Hacker News new | comments | ask | show | jobs | submit login
Craig Wright Is Not Satoshi Nakamoto (nikcub.com)
584 points by rdl on May 2, 2016 | hide | past | web | favorite | 248 comments

Something else that stinks about all this that I haven't seen commented on:

Supposedly, Chris Wright did his ridiculous laptop dance with Gavin Andresen because he didn't want Gavin to leak the signature early.

What a load of crap. These are supposedly real cryptographers we're talking about here. If you ask a cryptographer (including, presumably, Satoshi) how they would prove their identity to someone else such that the other person couldn't leak the proof, the answer doesn't involve airplanes and fishy laptops running dubiously authentic Windows programs. The answer is deniable authentication.

In the bitcoin case, it's trivial. Satoshi's public key is g^p for some p that only Satoshi knows (using multiplicative notation) on a well-known and hopefully secure elliptic curve. You can use this key for ECDSA, but you can also use it for, drumroll please, Diffie-Hellman. Gavin picks a random scalar b and tells Craig Wright g^b. Chris replies with (g^b)^p [1]. Gavin checks that the result is the same as (g^p)^b.

This is deniable: Gavin can trivially make up the transcript of the protocol, so Gavin can't use it to prematurely convince anyone of anything. No airplanes needed.

There are plenty of other ways to do this. Pretty much any zero-knowledge proof of knowledge would work.

[1] In practice, this should be blinded to avoid cross-protocol attacks and relay attacks. Craig could send something like H("Hi Gavin, I am Craig Wright, aka Satoshi Nakamoto" || (g^b)^p). A real cryptographer could double-check me here.

Even easier: Gavin could ask Satoshi which public key he still has the private keys for and then encrypt a message like "Gavin dfHte48FswdeIgre35VGFqwOIhedds" using the public key and ask Satoshi to send him back the text. This proves to Gavin that Satoshi is Satoshi and Gavin can't turn and take that proof to anyone else.

That would be the rational thing to do, but you assumes Wright is sane. Witch he probably is not. Also has someone look into the claim that he has the 17. fastest Super Computer? This things draw a loot of power (4,499.87 kW he claims) and produces a loot of heat. You cant hide it in your mothers basement.., local authorities will know about it. So will the power company! So there should be a paper trail there? (also SGI denied selling him the system) Wright's alleged system, was 15. now 17. fastest in the world: http://www.top500.org/system/178468

I assume Wright is sane and clever. His "magic" (as in "smoke and mirrors") presentations, a sample of which we saw online on his blog clearly demonstrate his talent and the invested time to research, plan and organize the events. The only thing he underestimated is the speed with which the old and existing signature was recognized to be part of his public "proof." Without that if would stay long at "he said, she said" which would perfectly suit him. He planned that kind of development and he knows very well how he'd use his status of "claimed but not-fully-confirmed Satoshi."

An example:

"About six months ago, before he was publicly outed in the technology press, he approached Andrew O’Hagan, a Scottish novelist who wrote an “unauthorised autobiography” of Julian Assange, the founder of the whistle-blower site WikiLeaks. Since then the author, whose most recent novel, “The Illuminations”, was longlisted for the 2015 Man Booker Prize, has had complete access to Mr Wright and his family, as well as to his research and business colleagues. Mr O’Hagan is writing a long article for the London Review of Books(2) on Mr Wright and “his journey towards revealing his work.” (Mr O’Hagan, too, has come to be convinced that Mr Wright is Mr Nakamoto.)" (1)

1) http://www.economist.com/news/briefings/21698061-craig-steve...

2) http://www.lrb.co.uk/2016/05/01/andrew-ohagan/the-search-for... "Online exclusive · 1 May 2016: The full, long-form account will be published here later this month." "In a world exclusive for the London Review of Books, Andrew O’Hagan spent many months with Craig Wright, the man responsible for what Bill Gates has called ‘the technical tour de force of this generation’."

I can't wait reading O’Hagan's story. He should publish it even if he understands that he'll thus show how credulous he was.

You may be right, but some people start believing there own delusions.. This can make them much more believable. I was thinking something like: https://en.wikipedia.org/wiki/Grandiose_delusions

> but some people start believing there own delusions

Like the belief that there "must be something more" than a clever trickster doing what's reasonable for him to do. For thousands years, always a good start of the new religions.

Encrypting to a ECC public key will involve Diffie-Hellman process described above, plus extra data mixed in. So just D-H would be easier ;)

I like Atheros' solution better as it doesn't involve any new "constructing" (like "pick a scalar p") just using the existing tool with the public key.

I am going to take your word for it that this makes sense. However, I think what you may be missing is that it doesn't matter if Wright convinces you or even "any" of the crypto/alt coin community. While mathematical proofs are hard/impossible to fake, you are a subset of people that understand them to the degree that you could employ them here.

I have no idea what Wright's end game is, as you are obviously correct: his assertions make no sense. However, if somehow he believed there was value in convincing non-technical members of the public he was Satoshi, I think that is quite possible. I find this truth to be self-evident:

A quick witted conman or charismatic person can certainly convince an untrained group that he is X, much easier than even a charismatic person could convince a group how to understand and employ a non-trivial group of mathematical equations.

We see this every day. It is totally possible, likely even, that if I can't understand your math- even if it is correct, and even if it is corroborated by others who understand it, I am weighing(or the general idea of "I" as the population) which person is correct based on a standard that is subjective. Possibly:

* He said he was Satoshi

* He had a crypto key I read about in wired.

* Gavin Andreessen appeared to corroborate and I googled him and he is important.

So, you are totally correct. I agree with you as even if I don't understand your math, I am sure there is a mathematical way to prove he was Satoshi by using a different set of keys, a signature or other mathematical proof. Unfortunately, he will likely be able to exploit Satoshi's name.

