Difference between revisions of "Invoice address"

From Bitcoin Wiki
Jump to: navigation, search
(BIP 179)
 
(96 intermediate revisions by 29 users not shown)
Line 1: Line 1:
[[File:PubKeyToAddr.png|thumb|right|Conversion from ECDSA public key to Bitcoin Address]]
+
A '''Bitcoin invoice address''', or simply '''invoice''', is an identifier of 26-35 alphanumeric characters, beginning with the number <code>1</code>, <code>3</code> or <code>bc1</code> that represents a possible destination for a bitcoin payment.
A '''Bitcoin address''', or simply '''address''', is a string of approximately 33 alphanumeric characters, always beginning with the number 1, that represents a possible destination for a payment. Addresses can be generated at no cost by any user of Bitcoin. For example, using the Bitcoin software, one can click "Get Address" and be assigned an address.  An example of a Bitcoin address is ''175tWpb8K1S7NmH4Zx6rewF9WQrcZv245W''.
+
Invoices can be generated at no cost by any user of Bitcoin.
 +
It is also possible to get a Bitcoin invoice address using an account at an exchange or online wallet service.
  
Like e-mail, you can send Bitcoins to a person by sending Bitcoins to their address.  Somewhat unlike e-mail, one person can have an unlimited number of different Bitcoin addresses. A unique address for each transaction is recommended as a best practice, and enhances anonymity when using the system.
+
There are currently three [[List_of_address_prefixes|invoice address formats]] in use:
 +
# [[Transaction#Pay-to-PubkeyHash|P2PKH]] which begin with the number <code>1</code>, eg: <code>1BvBMSEYstWetqTFn5Au4m4GFg7xJaNVN2</code>.<!-- tails donation address -->
 +
# [[Pay_to_script_hash|P2SH]] type starting with the number <code>3</code>, eg: <code>3J98t1WpEZ73CNmQviecrnyiWrnqRhWNLy</code><!-- anyone-can-spend, null script -->.
 +
# [[Bech32]] type starting with <code>bc1</code>, eg: <code>bc1qar0srrr7xfkvy5l643lydnw9re59gtzzwf5mdq</code>.<!--some example LN wallet-->
  
Creating addresses can be done without any contact with the Bitcoin network.  An address is simply a cryptographic representation of a random number. Technically, it is a 160-bit hash of the public portion of a public/private [[Wikipedia:Elliptic_Curve_DSA|ECDSA]] keypair. Using some mathemagic, you can "sign" data with your private key and anyone who knows your public key can verify that the signature is valid. See the [[Wikipedia:Public-key_cryptography|Wikipedia article]] for more information about how this works. See [[Protocol_specification#Addresses|protocol specification]] for details on how a bitcoin address is formed.
+
==A Bitcoin invoice address is a single-use token==
 +
Like e-mail addresses, you can send bitcoins to a person by sending bitcoins to one of their invoice addresses.
 +
However, ''unlike'' e-mail addresses, people have many different Bitcoin invoice addresses and [[Address reuse|for privacy and security reasons]] a unique invoice should be used for each transaction.
 +
Most Bitcoin software and websites will help with this by generating a brand new invoice each time you create an invoice or payment request.
  
A new keypair is generated for each receiving address. Bitcoin addresses (the public keys) and their associated private keys are stored in the [[wallet]] data file. This is the only file you need to [[backup|back up]]. A "send" transaction to a specific Bitcoin address requires that the corresponding private key exist in the recipient's wallet. This has the implication that if you create a receiving address and receive coins to that address, then restore the wallet from an earlier backup, before the address was generated, then the coins associated with that address are lost.  Addresses are added to an address [[key pool]] prior to being used for receiving coins. If you lose your wallet entirely, all of your coins are lost and can never be recovered.
+
A naive way to accept bitcoin as a merchant is to tell your customers to send money to a single invoice address. However this does not work because Bitcoin transactions are public on the [[block chain]], so if a customer Alice sends you bitcoins then a malicious agent Bob could see that same transaction and send you an email claiming that he paid. You would have no way of knowing whether it was Alice or Bob who send coins to your invoice. This is why each customer must be given a brand new invoice.
  
