Proof of payment (on-chain & lightning network)

[Robot1982]

Let's suppose that you want to buy something Online using bitcoin. Is it provable (to a 3rd party) that you payed using:

1. Bitcoin on-chain - this may seem straight forward because the transaction is on the blockchain and everybody can verify. However, in a dispute, the merchant may claim he didn't receive the payment and that the address I am referring to in the dispute is not his.
2. Bitcoin lightning network - here I don't know if there is a way at all to prove the transaction to a 3rd party.

For on-chain, I am thinking of a payment request that includes a signature that everyone can verify. The public key could be included in a DNS record (TXT record for example) of that domain. For example if I am buying something from the site abc.com, this domain should have a TXT record with the public key of the merchant. When I pay, the merchant will show me a payment request that is signed with his private key. I verify the request using his public key, then save the request and pay (all these steps can be done automatically by the wallet). Later in a dispute I can prove to anyone by providing the signed request, that the request originated from the merchant and that the address is his. The transaction itself can be verified on the blockchain.

For lightning network, I have no idea if a similar approach is doable.

What do you think about that?

[Rath_]

For lightning network, I have no idea if a similar approach is doable.

Actually, there is a thing called payment pre-image. Once the invoice is paid, the payment pre-image is given to the payer. Any node involved in the payment routing also knows it. It can be used to prove that the invoice has been paid.

How can you prove that you paid it if the merchant doesn't cooperate? Well, the invoice contains a lot of useful information. Node's public key and payment hash are the ones that should interest you. The payment hash is basically a hash of the pre-image which is known only to the merchant before he gets paid.

[Robot1982]

Actually, there is a thing called payment pre-image. Once the invoice is paid, the payment pre-image is given to the payer. Any node involved in the payment routing also knows it. It can be used to prove that the invoice has been paid.

Is this pre-image in some way linked to the initial payment request of the merchant? I mean, if the pre-image only proves that I payed something but not the initial payment request of the merchant then this is not a good prove. If the initial payment request of the merchant and the pre-image are linked together then the same aproach with signed payment requests can be used.

[Rath_]

Is this pre-image in some way linked to the initial payment request of the merchant?

Yes, it is. It looks like I edited my post while you were writing your reply. Each invoice contains a payment hash which is a hash of the pre-image. Read the post above yours again.

[Robot1982]

OK, I understand. This means that both on-chain and lightning transactions can be proved if the invoice is signed by the merchant. The approach with DNS that I proposed might not work very well because the merchant may change the DNS records (the public key) afterwards and then I cannot prove anymore that he signed the invoice. Another approach would be to sign with the private key of the SSL certificate the merchant uses on his website. Even if the merchant changes the SSL certificate, I can still prove that he signed the invoice because the certificate is signed by a certification authority. I only need to save his certificate and then present it together with the signed invoice (and the pre-image if it is a lightning transaction) to prove the payment. Would this approach work? I think this is an important step because today the bitcoin payments are not provable and it is only a question of when a merchant will start to scam people by using bitcoin. With credit cards, Paypal, bank transfers, etc. you can actually prove that you payed (bank statement) but with bitcoin this is currently not possible. What do you think?