> A quick witted conman or charismatic person can certainly convince an untrained group that he is X

Which, given my limited understanding of bitcoin, is what makes the blockchain exponentially incorruptable. An attacker must convince all, not just X that she is Satoshi. Even if she manages this once, on the second iteration it becomes nearly impossible unless she has some capabilities outside the set of known possibilities.

So, he convinced people the first time around, just like Leah McGrath Goodman (about two years ago?) but the remainder of the compute nodes raised an inchoate response which invalidates those in agreement.

Eventually the consensus that he is an impostor propagates through the system. Eventually after the "buzz of the story" has died down the insight of experts (such as here) will be sought.

His attack "could" work if the experts were not consulted in this way, which I think is only possible in a pervasive 1984 scenario, but even still would bitcoin even be relevant in such a world?

It's hard to believe a cryptographer could think such an attack could work so I can only imagine, given he is an academic he has some sort of surreptitious goal in mind, such as to demonstrate to students the difficulties in attacking this system?

> An attacker must convince all, not just X that she is Satoshi.

I don't see how you make any connection between how blockchain operations work and "convincing somebody who is Satoshi."

"Convincing" even "everybody" wouldn't get Wright the chance to use the bitcoins of real Satoshi, Wright'd still need a real key. Which wasn't used since the original times, certainly not by Wright.

I'm echoing blockchain as a metaphor for consensus - conflating even. I just thought there were interesting parallels between the technology and the actual social scenario that is being played out here.

Another thing is that Gavin is a trusted individual the Bitcoin community, and CW is someone who back dated PGP keys in Satoshi's name. A zero-knowledge proof would perhaps have been logical with a more anonymous member of the community. But Gavin's word is the only evidence to this whole story.

If Gavin had leaked the signature, that would probably have spawned more speculation that Gavin is Satoshi rather than that CW is.

And presumably the reason to control the signature release is to make a big public bang. Kept secret it is useless. The only reason for that would be to make a public fool out of Gavin. Not very nice any way you look at it.

> Another thing is that Gavin is a trusted individual the Bitcoin community

Which is a big part of what stinks. Gavin of all people should have relied on real crypto, not ridiculous demos. Color me very unimpressed.

Note that your protocol isn't actually a zero-knowledge proof. While transcripts can be made up, a third person observing everything Gavin does would absolutely be convinced by the exchange. For real interactive zero-knowledge proof, even a dishonest prover has a good chance to provide a correct answer at each step. This isn't the case with the DH exchange.

Only sort of. Gavin would have a hard time convincing the eavesdropper that he didn't leak b to Wright.

A much bigger issue in my mind is that, if Wright doesn't hash the final derived key properly, then Gavin can steal money from Wright/Satoshi -- Gavin would never have proved that he generated the challenge the way he said he did, and Gavin could use Wright as an exponentiation oracle.

Also, I suspect that my protocol can be abused by Gavin to defeat the deniability property if he properly manipulates his challenge. I'm not sure and haven't looked carefully, though.

Much better ZK protocols exist.

That's why Signal uses triple DH. That setup allows for full deniability.

> Gavin can trivially make up the transcript of the protocol, so Gavin can't use it to prematurely convince anyone of anything.

To clarify how this works: Bob generates a random b, then calculates (g^p)^b, and claims it was sent to Bob by Alice.

what if he is actually satoshi but used this as an obvious error to put people off the scent :)

This is ridiculous.

If Craig Wright came to me and said he was Satoshi Nakamoto, I'd say, "Sign it with the genesis block's private key or GTFO." This is crypto, bitcoin is built on incontrovertible, mathematical proof. Why the hell would Satoshi do anything else?

If it ever comes to light that Craig Wright is trying to use this lie for some monetary advantage, he should be arrested for fraud, which is what this is.

Right. And Wright and everyone involved must know that. So can anyone explain their motives? I truly can't figure that part out.

Edit: alain makes a good point. It's not the 'motives' I want to know. I want the whole story.

Megalomaniacs will keep lying and dig a deeper and deeper hole for themselves. You start with a small lie, and just can't stop, you have to keep going.

What's surprising though is the lack of judgment from BBC and other major news media. That same person made the same bogus claim 6 months ago. How does that not trigger major red flags? The only story worth writing about here is how he pulled off such a trick.

This is like God's existence. There is a simple way for God to tell us He exists, and which religion is right. But He never does. Instead, we must rely on testimony from various people, contradicting each other, and none of it is reproducible. Sure, you can believe... </controversial statement>

> lack of judgment from BBC and other major news media

Probably got more clicks / views that any other story today, so good business move to print the story, even if it's totally false.

I can't understand Gavin's angle though. It's amazing that he agrees that Wright is Satoshi. I would like to know his motivations in this whole thing.

> There is a simple way for God to tell us He exists, and which religion is right. But He never does.

Many religions would argue that this is a false statement :-)

From the Christian view, the existence of God is self-evident in Creation. And when it comes down to it, I think it takes more faith to believe that life exists because of random chance than because of a creator.

But God does not fit into a scientific proof framework whereby you can prove or disprove the existence of God, which is why it boils down to having faith.

On the other hand, there is a way for Satoshi to prove his/her/their existence.

> And when it comes down to it, I think it takes more faith to believe that life exists because of random chance than because of a creator.

If you have two alternatives you're considering, and both require faith for you, then you don't know which is right. So instead of arbitrarily choosing to have faith in one based on ignorance, it would be much more respectable to admit you don't know and either investigate, or just be satisfied with not knowing. Pretending you know something when you don't is just arrogance, and "faith" is not an excuse.

> But God does not fit into a scientific proof framework whereby you can prove or disprove the existence of God, which is why it boils down to having faith.

The "God is too hipster for the rules that apply to everything else" argument.

There is actually a sound argument behind it, regardless if you agree with it or believe in it.