"Generate" transactions happen in the same way as a send transaction: each batch of 50 generated coins is "sent" to a unique address that you generate just for that purpose. These addresses are also stored in your wallet, but they are not shown in the "your receiving addresses" section.
+
==Invoices can be created offline==
 +
Creating invoices can be done without an Internet connection and does not require any contact or registration with the Bitcoin network.
 +
It is possible to create large batches of invoices offline using freely available software tools.
 +
Generating batches of invoices is useful in several scenarios, such as e-commerce websites where a unique pre-generated invoice address is dispensed to each customer who chooses a "pay with Bitcoin" option.
 +
Newer [[Deterministic wallet | "HD wallets"]] can generate a "master public key" token which can be used to allow untrusted systems (such as webservers) to generate an unlimited number of invoices without the ability to spend the bitcoins received.
  
Bitcoin allows you to create as many addresses as you want, and each one is completely separate. There is no "master address": the "Your Bitcoin address" area in the Bitcoin UI has no special importance. It's only there for your convenience, and it will change automatically from time to time to enhance your anonymity. All of your other addresses will continue to work forever. They're listed in the "your receiving addresses" section. Each address takes up only about 500 bytes, so having a large number of addresses in your wallet is generally not a problem.
+
==Invoice addresses are often case sensitive and exact==
 +
Old-style Bitcoin invoice addresses are case-sensitive.  Bitcoin invoices should be copied and pasted using the computer's clipboard wherever possible. If you hand-key a Bitcoin invoice address, and each character is not transcribed exactly - including capitalization - the incorrect invoice address will most likely be rejected by the Bitcoin software. You will have to check your entry and try again.
  
Bitcoin addresses contain a built-in check code, so it's generally not possible to send Bitcoins to a mistyped address. However, if the address is well-formed but no one owns it (or the owner lost their wallet.dat), any coins sent to that address will be lost forever.
+
The probability that a mistyped invoice is accepted as being valid is 1 in 2<sup>32</sup>, that is, approximately 1 in 4.29 billion.
  
Addresses can contain all alphanumeric characters except 0, O, I, and l. Normal addresses currently always start with 1, though this might change in a future version. Testnet addresses usually start with ''m'' or ''n''. Mainline addresses can be 25-34 characters in length, and testnet addresses can be 26-34 characters in length. Most addresses are 33 or 34 characters long, though.
+
New-style [[bech32]] invoices are case insensitive.
  
It is also possible to send Bitcoins directly to an [[IP address]].
+
==Proving you receive with an invoice address==
 +
Most Bitcoin wallets have a function to "sign" a message, proving the entity receiving funds with an invoice has agreed to the message.
 +
This can be used to, for example, finalise a contract in a cryptographically provable way prior to making payment for it.
  
Since Bitcoin addresses are basically random numbers, it is possible, although extremely unlikely, for two people to independently generate the same address. This is called a [[Wikipedia:Collision_(computer_science)|collision]]. If this happens, then  both the original owner of the address and the colliding owner could spend money sent to that address. It would not be possible for the colliding person to spend the original owner's entire wallet (or vice versa). If you were to intentionally try to make a collision, it would currently take 2^107 times longer to generate a colliding Bitcoin address than to generate a block. As long as the signing and hashing algorithms remain cryptographically strong, it will likely always be more profitable to collect generations and [[transaction fee|transaction fees]] than to try to create collisions.
+
Some services will also piggy-back on this capability by dedicating a specific invoice address for authentication only, in which case the invoice address should never be used for actual Bitcoin transactions.
 +
When you login to or use their service, you will provide a signature proving you are the same person with the pre-negotiated invoice address.
  
==How to create Bitcoin Address==
+
It is important to note that these signatures only prove one receives with an invoice.
 +
Since Bitcoin transactions do not have a "from" address, you cannot prove you are the ''sender'' of funds.
  
