Check if a user pays another user for bitcoin website

2

I am creating a bitcoin website. I would rather the bitcoin didn't go through my website to prevent any security issues.

What happens is one user pays another user, and when that happens my website delivers the digital goods instantly.

All I need to do is check if the one user pays the other user. But the problem I can't find a way to do that easily.

I was going to use the blockchain api to check, but if they pay through a website like cryptsy, I can't check because it goes through multiple addresses.

The only solution I've found so far is to make them use the bitcoin wallet, or use an escrow service.

Escrow is my last option, because it always has a fee, and I really want this to be user to user.

I could really use some suggestions!

Thanks!(:

microzee

Posted 2015-03-24T01:35:11.533

Reputation: 21

1You can try to get the user's master public key based in BIP32. Then you can generate public keys for them without knowing their private keys and it solves your problem too. – abeikverdi – 2015-03-24T08:37:59.613

@abeikverdi, you don't need their master public key, there's no reason to give away the public key at the root of the HD wallet tree. The wallet could just as easily give away a sub-branch to the service and still have branches to use for other purposes. – morsecoder – 2015-03-24T12:18:14.703

@StephenM347 How is that possible? How can you generate the next address without knowing the master public key? Can you illuminate me? – abeikverdi – 2015-03-25T07:52:37.373

@abeikverdi, it's just the master public key of a sub branch, basically. It's an element of the HD tree that is master of everything under it, but unlike the root element, has elements above it. I'm not a BIP32 expert, but I'm pretty sure it basically applies that each key in the tree is master of the sub ranch of which it is the root. – morsecoder – 2015-03-25T12:54:04.277

@StephenM347 this is first time that I've heard something like this. I thought that there is only one master public key and you can generate child's public key based on the public key. Didn't know that a child's public key can be user as a master public key for its children. Assuming that this is correct, then everyone can calculate your public keys? – abeikverdi – 2015-03-25T15:41:15.763

Answers

1

I think what you really need here is to be able to, on demand, get a new address for the receiver that is specific to a new order. So, for example, if the receiver of the coins is to get 1 BTC, then you get a new address for that user, associate it with the order, and as soon as it receives the coins you know that this order has been fulfilled.

It may not be so easy to get the user (receiver of funds) to give you a big list of their addresses ahead of time, though. This is where something like BIP32 wallets may come in handy. With Hierarchical Deterministic wallets, you can get an extended public key and generate addresses for someone else as needed without ever needing to know the private keys for those addresses.

Not all wallets are HD wallets, and probably even fewer support getting an xpub to give out to someone for generating new addresses on the wallets behalf. You'd have to do some digging to find a wallet that would let you do this. Obviously, you wouldn't be able to force the payers to use this type of wallet, but if there are relatively few receivers (merchants) you might be able to get them on board with using a more fully-featured HD wallet to receive their payments.

More info: https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki

morsecoder

Posted 2015-03-24T01:35:11.533

Reputation: 13 123

2Electrum version 2.0 and up has BIP32 support, and can export its xpub. Look under Wallet > Master Public Keys – Nick ODell – 2015-03-24T05:15:18.123

@StephenM347 So with this method, the receiver of the coins would have to have this type of wallet. Is there a way that my website could generate an address and that address forwards the bitcoin on to the receiver? Then I would check that address for the transaction. – microzee – 2015-03-24T14:24:03.477

@microzee, you're seeking two competing things. You want to generate the addresses yourself but the user to receive them. But if you generate the address yourself (in the normal way), though, then you have the private key. The right way to do that is to have the user give you a bip32 key, it just requires a 1-time setup from the coins receiver. Most wallets are using or moving toward using HD wallets these days, anyway. – morsecoder – 2015-03-24T14:37:25.920

@StephenM347 I see. New idea, what if I used https://blockchain.info/api/api_receive but instead of using it for a business like it was intended, I create an address for each receiver using this api. Then I check the generated address for a transaction. Once I see a transaction, this address is no longer used and I create another address for their next transaction. Seems to me the easiest way? What are your thoughts on this?

– microzee – 2015-03-24T15:36:42.873