Let's pretend that god exists and the bible is true. Under that assumption god wants humans to have faith and _choose_ to follow him/her/it, colloquially "if you love someone set them free". If god presents irrefutible evidence to his/her/its existence there would be no room left for choice/faith.

Regardless of your view on the rationality of that, it is part of the true/false teachings of that particular denomination, and within those set parameters I think the logic checks out.

Knowing a god existed would not remove the choice to follow him. If I were presented with irrefutable evidence that the god of the bible existed, I would absolutely not choose to follow him/her/it. The god portrayed by the bible is a petty narcissist who demands that people worship him, while using literally unlimited power to torture and kill people instead of doing anything helpful or responsible. He's also insane, as the only way he can forgive people is to send his son to be brutally murdered. I would not follow such a being even if it existed. Proving a god's existence would definitely not remove the choice of whether to follow a god.

Irrefutable evidence would remove faith (which is not the same as choice). But faith is just pretending you know something instead of admitting you don't know. So again, a god that wants you to pretend to know things you don't is not a being I care to follow.

At best, you've provided a picture of why an insane being might hide its existence, but that doesn't prove whether that being exists or doesn't exist.

It's not a logical argument, and we could go into it blow by blow, but essentially what you're saying is that God doesn't want there to be a logical argument, oh and as to why? That's just a given, which also makes the argument unsound.

> If you have two alternatives you're considering, and both require faith for you, then you don't know which is right

But if one takes more faith than the other, which do you choose?

Think of packing your own parachute for a sky dive vs accepting one that was packed for you. Still requires faith in the equipment to function when you go to open the chute, but it's not an arbitrary choice of which to trust.

> The "God is too hipster for the rules that apply to everything else" argument.

If God created the universe, then he exists outside of it. So the "rules that apply to everything else" probably do not apply to God.

> But if one takes more faith than the other, which do you choose?

I don't believe things based on faith, I believe things based on evidence. If there isn't evidence, I admit I don't know. Faith does not enter the equation.

> If God created the universe, then he exists outside of it. So the "rules that apply to everything else" probably do not apply to God.

And if god didn't create the universe then the rules of logic still apply to god. You've not proven that god created the universe, so you can't base arguments off that.

> the existence of God is self-evident in Creation.

By that standard, literally anything is self-evident in creation. How can you trust the judgement of anyone who buys that?

> And when it comes down to it, I think it takes more faith to believe that life exists because of random chance than because of a creator.

It seems like you're being earnest here, so I'll respond earnestly and follow you totally off topic.

Correct me if I'm wrong, but I think you're implying the following argument: if you uniformly randomly sample configurations of molecules, the probability of getting a living organism is so low as to be effectively zero. The problem with argument: life didn't emerge whole cloth from uniform random sampling. Rather, there was a bootstrapping process.

The first step, which has been demonstrated in the lab, involves molecules randomly bumping into each other that happen to promote each other's production, e.g., auto-catalytic sets. These are simple proto-replicators: certainly not quite life, and certainly nothing like the complexity of a living cell. But they have the basic feature that they promote the creation of more copies of themselves. And once you have that feature—which we have seen can emerge from random collisions—you can get random, incremental improvements. For example, an auto-catalytic set of three molecules might run into a fourth that is mutually catalytic with the original three.

And this incrementalism is the key to building up what we know as a living cell. Life can emerge slowly, bit by bit, starting from a proto-replicator, using occasional low-probability, but not impossibly low-probability, steps.

Which is not to say that it's not still a big mystery as to where the universe with these convenient laws of physics came from (1). :) But once you have physics, life doesn't require as much faith as you're asserting.

(1) but check out "More is Different" for one extra step in the chain of explanation (Anderson 1972): http://citeseerx.ist.psu.edu/viewdoc/download?doi=

I enjoy a good religious argument as much as anyone, but may I gently suggest that this probably isn't the place for it?

Where is a good place for it? r/atheist or r/christianity? I've already witnessed a far more respectful conversation on origins than almost anywhere else on the internet in this short thread. I come to HN because of the respectful tone that is maintained and required and I appreciate topics of all sorts, even if it is a rabbit trail off the original conversation.

So there are two separate questions. (1) Consider having a religious argument in various different places. Where will you get a good one? (2) Consider doing various different things in this HN thread. How will they work out?

It could well be that the answer to #1 is that HN is one of the best places to argue religion on the internet -- but also that arguing religion is one of the worst things you could do on HN. [EDITED: or, more specifically, in this HN discussion that nominally has nothing to do with religion.] In fact, I think it's likely that both of those are true, and the first may actually be because of the second.

... Because if HN starts being a common venue for religious arguments, it will tend to collect the sort of people who want to get into religious arguments, and regrettably those are often not actually good people for having religious arguments with. The same goes for politics, race, gender, and the like.

HN is mostly civilized and intelligent because as a community it makes some effort to avoid temptingly polarizing discussion topics, and the least civilized and intelligent discussions on HN tend to be on those temptingly polarizing topics.

I appreciate your thoughtful response here and I think there is much merit to it. Basically you are saying we can't have our cake and eat it too.

Then how does God exist? To me, the argument that a creator makes more sense than naturally occurring existence simply displaces the issue. God is then the unexplained, naturally occurring existence.

You can't just have an ending tag, please insert the opening tag to match.

Space in tag, not good either

-- Sashoti Namakoto

Perhaps the motive is simple.

Ever watched an episode of the show COPS where someone is wanted on a bunch of warrants and is going to jail for sure and goes on a high speed chase because hey why not right?

Maybe this guy is destined for the same thanks to his tax frauds, and is on a PR joyride.

I mean what's the downside?

