Paytaca

What is Paytaca?

Paytaca, as a company, aims to bring sound digital money to the masses. Its main product is a wallet — the Paytaca wallet app for Android and iOS. The wallet app is unique in the sense that it tries to address issues that hinder mass adoption, specially in emerging markets where internet connection can be unreliable. The wallet app facilitates offline transactions at the time of purchase. This is achieved through multi-sig accounts, partially signed transactions, and delayed settlement. There are security trade offs (just like accepting zero-conf transactions) but it greatly improves user experience.

Why support offline transactions?

Many people with wallet app in their smartphone are not able to use it to pay in places where there is no (or unstable) internet connection. In most developing countries, this is one major reason why cash is still preferred even when mobile wallet apps are available. If a wallet app can be built that is able to facilitate offline payments, the users will have less reason to use cash, and such a feature can become a major competitive edge.

How do you facilitate offline payments?

We use 2-of-2 Schnorr multi-signature address, one key held by the user and another key held by the server. An offline transaction is created from pre-fetched UTXOs, then it is partially signed by the user’s key. Merchant wallet or POS is able to scan this partially signed transaction from a QR code presented by the user’s wallet. Without broadcasting this to the server and even in offline mode, it’s able to verify if the partial signature is valid.

If the merchant is online, it can instantly send this to the server. The server then checks the transaction and provides the second signature to form the final combined signature which will make the transaction valid. It is then broadcast to the blockchain. In this scenario, there is no risk of double spending since settlement is immediate (assuming zero-conf).

If the merchant is offline, the wallet allows merchants to accept the partially signed transaction as "proof of payment” as long as the partial signature is valid. The merchant wallet/POS then broadcasts this transaction later when internet connection is resumed.

In the scenario where both payer and merchant are offline, isn’t it possible for the payer to keep presenting the same "proof of payment” and hence double spend their funds in other offline merchants?

Yes, this is possible since there is no way for two offline merchants to check if the payee is just reusing the same “proof of payment”. This can be mitigated or totally prevented by a combination of wallet-level restrictions on the amount that can still be spent in offline mode and the maximum duration of continuous offline activity. For instance, a timestamp signed by the server can be included in the proof of payment QR which the merchant wallet can validate and use as basis for calculating the user’s offline mode duration.

But then again, in the rare mitigated event that a double spend still happens, the company is going to pay the merchant. This aligns the incentives/penalties well. The merchant will not hesitate to accept partially signed transactions as payment, and the company has to harden the app against such abuse / attacks.

Since it’s a 2-of-2 multi-signature address, does this mean the company can block user's payments?

Yes, that’s right. This is a desirable side-effect, in the sense that we can block users who had successfully double spent funds while offline. But the company is not gaining financially from this blockage since it only has access to one of the 2 keys. It can block but can never spend the funds in the blocked address.

When the user’s device is lost or stolen, what happens to the funds in the wallet?

First, the user can report to the company that the phone got lost. The company can then block payments for a certain duration (e.g. 24 to 48 hours) until the phone is found. When it’s found, the user reports to the company and the blocking is lifted upon verification. This again, is a desirable side-effect of having 2-of-2 multi-signature address. Billions worth of cryptocurrencies are lost due to theft. Having this kind of reduced control mechanism will make people feel more at ease in holding cryptocurrencies in their wallet apps.

While this may be attractive to users who are often in a situation where they need to pay in offline mode or want to protect funds in case of theft, the trade off may be unattractive to users who would want their funds and transactions to be uncensorable. How do you address that?

The wallet is creating this 2-of-2 multi-signature address under it’s escrow wallet mode, which is the default. However, the user is given an option to go fully private (i.e. no multisig, no offline transactions) or have these two modes running in the same wallet. The latter setup is recommended for advanced users. This will allow the user to send from his private address to the multi-sig address if there is a need to transact offline and send the funds back to the private address if needed.

Declaration of Prior Work

We have done preliminary research and some exploratory code prior to the hackathon. By estimation, 90% of the current output was done during the hackathon.

Future Plans

We still have some gaps to close to complete the prototype. Once ready, our plan is to launch this wallet on a pilot test in the Philippines with actual users and merchants. If we find interest and market fit, we will keep developing the app to introduce features that are commonly found in other wallet apps (e.g. reloading, bills payment, remittance, etc.).