The HRF Bitcoin Bounty Challenge

 

has concluded

Bounties (11/11 Claimed)

#1 Open-Sourcing the Design Guide

Challenge:

2 BTC to port the Bitcoin UI Kit from Figma to an open-source Penpot project. The Bitcoin UI Kit serves as a comprehensive set of design components for individuals involved in developing Bitcoin applications.

Winner:

Awarded to CypherStack for porting the Bitcoin UI Kit from Figma to an open-source Penpot project (2 BTC awarded).

Many UI kits are created using proprietary software like Figma. While these tools are powerful, they require licenses and are not accessible to everyone—an obstacle for developers working on open-source projects or those with limited funds. This creates a barrier to entry for designers and developers wanting to contribute to the Bitcoin ecosystem. This bounty was awarded to CypherStack for porting the Bitcoin UI Kit from Figma to Penpot, an open-source design tool similar to Figma, but free and accessible to everyone. This helps democratize access to information and resources, promote collaboration, and make it easier for developers to create high-quality Bitcoin tools, which in turn help to increase Bitcoin adoption. 

#2 Serverless Payjoin

Challenge: 

1 BTC to deploy a production-ready version 2 payjoin protocol which may send and receive Payjoin transactions without requiring a sender or recipient to operate a public server. The solution should not rely on a trusted third party which could expose user privacy in a non-trivial way. The protocol should be asynchronous and use modern, ideally multiplexed, web standards, without heavy dependencies like Tor, in order to promote widespread adoption. Payjoin requests should make use of BIP-21 unified bitcoin URIs. Some degree of backwards-compatibility and ease of integration with existing BIP-78 payjoin will be taken into consideration as elements of a successful solution.

A protocol specification must be published alongside working software as part of the submission for this bounty.

Winners:

Awarded to Dan Gould for his work on PayJoin V2,spacebear and Bull Bitcoin app, a production-ready version of Payjoin that eliminates the need for users to run public servers, enhancing transaction privacy and usability (1.5 BTC awarded).

Traditionally, PayJoin implementations have required the receiver to run a server for transaction coordination, creating a barrier to adoption. Serverless PayJoin removes this dependency and simplifies the process. By combining inputs from both sender and receiver, PayJoin transactions break common tracking heuristics (helping to enhance privacy for all Bitcoin users). Serverless PayJoin also eliminates the need for receiver-hosted infrastructure and reduces censorship risks by removing a central point of failure—a significant advantage for activists and nonprofits operating under repressive regimes. This bounty resulted in the first mobile app (Bull Bitcoin) with integrated PayJoin send and receive support, an important advancement providing robust privacy protections against surveillance for at-risk individuals. 

#3 End-to-End Encrypted Nostr Group Chats

Challenge:

2 BTC for the creation of end to end encrypted group chats powered by any popular Nostr client that does not leak metadata to third parties. Users must be able to chat with at least two other Nostr users. Outside observers must not be able to see the content of messages, the sender/recipient of messages, or the total number of messages between recipients.

Winners:

Awarded to Martti Malmi (1 BTC) for incorporating encrypted group chat functionality into the Iris nostr client and to Vitor Pamplona, hodlbod, and Paul Miller (1 BTC) for their work on NIP-17, which allows users to encode and share Nostr-related information in a way that can be recognized across different Nostr clients. Paul Miller redirected his bounty to OpenSats in order to have his open-source libraries audited.

End-to-End Encrypted (E2EE) Nostr Group Chats are private, secure messaging groups built on the Nostr protocol, a decentralized communication system. While Nostr messages are already encrypted, they still expose their metadata, allowing outside observers to see who is communicating and when. This bounty focuses on preventing metadata leakage, ensuring that these details remain private. By leveraging Nostr’s decentralized architecture, these chats offer censorship resistance. They prevent conversations from being surveilled, blocked, or controlled by a central authority and have already been implemented into popular Nostr clients like Amethyst and Coracle. This is an important step forward for activists, journalists, and communities who risk losing their freedom of speech under oppressive regimes.