The best supposition I've seen in this story comes from [https://cp4space.wordpress.com/2016/05/02/is-craig-wright/]:

> However, on this occasion there is the added caveat that two well-known Bitcoin developers, Jon Matonis and Gavin Andresen, purport that Wright is indeed right

> The little-blockians want the block sizes of Bitcoin to remain small, and thus for it to be a pure decentralised currency that can be used by anyone with a computer. This would maintain it as a peer-to-peer currency, but would limit its growth.

> By comparison, the big-blockians believe Bitcoin should grow into a universal currency, expanding the block size to accommodate absolutely every transaction. The downside is that this is beyond the computational limits of domestic machines, thereby meaning that Bitcoin could only be regulated by banks, governments, and other large organisations: thereby moving it away from a libertarian idyll into something more akin to a regular currency.

> Matonis, Andresen and Wright are all big-blockians. Having the esteemed creator Satoshi on their side would help their argument, and it is entirely plausible that there are several large organisations who would benefit from having more control over the regulation of Bitcoin.

That is a terrible summary of the blocksize controversy, but yes, there is an argument that Andresen and Matonis are doing this to try to lend credibility to their position.

You can't be arrested for pretending to be an internet superhero.

You might be able to be if you use it to snow investors.

Tbe reason he's in Britain is because he fled Australia due to the ATO investigating his probably-fraudulent $50m+ R&D tax credits.

I see two dimensions to this situation: is Wright actually Satoshi or does Wright know who the real Satoshi is, and does Satoshi want to be found.

Condition A: Wright is Satoshi and Satoshi wants to be found. In this condition, Wright's actions make no sense. Why publish an obviously fake proof? I suppose if Wright/Satoshi lost the original private keys this would make some sense, but is really unlikely.

Condition B: Wright is Satoshi and Satoshi does not want to be found. Here things actually make perfect sense. Wright/Satoshi is trying to discredit himself by publishing fake proofs. This is a sort of hiding in the open thing that might work.

Condition C: Wright is not Satoshi but knows who the real Satoshi is, and Satoshi wants to be found. In this condition, Wright is trying to prevent Satoshi from being found for some reason, and he is doing this by trying to muddle the waters and throw doubt. If the real Satoshi shows up and provides a proof, non-technical people can now say "well Wright provided proof, but that turned out to be fake. Do we trust that this is real?".

Condition D: Wright is not Satoshi but knows who the real Satoshi is, and Satoshi does not want to be found. In this case Wright is trying to somehow capitalize on being considered the real Satoshi, or is trying to protect Satoshi from being found.

Condition E: Wright is not Satoshi and does not know who the real Satoshi is, and Satoshi wants to be found. In this case Wright is trying to somehow capitalize on being considered the real Satoshi, or is trying to muddle the waters for the real Satoshi.

Condition F: Wright is not Satoshi and does not know who the real Satoshi is, and Satoshi does not want to be found. In this case Wright is trying to somehow capitalize on being considered the real Satoshi.


You left out cases where Wright is Satoshi and does not know who Satoshi is, but I suppose we are not living in a Philip K Dick story.

"How could a guy do that?" Arctor said. "Pose as a nark?"

"What?" both Barris and Luckman said together.

"Shit, I'm spaced," Arctor said, grinning. "'Pose as a nark' - wow." He shook his head, grimacing now.

Staring at him, Luckman said, "POSE AS A NARK? POSE AS A NARK?"

Makes as weird a sense as any in this whole thing. Suppose you support the theory that Satoshi is actually a collective rather than individual. In that case, the Satoshi keys could have been formed in such a way that none of the individual members of the cabal have direct access to the actual keys (as they were formed by parts split amongst the cabal and require collective effort to make use of) and with compartmentalization of efforts none of the members of the cabal necessarily know the full extent of the cabal's membership, either...

It's even simpler. That he presented hearsay evidence instead of using obvious method plus forged the PGP evidence means he's a fraud. End of story.

When he mentions PGP Nick refers to the four month old fraud by Wright:


Which was also "good enough" to appear "technical" and "valid" initially to some.

So it's really time for the quote of one famous thinker:

"I know it's in Texas, probably in Tennessee that says, 'Fool me once, shame on ... shame on you. Fool me... You can't get fooled again!'"

The shortest summary of the current Wright's hoax is by Kaminsky:

"Yes, this is a scam. Not maybe. Not possibly.

Wright is pretending he has Satoshi’s signature on Sartre’s writing. That would mean he has the private key, and is likely to be Satoshi. What he actually has is Satoshi’s signature on parts of the public Blockchain, which of course means he doesn’t need the private key and he doesn’t need to be Satoshi. He just needs to make you think Satoshi signed something else besides the Blockchain — like Sartre. He doesn’t publish Sartre. He publishes 14% of one document. He then shows you a hash that’s supposed to summarize the entire document. This is a lie. It’s a hash extracted from the Blockchain itself. Ryan Castellucci (my engineer at White Ops and master of Bitcoin Fu) put an extractor here. Of course the Blockchain is totally public and of course has signatures from Satoshi, so Wright being able to lift a signature from here isn’t surprising at all.

He probably would have gotten away with it if the signature itself wasn’t googlable by Redditors.

I think Gavin et al are victims of another scam, and Wright’s done classic misdirection by generating different scams for different audiences."


Good write-up. The Australian tax thing in the Reddit is another good example. And yes, those of us from Tennessee do not take kindly to folks trying to play us for a fool. ;)

So why would be want people to think that he's Satoshi? He will probably end up owing money to the Australian government. Wouldn't they try to force him to sell Bitcoin? If he could, I mean.

