Hacker News new | past | comments | ask | show | jobs | submit login

EDIT 2: Debunked!

The signature in Wright's post is just pulled straight from a transaction on the blockchain. Convert the base64 signature from his post (MEUCIQDBKn1Uly8m0UyzETObUSL4wYdBfd4ejvtoQfVcNCIK4AIgZmMsXNQWHvo6KDd2Tu6euEl13VTC3ihl6XUlhcU+fM4=) to hex (3045022100c12a7d54972f26d14cb311339b5122f8c187417dde1e8efb6841f55c34220ae0022066632c5cd4161efa3a2837764eee9eb84975dd54c2de2865e9752585c53e7cce), and you get the signature found in this transaction input: https://blockchain.info/tx/828ef3b079f9c23829c56fe86e85b4a69...

Note that the base64 string at the top of his post isn't a signature, just a cleartext message: " Wright, it is not the same as if I sign Craig Wright, Satoshi.\n\n".

Now the only question is how he fooled Gavin. I would imagine this story will still get spread around some naive channels for a while, just like the last time Wright tried something like this.

Credit goes to jouke in #bitcoin for figuring it out.


EDIT: Current opinion: still skeptical. Here is the public cryptographic "proof": http://www.drcraigwright.net/jean-paul-sartre-signing-signif...

Something still seems off to me, why does he go into such specific detail in verifying the signature? I would have assumed he would just let people figure out the verification themselves. But maybe I'm just skeptical because Satoshi having a public identity takes some of the magic away.

As pointed out by maaku, he never revealed what message the signature is supposed to be signing.


My Original Post:

Everyone in this thread is already taking this as the truth. But remember that Wright has not publicly released any cryptographic proof, there is only a claim from BBC that he showed the signature to them and a few magazines.

This strikes me as a little strange since originally Satoshi pretty much only interacted with the community via the bitcoin mailing list. Why did he "reveal" the proof by sending it to some magazines rather than emailing the mailing list?

It really seems like the person who created Bitcoin, a trustless system based on cryptographic proof, wouldn't make everyone take his word on his identity when it could be trivially solved with one email.

Last time around, he peddled fake proof. A deliberately backdated PGP key trying to look like Satoshi's. The key also reported being created on a date when the software it was created with didn't yet exist. (Keyservers will happily accept keys that claim to be generated in 1992. Some publications that ought to have known better still accepted it back then, until it was pointed out.)

Still looking at the page you posted in the edit, but not yet convinced.

edit: Sarah Jeong of Motherboard summed up the objections last time: https://motherboard.vice.com/read/satoshis-pgp-keys-are-prob...

Wright goes into a long post explaining public key crypto - to me it looks intended to bedazzle more than inform - but as far as I can see he does not produce a signature from any of the genuine keys associated with Satoshi.

Something is weird. He provided a message and a signature, but there's nothing in the message to indicate that he signed it himself, or when it was signed. It could have been signed months or years ago and there's no way to prove otherwise.

He needs to sign a message provided to him right now - or otherwise show ownership of coins in early blocks by moving them around.

Edit: He apparently haven't even provided a valid message/sig, so the whole thing stinks.

Yes, absolutely. He apparently goes to great lengths to "prove" that he is Satoshi, but when asked to sign a new message, answers "I’m not going to keep jumping through hoops."

Um, what? Signing a new message is a minuscule jump through a very large hoop, not something difficult or cumbersome or time consuming.

This fact alone is indefensible, smells of fake and should be enough to dismiss the claim.

If you're using a given key daily, yeah, it's not a big hoop. But I imagine Satoshi having his key hidden on an offline computer right now, hidden securely. Taking it out of vault must be a lot of effort.

But if you actually want to prove you're Satoshi, isn't that exactly what you'd do, rather than spend a lot of time on these other 'proofs'? What's the point?

Which is exactly why you wouldn't waste time signing a useless quote.

Just sign a message attesting that YOUR NAME is satoshi. No more work. Done once.

Yeah, the best thing would be if he signed a news article that didn't exist, and couldn't have been predicted until very recently.

EDIT: Or maybe the latest bitcoin block.

Sending even the tiniest amount from one of the early chunks of Bitcoins would be closer to proof.

