Bitcoin Privacy Improves With BTCPay Server's P2EP Implementation
Blockstream Research

Bitcoin Privacy Improves With BTCPay Server's P2EP Implementation

Samson Mow, Daniel Williams

Today we’re excited to share that the BTCPay Server suite has implemented support for Pay to Endpoint (P2EP), bringing enhanced privacy for Bitcoin transactions to tens of thousands of merchants around the world. BTCPay Server is a self-hosted Bitcoin payments processor which is open-source, private, censorship-resistant, and free.

Wizards Assemble

P2EP is the result of a workshop Blockstream organized in 2018 where Bitcoin developers and researchers from around the world brainstormed ways to improve privacy and fungibility in Bitcoin. Among the attendees were Blockstream’s Dr Adam Back, Matthew Haywood, Tim Ruffing, and independent researchers Adam Gibson, Adam Fiscor, Danger Shony, and others that wish to remain anonymous.

Over the course of a week, the attendees evaluated existing Bitcoin privacy technologies and formulated some possible new ones. Ultimately, the group came up with the all-new P2EP, also known as “PayJoin.”

Taking Back Bitcoiners’ Privacy

Due to the public nature of the Bitcoin blockchain, third parties can analyse Bitcoin’s transaction history to determine potential links between transactions. This harms fungibility, a critical property of money and erodes users’ privacy.

For example, the history of a bitcoin can be traced back an arbitrary number of transactions and labeled as “suspicious” by blockchain analysis companies. Taken to the extreme, bitcoins may even be labeled as “unacceptable” for merchants and exchanges, making them more difficult for the owner of the bitcoins to spend.

P2EP Overview

P2EP transactions are a special form of CoinJoin. CoinJoin was first described by Greg Maxwell, and uses the existing capabilities of Bitcoin to implement privacy-boosting transactions without any protocol-level changes. A CoinJoin combines multiple spenders’ payments into one larger Bitcoin transaction, making it difficult for blockchain analysts to determine who is sending a transaction to who.

P2EP transactions are special in that both the sender and the receiver of the payment coordinate to build the Bitcoin transaction (similar to the method originally used by Satoshi Nakamoto for Bitcoin payments). Unlike a regular Bitcoin transaction, where only the sender spends from their wallet, a P2EP transaction packages up inputs from both the sender and the receiver, with the receiver sending extra bitcoins to themselves.

How a P2EP transaction compares to a regular Bitcoin transaction

Armed with P2EP-enabled wallets, users will be able to initiate P2EP transactions in a similar way as they make regular Bitcoin transactions. As usual, the sender scans a QR code provided by the receiver to initiate the payment. The magic happens when the sender’s P2EP-enabled wallet detects the P2EP endpoint parameter in the QR code, at which point it establishes a connection with the receiver’s wallet to automatically coordinate the P2EP payment. After the receiver’s wallet adds an input to the transaction (near-instant), the sender must sign the transaction for a second time before broadcasting to the Bitcoin network.

Some of the advantages of P2EP include:

  • Two-way privacy: Both the senders and receivers are provided greater privacy.
  • No fingerprint: Unlike a traditional, fixed-denomination CoinJoin transaction, there is no obvious ‘fingerprint’ for P2EP transactions. Regular and P2EP transactions look identical on the blockchain, meaning even minimal adoption of P2EP grants regular, ‘non-P2EP’ transactions improved privacy.
  • Breaks blockchain analysis heuristics: P2EP breaks both the ‘common wallet ownership’ assumption and subset-sum analysis.
  • Reduces blockchain bloat: The receiver can use P2EP to consolidate their UTXO set, helping reduce ‘UTXO bloat’ on the Bitcoin blockchain.
  • Lightweight and versatile: Sending wallets can be lightweight wallets, like Blockstream Green.

However, there are some important things to bear in mind when using P2EP transactions:

  • Requires an internet connection: Both the sender and receiver’s wallets must be online to be able to coordinate the P2EP transaction. If a connection cannot be established, a non-P2EP Bitcoin payment will be made instead.
  • Requires a receiver hot wallet: To ensure that the sender’s P2EP transaction is completed smoothly, the receiver’s wallet must automatically sign transactions once a connection has been established.

BTCPay: A Key Beachhead for P2EP

To make sure that P2EP got rolled out as soon as possible, Blockstream funded the development of the P2EP feature in BTCPay, working with the veteran BTCPay developer and contributor, the venerable “Mr Kukks.”

Now, tens of thousands of merchants using BTCPay Server have the ability to receive P2EP transactions. Enabling the merchant side of the payment to easily accept bitcoins via P2EP transactions is a large part of solving the Bitcoin privacy and fungibility puzzle.

BTCPay Server’s implementation of P2EP is based on a heavily-modified version of bustapay, originally written by independent Bitcoin developer Ryan Havar. BTCPay’s version is described here.

Merchants Need Privacy Too

Transaction privacy is especially important for merchants because they come into contact with so many transactions from different customers. After identifying a single Bitcoin address belonging to a merchant, any customer can potentially use blockchain analysis to determine how much money a business is making and how many customers the business may have—information competitors or thieves may find very valuable.

Merchants are further incentivized to adopt P2EP transactions since it provides a low-cost solution to consolidate their usual “UTXO bloat,” a side effect from accepting small transactions from many individual customers.

What’s Next for P2EP?

Users interested in experimenting with P2EP can make transactions to supporting stores using BTCPay’s built-in Bitcoin wallet.

At Blockstream we’re working on adding support for P2EP in Blockstream Green, which should be available in the coming months. We’ve also heard that projects such as Wasabi Wallet and BlueWallet are currently looking into supporting P2EP. Adoption of P2EP as a common standard is growing and we hope that the implementation of P2EP in BTCPay Server will help accelerate that growth.

We look forward to seeing privacy technology like P2EP tip the scale back towards the individual in terms of autonomy and sovereignty, and, one day, perhaps even render blockchain surveillance completely impossible.

If you have specific preferences, please, mark the topic(s) you would like to read: