Back to Table of Contents


BRIT has been removed in version 0.3.0 and higher. You should upgrade to take advantage of lower fees when sending bitcoin.

We get a lot of interest about our fee collection mechanism so we have put together this FAQ to help you to learn more about it. This article remains accessible to all users, but does occasionally go into some detail about how BRIT works using broad cryptographic terms.

I've heard that MultiBit HD isn't free. Is this true ?

Not any more! In versions lower than 0.3.0 there is a client fee of 1,000 satoshi per spend. This compares favourably with the current miner's fee of 3,000 satoshi.

At 500 USD per bitcoin this is 0.5 cents for each transaction sent. The price of a latte in a New York Starbucks is about 4 USD which equates to 800 sends through MultiBit HD.

There is no charge for receiving bitcoin. We bundle up these small amounts so that you pay once every twenty sends or so from your wallet.

The revenue generated will go towards further development of MultiBit HD. We will also use the funds raised to support upstream projects that MultiBit HD relies upon (such as Bitcoinj, XChange etc) that would otherwise never see an income.

But Bitcoin is free and open source...

Bitcoin is not free in all cases. Typically transactions include a miner's fee to ensure that they get mined into a block quickly. The amount paid varies according to the data size of the transaction, the age of the bitcoin outputs involved and some other rules.

MultiBit HD is "free" as in information, not as in "beer".

Bitcoin doesn't work without the miners but wallets are commonplace

That's true to some extent. There are many free and open source Bitcoin wallets available. However to make and distribute a high-quality Bitcoin wallet takes a lot of time and effort. For this to be sustainable in the long run the developers need to be paid.

MultiBit has been in the Bitcoin space since 2011. In that time it has seen continuous development and improvement. Back in March 2014 we celebrated 1.5 million downloads and we've been growing ever since.

Supporting a virtual metropolis of users and writing new features is now a full time job for a team of developers.

What about funding it through adverts ?

Too invasive. In general adverts provided by third parties place tracking cookies and monitor IP addresses. The advertisers themselves often want to have detailed demographic information. We believe very strongly in the privacy of our users so we do not want to expose them to this.

Bear in mind that technical users (including ourselves) tend to have ad-blocking software running and so don't see adverts presented in a browser context and we personally find in-app adverts to be both distracting and intrusive.

By charging a client fee we can avoid intrusive or privacy-breaking alternatives.

What about paying upfront for it ?

Possible but then we couldn't be pure Bitcoin. When people download a Bitcoin wallet for the first time they don't usually have any bitcoin to hand. Consequently we would have to ask for payment using a non-Bitcoin mechanism which would defeat the point of having Bitcoin in the first place.

There is also the problem of piracy. Once a signed, paid-for copy of MultiBit HD is out there it wouldn't be long before it is torrented. While we're happy for this to happen (we release under MIT licence after all) it would mean that ongoing income from sales would be limited.

Finally it is important to remember that people from all over the world use MultiBit HD and what is affordable to one group of people is very expensive to others. An upfront fee would restrict access to Bitcoin to only those who could afford it.

We want anyone, anywhere in the world to be able to download MultiBit HD without having to pay for it.

So what are you proposing instead ?

We're fortunate to be in this position to contribute to the Bitcoin community, and to enable us to keep paying the bills we designed a way to get income that matched these principles:

  • Must be open source under MIT license
  • Fees must be extremely low
  • No gathering or selling of information to third parties
  • No in-app advertising
  • Zero upfront cost
  • Must be decentralised apart from an anonymous initial contact
  • Must allow income to be allocated to other parties efficiently
  • All communications must rely on encrypted messages to prevent snooping, MITM and replay attacks

Can you explain why it is decentralised ?

This is to ensure that the BRIT income could continue even if the servers were inactive for some reason. There is no denial of service to users should we suffer an outage, perhaps as a result of a denial of service attack.

There is a single, anonymous initial contact required in order to deliver the payment addresses to the user. These are on a per wallet basis.

How does this anonymous initial contact work ?

During wallet creation a unique irreversible identifier is created and sent to our site. This is stored and used as follows:

  • to provide a timestamp lookup facility (faster synchronization)
  • to ensure that the same fee payment addresses are supplied for the same wallet words (restored wallet doesn't lose fee info)

So can you work out my wallet words from this identifier ?

Absolutely not. The unique identifier:

  • does not allow us reverse engineer wallet words or any other wallet information
  • does not allow us to spend or recover bitcoins
  • does not allow us to identify you as an individual (no IP address is stored for example)
  • does not allow us to track you

For the technically minded, the algorithm for the unique identifier is essentially this:

  • A large fixed prime was selected as a salt value
  • The salt is used in the Scrypt algorithm using default values
  • A Scrypt private key is generated deterministically
  • From this an EC private key is derived deterministically
  • An EC public key is derived deterministically
  • The EC public key is then subjected to RIPEMD160(SHA256(publicKey)) similar to a Bitcoin address
  • The outcome is then suitable for use as a unique identifier for a particular set of wallet words

The salt value for Scrypt is completely different to that used when storing the MultiBit HD wallet so there is no connection between the name of the wallet on your hard drive and that recorded on the server.

Is this unique identifier secure ?

Yes. It is sent to the server over HTTPS and the data itself is further encrypted using the BRIT server public key embedded in the MultiBit HD code. This code is part of the digitally signed installer so cannot be tampered with. The response from the server is also encrypted using a key generated by MultiBit HD.

Are the payments collected for every transaction ?

No. That would be a significant privacy leak and the values themselves are near the dust limit for Bitcoin transactions anyway.

So they are bundled up instead ?

Yes. As you make a payment as part of your normal use of Bitcoin MultiBit HD will keep a count internally of how many times you have created a transaction. When the count reaches between 15 and 25 an additional output will be created of between 15,000 and 25,000 satoshi. The output will be placed at a random position on the normal transaction making it unclear what its purpose is. Once that transaction is sent the payment is made, the count resets and the process begins again.

Is it the same BRIT address every time ?

No. When you create a new wallet in MultiBit HD the unique identifier is sent to The response contains a set of 50 addresses that can be used to fulfill a fee payment. When the time comes to pay the fees one of these addresses is selected randomly.

What if the server is offline when I create my wallet ?

The BRIT system is designed to be decentralised. Should our server be offline for whatever reason, MultiBit HD has a set of well-known donation addresses built in which it will use instead.

Could a donation address be used instead of BRIT ?

Yes. If you make a payment from your wallet to a donation address (such as 1AhN6rPdrMuKBGFDKR1k9A8SCLYaNgXhty then this will count towards your fees.

So can I donate and avoid the BRIT fees ?

Yes. BRIT has been designed to allow this to happen. There is a button on the Preferences | Fees screen which allows you to make a donation to which offsets your BRIT fees to that amount.

You mentioned income being allocated to other parties. What's that about ?

The design of BRIT allows addresses to be added to the server. These addresses can be owned by anyone - perhaps developers of the open source libraries on which MultiBit HD depends. By including their addresses (something under the strict control of the MultiBit developers) they are able to directly benefit from the success of MultiBit HD. This creates a virtuous circle which benefits everyone in the Bitcoin ecosystem.

Can I inspect the code ?

Yes. All the payment code, both client and server side, has been released under the MIT licence for other teams to use freely. The BRIT Service code and documentation is available for examination on GitHub. The client code is currently within the MultiBit HD repo.

04 Feb 2015

Related articles

Here are some related articles: