I have written two BIPs (Bitcoin Improvement Proposal), BIP120 and BIP121, that specify how a wallet can prove that it has made a payment. This blog post takes a stab at explaining this process.
If you want to play with this, install Mycelium on android and go to my demo site and try it out! The stylesheets are AWESOME!
There are several interesting use cases for Proof of Payment. Here I will explain a scenario that would greatly improve the user experience on services like Netflix. Today the user must first have a user account (username+password). Then, after logging in, typically on a laptop or phone, a payment must be made. Netflix will associate the payment with the username. When the user wants to connect his Netflix-enabled TV to Netflix, he gets an activation code on the TV screen. Then he must login on a computer and enter the activation code.
Instead I suggest that Netflix start accepting bitcoin and make use of Proof of Payment. This would allow them to accept payments without user accounts or email-address. Nothing but the payment is needed. Here's how it might look:
Ok, so that's the big picture. The TV wants to login to Netflix. Netflix replies with a Proof of Payment request. The wallet will scan it and send the required proof. Netflix receives the proof and validates, then lets the TV in.
That's fine, but how does it really work? The process actually begin when the user pays for the service. We have two phases:
Here's the payment phase in detail. There's nothing new about it, it's just an ordinary payment.
Now Netflix has received and recorded a payment T. Please note the label=Netflix
parameter in the bitcoin URI. Wallets will keep the label parameter and associate it with the payment. So the wallet now has a transaction T with a connected label "Netflix". That label will be used in the proving phase:
In step 6 we transfer a PoP request. It contains a nonce, a transaction hint (in this case label) and a destination. The transaction hint is used by the wallet to identify the transaction after step 7. Different transaction hints can be used, for example amount and txid. The wallet will create a data structure, PoP, containing the nonce and the transaction id of T. It will then sign the PoP with the same keys that once signed T. This is how the wallet proves that it has made the payment T. Only the wallet with the keys that signed T will be able to produce the proof.
After the PoP is sent to Netflix in step 8, Netflix will do a few things to verify the pop as seen in the checklist in the picture. If these conditions are met, the TV will be granted access to Netflix.
Besides this being a slick user experience, Netflix does not have to store any personal information about you that WILL end up in wrong hands eventually.
Please let me know what awesome use cases you come up with. Just leave a comment below, or shout out on twitter. I'm @kallerosenbaum. Thanks.