> EDIT: Well nevermind, here is the public cryptographic proof: http://www.drcraigwright.net/jean-paul-sartre-signing-signif....

Really? That just looks like a much too long (targeted to journalists) description of ECDSA signing. Where's the _actual_ signature?

It's near the beginning of the post.

Are you referring to

> IFdyaWdodCwgaXQgaXMgbm90IHRoZSBzYW1lIGFzIGlmIEkgc2lnbiBDcmFpZyBXcmlnaHQsIFNh dG9zaGkuCgo=

It's just a base64 encoded string.

And the string starts with space and ends with two line feeds:

     " Wright, it is not the same as if I sign Craig Wright, Satoshi.\n\n"

The message isn't provided.

The message is the Sartre quote at the top of the post.

Edit: No it's not.

No, it is (supposedly) a longer document of which only a portion is shown in a screenshot.

Here is the full document: http://www.nybooks.com/articles/1964/12/17/sartre-on-the-nob...

but since getting a single piece of whitespace wrong would throw the hash off completely, that isn't terribly useful. Though it seems that it should be possible to brute force every reasonable permutation of formatting for the article and find one whose hash matches the one he provided, if it's the real source. The search space of "documents within a string edit distance of N" is probably not too large.

He originally presented an obvious forgery. Now he has presented a slightly better forgery, but given it only to outlets who will agree not to publish it (and risk scrutiny by folks more technically adept than the journalists). My working hypothesis is that Wright doesn't need to convince the "community". He only needs to convince the banks that lent him money based on collateral of an allegedly non-existent bitcoin wallet.

Maybe he didn't fool Gavin. Maybe somebody forced Gavin to release that statement.

Maybe Gavin's acct was hacked?

Unlikely. He would have used his other accounts or private keys to let us know by now. He tweeted something less than an hour ago.

> EDIT: Current opinion: still skeptical. Here is the public cryptographic "proof": http://www.drcraigwright.net/jean-paul-sartre-signing-signif...

A little off-topic, but suppressing right-clicks (and trying to suppress Ctrl/Alt/Shift?) is a really obnoxious thing for a website to do.

    status="Sorry, not sharing images!";
    function disableclick(event)
      return false;    
    function detectspecialkeys(e){
      var evtobj=window.event? event : e
      if (evtobj.altKey || evtobj.ctrlKey || evtobj.shiftKey)
        alert("The key is not available.");

I don't believe the real Satoshi has any motive for coming public. As thus, anyone claiming to be Satoshi is not something I put any amount of belief into.

As for your aside, not to mention it is completely and utterly futile. Hurts the normal user experience and accomplishes nothing for anyone who wants to steal the images.


Umm, he obviously does. Money, fame and influence over future bitcoin decisions.

Imagine your Satoshi and you need cash for some reason. Reveal your identity and immediately get a bunch of offers for book deals and speaking engagements. You run into career problems, reveal who you are and you can probably snag a position as a Google fellow.

More concerned about your legacy or some crypto-anarachist vision? Revealing yourself could help you influence both the public policy debate on encryption and bitcoin's future (speaking engagements offer more influence than some signed messages on a mailing list).

Finally, what about credit for your contribution. Being known to your friends and family.

Sure, he may still want to remain anonymous but to suggest there isn't the temptation to go public is silly

That's an interesting position.

The question is: why creating this hoax in the first place? If anything, the price of bitcoin has been negatively impacted by this.


What would it be one's motivation behind this?

Why would a ... let's call him a grey area entrepreneur - try to convince people he's sitting on lots of money? I can think of some reasons.

"I have access to $440M. I just can't touch it until 2020."

Perhaps the oldest con ever. Hence the detailed previous story from him of placing all of Satoshi's stash in a trust.

Also really sketch when you make a point of claiming you don't want money.


Who says something like this?

Absolutely - it's the weirdest thing ever that he says this - will he turn down the medal, or just the cash reward - someone who is looking to take your money says something like this.

It's a non-topic really, compensation for winning an award, it's bizarre he plays it up like this.

And he says if he gets the Turing award or some other ACM award, he won't be accepting a cent.

The sentence doesn't make sense and he sounds like David Brent from "The Office".

