Open in app

Sign in

Write

Sign in

Is the UMA protocol the Future of Global Money Transfers?

Distributed Lab
9 min readNov 24, 2023

--

In today’s world, financial transactions are becoming increasingly complex. We use many different accounts at different banks, each with its number. This can be very confusing, especially if we want to send money to someone who is not our customer. The Universal Money Address (UMA) is a new standard designed to make financial transactions easier and faster. UMA is a single address that can be used to send and receive money from any bank account anywhere in the world.

History

On October 23, 2023, Lightspark introduced its Universal Money Addresses (UMA) solution.

Following this announcement, XapoBank introduced universal money addresses on the same date, Bitnob also presented its implementation of UMA. Currently, UMA is operational in 47 countries.

Context

Before diving into the details of the UMA protocol, let’s start with some basic definitions and roles.

A VASP (Virtual Asset Service Provider) typically encompasses businesses engaged in various activities on behalf of customers, including exchanging virtual assets with fiat currencies, facilitating exchanges between different virtual assets, transferring virtual assets, and providing safekeeping or administration of virtual assets or instruments that enable control over them. Additionally, VASPs may participate in and offer financial services related to virtual asset issuance, sale, or management.

VASP1 — Under this abbreviation, we will mention the VASP that initiates a Lightning payment using UMA for its customers.

VASP2 — This VASP in our description receives a Lightning payment powered by UMA for its customers.

Travel Rule Authority (TR Authority) serves as an elective entity within the UMA protocol, offering the capability to authenticate the public keys of UMA participants. For example, when VASP2 obtains a signature and the corresponding signing public key from a VASP1, it can query the TR Authority to verify whether the provided public key genuinely corresponds to the VASP domain identified as the sender. So we can imagine the TR authority as a Certificate Authority in PKI.

Compliance Provider — a third-party or internal compliance service that provides blockchain analysis and related services for risk and regulatory compliance. UMA facilitates risk assessment and transaction monitoring reviews both pre- and post-transaction.

How UMA appeared (a possible scenario)

During her exciting holiday on a mysterious island, Alice discovers a stunning charity event that Bob, her longtime friend, organized. She wants to support this important initiative, but all her funds are held in cryptocurrency, while the promotion only accepts donations in local currency. Now Alice needs to send money to Bob so that he can contribute to her charity and support their common goal.

Let’s define how it might look before UMA…

Firstly, Alice opened her laptop and started looking for an exchange service on the island (because her exchange/custody service doesn’t support Bob’s local currency).

She found a few options and compared their terms. Then she chose a service that offered a favorable exchange rate and low commissions. Alice registered on the exchange service’s website and entered her personal information.

Then she transferred her cryptocurrency funds to the service’s account. The exchange process, let’s say, took about an hour, and the commission was 1%. After the exchange, Alice received the funds in her account at a local bank. She decided to transfer them to Bob’s account through an online platform. The deposit process took about two hours, and the fee was 2%. Looks like that’s it, but…

The next day, Alice received a message from the bank. The deposit had been rejected due to a compliance issue (shit happens). Alice was confused and frustrated. She called the bank to find out what had happened. The bank explained that Alice had not provided enough information about her source of income. So she would need to provide additional information, such as her tax returns, before the deposit could be processed. Alice was disappointed. She didn’t have time to gather all the necessary information. The charity event was only a few days away.

Alice decided to try to exchange her cryptocurrency for local currency through another exchange service. She found a service that offered a slightly lower exchange rate but did not require as much compliance information. The exchange process went smoothly, but the withdrawal process was slow. It took several days for the funds to arrive in Alice’s account at a local bank.

Finally, Alice was able to transfer the funds to Bob’s account. But could it be much easier and faster?

With UMA, Alice could avoid many problems she would have encountered using traditional methods. She would not have to waste time searching for an exchange service on the island. She would not have to exchange cryptocurrency for local currency, which can be costly and time-consuming. And she wouldn’t have to provide additional information, such as her source of income (as long as she has a verified account on an exchange, supporting UMA), which could be inconvenient or even dangerous. Let’s see how.

The general flow

There are 4 main steps of the UMA payment flow:

  1. Recipient Information Request: The sender’s bank or financial institution (VASP1) asks the recipient’s bank (VASP2) for basic information about the recipient, such as their preferred currency and exchange rate.
  2. Payment Request Creation: VASP1 sends a request to VASP2 specifying the amount to be sent and any additional compliance information required. VASP2 then generates a payment invoice.
  3. Payment Execution: The sender uses their UMA address to pay the invoice using the Lightning Network, a fast and low-fee payment protocol.
  4. Post-Transaction Compliance: After completing the transaction, information about the payment is shared with compliance providers for any necessary post-transaction checks.

How UMA protocol works

Now we will assemble everything into one diagram and then break it into logical steps with their detailed description.

At first, Alice needs to register with a VASP that supports UMA to acquire her unique name and address. To accomplish this, she must share her personal information and undergo the ‘Know Your Customer ‘ procedure.

After registering with VASP, Alice receives a unique name and, accordingly, an address. UMA addresses have the format $<username>@<domain>. Addresses have their requirements; you can find them here. Bob needs to do the same with his VASP.

Now Alice can inform the VASP that she intends to transfer a specific amount to Bob at his address. In this case, Alice consents to transferring personal data, including the payment amount, sender, and recipient.

