Bitcoin payments still require users to scan QR codes or manually copy and paste long alphanumeric address strings. That friction has finally started to disappear. Two competing standards—BIP-47 and B
Bitcoin payments still require users to scan QR codes or manually copy and paste long alphanumeric address strings. That friction has finally started to disappear. Two competing standards—BIP-47 and BIP-75—promise to reshape how users send bitcoin, both eliminating tedious address copying while keeping payments private.
The problem gets worse with privacy. Right now, anyone monitoring the blockchain can link multiple transactions from the same sender. Bitcoin addresses weren't meant for reuse. A recent Coinlab report flagged address reuse as a core privacy vulnerability in Bitcoin. Both BIP-47 and BIP-75 aim to solve this. They want wallets to work like Venmo, but without sacrificing privacy to whoever watches the ledger.
The difference between the two standards hinges on a technical distinction. BIP-32, the hierarchical deterministic wallet standard in use today, creates what developers call a "one to many" relationship. Give someone your extended public key (xpub), and they see every address and transaction ever linked to it. BIP-47 and BIP-75 both break that chain.
A developer from Samourai Wallet, speaking anonymously, explained the gap. "BIP-47 is currently an extension of BIP-32," the developer said. "Later on, as BIP-47 gains traction, it could be seen as a replacement for BIP-32. One can easily imagine an SPV wallet that uses BIP-47 as the primary or even sole means of generating payment addresses."
BIP-47 creates what its backers call payment codes. These work like email addresses. Send someone a BIP-47 payment, and they see a valid return address they can use to send money back. The codes are bidirectional and reusable.
James MacWhyte, a co-author of BIP-75 and director of product management at Breadwallet, sees BIP-32 as a tool built for a different job. "BIP-32 is great for managing your addresses internally, or giving out a different chain of addresses to each party you do a lot of business with," MacWhyte told MiningPool. "But it doesn't help at all if you want a static, public destination for payments."
MacWhyte draws a distinction between the two new proposals. "BIP-75 basically adds the protocol support needed to set up a system to allow users to use BIP-32 addresses the same way BIP-47 can—with a static destination that doesn't sacrifice privacy."
Under BIP-75, two people don't exchange xpub keys. Instead, a new address gets generated locally from the xpub key each time a payment request arrives. Justin Newton, CEO of Netki and another BIP-75 co-author, said users can choose whether to approve each new address or allow their counterparty to generate addresses freely.
The creator of BIP-47, Justus Ranvier, designed the standard around usability first. Privacy followed as a bonus. "Create an address that behaves in the way Bitcoin users wish Bitcoin addresses behaved," Ranvier wrote in his design goals. "Specifically, BIP-47 payment codes are bidirectional and reusable. Like an email address, when someone sends you a BIP-47 payment you see a valid 'from address' which you can safely use for sending refunds."
Ranvier prioritized three other features. The scheme had to leave wallet recovery intact. Users should recover from a single backed-up seed, just as they do now. It couldn't depend on third-party servers, a failing that plagued Stealth Addresses in Dark Wallet. And it had to work with existing BIP-44 wallets.
BIP-47 operates entirely on the blockchain. No servers. That gives it resilience against censorship and downtime that server-based systems can't match.
"If you were to use BIP-75 with a server, although your communications are completely private, the server could go down or be blocked," MacWhyte explained. "There's also the possibility of people sending you insincere requests meant to waste your time—spam—which wouldn't happen with BIP-47 since every transaction is already on the blockchain and paid for."
He added another layer of risk. A server supporting BIP-75 becomes a focal point. "It would be possible to look at the IP addresses of two parties that are responding to the same message chain, whereas if you were to observe BIP-47 parties you would just see them download the whole blockchain."
Mitigation exists. Services could run decentralized servers or hide them on Tor. But Ranvier's design builds privacy directly into the protocol. BIP-75 doesn't.
MacWhyte counters that BIP-75 has its own advantages. "BIP-75 provides the same level of privacy and convenience as BIP-47 without forcing a payment protocol to do the work of a messaging protocol. With BIP-75, channels that are better suited for messaging can be used to communicate where payments should be sent. This creates a much better user experience and makes it possible to build much more powerful applications on top of it."
He zeroes in on a bottleneck in BIP-47. The scheme demands two transactions for a first-time payment. A notification transaction must arrive before the wallet knows to expect a real payment. "If a notification payment and a follow-up payment are sent at the same time, race conditions could cause the recipient to not know about the follow-up payment until it confirms in a block. This makes BIP-47 very slow for first-time payments, unless connections are preemptively established."
Scale aggravates the problem. One hundred people wanting to transact with each other would need 9,900 notification transactions. That costs nearly $1,000 in transaction fees. Bitcoin blocks max out around 2,500 transactions anyway. All of that happens before any actual money moves.
BIP-75 sidesteps this. Payment connections between unlimited parties get set up at near-zero cost when store-and-forward servers handle the work.
BIP-47 also strains device resources. "Each person that sends you a notification payment gets their own chain of addresses," MacWhyte said. "That means your wallet has to constantly monitor a chain for every person you've ever connected with. This gets to be resource intensive, especially if you want to scan the first X addresses of each chain in case the sender makes a mistake and doesn't send the transaction to the first address in the chain."
