0
I want to create a MultiSig address where user A sends the public key of its bitcoin address (gets saved in the database). User B gets notified that he must send his public key to create the 2-3 MultiSig address. The third address is provided by me as a mediator. My concern is that if the server is hacked, the hacker can change my source code (PHP) so that 2 of 3 public keys are in his possession. Any ideas on how I can secure this 2-3 MultiSig address creation scenario?
1
I think your worry is that the hacker will change the public key in the database to be the public key for one of their addresses, and get access to the private key that you own, which means they will have the ability to make 2/3 signatures, which is all that they need.
This will only be a risk if you can't detect it and alert those who are funding the addresses to stop. As Matthieu said, the signatures on the old multisig address won't be valid anymore. If your service is queried for an address to send coins to, however, and it returns the new maliciously created address, then your users might be funding an address which can be spent by the hacker.
So, I think your best bet would be to make sure that you can put your service into safe-mode if someone has hacked in.
Yes, that is exactly what I did. – Antoni – 2014-10-21T06:45:17.850
0
As long as what you ask from the users are only their public key and signature, you are safe. You only have the third private key per your description, users A and B have the 2 others.
You may want to have a look at BlockCypher's multisig API that implements a scheme very similar to what you describe (only the mechanism for notification is left for you to choose):
My concern is that a hacker can change User B and my own public address with his own. User A will not know these have been changed and fund that MultiSig address. I'll have to add a lot of security to my linux server to avoid being hacked. – Antoni – 2014-07-23T07:02:53.813
If a hacker changes an address, the transaction is changed as well and the signature that User A provided will not be valid anymore. – Matthieu – 2014-07-23T22:38:35.197
1It's worth noting that this problem is not specific to multisig - If you have e.g. a donation address, somebody who breaks in could change that address to something they controlled. – Nick ODell – 2014-10-21T00:02:34.303