#4 Silent payments

Challenge:

1 BTC for a mobile wallet which can send and receive Silent Payments in a private manner without requiring the user to run a full node. This will require a backend which:

  • Can vend the relevant tweak data to the client
  • Provide the client with a method for determining if a scriptPubKey exists in a block
  • Provide the client with the necessary data to spend the found UTXO (outpoint and amount)

The mobile wallet should be:

  • Be open-source
  • Multi-platform (Android, iOS)
  • Be a backend that can be used by multiple mobile wallets
  • Leverage existing protocols as much as possible (Electrum, BIP157/158, etc)
  • Minimize bandwidth for the client where possible
    • Opportunistic notifications (as described in the BIP) as way for clients to limit their scanning to once a week / once a month
    • New BIP158 style filter types for only taproot outputs
  • Minimize what the server is able to learn about a clients transactions:
    • The server should not know when the client is the owner of a particular UTXO
    • The server should not know when the client is the owner of an output in a particular transaction
  • Be compliant with the final BIP

Winners:

Awarded to cygnet3 and Sosthene for their contributions to critical libraries for delivering Silent Payments and for developing a mobile wallet capable of sending and receiving Silent Payments without requiring a full node (1 BTC). 

Silent Payments is a privacy-enhancing Bitcoin addressing scheme that allows a sender to generate a unique address for a recipient without requiring any interaction (while still allowing the recipient to detect and spend the received funds). This breaks common tracking methods used by surveillance firms and governments and makes it harder to link payments to a specific recipient. By eliminating address reuse, Silent Payments enhance financial privacy, making them ideal for donations, salaries, and other sensitive transactions. This bounty code has been integrated into Bitcoin wallets like Cake Wallet, bringing Silent Payments to tens of thousands of users and marking a major step in real-world Bitcoin privacy.

#5 Human Readable Offers

Challenge:

1 BTC for a human-readable bolt 12 offer generator feature integrated into an iOS or android bitcoin wallet. “Human-readable” means something that can be used on feature phone without QR or copy/paste ability. For example, something that looks like LN address. In order for a wallet to qualify they must meet our internal threshold for monthly active users and other indications of a large user base. 

Winners:

Awarded to Stephen DeLorme, Chad Welch, and Evan Kaloudis for Twelve Cash and its integration into Zeus Wallet (1 BTC).

Human-Readable Offers simplify Bitcoin payments by replacing complex Bitcoin addresses and invoices with user-friendly text. This is especially important for Lightning Network transactions, which currently involve a cumbersome process of generating invoices for each payment. With Human-Readable Offers, sending Lightning payments becomes as simple as sending an email (just by entering a username). This approach, similar to many fintech apps today, reduces errors, lowers the barrier to entry, increases trust, and is crucial for broader adoption of Bitcoin among new and seasoned users alike. The objective of this bounty was to incentivize these types of human readable offers to be adopted by more wallets to increase the utility.

#6 Self-custodial Mobile Lightning address

Challenge:

1 BTC for an easy-to-setup self-custodial mobile Lightning address generator integrated into an iOS or android bitcoin wallet. The mobile Lightning address should not require the user to set up their own web server. In order for a wallet to qualify they must meet our internal threshold for monthly active users and other indications of a large user base. 

Winner:

Awarded to Evan Kaloudis (1 BTC) for Zeus Wallet.

Activists, nonprofits, and content creators often use Lightning addresses to receive donations quickly and easily. However, setting up and managing a Lightning address presents a challenge: users have to choose between the self-sovereignty of managing their own web server (a complex process), or the convenience of a custodial service, which requires trusting a third party with their funds. This bounty directly addresses this issue. It allows users of Zeus Wallet, one of the most popular self-custodial Bitcoin Lightning wallets, to easily and securely receive donations through a Lightning address while maintaining control of their funds.

#7 Mobile Border Wallets

Challenge:

2 BTC for the integration of border wallet optionality in addition to a seed phrase for a popular iOS or android wallet. The user of the wallet should be easily able to choose to use border wallet functionality to create and memorize their seed. The wallet must allow the user to periodically test their memorized seed to ensure accuracy of memory. The seed words must be BIP-39 compliant, and support either 12 or 24 word seed phrases.