Have you seen him in interviews or descriptions of his companies? He wants notoriety with benefits it can bring or he's screwing around with people. Those two are reasons for epic levels of bullshit all over the globe going back thousands of years. Should always consider those. Also, realize sometimes you won't understand the Why of what people would do and focus on the What/How/Evidence. That helps with the stranger ones. ;)

One intuitive moment I had in first story I read was how one person asked his wife about it. If she knew he was Satoshi, she'd likely have a neutral, cautious, or irritated dismissal of the claim. Instead, I think it said something along the lines of her smirking and walking off. More like a wife reacting, as usual, to a husband's bullshit she's seen 100 times that isn't worth further consideration and the fact the person asking hasn't figured that out yet. Maybe my mental bias but her reaction stuck out a bit to me on top of more solid evidence.

Fair enough.

But I am betting that it's an Australian ;)

Nah, you're betting on Gibraltar and Seattle, WA. Why do you think Satoshi is Australian, though? ;)

It's just a feeling, based on IRC etc talk of cryptocurrencies, from many years ago.

I gotcha. Can't go on that myself. Yet, I understand the intuition pulling you in that direction based on patterns you saw. Just as I had mine about Wright's character via his actions and his wife's responses.

Why would anyone want people to think they're extremely rich and clever? Well, ego for one thing, another is that a conman could make use of that to smooth some paths wherever he goes.

If you had a lot of bitcoins and needed a good excuse for how you got them, convincing people you're Satoshi would be one non-taxable way to do it.

> He probably would have gotten away with it if the signature itself wasn’t googlable by Redditors.

The nice thing about the blockchain is that it's necessarily public, and therefore everything on it is Googleable (various block explorers are crawled and indexed).

> That he presented hearsay evidence... End of story.

You're suggesting that geniuses are always upstanding, straight-forward, super honest people, and that anyone who isn't super honest can't be a genius.

So what if he's sly, padded his resume, and has tax trouble. So what. He might still be a genius and might be Satoshi. We need more direct proof, but I'm not drawing conclusions from personal defects.

I'm suggesting that the source of all the claims connecting Satoshi to Wright inevitably trace back to unverified claims by Wright. That he defrauded the tax office and forged the PGP show stromg dishonesty with one of those being directly related to Bitcoin claims. A con artist making grand claims with fraudulent evidence should always be ignored by default.

Or severely punished. :)

The issue is he'd have to be a cryptography "genius", so the fact that he can't provide a simple cryptographic proof speaks volumes.

Eh. I've spent almost a cumulative six years of my career writing code signing code. Both times I had only a couple of coworkers who understood everything, so most growth was self started. The larger project involved counter signing (signatures over signatures) and HSMs and was mostly my code, and I ran into a lot of people who knew words but didn't know what the hell they were talking about. I had to get very good at telling people "No, but..." because they always wanted to make decisions based on unverified data.

At the end I knew a lot about a narrow slice of security. I did not feel like an expert although I do feel like I got the job done (which in this field is very hard to say with a straight face).

I haven't touched that kind of code in 5 years and I'm not confident how much of it I could regurgitate under duress. But I'd like to think I'd know how to produce a signed document that's verifiable. If the key were stored someplace exotic (I don't recall how Bitcoin stores it's keys) that might be harder.

I would not be surprised if the real Slim Shady had trouble with it too, but it would cause me to wonder about exploits in the code.

I'm not so sure the bitcoin required a cryptography genius. I would say it has more to do with the elegant way of dealing with the Byzantine Generals problem, applied to evolving a distributed ledger from purely untrusted parties.

I would argue it represents a key development in the history of computing & networks, and possibly a new subdomain of Computer Science, with its main influences and precursors dating back no earlier than the mid-90s (very new in the CS research sense). Open to other people's thoughts.

> I'm not so sure the bitcoin required a cryptography genius.

> I would argue it represents a key development in the history of computing & networks, and possibly a new subdomain of Computer Science

Those two statements are in conflict. Anyone who's changed the history of computing and created a new subdomain of computer science by doing something no other modern cryptographer thought to do is a fucking genius.

But is it a development in the crypto field, requiring someone super talented in crypto?

From my understanding (though no deeper than what's in the Bitcoin whitepaper), the central new idea (and it is indeed a significant contribution to CS in general) is laying out of how to build a distributed timestamp server, and then distributed ledger from only untrusted peers by using existing technologies circa 2009 such as p2p, hashing data blocks, priv/public key for verify/sign, etc.

OK, fair point; he is a genius for sure but not a genius cryptographer.

Like the other commenter said, we've been doing stuff like this for a long time. Satoshi combined some existing ideas with an uncommon area of application, currency instead of mere transactions, to create Bitcoin. It's clever and a lot of activity happened but its components aren't original and similar things were promoted before.

For instance, people in auditing and anti-subversion fields promoted schemes that allowed multiple, untrusted parties to accept a result by one party doing something whose logs were checked by others, partly (esp randomly) or totally. The scheme required nothing but a database or filesystem on inexpensive hardware for most of it. Only crypto was hash of some set of transactions or big file with a signature on it. Soooo efficient. Also builds on stuff we have decades of work on securing with full, battle-tested stacks for internal components.

And then there was Bitcoin with its long transaction times and insane work in mining. And use of begging to avoid a key risk at one point. That's innovative as it's the first time I've seen it in decentralized security.

> Satoshi combined some existing ideas with an uncommon area of application, currency instead of mere transactions, to create Bitcoin. It's clever and a lot of activity happened but its components aren't original and similar things were promoted before.

That's pretty much how genius works much of the time, seeing possibilities that exist with existing stuff that haven't been done yet.

I agree. It's what I did in high-assurance security. Almost everything I built was composed of premade parts and ideas. Usually in a way that was straight-forward with some really clever. Really just recycling ideas, though, into hopefully better ones.

Doesn't make me feel dumber when I realize how few programmers or systems people are re-using or recombining the best stuff from CompSci or past commercial activities. Versus how many ignore it to repeat same crap and failures. :)

You are drawing conclusions from insufficient information. How do you know that he is incompetent and not feigning incompetence? In the former case, you would be right. In the latter case, not only would you be wrong, but you would have been manipulated by Craig Wright into being wrong.

