What is the Address Ownership Proof Protocol AOPP?

In Switzerland, any financial intermediary dealing with crypto assets such as Bitcoin is legally obliged to require proof of ownership of a customer's wallet address before withdrawals and deposits can be made.
AOPP is a simple and automated solution for providing proof of ownership of an external wallet's address.

Before AOPP this meant that the customer had to manually sign a message provided by the exchange such as “I hereby confirm this is my personal withdrawal address” with his/her address in third-party software such as Electrum.

AOPP automates this process by creating an “AOPP-URL” which contains a message that any wallet supporting AOPP can open. The wallet then displays the message and the wallet address that will be used to sign the message and asks the user to confirm. Once the user confirms that they want to sign the message, the message and signature are sent back to the exchange, thereby proving that the address is controlled by that wallet.

Does the exchange learn any additional information from the use of AOPP?

No, the message to be signed is prepared by the exchange so it can only contain data already known by the exchange.

Is any data transmitted to third parties?

No, the signed message is sent back to the initiator, i.e. the exchange. There is no central party or third party involved in the AOPP protocol. The protocol is transparent and open source.

Does AOPP leak the whole wallet history to the exchange?

No, the signature is made using one single address which is the address that you would give to the exchange anyway in order to initiate the withdrawal. AOPP does not leak the extended public key of your wallet as sometimes claimed.

Do I need to use AOPP if I’m not using a Swiss exchange?

No, using AOPP is completely voluntary and only required if you want to use an exchange in a jurisdiction that is obliged to demand proof of address ownership. Currently, these jurisdictions are: Switzerland. Moreover, the signed message is only sent back to the exchange after you physically approve to sign the message on the BitBox02.

Why did we implement AOPP?

As a Swiss company, a large proportion of BitBox users use Swiss-based exchanges. As all Swiss exchanges have to demand proof of address ownership, Swiss customers need to comply with this requirement if they want to withdraw their coins. Before AOPP that meant the user had to manually sign the message in a third party wallet and then manually send the signature to the exchange which is complicated and thereby increases the barrier to easily taking self custody. AOPP makes verifying address ownership extremely easy and therefore allows any user of a Swiss exchange, no matter their technical skills, to take self custody.