Winner: Awarded to Bitcoin Tribe (2 BTC) for their border wallet functionality, allowing users to create and memorize seeds without relying on written backups and for building a React Native library, making it easier for other wallets to integrate this feature.

Mobile Border Wallets aim to solve a critical problem with traditional Bitcoin seed phrase backups: they’re often written down on paper, making them susceptible to being lost, destroyed, or stolen. This makes securing a user’s Bitcoin a delicate balance between security and accessibility. It also makes it challenging, especially for activists who frequently cross international borders. Border Wallets offer a solution to this problem. Instead of writing down a 12 or 24-word seed phrase and finding a secure place to store it, they can upload a randomly generated grid of words to the cloud and memorize a pattern to secure their seed phrase. This initiative resulted in a user-friendly mobile app that allows users to create Border Wallets digitally, enhancing accessibility and offering an alternative to physical storage like printed paper or metal seed plates. 

#8 Easy Mobile Multisig

Challenge:

1 BTC for the implementation of a “tap or airdrop to create 2 of 3” multisig functionality between three phones for an open-source iOS or android wallet. The wallet must be self-custodial, with a method for users to recover funds using open-source software outside of the application used to create the multisig. In order for a wallet to qualify they must meet our internal threshold for monthly active users and other indications of a large user base. 

Winner:

Awarded to Bitcoin Keeper (1 BTC).

Multi-signature wallets allow multiple users to collaboratively control a Bitcoin wallet. This enhances security by requiring consensus before funds can be moved. Traditional multisig wallets often require physical hardware wallets or involve subscription fees, presenting a significant barrier for organizations exploring Bitcoin adoption. This bounty funded the development of easy mobile multisig functionality in the Bitcoin Keeper app, enabling users to setup a ⅔ multisig (requiring two out of three keys to authorize spending) to secure and manage their bitcoin. Bitcoin Keeper is particularly optimized for geographically dispersed users. It facilitates virtual collaboration for signing transactions while remaining free and open-source, allowing other wallet developers to integrate this functionality into their own apps.  

#9 Frost Multisig Wallet

Challenge:

1 BTC to a FROST-powered dynamic mobile multisig that allows you to modify the signer set without moving funds to a new address. The wallet must be self-custodial.

Winner:

Awarded to CypherStack (1 BTC) for Stack Wallet, which enables dynamic multisig using FROST, allowing users to modify signer sets without moving funds.

Multisig (multisignature) wallets require multiple signatures to authorize a transaction. This enhances security by distributing control over funds. However, traditional multisig setups — while secure — can be inflexible. If you need to change the set of signers, it often requires moving all the funds to a new multisig wallet with the updated signer set. This is burdensome, time-consuming, and incurs fees. FROST is a cryptographic protocol that offers significant advantages for multisig wallets. It provides dynamic multisig functionality, meaning users can easily adjust their signer sets as needed without affecting the funds within. This is an important functionality for nonprofits and civil society groups who often need to adjust their authorized signatories. The bounty was awarded to CypherStack for developing the Stack Wallet which uses FROST to provide dynamic multisig functionality.

#10 Cashu

Challenge:

A) 0.5 BTC for a fully functional iOS Cashu app

B) 0.5 BTC for a fully functional Android Cashu app

In both iOS and Android cases the wallet must be open source, fully function, and support:

  • Multiple mints 
  • The ability to directly send ecash to Nostr peers from contacts
  • The ability to receive ecash over Nostr
  • Seed phrase backups to recover lost funds

C) 0.5 BTC for an open source Cashu web widget for anonymous paywalled content.

This bounty is for developing a JavaScript frontend widget and a NodeJS backend library that can be deployed as a simple drop-in for any existing website to enable ecash payments. This could be used to build web paywalls or upvoting systems that use ecash instead of a ledger that keeps track of every user’s activity. The website provider should be able to choose one or multiple mints to support. User interactions with the web site can then trigger payments to the website host using the users’s ecash balance. Users should be able to top up and withdraw a Bitcoin balance. The widget should be a web component that can be easily included in a website and possible also a browser extension that can serve multiple websites at once.