And what would be the point of claiming to be Satoshi and then turning around and feigning incompetence? Why make the claim in the first place?

> And what would be the point of claiming to be Satoshi and then turning around and feigning incompetence? Why make the claim in the first place?

The guy who invented Bitcoin clearly wants to be anonymous, but there is a paparazzi that wants to deanonymize him. If he were identified by them, admitting to be the guy they wanted to find in an obviously fradulent way would make them think he is not the guy. That is exactly what we saw here.

If he is the guy, he is willing to sacrifice his reputation to maintain his anonymity. Perhaps the idea that the guy who created Bitcoin remain anonymous is so important to him that maintaining that perception is worth more to him than his reputation. He would not be the first guy who did something good in security that wanted to remain anonymous. See TrueCrypt.

That said, I think this obsession with who invented Bitcoin needs to end. The guy clearly does not want to be found. People should respect that.

That's really stretching it given your analysis only focuses on what a Bitcoin founder might do while ignoring what Wright did do in terms of fraud. It changes the matchup between the two's M.O.'s quite a bit.

Unless, of course, he predicted that we would conclude that someone with such poor evidence must be attempting to hide in plain sight, and is in fact a fraud. Never go in against a Sicilian when death is on the line.

Sounds to me like you're already familiar with ACH [0]. I was sure that there was a free online platform, but I'm not seeing one. But if there was, it would be easy to plug in what you've posted and enable a structured collaboration.

[0] https://en.wikipedia.org/wiki/Analysis_of_competing_hypothes...

Interesting, what about prior probability and Occam's razor? The 'process' section mentions "less consistency implies a lower likelihood" but makes no mention of preferring simpler hypotheses which I find surprising. Edit: 'Bayesian analysis' is briefly mentioned further down the page.

ACH is just a very high level framework for shaking bias, the methods are implementation details. This is for humans, so you have to keep that in mind when you are choosing the analytic method - the most difficult that I'd press for is first order logic. Having a machine come along behind the human analysts and perform the more difficult forms of analysis is basically what Deep Green [0] was about. A more manual version of that would be the Lockwood Analytical Method for Prediction [1]. The funny thing about Deep Green was that developers had to address the fact that military commanders didn't like having a machine perform the planning process, so they had the algorithm include sub optimal options in the selection menu - allowing the human operator to feel good about choosing the obviously correct solution.

[0] https://en.wikipedia.org/wiki/Deep_Green [1] http://lamp-method.org/

Oh man. Nope, not familiar with ACH. Thanks for the link.

It'd be fun to recreate http://competinghypotheses.org/ in a more modern technology.

It would be fun to implement it to take advantage of the benefits that a restricted natural language would bring, like Attempto [0]. That would allow you to really automate the evaluation of hypotheses against new data points. You might be able to wedge a SAT solver in there as well. I've got it on the ever growing todo list.

[0] https://en.wikipedia.org/wiki/Attempto_Controlled_English

One theory is that Satoshi is dead.

Another is that Satoshi, or the group of people behind Satoshi, are finding all these Satoshi stories very funny. So they are encouraging them (and that might be why one of the bitcoin dev got fooled/is lying)

Another theory is that Wright is Satoshi, Wright truly demoed a signature to BBC/bitcoin devs, but Wright wants to cast a doubt and make people forget that he is Satoshi so he published a fake signature.

>>> I suppose if Wright/Satoshi lost the original private keys this would make some sense.

Holy Jesus this makes my head hurt just thinking about this possibility.

F, with Satoshi probably dead and his keys lost forever. Any sane or insane person would have used the keys by now.

My guess is that he just lost the keys in the usual hard-drive crash or forgot-the-password sense. This was a research project, remember. Did Satoshi have any reason to think the early coins he mined would become this valuable in real currency terms?

Having lost the keys, he now has zero incentive to reveal himself. Consider how many people would never believe him if he came forward and said his keys were lost. It would suck to have everyone think you're a billionaire when you're not. The only rational option for Satoshi may be to cry himself to sleep every night and take his secret to his grave.

He (or they, didn't some folks think it might be a multi-person persona?) might have intentionally destroyed the keys, to avoid this temptation for whatever reason.

Well, no-one would surrender to the Dread Pirate Craig.

What about:

Condition G: Wright is not Satoshi, does/does not know who the real Satoshi is, but is trying to motivate/encourage/force Satoshi (for reasons unknown) to come forward by Wright making the strongest claim (not at all bulletproof!) thus far to being Satoshi, and taking credit for Bitcoin.

If Satoshi were watching and cared, all he'd (she'd) have to do is send an appropriately-signed text via Tor or whatever saying Craig is a liar. Coming forward in any substantial sense would be unnecessary.

That Craig is proceeding with this big hoax regardless means either that A) he knows who Satoshi is, and knows that Satoshi is cooperating/dead/apathetic/etc, or B) he's looking for sufficiently short-term gain that there's low enough risk that Satoshi would intervene in time.

Watching, cared, and still had access to those keys.

I'd trust the brilliant mind behind Bitcoin to hold onto some backups of keys worth half a billion dollars. Since you never know, such a a thing could come in handy someday.

I wouldn't, you can be a genuis and still be lazy about backing up and rotating your super private personal key.

Alternativly, he could be altruistic and deleted the Statoshi key to protect against manipulation, including from his future self.

There were many years where the keys guarded bitcoins worth approximately zero.

And shit happens, even to geniuses sometimes.

Condition E/F seem most likely, but the most confounding.

Why would you want to publicly tell everyone you're worth $200MM in Bitcoin when you aren't? Aside from the bad actors that will try to wring the key out of you (politely or violently), you also have the Tax Office to deal with.

"I'm known to have $200MM in BitCoin. If you can front me $10,000,000 cash to get the financial infrastructure in place to liquidate, I'll cut you in for 50%. I promise not to take your cash and disappear to an island."