1 - Take a public key (65 bytes, 1 byte 0x04, 32 bytes corresponding to X coordinate, 32 bytes corresponding to Y coordinate)
+
Current standards for message signatures are only compatible with "version zero" bitcoin invoice addresses (that begin with the number 1).
    04678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb649f6bc3f4cef38c4f35504e51ec112de5c384df7ba0b8d578a4c702b6bf11d5f
 
2 - Perform SHA-256 hashing on the public key
 
    261c1eb21fc4708c6acbe1cfc6d4565652e9e768b620782898936b93000a6c02
 
3 - Perform RIPEMD-160 hashing on the result of SHA-256
 
    62e907b15cbf27d5425399ebf6f0fb50ebb88f18
 
4 - Add network byte in front of RIPEMD-160 hash (0x00 for Main Network)
 
    0062e907b15cbf27d5425399ebf6f0fb50ebb88f18
 
5 - Perform SHA-256 hash on the extended RIPEMD-160 result
 
    9b90f16de7f0e580c07735dac15ffe23e2f8f8e103914e509aa91913ffdb9fb6
 
6 - Perform SHA-256 hash on the result of the previous SHA-256 hash
 
    c29b7d937e3049e279391e62fdf00c12def7444013ddf6215808d10e9f2d5996
 
7 - Take the first 4 bytes of the second SHA-256 hash. This is the address checksum
 
    c29b7d93
 
8 - Add the 4 checksum bytes from point 7 at the end of extended RIPEMD-160 hash from point 4. This is the 25-byte binary Bitcoin Address.
 
    0062e907b15cbf27d5425399ebf6f0fb50ebb88f18c29b7d93
 
9 - Convert the result from point 8 into base58 string. This is the most commonly used Bitcoin Address format
 
    1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa
 
  
 +
==Invoice address validation==
 +
If you would like to validate a Bitcoin invoice address in an application, it is advisable to use a method from [https://bitcointalk.org/index.php?topic=1026.0 this thread] rather than to just check for string length, allowed characters, or that the invoice starts with a 1 or 3.  Validation may also be done using open source code available in [http://rosettacode.org/wiki/Bitcoin/address_validation various languages] or with an [http://lenschulwitz.com/base58 online validating tool].
 +
 +
==[[Multisignature|Multi-signature]] invoice addresses==
 +
Invoices can be created for keys that require a combination of multiple private keys.
 +
Since these take advantage of newer features, they begin with the newer prefix of 3 or bc1 instead of the older 1.
 +
These can be thought of as the equivalent of writing a check to two parties - "pay to the order of somebody AND somebody else" - where both parties must endorse the check in order to receive the funds.
 +
 +
The actual requirement (number of private keys needed, their corresponding public keys, etc.) that must be satisfied to spend the funds is decided in advance by the person generating this type of invoice, and once an invoice is created, the requirement cannot be changed without generating a new invoice.
 +
 +
==What's in an invoice==
 +
Most Bitcoin invoice addresses are 34 characters.
 +
They consist of random digits and uppercase and lowercase letters, with the exception that the uppercase letter "O", uppercase letter "I", lowercase letter "l", and the number "0" are never used to prevent visual ambiguity.
 +
 +
Some Bitcoin invoice addresses can be shorter than 34 characters (as few as 26) and still be valid.
 +
A significant percentage of Bitcoin invoice addresses are only 33 characters, and some invoices may be even shorter.
 +
Technically, every Bitcoin invoice stands for a number.
 +
These shorter invoices are valid simply because they stand for numbers that happen to start with zeroes, and when the zeroes are omitted, the encoded invoice address gets shorter.
 +
 +
Several of the characters inside a Bitcoin invoice are used as a checksum so that typographical errors can be automatically found and rejected.
 +
The checksum also allows Bitcoin software to confirm that a 33-character (or shorter) invoice is in fact valid and isn't simply an invoice with a missing character.
 +
 +
==Testnet==
 +
Invoice addresses on the Bitcoin Testnet are generated with a different prefix.
 +
See [[List of address prefixes]] and [[Testnet]] for more details.
 +
 +
==Misconceptions==
 +
===Address reuse===
 +
 +
Invoice addresses are not intended to be used more than once, and doing so has numerous problems associated.
 +
See the dedicated article on [[address reuse]] for more details.
 +
 +
===Address balances===
 +
 +
Invoice addresses are not wallets nor accounts, and do not carry balances.
 +
They only receive funds, and you do not send "from" an address at any time.
 +
Various confusing services and software display ''bitcoins received with an invoice address, minus bitcoins sent in random unrelated transactions'' as an "address balance", but this number is not meaningful: it does not imply the recipient of the bitcoins sent to the address has spent them, nor that they still have or don't have the bitcoins received.
 +
 +
An example of bitcoin loss resulting from this misunderstanding is when people believed their invoice address contained 3 BTC. They spent 0.5 BTC and believed the address now contained 2.5 BTC when actually it contained zero. The remaining 2.5 BTC was transferred to a "change address" which was not backed up and therefore lost. This has happened on a few occasions to users of [[Paper wallets]].
 +
 +
==="From" addresses===
 +
Bitcoin transactions do not have any kind of origin-, source- or "from" address. See the dedicated article on "[[From address|from address]]" for more details.
 +
 +
 +
==Address map==
 +
[[File:Address map.jpg|700px]]
 +
 +
 +
==See Also==
 +
* [[Technical background of Bitcoin addresses]]
 +
* [[List of address prefixes]]
 +
* [[Exit Address]]
 +
 +
== References ==
 +
<references/>
  
