A New Look at the Refund Mechanism in the Bitcoin Payment Protocol

TL;DR

This paper introduces a novel multi-signature based refund mechanism for Bitcoin payment protocols that enhances security, allows address updates via email, and supports anonymous payments, improving upon previous solutions.

Contribution

It proposes a new multi-signature refund approach that avoids merchant storage, enables email-based address updates, and integrates anonymity features into Bitcoin payments.

Findings

The proposed mechanism resists refund attacks effectively.

It allows updating refund addresses through email.

It enables anonymous payments via merchant-operated mixing.

Abstract

BIP70 is the Bitcoin payment protocol for communication between a merchant and a pseudonymous customer. McCorry et al. (FC~2016) showed that BIP70 is prone to refund attacks and proposed a fix that requires the customer to sign their refund request. They argued that this minimal change will provide resistance against refund attacks. In this paper, we point out the drawbacks of McCorry et al.'s fix and propose a new approach for protection against refund attacks using the Bitcoin multi-signature mechanism. Our solution does not rely on merchants storing refund requests, and unlike the previous solution, allows updating refund addresses through email. We discuss the security of our proposed method and compare it with the previous solution. We also propose a novel application of our refund mechanism in providing anonymity for payments between a payer and payee in which merchants act as mixing servers. We finally discuss how to combine the above two mechanisms in a single payment protocol to have an anonymous payment protocol secure against refund attacks.