Maybe? But I think you ask a very good question. Also, maybe the guy just likes attention.

He may be a sociopath who wants attention and to feel like he got over on so many people. Maybe it feels powerful or exciting to get away with scams for him. Why would someone become a serial killer? To you or I it makes no sense perhaps, but certain people have a lust for getting away with things.

he's bulletproof on the taxes for the coin - he'd never be taxed on it until he withdrew it, and if he actually owns that much, he could never withdraw that much without causing a massive selloff

My point was this: if you owned $220MM in anonymous cash, why would you attach your name to it? Now everyone will know when and where you liquidate, even if you don't liquidate the entire amount.

100% - and for the record I think he's full of shit

The article explained that it may have helped him with getting VC money.

Also, if he really is dodging taxes, the Tax Office would look like the bad guy going after what most people consider a brilliant scientist.

> the Tax Office would look like the bad guy going after what most people consider a brilliant scientist

Plenty of famously smart and able people have gone to jail for dodging taxes before. In the US, Wesley Snipes spent 3 years in prison for failure to pay taxes between 1999 and 2004. In Australia, Paul Hogan (aka Crocodile Dundee) was named as a defendant in a large tax evasion scheme, which was eventually dropped, but he's since been named in another tax avoidance by the US in cooperation with Switzerland. I can't see, nor understand, how being a famous tax dodger would make someone less likely to be investigated than someone making minimum wage just failing to file taxes.

I wouldn't consider Wesley Snipes and Paul Hogan especially smart...

Besides which, on assets, taxes is normally only collected when an item is sold. Since the bitcoin in possession by Satoshi were not touched, there should be no taxes owed.

Also, when you're rich, or perceived to be rich, people are afraid of harming you, and often treat you nicely in hopes you will return the favor, and this includes the government. If you don't see how this is true, then you have some awfully rose tinted glasses on my friend.

> Besides which, on assets, taxes is normally only collected when an item is sold.

Plenty of countries have an asset tax that you need to pay annually[1]: Argentina, Spain, India, Norway, Switzerland, and Italy. Spain's wealth tax goes high as 3.75%!

Granted, it doesn't appear that Craig Wright's home country of Australia has an asset tax on cash or currency holdings.

Furthermore, if you think about it, pretty much every country in the world has a type of asset tax that you need to pay annually -- it's called property tax. You need to pay your annual property tax even if you never sell your house.

[1] https://en.wikipedia.org/wiki/Wealth_tax

Right, so we're talking about bitcoin, and you bring up houses. We're talking about Australia and you bring up other countries. Does the term strawman mean anything to you?

I have to say, this downvoting without explanation is really uncalled for

Passive aggressive pricks

For condition D, Is it possible that the people involved (Wright, etc...) would purposely concoct this situation in order to "smoke out" the real Satoshi? Maybe they believe if they cause enough of a stir, the real Satoshi would come forward to settle the issue?

I believe B is semi-reasonable considering that Wright asserts he's revealing himself due to an extortion/blackmail threat. This could be a way of getting a non-technical extortionist off his back while not taking credit in a way that gives him authority or respect in Bitcoin's technical community. This situation is plausible, if, for example, a government knows he is Satoshi (and government surveillance programs would probably make it easy to find the real Satoshi) and is trying to make him impact Bitcoin in a way that benefits them.

This is fun to think about but the most likely explanation is simple fraud.

Who knew 21st century internet mysteries would be so compelling.

Condition B does not make sense. The proof provided to Andresen/Matonis is not known to be fake, and they both vouch for his identity.

I agree that condition B should be discarded. It doesn't seem likely that Satoshi would want to trash Andersen in the process.

Isn't this actually three dimensions?

No. If Weight is Satoshi, he knows who Satoshi is, so those are not orthogonal. Basically, the first dimension has four discrete states, while the second has two.

Thank you for posting this method of analysis (as well as the poster who pointed to ACH). I think the analytically-minded typically think along these lines, but it is very helpful to me to have a system to formalize around.

Wright is trying to force Satoshi to come out of the closet. No way I will fall for that.

-- Sotashi Nomokata

This all could have been so simple. Publish a single signature to a very recent news story signed using a key Satoshi controlled.

Instead we get this mess.

The mess makes me believe Satoshi is still out there.

Charlie Lee of Litecoin shows how it should be done simply:


Well, or could be dead or disbanded or in cryo. :( I still think Hal Finney was a reasonable candidate, despite the counter-evidence, at least as part of a group. He was one of the most remarkable people from the cypherpunks era.

The problem I have with Hal Finney == Satoshi is that by the early 2000s, Hal Finney knew more about the state of the art of proof of work functions than the author of Bitcoin. Lots of Bitcoin design decisions can be justified out of conservatism but ignoring post-hashcash developments looks more like lack of knowledge Hal Finney had.

As a complete outside observer entirely disconnected from Bitcoin, I had a thought that the way in which it's being done is intentional. I like the possibility that this guy actually is Nakamoto, and he did it in a very suspicious way to draw all the people out of the woodwork who will yell about it on blogs and knee-jerk revoke commit access (lol) and accuse people of things and so on, then he'll offer the incontrovertible proof everybody is after.

The entire Bitcoin community practically shit itself when this news dropped and everybody tripped over themselves to deny it's the truth. People are, at length, ascribing more difficult computer science problems such as subverting cryptography itself to this guy in an aim to conclusively say that he could not possibly have invented Bitcoin. (So he didn't do something really cryptographically cool, and your theory is that he can compromise cryptography to prove that he did something cryptographically cool. Huh.) Some of the theories involve like three MITM attacks on services and extensive planning with million-to-one odds. Some of the theories describe things that are impossible. It is absolutely hilarious to watch people rail against this for something that, let's be honest, they can't possibly know. (Including OP, who is oddly authoritative without hedging in a quite-libelous world.)

