A common question people have about Bitcoin is how it can be used for in-person transactions, like at a supermarket.

Today, Bitcoin is software that runs on your desktop or laptop computer. You can also host your wallet with an EWallet. Neither solution is convenient for the supermarket use case. The most commonly proposed solutions are examined below.

Smart phones

The best solution is to use smart phones. Communication can be via QR codes (2.1), unencrypted Bluetooth (2.2) or using Near Field Communications (NFC) (2.3). NFC is a form of radio that travels only a few centimeters, so to use it devices must be touched together. In such a setup, you touch your phone to another NFC aware device like another phone, or for the supermarket a simple NFC transmitter. That device sends a Bitcoin address and a requested amount, which is displayed on the devices screen. Confirming the payment causes the phone to create, sign and broadcast the Bitcoin transaction as normal. The supermarkets Bitcoin node will receive the transaction a few seconds later.

To ensure you're paying who you think you're paying, the address can itself be signed with an Extended Validation Certificate (EV) (2.4) as issued by various SSL certificate authorities. The EV standard and auditing process ensures they are only issued to organizations that can prove their identity to a high level of assurance. The phone can then show the organizational name rather than the raw Bitcoin address.

An alternative to EV issued certificate signing would be to have the merchant sign a one-time string using the private key of the intended payment address. While not as verifiable as an EV certificate signature it would at least ensure that the merchant is in possession of the corresponding private key for the payment address. This gives at least as much confidence in the transaction as current cash transactions.

Because you own the device and carry it with you, there's no risk of a corrupt merchant or criminal tampering with the device when you are not around to see it, as has happened with smart card readers. Modern phones can encrypt locally stored data like a wallet such that it can't be extracted unless the right PIN is provided. Whilst physical tamper resistance isn't as strong as with a smartcard, it's probably strong enough to ensure that if a phone is stolen, there is sufficient time to reach a backup and move the coins in it to a new address rendering the stolen wallet worthless.

This solution has another advantage over smart cards - namely that the hardware to do it is being mass manufactured and many people have access to it. This means that in person transactions don't require any complex setup or special hardware. You can pay your friends in the pub as easily as you can pay the supermarket.

Smart cards

see also: Smart card wallet

Today one of the most common ways to pay in supermarkets is with cards you either swipe (magstripe cards) or insert into a reader and enter a PIN (smartcards). It's natural to think of applying the same techniques to Bitcoin, for instance by putting the private keys inside the card.

Unfortunately there is no decentralized way to create such a system. The EMV smartcard framework used throughout Europe today is a combination of standards created by the major card processors that covers not just smartcards but also the readers as well, for instance to try and ensure tamper resistance.

Without central certification of what EMV calls payment entry devices (PEDs), anyone is free to create a PED that looks real, and displays the transaction you expect to be paying on screen, but actually sends an entirely different transaction to be signed by the card. The system is only secure when the readers can be trusted. Even if some central authority certifies PEDs, if their tamperproofing fails the certification is worthless. The tamperproofing done by Ingenico and others on their EMV PEDs turned out to be insufficient and has been attacked several times, in one notable incident, readers had GSM taps installed at the factory before distribution.

It's worth noting that the physical smart card form is an accident of history. VISA already offers keyfobs that do the same thing but use near-field communication (NFC) technology.

Paper Bitcoins

Another common way to pay at the supermarket is with paper money. There have been various efforts to allow Bitcoins to be printed out and passed around, for instance using this python script (4.1). The private keys are printed on the paper. But putting private keys on the paper itself simply means anyone who receives the note can take away the underlying Bitcoins backing it.

Solution to this would be to create a paper money where you can see if someone have been using the private key, and a solution to this is found here Bitbills. But even this is secure (or secure enough) only through huge anti-counterfeiting efforts by a large central authority, in the USA this is the Secret Service. The techniques of making paper money hard to forge are not widely available.

See Also

References

2.1: What are QR codes and How do you use them as request payment from Wallet?
2.2: Offline Transactions and Bluetooth!
2.3: NFC initiated Bitcoin payments with Bitcoin Wallet for Android
2.4: Extended Validation Certificate
4.1: Instant printable bitcoins (Internet Archive copy)