D) 0.5 BTC for Cashu-TS backup restore.

Cashu-TS is a widely-used Cashu wallet library that provides tremendous value to the ecosystem by serving as a basis for developing mobile wallets or web apps. In order for these application to provide a basic level of security for their users, Cashu-TS needs to support a seed phrase backup scheme which allows for a user experience similar to backing up a Bitcoin wallet. The seed phrase backup and the secret derivation scheme should use BIP32 and BIP39 and adhere to the same protocol rules as the reference implementation Cashu Nutshell so that users can restore their balance across different implementations. By enabling backups in Cashu-TS, every wallet and app using it should be able to benefit from it.

Winners:

Awarded to eNuts Wallet (0.5 BTC), Misovan for Minibits Wallet (0.5 BTC), Gandlaf for Proxnut (0.5 BTC), and Gandlaf for adding Cashu-TS restore functionality (0.5 BTC).

Cashu is a digital cash system designed for privacy and speed. It is like physical cash, but in digital form and uses blind signatures for anonymous transactions. With Cashu, transactions are instant, low-fee, and permissionless. Bounty recipients addressed critical aspects of usability and accessibility: eNuts and Minibits Wallets bring Cashu to iOS and Android users worldwide, Proxnut enables easy web integration for payments, and Cashu-TS Restore adds crucial seed phrase backup. Overall, these projects have taken Cashu from a more theoretical concept to a practical one and have been relevant for use cases like donations, content monetization, daily transactions, and cross-border payments. These developments represent a significant step towards wider adoption, especially for those lacking financial freedom. 

#11 BIP47 Expansion

Challenge:

0.5 BTC each to the first two (2) open-source self-custodial iOS or Android wallets that add send and receive support for BIP47 payment codes. If a wallet already has this functionality as of July 28, 2023, it is not eligible for this bounty. The purpose of this bounty is to encourage new wallets to add BIP47 support in order to expand the number of privacy options available to Bitcoin users. If a wallet has only send *or* receive functionality as of July 28, 2023, that team can claim a 0.25 BTC credit for adding the other half of the functionality. In order for a wallet to qualify they must meet our internal threshold for monthly active users and other indications of a large user base. 

Winner:

Awarded to BlueWallet (0.5 BTC) for adding BIP 47 support.

About

The Human Rights Foundation is supporting open-source developers working to increase the usability and privacy of the Bitcoin and Lightning network, E-cash, and Nostr, inspired by HRF’s research around the world with regard to what kind of functionality activists need today in their digital tools.

We are launching with an initial set of 10 bounty challenges. More bounties might be added as we go. An individual or team who fully solves any of the ten challenges will be eligible to receive a bounty of 1 BTC.

For transparency: submissions will be shared with external industry experts to help us discern whether submissions meet bounty requirements. HRF will be making decisions in a charitable way for bounty submissions that make a good faith effort to meet the requirements. We will be leaning to the spirit, not the letter, of the law. Individuals and teams are encouraged to contact bounty@hrf.org with any questions during the bounty process. HRF retains final approval on allocating prize funds.

The Bitcoin Bounty Challenge will run until December 31, 2024. Any unclaimed bounties will convert into general operating funding for the HRF’s Bitcoin Development Fund on January 1, 2025.

To claim a bounty, an individual or team must submit proof by contacting bounty@hrf.org. An individual or team may collect any amount of bounties. Any team is eligible: if a leading wallet maker or for-profit corporation would like to compete, we would be delighted.

The first individual or team to provably solve each challenge or mini challenge will be eligible to receive a BTC grant from HRF.

HRF is a 501(c)3 organization. Any gifts will be considered prizes under US law. Identifying paperwork will need to be filled out by any individuals or entities claiming prizes. If a nym prize-winner would like to remain anonymous, they can instead direct the bounty to another non-profit or Bitcoin initiative of their choice, with HRF’s approval.

Any individual or team participating in HRF’s Bounty Challenge must carefully read and at all times agree with the Terms and Conditions, accessible here.