Next, Alice’s VASP interacts with Bob’s VASP. Each VASP has a unique pair of keys, confirming its authenticity. TR Authority issues certificates of conformity to certify that VASPs are operating correctly. The UMA protocol presume the usage of two secp256k1 key pairs: to sign messages between VASPs and to encrypt sensitive data such as payment information and travel policies (through generation the common secret with DH).

After the initiation of the UMA protocol, the VASP1 sends the first request towards the VASP2.

For instance, in a scenario where $alice@vasp1.com is making a payment to $bob@vasp2.com, the request takes the following form:

Here, umaVersion denotes the supported UMA protocol version by VASP1, and its details can be explored in the versioning section below. The parameter isSubjectToTravelRule indicates that VASP1 functions as a financial institution obligated to comply with the Travel Rule Authority. Nonce represents a randomly generated unique string created by the SDK, serving the purpose of preventing replay attacks. Timestamp corresponds to the Unix timestamp in seconds. The Signature is VASP1’s signature over the hash of “$bob@vasp2.com” + nonce + timestamp. It’s essential to note that UMA signatures are consistently presented as hex-encoded strings.

Now, we need to synchronize the versions. The UMA protocol includes a version negotiation method within the original LnurlpRequest. UMA versions are represented as <major>.<minor> (e.g., 1.2), where major changes are critical, and minor changes may include minor additional features. VASPs must support compatible versions for successful interaction. You can view the interaction diagram here.

If the verification is successful and the versions match, we can check the Virtual Asset Service Providers for compliance with Financial Action Task Force (FATF) requirements. The UMA SDK provides an efficient mechanism for obtaining and caching public keys from other VASPs within the UMA protocol context. This tool manages the key cache, offering transparent access to extraction, addition, removal, and clearing of public key records. During the execution, the VASP2 effectively checks the sender’s key cache. Without a valid record, the SDK dynamically requests keys from the sender. The received keys may undergo additional confirmation to ensure their belongingness to the respective VASP.

Upon successful verification, we proceed to initiate a payment request. This request facilitates the exchange of compliance data and instructs the VASP2 to create an invoice for a specific amount on behalf of the receiving user.

The next UMA protocol request is the payreq request. This request exchanges compliance data and instructs the VASP2 to create an invoice for a specific amount on behalf of the receiving user. The VASP2 must generate an invoice for the VASP1 with the correct amount and return a valid.

Now, just send the payment by settling the invoice! However, this payment needs to be made in the sender’s preferred currency → Bitcoin → recipient’s preferred currency. On the VASP side, when the user confirms the payment, you first need to convert their preferred payment currency into bitcoins to transmit them over the Lightning network. As a VASP2, you must listen for a completed incoming transaction.

The UMA protocol also involves a Compliance Provider — a vital entity offering blockchain analysis and associated services for risk and regulatory compliance. UMA goes the extra mile by facilitating risk assessment and transaction monitoring, ensuring a comprehensive review before and after transactions occur. This strategic integration adds layer of security and regulatory adherence to the UMA financial landscape.

And with that, we’ve completed the protocol! Bob has successfully received his funds, and our financial fairy tale ends happily. Like a magic wand, the UMA protocol ensures seamless and efficient money transfers, bringing joy to our digital kingdom.

For a detailed protocol overview, visit the Lightspark website.

Who uses the UMA protocol

While UMA has encountered its share of critics, it is gaining significant traction with active utilization by prominent platforms such as Bitnob, Coins.ph, Foxbit, Ripio, and Xapo Bank. These entities actively embrace UMA, underscoring its increasing adoption and relevance within the financial landscape.

Critiques of UMA

UMA faces notable criticism primarily for not presenting a groundbreaking concept, with parallels drawn to the pre-existing ‘Paymail’ feature on the BitcoinSV chain.

Additionally, detractors highlight its lack of permissionlessness and censorship resistance. Numerous users, especially within the X community, express aversion to the mandatory KYC procedure, considering it contradictory to the foundational principles of Bitcoin. UMA’s compliance measures also come under scrutiny, raising concerns about potential centralization associated with stringent regulatory adherence. A significant portion of Bitcoin users lean towards privacy over embracing KYC requirements.

Comparison

While UMA has no direct equivalent in the cryptocurrency world, there are several similar systems in the traditional financial system, such as SWIFT, SEPA, and ACH. SWIFT is the most widely used system for international financial messaging, providing a secure network for banks to send and receive financial information. SEPA aims to simplify cross-border Euro transfers, making them as convenient as domestic transfers. ACH networks in countries like the United States facilitate large volumes of credit and debit transactions in batches, often used for payroll, direct deposit, tax refunds, and other payments. These traditional systems offer similar functionality to UMA, but they are slower and charge more fees, while UMA offers faster transfers, 24/7, from anywhere in the world and through any VASP that supports UMA.

Tendencies

The UMA protocol provides an innovative solution for global financial transactions, offering unique capabilities for the transfer of both cryptocurrencies and fiat funds. Despite some criticism, UMA is seeing significant attention from crucial players such as Bitnob, Coins.ph, Foxbit, Ripio, and Xapo Bank, highlighting its importance and strong adoption in the industry. With continuous development and improvement of the protocol, UMA continues to gain attention and set new standards in the world of financial technology.

--

--

Distributed Lab
Distributed Lab

Written by Distributed Lab

65 Followers
1 Following

The mission of R&D company Distributed Lab is to make the Financial Internet a reality. We`ll talk about decentralized technologies that are changing the world.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams