Allow sending bitcoins by email or text message (BWS assisted transactions)

[xbtdev]

Coinbase, Circle, and Blockchain.info wallets allow sending bitcoin to email addresses or by text message. BWS already supports notification emails. Why not also support server-assisted bitcoin transactions by text or email? The funds must be 'claimed' by the recipient within a certain timeframe or they are returned to the sender.

I know you've just introduced an Address book feature... this is great, but I always hesitate to send bitcoin to someone's previously used bitcoin address because of the chance that they might have switched wallets or otherwise deleted their private key. So usually sending bitcoins requires waiting for my recipient to reply back with a bitcoin address.

Allowing users to email or text bitcoin greatly increases the ease of bringing new people into the bitcoin world. Receiving bitcoins by email or text would be a great onboarding opportunity for people who have never used bitcoin.

[dabura667]

+1 Sounds like a great feature. The only problem would be how to deal with locking funds.

I would suggest maybe generating a certain specific path of your xprv (maybe this could be added as a BIP?) and send the amount to that address and "hide" it from copay (while still managing it with BWS)

The only downside would be that, in order to send the BTC to the newly created Copay wallet, the original sender would need to log back in to Copay in order to sign the transaction...

This would mean the user who received the email would get a notice upon wallet creation: "Great, welcome to Copay. Now tell your friend to open their Copay app and enter their password (if they have one) when prompted. Your BTC will arrive shortly thereafter." and wait for the original sender.

I know Coinbase and Circle control your private keys, so it makes sense... but I have always wondered how blockchain.info works. Since the user constantly has control of the private keys.

[xbtdev]

+1 Sounds like a great feature. The only problem would be how to deal with locking funds.

I think sending funds to an address controlled by BWS until funds are claimed by the recipient is an acceptable solution. But moneypacket.org and blockchain.info are examples of non-server-trusted solutions. MoneyPacket.org tries to create a concept of bitcoin as a file that can be attached to emails. Both moneypacket and blockchain.info keep the original sender in control of the private keys until the funds are claimed.

Avoiding key leakage

I would suggest maybe generating a certain specific path of your xprv (maybe this could be added as a BIP?) and send the amount to that address and "hide" it from copay (while still managing it with BWS)

Leaking a child private key can compromise the entire HD wallet (bip 32 is not leak tolerant.) We would need to generate and store these keys separately from the user's personal HD wallet.

Unfortunately, in all existing HD wallets—including BIP32 wallets—an attacker can easily recover the master private key given the master public key and any child private key. (source: https://eprint.iacr.org/2014/998.pdf )

[dabura667]

Leaking a child private key can compromise the entire HD wallet (bip 32 is not leak tolerant.)

You are talking of non-hardened keys. Hardened keys are leak tolerant, but do not allow for public only derivation.

Either way, I was not talking about sending the private key to them, I was talking about waiting til the user creates a wallet with Copay, then once they do, the NEXT TIME THE SENDER OPENS COPAY they get a pop up saying "hey, remember that money you sent to xyz@xyz.com, they created a copay wallet, so do you still want to send?" and when you click yes, your local device signs the transaction and transfers the bitcoin to an address controlled by your friend.

Having the money promised in the E-mail as soon as you boot up the app would be nice, but the whole idea of splitting BWS from insight and moving wallet storage to local was to remove private key responsibility from the server.

[xbtdev]

Either way, I was not talking about sending the private key to them, I was talking about waiting til the user creates a wallet with Copay, then once they do, the NEXT TIME THE SENDER OPENS COPAY they get a pop up saying "hey, remember that money you sent to xyz@xyz.com, they created a copay wallet, so do you still want to send?" and when you click yes, your local device signs the transaction and transfers the bitcoin to an address controlled by your friend.

Ok. That makes sense. This is a 100x improvement from no option to send by email or text. I still think I'd prefer a slightly less-secure more-user-friendly method without the back-and-forth steps.

[xbtdev]

Problem sending bitcoin to phone contacts

• I have about 900 people in my phone's contacts
• About 850 of them have a phone number that I could text
• About 700 of them have an email address I could email
• 0 of them have a bitcoin address (in my contacts list)

What about friends who use bitcoin?

• I know at least 50 friends who use bitcoin.
• Maybe I've sent bitcoin to 15 of them. I'd have to look and maybe I could find their addresses.
• There is no way I would have 'on file' the bitcoin address for the other 35.
• If I needed to send 1 bitcoin to one of those 15 friends there isn't a chance I'd just send it off to an address I used two months ago.

Problems sending bitcoin to people with known bitcoin address

• They might have switched to a new wallet
• They probably wouldn't get any alert that I had sent them a payment
• They wouldn't know who sent them bitcoin if they did see it come in
• Address reuse is a privacy nightmare

Global reach

• Estimated email users 2.6 billion
• Estimated people have access to a cell phone 6 billion.
• Estimated people who have a bitcoin wallet: 5 million
• People who have a typable alias verified to link to their wallet: 32,000

My favorite solutions

• Send bitcoin to email address. Its only as secure as their email account, until its claimed to a wallet.
• Send bitcoin by text. Only as secure as their phone, until claimed to a wallet.
• Onename IDs. Great for the 32,000 people who use it. But they need reusable payment codes (Bip47) and about 3 billion more registered users.
• One-Time-Tip links (like ChangeTip uses). I think these are brilliant. Very easy to use, easy to claim, easy to send by any method (FB, Skype, LinkedIn, Email, Text, etc.)

[xbtdev]

Having the money promised in the E-mail as soon as you boot up the app would be nice, but the whole idea of splitting BWS from insight and moving wallet storage to local was to remove private key responsibility from the server.

Another option would be to email directly from the user's device (not throught the BWS server).

• User clicks "Send bitcoins by email" button.
• User enters amount to send, clicks "Next"
• Copay then (1) generates hardened key, (2) sends specified amount to this private key, (3) creates a wallet.copay file containing this key, (4) opens default email client compose window and attaches the wallet.copay file to a new email and includes instructions in the email body for how to download copy and open the attachment.
• User enters recipient's email address and sends email (from their default email client).

The whole thing is reminiscent of the "Export wallet" feature in copay, with a different UX designed around sending a specific amount of bitcoin by email.