2
Imagine a scenario. There are 3 parties: Party A, Party B and a mediator party C. A and B transfer each 1 BTC to a newly created wallet W owned by C. The function of C is to distribute the entire 2 BTC to either A or B depending on some condition (think a bet). Now imagine C gets compromised and it's private key is stolen by a hacker. The hacker can now send 2 BTC to any address he wants. Is it possible to limit wallet W to sending funds to only A or B? So that even if it's compromised, the hacker can only send funds to A or B and not any arbitrary address.
Wow, this is a great explanation. Thanks. Is it possible to create a 1-of-2 multisig address without taking the second "master" key out of the offline storage? – andr111 – 2014-11-14T18:01:57.807
Yes. This guide explains how to create a multisignature address, assuming you know the public key of the offline key. Spending from a multisignature address is still a little annoying.
– Nick ODell – 2014-11-14T18:28:47.690Another issue is that C has no way to prove that the private key is really destroyed. He could have kept a copy, intentionally or unintentionally, that could later be stolen or abused. – Nate Eldredge – 2014-11-14T19:51:35.293