Mobile wallets rely on bloom filters to detect incoming payments. "Bloom filters only work for a certain amount of data until they degrade," MacWhyte continued. "Calculating hundreds of thousands of watch addresses and managing the bloom filters is too resource intensive for mobile devices, meaning they would most likely need to rely on a server to do it for them—which negates the privacy gained by using BIP-47."
BIP-75 concentrates all incoming payments on a single address chain. Mobile wallets face no heavier load than they do now.
Recovery presents another divide. Ranvier emphasizes that the blockchain enables a crucial advantage for BIP-47. "The biggest advantage of blockchain-based notifications is the safety of ensuring that wallet balances can always be recovered from the wallet seed," Ranvier said. "Requiring users to update their backups periodically because the information needed to recover their incoming payments is not contained in their seed plus the blockchain is a major step backwards for user safety."
MacWhyte rejects this reasoning. "BIP-47 requires a full download of the blockchain to restore," he said. "If you want to do that yourself, it requires 80 GB of hard drive space and can take 24 hours or more to download. The other option is to rely on a third-party server, which eliminates all of the privacy and anonymity advantages that BIP-47 is supposed to provide."
He raises another point. Blockchain data alone doesn't tell you who sent you money. "Although transactions would be grouped by sender, the identity of each sender would be unknown without the user's locally-stored address book data. Since the BIP-47 recovery process either takes significantly more time or sacrifices privacy, the trade off doesn't seem worth it for that not-particularly-useful amount of information."
Breadwallet is working around this. "We are currently working on a solution to store transaction metadata off-chain, in an encrypted and completely private way, so users can restore their entire transaction history including information on who sent them each payment with nothing more than a 15-minute SPV sync," MacWhyte said.
The Samourai Wallet developer disputed MacWhyte's framing. Users only need a blockchain copy from the moment they created their notification address. They don't need the entire history. Payment code directories were also in development—public listings of codes, similar to PGP key servers, that would restore that missing metadata.
"Any proprietary backup scheme that is used with BIP-75 can be used for BIP-47," the developer added. "The main difference being that if all else fails BIP-47 can be recovered from the blockchain, which, on the technical level, seems like 'more' to me, not 'less.' User funds cannot be lost. The usual caveats as to tradeoffs—speed, performance, privacy—still apply. Personally, I'll always attempt to err on the side of privacy."
The developer noted that BIP-47 handles identity without needing third parties. "Good. With BIP-47 contacts are uniquely identified by their payment code. It is up to the wallet owner to otherwise label each payment code or not, or for the payment code owner to register the code with a directory or lookup service. If done at all, these can be done pseudonymously."
On privacy recovery specifically, the developer saw no gap between the approaches. "The same techniques that are commonly used by SPV wallets can be applied here," the developer said.
Which standard will dominate depends on wallet developers. If the industry standardized on one, sending bitcoin would become seamless. Wallets could strip out redundant code and focus on simplicity.
The Samourai developer took a firm stance. "Being an absolutist on these issues, I agree with the stand that BIP-75 does not merit implementation. Personally, I would not use any wallet that implements it. Being an opt-in solution doesn't take the edge off. KYC and AML should not be held at arm's length, but must be avoided outright."
The developer framed the divide this way. "Ultimately, I believe that BIP-47 and BIP-75 are targeting different sets of users. BIP-75 obviously is out there to promote merchant uptake, while BIP-47 prioritizes absolute privacy and anti-censorship before point-of-sale ease-of-use. However, by establishing a beachhead for KYC and AML to build upon, BIP-75 is undesirable."
Breadwallet has good reason to support BIP-75. Aaron Lasher, from the company, noted that brokered third-party services represent a core business strategy. Buying bitcoin through Breadwallet would be the first service—and buying almost always requires KYC and AML compliance.
Ranvier remains confident in his creation. "I think Bitcoin users will benefit greatly from having addresses that better meet their needs, and I think payment codes achieve this with the best set of available trade-offs. Wallet developers should carefully examine the features of any proposed standard to make sure the balance of features vs risk is the best fit for their users."
Implementation tells the real story. Samourai Wallet and Stash are working on BIP-47. Dark Wallet began an implementation but development stalled.
BIP-75 has momentum among larger players. Netki claims multiple large wallet providers have implementations underway, though the companies haven't authorized announcements.
"There are a number of large-scale implementations currently underway, but the entities that are in the process have not given us permission to announce such on their behalf," Jeff Handler, who handles business development at Netki, told MiningPool. "In addition, BIP-75 is a standalone, open-source BIP that is not owned in any way by Netki—meaning that we are ultimately unaware of exactly who has or is thinking about implementing the standard."
Looking at BIP-70 adoption offers a clue about BIP-75's future. Coinbase, Bitpay, Copay, Mycelium, Breadwallet, and Bitcoin Core all implemented BIP-70. Those names suggest who might pick up BIP-75 next. Bitcoin Core adoption would spark debate, though. The project guards against changes that centralize Bitcoin or burden nodes, and BIP-75 leans server-side.