Let me put forth an alternate theory. Everyone is suggesting this is a scam for more money, which is undoubtedly the most likely explanation. However, I think an alternate explanation is that this may be a larger ploy to try to bait the real Satoshi out of hiding. Get him to say "No, that guy's a poser, it's really me." and while he's out, say "Hey man, what do you think about the blocksize?" This could explain Gavin's participation; pulling out all the stops to try to "save" bitcoin by getting founder-approval for a blocksize bump.

I think the complete opposite would be true.

If there is an official narrative establishing a fake satoshi, the real satoshi would be over-joyed because this would basically ensure any further inquiry into his identity would be in the realm of conspiracy theory... leaving media unwilling to touch it.

It's not literally impossible, but Occam's Razor slashes this theory to pieces.

Even if that were the case, why would it reveal Satoshi? Even if the real Satoshi felt the need to step in, he wouldn't need to reveal himself or open up future communications - just post an anonymous message signed with a known key that states "I am not Craig Wright".

This is the best solution so far, however, it assumes the real Satoshi is still around.

>If anything, the price of bitcoin has been negatively impacted by this.

Deliberately impacting the price of a good negatively is a great way to get it cheap and then sell it for more later.

Fame, fortune from books, speaking fees, directorships at blockchain startups..

If he is not the one he claims to be, why doesn't the real Satoshi send an email saying "hi, it is not him". There are only 2 answers. a. It is him b. The real Satoshi is dead and Mr. Wright knows so.

Unless he is extremely stupid, he would never risk claiming to be the most wanted man in the world, if he was not sure that no one could discredit him.

We don't need more signature here guys. We just need to decide who will play him in the upcoming Hollywood movie, cause he defies the stereotype of nerdy looking geek :-)

Or the real Satoshi knows it isn't this guy and will wait until it all blows over. Presumably at a pub of some sort.

Satoshi, is that you :P?

Yeah, it seems bizarre that he won't publicly sign anything else.

What do you make of Ian Grigg claiming to confirm Wright, having known him as part of the Satoshi team? http://financialcryptography.com/mt/archives/001593.html

He now retracts, says it was poorly worded: https://twitter.com/iang_fc/status/727071298325618689

He didn't retract the blog post. He just agreed that the phrase "I confirm as member" was badly worded. He then replied by tweet: "@tomerkantor you are right - that is badly written. I’ve fixed it on the blog." The blog now reads: "I confirm Kleiman was a member of the team." The stuff confirming Craig Wright's claims is still in the blog post.

That whole blog post was weird. He made various assertions with nothing to back them up, and then walked back one of them. Everything he said could be interpreted as being from public sources (which he believes) plus a personal meeting, sans any strong cryptographic proof, with Wright.

He messaged me on twitter couple of months back out of the blue asking me random questions so I deleted that conversation. My twitter account is @bitcoin22.

Not 100% convinced yet! Though Wright has impressing command on crypto, just waiting for a signature from the monkey's original key!

To play devils advocate, if I had private keys that were tied to a not-small fortune, I'd keep them so far from my computer that even the proof he's provided would be out of the question.

...On the other hand, the screenshots are from Windows. Windows! Are we really to believe Satoshi uses Windows?

> ...On the other hand, the screenshots are from Windows. Windows! Are we really to believe Satoshi uses Windows?

Yes. This is the one part of the whole story that doesn't smell. The first version of Bitcoin was windows-only.

+1. Still, code screenshots in Notepad?!

I don't see why he would go through all that trouble with the blockchain when he could just send an email with "'sup all, I'm Satoshi" and sign it with his PGP key.

Well, he'd still want to keep them in a safe place he can access if he ever wants the money. And he's had at least 4 months to do something with the key.

Agreed, the pre-reveal announcement goes back to March


Can you explain why the signature matching one in the blockchain disproves the theory?

I imagine the signature must also be somehow related to his private/public key pair otherwise his blog is just junk cryptography and would have been easily debunked anyway?

Signatures are unique to the message that's being signed, otherwise they'd be useless.

Signatures are only probably unique. Theoretically there can be collisions.

Granted, the likelihood that he inadvertently collided with a public transaction is astronomically small.

Nowhere in the blog post does Wright say “this is the proof I’m Satoshi”. The entire write-up reads like he’s just giving an example. Why does everyone think it’s some kind of proof?

Is he is not the one he claims to be, why doesn't the real one send a mail saying "hi, not him"?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact