Disclosure: An earlier version of this post was published two days ago. It was withdrawn for revisions to improve clarity and accuracy.
We've been building something at Branta called Guardrail…. Address verification for Bitcoin. The goal is simple: remove doubt from Bitcoin payments.
Guardrail lets a payer verify that a Bitcoin address on their screen belongs to the intended recipient. We’re using zero-knowledge verification for on-chain, so the payer can confirm authenticity without exposing the plaintext address (or invoice).
Businesses using Guardrail automatically send the encrypted address to the Branta API (which expires after TTL seconds) when they generate a new invoice. Users can verify the address from any device.
Why? Because compromised screens, swapped addresses, man-in-the-middle-attacks, and bad browser extensions are currently undetectable . Guardrail aims to make “is this address legit?” a question anyone can answer deterministically.
Branta is already live as an API for merchants (e.g., BTCPay, Zaprite, others).
Wallet developers can integrate Branta into payment flows so users can verify any QR code or pasted address and display the result ("Verified" or "No verification available") before sending.
Integration for wallets is seamless. No coordination or permission from Branta is necessary.
We would love feedback, critique, skepticism, or to answer any questions.
Some things we're curious to hear your thoughts on:
- How useful would address verification be to you personally or for your users?
- Any red flags or attack surfaces you think a ZK-based approach might introduce?
- How could this integrate naturally into wallet UX without adding friction?
Thanks in advance.
If the attacker has control over the computer or phone of the user (i.e. malware) faking the DNS resolver is trivial. This is one of the first things a malware does.
Besides, everybody is trusting you. Which is centralization. Why would us trust you?
This is interesting, thank you for sharing.
So how merchants can benefit from BRANTA? Do you have any guide on how to set it up in BTCPay, Zaprite, and others or a developer is needed for the implementation?
Why should a business put a tag with their business name on (tinting?) each generated address? Isn't this like auto AMLing somehow?
Does verification for on-chain addresses, mean you do NOT keep any data received via API? or it's stored somehow somewhere? And even if so, how do you possibly know if a vendor is authentic or an imposer?
Hello! I'm the founder.
Here are docs for BTCPay: https://developer.branta.pro/guardrail-tech/btcpayserver-plugin-setup
We need to make Zaprite docs. It's a no-code Connection within Zaprite; turn it on, drop in an API key.
Developers are needed for custom integration, but its pretty straightforward.
Re AML; With ZK, Only sender/receiver know the receiving and sending address, Branta doesn't. Branta is not queryable in the sense that other parties can do lookups.
Answer below on Imposters
This is SO WRONG from all POV !
We are trying to make Bitcoin as much anonymous and decentralized possible, yet people want to go back to centralization of data and de-anonymize it.
First of all, Bitcoin is about SELF-RESPONSIBILITY. That means if you are fucking idiot that do not pay attention what is paying or you get a stupid malware IT IS YOUR OWN FAULT.
Be a fucking responsible, do not delegate your responsibility to a 3rd party.
Secondly, a merchant that uses this type of "verification" is actually giving away his total sovereignty over his bitcoin. This is just a step away from giving this information to any state agency that want to control your movements.
No matter how many bullshit fancy "protocols" you mention that are "military-grade" crap security, the fact that is concentrated into a single point of failure is already RED FLAG !
FFS PEOPLE ARE SO FUCKING DUMB NOWADAYS ! UNBELIEVABLE !
Fully agree with you on this, my question is why and how such project get support from community members like BTCpay, @zaprite, @BenJustman's PeonylaneWine, @oshigood, @PlebLab and others...
Because they were ALL fooled... and like you, they just follow what others said...
Don't be just a follower because some others are supporting it. USE YOUR BRAIN. Question everything !
This is all a trap, and most of people do not want to see it.
I do not need any "verification" of an address, I want the seller to give me his address without any intermediary. Read again
No intermediary !
verification = centralization
And what will happen with all that centralized data?
Fair enough, noted. What brought you back to this post nearly two months after it was shared?
I always do this, zaping or commenting on old posts, if is necessary.
Stackers are used here to be first to zap to get more daily rewards. I am not that kind of user... I like to zap in the shadow...
Because Branta deleted the original post, where I said my words. RED FLAG again. They want only clueless followers, not critical thinking.
ahaha, truth is painful. Are you referring to this #1279723 or something else somewhere else?
Yes that one
They did note it at the beginning of this posts:
Anyhow, it still a redflag, even if Branta mention that All addresses are purged after a TTL (usually 1 hour, sometimes 1 day - receiver decides.) there's no certainty data is deleted once provided by merchants and vendors. For this reason we should be careful to who we provide such information.
That guy was trusting that woman too. Trust is not enough and the only thing guiding us are the morals and ethos of bitcoin. We must keep those in mind.
https://twiiit.com/BtcpayServer/status/1981029395818025195
For a receiver, having a verified address means associating the address (with some kind of zk stuff) and metadata through Branta, and for the sender, verifying an address means asking Branta if such metadata exists, right?
How are you vetting the receivers when they register? ie what's stopping someone from pretending to be Satoshi Coffee Co by registering metadata and addresses with Branta?
Hi k00b! Good seeing you at tab
Keith, founder here.
It seems easy to prevent for Coinbase.
But what if you get a sign-up from a small local business in Uruguay, from domain xcoffee.com.uy for string "XCoffee" with logo "XCoffee"? You check DNS ownership automatically, email, external SSO, etc. Great.
You even have an employee check their web site and check the string and logo. Fine.
But what you don't know is that there is a real local business called XCoffee with that logo operating, but on domain x-cafe.com.uy, and the request is coming from someone targeting their customers.
How will you prevent that, without hiring hundreds of human investigators as you scale?
DNS registrars have the same problem (if they even try), it's not easily solved.
Thanks for clarifying!
test response w Github SSO
Are you planning to offer it as a paid service in the future? I mean, building, maintaining and running infrastructure has a cost, how you'll make this business sustainable?
What's your goal and how you see BrantaOps in 5 years?
It will be definitely useful for building trust, not only in B2C relations but also with bitcoin payments in general
From a user perspective, a simple notification saying "receiving address verified successfully" would probably enough. Merchants could also display a trust badge in websites and stores saying Branta-verified commerce.
You already "pay" with giving them all the information that data brokers want.
They literally assmilking you.
STAY AWAY FROM THIS TRAP.
You have been warned.
@remindme in 3 years
🤙 crossposted to
nostr𓅦:https://njump.to/note13ef4d6v0nqrs5zywhd5kewkmxvkfuaypne5t5g3yydyes6uut3aq4pp7tc
... and 𝕏: https://x.com/AGORA_SN/status/1989022799256748272
Be careful what you repost... not everything is good for Bitcoin.