A New Look at the Refund Mechanism in the Bitcoin Payment Protocol
This work addresses security vulnerabilities in Bitcoin payments for merchants and customers, offering incremental improvements over prior solutions.
The paper identifies drawbacks in a previous fix for refund attacks in the Bitcoin payment protocol (BIP70) and proposes a new solution using multi-signature mechanisms, which eliminates the need for merchants to store refund requests and allows refund address updates via email, while also introducing an application for anonymous payments using merchants as mixing servers.
BIP70 is the Bitcoin payment protocol for communication between a merchant and a pseudonymous customer. McCorry et al. (FC~2016) showed that BIP70 is prone to refund attacks and proposed a fix that requires the customer to sign their refund request. They argued that this minimal change will provide resistance against refund attacks. In this paper, we point out the drawbacks of McCorry et al.'s fix and propose a new approach for protection against refund attacks using the Bitcoin multi-signature mechanism. Our solution does not rely on merchants storing refund requests, and unlike the previous solution, allows updating refund addresses through email. We discuss the security of our proposed method and compare it with the previous solution. We also propose a novel application of our refund mechanism in providing anonymity for payments between a payer and payee in which merchants act as mixing servers. We finally discuss how to combine the above two mechanisms in a single payment protocol to have an anonymous payment protocol secure against refund attacks.