How does one checks which customer made a payment?

4

1

One question I'm not able to properly answer when asked is

How exactly can the blockchain verify the identity of the user without a centralized trusted party such as VeriSign?

I know this is done in a decentralized way and the ECDSA algorithm should do the trick, but other applications still need a centralized trusted party in order to verify if the user is really who he says he is even when they're using ECDSA as well.

But how exactly can I guarantee that nobody can pretend to be someone else and spend their bitcoin instead?

Yes, I know the basic of how public-key cryptography works, but Information Security is not strong with me.


Edit: let me explore the question further.

Suppose I own a coffee house with intense flow of customers. How can I be sure about costumers that had already paid and others how didn't pay?

Let's say that Bob and Anna are my customers. Bob orders a Macchiato, Anna orders a Capuccino. Both coffees have the same price. How can I know which payment came from each one of them?

Henrique Barcelos

Posted 2016-02-05T13:50:36.393

Reputation: 421

Answers

8

Do you really care which customer paid, or do you care which bill was paid?

Say you have customers Anna and Bob, who both order something. Bob notices he's out of money, so Anna says she'll pay for both. If you really want the sender to reveal their identity, your system would already fail, as Bob never pays anything.

In almost all cases, all you care about is which bill is paid, and you have no need for the payer's identities (which could be a privacy violation in some cases).

The normal way to do this in practice is by creating a new payment address for each payment you want to receive. You track which bill was paid by tracking at which addresses you received money. Creating new addresses is very cheap, and they are sufficiently long that it is exceedingly unlikely that the same one will ever be produced twice.

Pieter Wuille

Posted 2016-02-05T13:50:36.393

Reputation: 64 874

It would be good to also make clear how vast the bitcoin address space is: there are so many possible addresses available that you can easily create a new address for each new bill without worry that you will run out of new addresses. – Vilhelm Gray – 2016-02-05T16:26:29.357

This could for example be done with a reference to Is each Bitcoin address unique?

– Murch – 2016-02-05T17:38:13.907

You should care who paid for it. As a former e-commerce site owner, we were always concerned that someone would fraudulently pay for goods with someone else's money, as that resulted in lost money for us (restocking, shipping fees, labor time spent dealing with banks, etc). – corsiKa – 2016-02-05T18:45:04.530

@corsiKa Sure, for something like that. In a retail setting like the coffee house mentioned here, it really doesn't matter very much, unless you want to be able to call out the customer's name when their order is ready. – Michael Hampton – 2016-02-05T20:32:40.813

2@corsiKa: A good (or bad) feature of Bitcoin is that if someone fraudulently pays you for goods using someone else's money, you still get to keep the money: there is no technical way for the rightful owner to claw back the funds from you. Just like cash, there are no chargebacks. So in that sense, you actually don't have to care who paid. – Nate Eldredge – 2016-02-06T03:18:20.720

@corsiKa: in the case of Bitcoin, if someone can spend your money, then that means you have been careless with your private key. With no government to enforce law, and the mathematics making law enforcement pointless, it's your own fault for not taking better care of your private key. – Lie Ryan – 2016-02-06T10:57:56.153

5

The payer's identity is often irrelevant in Bitcoin payments. The important check is that the payment was authorized by the owner. In Bitcoin, whoever controls the private key owns the funds, and therefore it is sufficient that the transaction was signed with the correct private key (which is a given for a valid transaction).

What's important to the shop owner is to know that they got paid. As Bitcoin payments are irreversible, it's not important whether Bob gives his name, just like the barista wouldn't care to get Bob's name when Bob walks into the café and pays for a Macchiato with cash.

To distinguish payments, you give out a new receiving address for each invoice. That way, when an address receives money, you know which invoice was settled. Luckily, the Bitcoin address space is sufficiently huge that everyone can make as many addresses as they need.

Murch

Posted 2016-02-05T13:50:36.393

Reputation: 51 063

3

Different orders have different Bitcoin payment addresses.

The order is paid when the address in question receives the requested amount of Bitcoins.

Mikko Ohtamaa

Posted 2016-02-05T13:50:36.393

Reputation: 2 407

2

The only practical way to verify the identity of a user is to make the user sign something with their private key. The only identity information that you get at that point is that the user has access to the private key. On the bitcoin blockchain, the owner of the private key is the only one that can move the bitcoins locked to that key because a signature is needed to do so. Essentially, if you try to pretend to be someone else, you won't succeed since you won't be able to produce a signature.

Jimmy Song

Posted 2016-02-05T13:50:36.393

Reputation: 7 330

1

simple answer: give each customer your different address

never reuse addresses

Anlhord Smithson

Posted 2016-02-05T13:50:36.393

Reputation: 149