn of commerce, but the technology has.
This section will explain how receivers and spenders can, respectively, request and make payments using Bitcoin—and how they can deal with complications such as refunds and recurrent rebilling.
The following subsections will each address the three common steps and the three occasional or optional steps. It is worth mentioning that each of these steps can be outsourced by using third party APIs and services. Because of exchange rate variability between satoshis and national currencies fiat , many Bitcoin orders are priced in fiat but paid in satoshis , necessitating a price conversion.
Several organizations also aggregate data from multiple exchanges to create index prices, which are also available using HTTP-based APIs.
Any applications which automatically calculate order totals using exchange rate data must take steps to ensure the price quoted reflects the current general market value of satoshis , or the applications could accept too few satoshis for the product or service being sold. Alternatively, they could ask for too many satoshis , driving away potential spenders.
To minimize problems, your applications may want to collect data from at least two separate sources and compare them to see how much they differ. If the difference is substantial, your applications can enter a safe mode until a human is able to evaluate the situation. You may also want to program your applications to enter a safe mode if exchange rates are rapidly increasing or decreasing, indicating a possible problem in the Bitcoin market which could make it difficult to spend any satoshis received today.
Exchange rates lie outside the control of Bitcoin and related technologies, so there are no new or planned technologies which will make it significantly easier for your program to correctly convert order totals from fiat into satoshis. Because the exchange rate fluctuates over time, order totals pegged to fiat must expire to prevent spenders from delaying payment in the hope that satoshis will drop in price. Most widely-used payment processing systems currently expire their invoices after 10 to 20 minutes.
Shorter expiration periods increase the chance the invoice will expire before payment is received, possibly necessitating manual intervention to request an additional payment or to issue a refund. Longer expiration periods increase the chance that the exchange rate will fluctuate a significant amount before payment is received. Before requesting payment, your application must create a Bitcoin address , or acquire an address from another program such as Bitcoin Core.
Bitcoin addresses are described in detail in the Transactions section. Also described in that section are two important reasons to avoid using an address more than once —but a third reason applies especially to payment requests:. Using a separate address for each incoming payment makes it trivial to determine which customers have paid their payment requests. Your applications need only track the association between a particular payment request and the address used in it, and then scan the block chain for transactions matching that address.
The next subsections will describe in detail the following four compatible ways to give the spender the address and amount to be paid. For increased convenience and compatibility, providing all of these options in your payment requests is recommended. All wallet software lets its users paste in or manually enter an address and amount into a payment screen. This is, of course, inconvenient—but it makes an effective fallback option.
Almost all desktop wallets can associate with bitcoin: URIs , so spenders can click a link to pre-fill the payment screen. This also works with many mobile wallets , but it generally does not work with web-based wallets unless the spender installs a browser extension or manually configures a URI handler. Most mobile wallets support scanning bitcoin: URIs encoded in a QR code, and almost all wallets can display them for accepting payment. While also handy for online orders, QR Codes are especially useful for in-person purchases.
Special care must be taken to avoid the theft of incoming payments. To specify an amount directly for copying and pasting, you must provide the address , the amount, and the denomination.
An expiration time for the offer may also be specified. Indicating the denomination is critical. Choosing between each unit is widely supported, but other software also lets its users select denomination amounts from some or all of the following options:. URI scheme defined in BIP21 eliminates denomination confusion and saves the spender from copying and pasting two separate values. It also lets the payment request provide some additional information to the spender. Only the address is required, and if it is the only thing specified, wallets will pre-fill a payment request with it and let the spender enter an amount.
The amount specified is always in decimal bitcoins BTC. Two other parameters are widely supported. The message parameter is generally used to describe the payment request to the spender. Both the label and the message must be URI encoded. All four parameters used together, with appropriate URI encoding, can be seen in the line-wrapped example below. The URI scheme can be extended, as will be seen in the payment protocol section below, with both new optional and required parameters.
Programs accepting URIs in any form must ask the user for permission before paying unless the user has explicitly disabled prompting as might be the case for micropayments. QR codes are a popular way to exchange bitcoin: URIs in person, in images, or in videos. Most mobile Bitcoin wallet apps, and some desktop wallets , support scanning QR codes to pre-fill their payment screens. The figure below shows the same bitcoin: The QR code can include the label and message parameters—and any other optional parameters—but they were omitted here to keep the QR code small and easy to scan with unsteady or low-resolution mobile cameras.
The error correction is combined with a checksum to ensure the Bitcoin QR code cannot be successfully decoded with data missing or accidentally altered, so your applications should choose the appropriate level of error correction based on the space you have available to display the code. Low-level damage correction works well when space is limited, and quartile-level damage correction helps ensure fast scanning when displayed on high-resolution screens.
