A New Look at the Refund Mechanism in the Bitcoin Payment Protocol

Research output: Contribution to conferencePaper

Author(s)

Department/unit(s)

Conference

ConferenceFinancial Cryptography and Data Security 2018
Abbreviated titleFC 2018
CountryNetherlands
Conference date(s)26/02/182/03/18
Internet address

Publication details

DateAccepted/In press - 18 Nov 2017
DateE-pub ahead of print (current) - Mar 2018
Original languageEnglish

Abstract

BIP70 is the Bitcoin payment protocol for communication between a merchant and a pseudonymous customer. McCorry et al. (FC 2016) showed that BIP70 is prone to refund attacks and proposed a fix that requires the customer to sign their refund request. They argued that this minimal change will provide resistance against refund attacks. In this paper, we point out the drawbacks of McCorry et al.’s fix and propose a new approach for protection against refund attacks using the Bitcoin multisignature mechanism. Our solution does not rely on merchants storing the refund request, and unlike the previous solution, allows updating the refund addresses through email. We discuss the security of our proposed method and compare it with the previous solution. We also propose a novel application of our refund mechanism in providing anonymity for payments between a payer and payee in which merchants act as mixing servers. We finally discuss how to combine the above two mechanisms in a single payment protocol to have an anonymous payment protocol secure against refund attacks.

    Research areas

  • Bitcoin, Security, Payment Security, Refund Attack

Discover related content

Find related publications, people, projects, datasets and more using interactive charts.

View graph of relations