[[Category:Technical]]
 
 
[[Category:Vocabulary]]
 
[[Category:Vocabulary]]
 +
 +
[[es:Dirección]]
 +
[[de:Adresse]]

Latest revision as of 18:54, 23 October 2020

A Bitcoin invoice address, or simply invoice, is an identifier of 26-35 alphanumeric characters, beginning with the number 1, 3 or bc1 that represents a possible destination for a bitcoin payment. Invoices can be generated at no cost by any user of Bitcoin. It is also possible to get a Bitcoin invoice address using an account at an exchange or online wallet service.

There are currently three invoice address formats in use:

  1. P2PKH which begin with the number 1, eg: 1BvBMSEYstWetqTFn5Au4m4GFg7xJaNVN2.
  2. P2SH type starting with the number 3, eg: 3J98t1WpEZ73CNmQviecrnyiWrnqRhWNLy.
  3. Bech32 type starting with bc1, eg: bc1qar0srrr7xfkvy5l643lydnw9re59gtzzwf5mdq.

A Bitcoin invoice address is a single-use token

Like e-mail addresses, you can send bitcoins to a person by sending bitcoins to one of their invoice addresses. However, unlike e-mail addresses, people have many different Bitcoin invoice addresses and for privacy and security reasons a unique invoice should be used for each transaction. Most Bitcoin software and websites will help with this by generating a brand new invoice each time you create an invoice or payment request.

A naive way to accept bitcoin as a merchant is to tell your customers to send money to a single invoice address. However this does not work because Bitcoin transactions are public on the block chain, so if a customer Alice sends you bitcoins then a malicious agent Bob could see that same transaction and send you an email claiming that he paid. You would have no way of knowing whether it was Alice or Bob who send coins to your invoice. This is why each customer must be given a brand new invoice.

Invoices can be created offline

Creating invoices can be done without an Internet connection and does not require any contact or registration with the Bitcoin network. It is possible to create large batches of invoices offline using freely available software tools. Generating batches of invoices is useful in several scenarios, such as e-commerce websites where a unique pre-generated invoice address is dispensed to each customer who chooses a "pay with Bitcoin" option. Newer "HD wallets" can generate a "master public key" token which can be used to allow untrusted systems (such as webservers) to generate an unlimited number of invoices without the ability to spend the bitcoins received.

