Author: Pedro Worcel 2015-02-02 21:09:20
Published on: 2015-02-02T21:09:20+00:00
In a discussion thread on the Bitcoin-development mailing list from February 2015, Joel Kaartinen raised a concern about the security of multiple signature transactions. He asked how a user could be sure they were not signing the wrong transaction on their mobile device if an attacker had compromised their desktop computer but not their mobile device. Brian Erdelyi responded that the mobile device should show the details of the transaction, including the amount and bitcoin address, and that if the address was replaced, it would not match where the user intended to send it, and they could choose not to provide the second signature.Erdelyi also noted that the benefit of multiple signatures relies on the independence of the multiple secrets, and if two out of three private keys are compromised, there is no gain in security. However, he argued that as more malware targets bitcoins, it is worth finding methods to help verify transactions before they are completed. Erdelyi suggested that the balance is trying to devise something that users do not find too burdensome.
Updated on: 2023-06-09T16:11:02.768255+00:00