|Doubt Over Craig Wright's Claim To Be Bitcoin Inventor - Updated|
|Written by Mike James|
|Thursday, 05 May 2016|
In a blog post Craig Wright claims to be Satoshi Nakamoto and apparently the evidence is so overwhelming that news agencies are running headlines like "Inventor of Bitcoin identified". Not so fast.
Update: Offers of proof of being Satoshi have now been withdrawn.
After promising strong proof, including actually spending some of Satoshi's bitcoin Craig Wright has stated that on his website:
The rest of his web site seems to have been taken off line. Earlier Gavin Andresen stated that he regretted providing support for Wright's claims. He states that he thought that evidence had been provided to other people that Wright had access to Satoshi's private keys.
It seems that the sorry saga is now more or less over.
What it illustrates most clearly is that in these days of public key crypto it is very difficult to fake an identity. Signing something with a private key that hasn't been stolen or compromised is very difficult and the evidence needed isn't negotiable - you can't half sign a document.
If some one ever does offer a contemporary document signed with Satoshi's private key then the only argument against the proof is that the key had indeed been compromised but without such a signature there is no grounds to even speculate that someone is who they claim to be.
While there's a lot of smoke surrounding this particular revelation, with even a little knowledge of cryptography you can see through it.
If you wanted to convince me that you were Satoshi with minimum doubt you would find a text message, use your private key to sign it and allow anyone to confirm that it was signed by Satoshi by verifying it using one of Satoshi's public keys.
This would be simple, direct and difficult to fabricate without possession of at least one of Satoshi's private keys. Notice that there is nothing stopping you doing this as you do not have to reveal the private key to anyone - only sign some text that there is no chance that Satoshi signed in the past.
Wright's Wikipedia entry makes for interesting reading and is currently changing quite rapidly!
This is not what Craig Wright does in his recent blog post. Instead he constructs something that is a cross between a claim to be Satoshi and a tutorial on signing a document. By doing this he manages to avoid making any explicit claims of what is a signature, what is signed and specifically by what key.
At the start we have paraphrase of Sartre
If I sign Craig Wright, it is not the same as if I sign Craig Wright, Satoshi.
Then immediately afterwards there is what looks like a digital signature:
IFdyaWdodCwgaXQgaXMgbm90IHRoZS BzYW1lIGFzIGlmIEkgc2lnbiBDcmFpZyB XcmlnaHQsIFNhdG9zaGkuCgo=
After this we have the start of a tutorial on signature verification. It is difficult not to see this as something that has been included to just look good and confuse non-technical journalists. The first step on the way to suggesting that we have signed a file using Satoshi's key is the computation of the hash of a file containing the paraphrase.
Unfortunately the file is shown as a screen dump ending in:
indicating that there is more of the file to show. What this means is that we cannot reproduce the hash because one character change would produce a different hash. Without the complete file this is not reproduceable and hence not verifiable.
We are then told that the signature is
MEUCIQDBKn1Uly8m0UyzETOb USL4wYdBfd4ejvtoQfVcNCIK 4AIgZmMsXNQWHvo6KDd2Tu6euEl1 3VTC3ihl6XUlhcU+fM4=
but we cannot verify that this is the signature of the file as we do not have the exact contents of the file. What is more the blog says that the file to be used is called Sartre, but in the screen dumps the file used is message.txt. Whatever the file is called, or whatever is in it the signature, checks out ok.
What this proves is that Wright has a file that has been signed using Satoshi's private key. This seems to be strong evidence that he does indeed have the private key.
The hash value given has been identified by a number of people as being the hash of an early Bitcoin transaction conducted by Satoshi. So either we have an example of a hash collision, which for SHA-256 is extremely unlikely by chance and next to impossible to arrange on purpose, or the file in question is in fact the Bitcoin transaction.
As this is overwhelming likely to be the case, the entire blog post is at best grossly misleading as the file used was signed by Satoshi in 2009. The only defence is that the blog post is a tutorial and doesn't claim to be proof that Wright is Satoshi - in which case no news.
Even if you don't follow the details of what is wrong with the evidence offered, keep in mind that providing clear evidence that Wright is Satoshi would be simple - just sign a message that Satoshi hasn't sign in the passed - such as headlines fromtoday's newspapers like they do in kidnappings - and let the world check it.
To do anything else is a clear sign that we are being duped.
There is the small matter that Wright has demonstrated the signing of a new message to a number of well known "experts":
"At the meeting with the BBC, Mr Wright digitally signed messages using cryptographic keys created during the early days of Bitcoin's development. The keys are inextricably linked to blocks of bitcoins known to have been created or "mined" by Satoshi Nakamoto."
I suppose it doesn't really matter who Satoshi actually is, and it could all be an elaborate mind game, but it does reveal how easy it is to use technology as a magic trick.
or email your comment to: firstname.lastname@example.org
|Last Updated ( Thursday, 05 May 2016 )|