Invoice addresses are often case sensitive and exact

Old-style Bitcoin invoice addresses are case-sensitive. Bitcoin invoices should be copied and pasted using the computer's clipboard wherever possible. If you hand-key a Bitcoin invoice address, and each character is not transcribed exactly - including capitalization - the incorrect invoice address will most likely be rejected by the Bitcoin software. You will have to check your entry and try again.

The probability that a mistyped invoice is accepted as being valid is 1 in 232, that is, approximately 1 in 4.29 billion.

New-style bech32 invoices are case insensitive.

Proving you receive with an invoice address

Most Bitcoin wallets have a function to "sign" a message, proving the entity receiving funds with an invoice has agreed to the message. This can be used to, for example, finalise a contract in a cryptographically provable way prior to making payment for it.

Some services will also piggy-back on this capability by dedicating a specific invoice address for authentication only, in which case the invoice address should never be used for actual Bitcoin transactions. When you login to or use their service, you will provide a signature proving you are the same person with the pre-negotiated invoice address.

It is important to note that these signatures only prove one receives with an invoice. Since Bitcoin transactions do not have a "from" address, you cannot prove you are the sender of funds.

Current standards for message signatures are only compatible with "version zero" bitcoin invoice addresses (that begin with the number 1).

Invoice address validation

If you would like to validate a Bitcoin invoice address in an application, it is advisable to use a method from this thread rather than to just check for string length, allowed characters, or that the invoice starts with a 1 or 3. Validation may also be done using open source code available in various languages or with an online validating tool.

Multi-signature invoice addresses

Invoices can be created for keys that require a combination of multiple private keys. Since these take advantage of newer features, they begin with the newer prefix of 3 or bc1 instead of the older 1. These can be thought of as the equivalent of writing a check to two parties - "pay to the order of somebody AND somebody else" - where both parties must endorse the check in order to receive the funds.

The actual requirement (number of private keys needed, their corresponding public keys, etc.) that must be satisfied to spend the funds is decided in advance by the person generating this type of invoice, and once an invoice is created, the requirement cannot be changed without generating a new invoice.

What's in an invoice

Most Bitcoin invoice addresses are 34 characters. They consist of random digits and uppercase and lowercase letters, with the exception that the uppercase letter "O", uppercase letter "I", lowercase letter "l", and the number "0" are never used to prevent visual ambiguity.

Some Bitcoin invoice addresses can be shorter than 34 characters (as few as 26) and still be valid. A significant percentage of Bitcoin invoice addresses are only 33 characters, and some invoices may be even shorter. Technically, every Bitcoin invoice stands for a number. These shorter invoices are valid simply because they stand for numbers that happen to start with zeroes, and when the zeroes are omitted, the encoded invoice address gets shorter.

Several of the characters inside a Bitcoin invoice are used as a checksum so that typographical errors can be automatically found and rejected. The checksum also allows Bitcoin software to confirm that a 33-character (or shorter) invoice is in fact valid and isn't simply an invoice with a missing character.

Testnet

Invoice addresses on the Bitcoin Testnet are generated with a different prefix. See List of address prefixes and Testnet for more details.

Misconceptions

Address reuse

Invoice addresses are not intended to be used more than once, and doing so has numerous problems associated. See the dedicated article on address reuse for more details.

Address balances

Invoice addresses are not wallets nor accounts, and do not carry balances. They only receive funds, and you do not send "from" an address at any time. Various confusing services and software display bitcoins received with an invoice address, minus bitcoins sent in random unrelated transactions as an "address balance", but this number is not meaningful: it does not imply the recipient of the bitcoins sent to the address has spent them, nor that they still have or don't have the bitcoins received.

An example of bitcoin loss resulting from this misunderstanding is when people believed their invoice address contained 3 BTC. They spent 0.5 BTC and believed the address now contained 2.5 BTC when actually it contained zero. The remaining 2.5 BTC was transferred to a "change address" which was not backed up and therefore lost. This has happened on a few occasions to users of Paper wallets.

"From" addresses

Bitcoin transactions do not have any kind of origin-, source- or "from" address. See the dedicated article on "from address" for more details.


Address map

Address map.jpg


See Also

References