A New Look at the Refund Mechanism in the Bitcoin Payment Protocol

Sepideh Avizheh, Reihaneh Safavi-Naini, Siamak F. Shahandashti

Research output: Contribution to conferencePaperpeer-review


BIP70 is the Bitcoin payment protocol for communication between a merchant and a pseudonymous customer. McCorry et al. (FC 2016) showed that BIP70 is prone to refund attacks and proposed a fix that requires the customer to sign their refund request. They argued that this minimal change will provide resistance against refund attacks. In this paper, we point out the drawbacks of McCorry et al.’s fix and propose a new approach for protection against refund attacks using the Bitcoin multisignature mechanism. Our solution does not rely on merchants storing the refund request, and unlike the previous solution, allows updating the refund addresses through email. We discuss the security of our proposed method and compare it with the previous solution. We also propose a novel application of our refund mechanism in providing anonymity for payments between a payer and payee in which merchants act as mixing servers. We finally discuss how to combine the above two mechanisms in a single payment protocol to have an anonymous payment protocol secure against refund attacks.
Original languageEnglish
Number of pages19
Publication statusPublished - Dec 2018
EventFinancial Cryptography and Data Security 2018 - Curaçao, Netherlands
Duration: 26 Feb 20182 Mar 2018
Conference number: 22


ConferenceFinancial Cryptography and Data Security 2018
Abbreviated titleFC 2018
Internet address


  • Bitcoin
  • Security
  • Payment Security
  • Refund Attack

Cite this