We reduce blockchain’s reliance on constant internet by enabling secure partially offline payments. This breakthrough advances U2U as the global transaction engine—fast, inclusive, and resilient in
TinyPay enables seamless cryptocurrency payments in real-world scenarios—even without internet access. We bridge the gap between digital assets and everyday commerce.
Our platform transforms crypto into a cash-like experience by eliminating the need for constant connectivity. At its core, TinyPay uses a secure One-Time Password (OTP) system on the U2U blockchain to ensure transactions are fast, reliable, and trustless.
ResourceLink
🜸 Website Visit Our Website
🎬 Video Demo & SlidesView on Google Slides
🍎 TestFlight (Payer App)Download TinyPay
🛒 TestFlight (Merchant App)Download TinyPayCheckout
🧑💻 GitHub (Payer App)TrustPipe/TinyPay
🧑💻 GitHub (Merchant App)TrustPipe/TinyPayCheckout
🧑💻 GitHub (EVM Contract)TrustPipe/TinyPayContract-ETH
🧑💻 GitHub (Backend Server)TrustPipe/TinyPayServer
True Offline Payments: A hash-chain OTP system lets users generate secure, single-use payment codes offline, enabling transactions anywhere.
On-Chain Security with U2U: Funds are secured in a non-custodial smart contract. The contract validates OTPs, processes payments, and supports both Precommit and Paymaster models.
Multi-Currency Support: Built on the U2U URC standard, TinyPay supports U2U, USDC, and any URC20 token.
Simple UX: Two lightweight Swift apps—TinyPay (payer) and TinyPayCheckout (merchant)—deliver an intuitive, minimal payment experience.
TinyPay is built on a four-part architecture designed for simplicity and security:
Payer App (TinyPay): iOS app where users deposit assets into the contract and generate offline OTPs.
Merchant App (TinyPayCheckout): iOS app for merchants to input sale amounts and collect OTPs.
Backend Server (TinyPayServer): Golang service that validates merchant requests and submits transactions to the U2U contract.
U2U Smart Contract (TinyPayContract): Manages funds, validates OTP chains, and executes asset transfers.
TinyPay.sol brings the same trustless, offline-to-on-chain settlement flow to EVM. Users preload balances per token, merchants pre-commit intended payments, and a one-time OTP drives a forward-only hash chain so each code can be used exactly once.
UserAccount (per payer):
Stores the current tail (ASCII-hex of the last valid OTP hash), optional per-payment limit, and tail update counters to cap refresh frequency.
Multi-asset balances:
Users hold balances per token (native = address(0) / ERC-20). Deposits credit userBalances[user][token]; withdrawals debit them.
OTP validation (one-time use):
A payment is valid iff sha256(otp) (as ASCII-hex) equals the current tail. After success, the tail advances to the raw otp, preventing reuse.
Merchant pre-commit (front-run hardening):
Merchant calls merchantPrecommit(...) to store a short-lived hash:
commitHash = sha256(abi.encode(payer, recipient, amount, otp, token)).
completePayment must present the matching tuple before expiry (unless called by the paymaster, see below).
Fee model & paymaster:
Fees are feeRate in basis points (e.g., 100 = 1%). An optional paymaster can call completePayment without a pre-commit (e.g., for sponsored gas or batch clearing).
Replay & risk controls:
Per-payment limit, maxTailUpdates, and expiring pre-commits (default 15 minutes) mitigate abuse and parameter tampering.
Deposit & bind tail – User deposits a token and (optionally) sets/refreshes tail.
Pre-commit – Merchant announces intent (payer, recipient, amount, otp, token) -> commitHash stored with expiry.
Offline hand-off – Payer shares the OTP to the merchant (e.g., QR, NFC, voice).
On-chain completion – Merchant (or paymaster) calls completePayment(...).
Contract checks – Token support, balance, pre-commit, sha256(otp) == tail.
Settle & advance – Transfer (minus fee), tail = otp, increment counters, emit events.
No shared secrets on-chain: Only sha256(otp) (as ASCII-hex) is compared; raw OTP is revealed only when consumed.
Forward-only hash chain: tail = otp after success, so an OTP can’t be replayed.
Bound intent: Pre-commit binds payer/recipient/amount/token/otp to a single hash with an expiry window, defeating parameter swapping/front-running.
User-held balances: Funds remain attributed to users; the contract only moves value upon a valid OTP + checks.
DeFi Integration: Enable yield generation on deposited funds.
Merchant Services: Add accounting and data-sync integrations.
Hardware Suite: Build branded QR scanners and POS terminals.
Fiat On-Ramp: Connect with fiat exchanges for seamless top-ups.
Harold
Togo
Lucian
Keith