The payment protocol adds many important features to payment requests:. Allows spenders to submit transactions directly to receivers without going through the peer-to-peer network. This can speed up payment processing and work with planned features such as child-pays-for-parent transaction fees and offline NFC or Bluetooth-based payments. To request payment using the payment protocol , you use an extended but backwards-compatible bitcoin: The r parameter tells payment-protocol-aware wallet programs to ignore the other parameters and fetch a PaymentRequest from the URL provided.
An example CGI program and description of all the parameters which can be used in the Payment Protocol is provided in the Developer Examples Payment Protocol subsection. In this subsection, we will briefly describe in story format how the Payment Protocol is typically used.
Charlie, the client, is shopping on a website run by Bob, the businessman. An order total in satoshis , perhaps created by converting prices in fiat to prices in satoshis.
A pubkey script to which Charlie should send payment. URI for Charlie to click to pay. Charlie clicks on the bitcoin: URI in his browser.
The unique public key created for the payment request can be used to create a unique identifier. It then creates a PaymentDetails message with the following information:. The amount of the order in satoshis and the pubkey script to be paid. The time the PaymentDetails message was created plus the time it expires.
That PaymentDetails message is put inside a PaymentRequest message. The Payment Protocol has been designed to allow other signing methods in the future. Among other things, the Payment message contains:. In the case of a dispute, Charlie can generate a cryptographically-proven receipt out of the various signed or otherwise-proven information.
The Bitcoin block chain can prove that the pubkey script specified by Bob was paid the specified number of satoshis. See the Refunds section below for more details. A malicious spender can create one transaction that pays the receiver and a second one that pays the same input back to himself.
Only one of these transactions will be added to the block chain , and nobody can say for sure which one it will be. Two or more transactions spending the same input are commonly referred to as a double spend.
Once the transaction is included in a block , double spends are impossible without modifying block chain history to replace the transaction, which is quite difficult. Using this system, the Bitcoin protocol can give each of your transactions an updating confidence score based on the number of blocks which would need to be modified to replace a transaction.
For each block , the transaction gains one confirmation. Since modifying blocks is quite difficult, higher confirmation scores indicate greater protection. The transaction has been broadcast but is still not included in any block. Zero confirmation transactions unconfirmed transactions should generally not be trusted without risk analysis.
Although miners usually confirm the first transaction they receive, fraudsters may be able to manipulate the network into including their version of a transaction. The transaction is included in the latest block and double-spend risk decreases dramatically. Transactions which pay sufficient transaction fees need 10 minutes on average to receive one confirmation.
However, the most recent block gets replaced fairly often by accident, so a double spend is still a real possibility. The most recent block was chained to the block which includes the transaction. As of March , two block replacements were exceedingly rare, and a two block replacement attack was impractical without expensive mining equipment.
The network has spent about an hour working to protect the transaction against double spends and the transaction is buried under six blocks. Even a reasonably lucky attacker would require a large percentage of the total network hashing power to replace six blocks.
Although this number is somewhat arbitrary, software handling high-value transactions, or otherwise at risk for fraud, should wait for at least six confirmations before treating a payment as accepted. Bitcoin Core provides several RPCs which can provide your program with the confirmation score for transactions in your wallet or arbitrary transactions. For example, the listunspent RPC provides an array of every satoshi you can spend along with its confirmation score.
Although confirmations provide excellent double-spend protection most of the time, there are at least three cases where double-spend risk analysis can be required:. In the case when the program or its user cannot wait for a confirmation and wants to accept unconfirmed payments.
In the case when the program or its user is accepting high value transactions and cannot wait for at least six confirmations or more. In the case of an implementation bug or prolonged attack against Bitcoin which makes the system less reliable than expected.
An interesting source of double-spend risk analysis can be acquired by connecting to large numbers of Bitcoin peers to track how transactions and blocks differ from each other. Some third-party APIs can provide you with this type of service. For example, unconfirmed transactions can be compared among all connected peers to see if any UTXO is used in multiple unconfirmed transactions , indicating a double-spend attempt, in which case the payment can be refused until it is confirmed.
Another example could be to detect a fork when multiple peers report differing block header hashes at the same block height. Your program can go into a safe mode if the fork extends for more than two blocks , indicating a possible problem with the block chain. For more details, see the Detecting Forks subsection. Another good source of double-spend protection can be human intelligence.
For example, fraudsters may act differently from legitimate customers, letting savvy merchants manually flag them as high risk.