Imagine if it's true. God, that'll be awesome. If I were coming out as Satoshi Nakamoto, that's how I'd do it. Let the frothers froth to lose credibility, then checkmate them a couple days later.

Again, no stock in this, don't care, just an amusing thought. I will say, watching the community tear itself apart over the block size and now this reinforces for me that I never want to run software with a community. Ever. Bitcoin's community is terrifying in a number of ways (no disrespect, just an outside observation). Another angle on that is that if this guy actually is Satoshi Nakamoto, the Bitcoin community has done a pretty good job of kicking their beloved founder in the teeth. I really want it to be true to see the pieces of that picked up.

This'll be a good third act of the Bitcoin movie, by the way, and I look forward to the stinging Sorkin dialogue.

There's evidence of deliberate deception, alongside a suspicious lack of evidence about what transpired out of view of the public. So there are grounds to believe this guy is full of shit.

To play devil's advocate, this guy might be adept at deception because he's deceived people regarding his pseudonym for many years. (Just a thought.)

I don't know, Nic doesn't know despite many words to convince you otherwise, you don't know, we all don't know. I choose the fun explanations and wait to see if I'm right, with the completely reasonable position that I, nor anybody else, cannot possibly know if the theory is correct with the data available.

The alternative is getting upset about it and smashing keyboards, which most folks seem to be doing. Who cares? Seriously, why does it matter? He is or he isn't. Wait and see.

To me, Gavin Andresen's position on this is the fly in the grand conspiracy ointment, and it's funny how all of the theories involve Andresen being incompetent or compromised to work around that problem. I saw people start referring to the possibility that one of the highest folks in Bitcoin is autistic and easily fooled by a con man, and I was just laying in bed last night reading it and shaking my head. This thread is doing it, too, discussing a person they've never met and how he's lost his senses or accepted payment to lie.

Giant mess. John upthread is right.

No one is getting upset about it and smashing keyboards. You do a disservice to your argument when that sort of caricature has to be the only alternative to your arguably gullible "prove a negative" attitude towards this.

Nic doesn't know despite many words to convince you otherwise

While you claim that you have no stake or position in this, your other post borders on the bizarre, with you seemingly completely misunderstanding the arguments made and then, having carefully constructed an absurd strawman, you confidently knock it down.

Anyone can be tricked by a con man with no shame. This includes very smart people. Anyone who controls the hardware and the network can render virtually any proof useless without moving outside of their control (which is extremely easy to do), and it can be a fun parlour trick. In this case we have someone with a long history of casual trickery (if not fraud) who, while under an impending cloud of peril, and with months to contrive a magic trick, convinced a single person.


I'm unconvinced you read my comment and are instead painting me with a "disagrees with the Bitcoin community's consensus and is therefore bizarre" brush

You've plied this valiant contrarian noise in virtually all of your comments on this. I'm personally a critic of Bitcoin. I most certainly am not in the "community". Yet the evidence that we have leans overwhelmingly towards "con man". I honestly believe someone would have to have a serious bias to ignore the overwhelming evidence that they are being had.

Your claim that anyone thinks he's "subverting cryptography" immediately cast your comment as hysterical. No one has seriously argued this.

You mean convinced at least five people and three editors

He convinced one or two people. Editors and journalists will run with the weakest of evidence because it's salacious and draws viewers. Do you really think they provide evidence of anything?

I'm sitting here with a complete lack of ability to care

Your rhetoric betrays that you actually do care. Very much. And each time you claim that it's some heroic stand that is only be squelched by the bitcoin insiders, it makes you look a little more foolish.

To your substantial edits: you're trying entirely too much to tell everyone how little you care. To quote Shakespeare, the lady (or man) doth protest too much.

I don't see the sort of vetting you claim has happened. Wright's proof is fraudulent (https://dankaminsky.com/2016/05/02/validating-satoshi-or-not...), people proved this in less than a day. Your journalist friends were either deceived, or ran the story in hope of getting pageviews..

What's the point in putting out blatantly fraudulent evidence (and that's what he put out) if he's actually the creator? If he's the creator and wants to be recognized, he puts out real evidence. If he's the creator and doesn't want to be recognized, he says nothing and is never heard from. If he's not the creator, we get this flim-flammery.

Just checking: by show of hands, how many people here really understand what bitcoins are or how the system works, beyond knowing they're a new form of currency, cryptography is involved, and anonymity comes into play somehow?

I am just now beginning to try to research it to really understand it, because despite being a developer and having a decent understanding of public-key cryptography, I am at a total loss to understand how this system works or achieves its apparent purposes.

My impression is that it's actually quite complex, and that the press (and developer community at large) is failing to really explain it in any meaningful way to people who don't already get it. Not that this is out of the norm with tech topics, but this is very flagrant.

I think you are overstating the complexity for someone who basically understands signing, or even just hashes. Yes, it is rather clever and takes some time to wrap you head around, but the core structure of Bitcoin is certainly not beyond reach for an average software engineer. Some of the more esoteric pieces like the runtime machine.. etc not withstanding.

I haven't seen the recent crop of materials, but I grocked it watching a 60 minute or so video presentation which I think was from someone at Mozilla. Oh, here it is: https://vimeo.com/27177893

I never said it was out of reach, I'm saying the community that already understands it isn't doing a very good job making it so that others can reach it without standing on a chair.

I'll check out the video when I have time tonight.

> The community that already understands it isn't doing a very good job making it so that others can reach it

Where I disagree is that I don't believe that all ideas/concepts can be made "easy to understand" to a general audience. Many concepts - especially those technical in nature - simply require a large amount of background knowledge to understand.

You can be the best mathematics teacher in the world, but you won't be able to (and no one expects you to) make the Riemann hypothesis widely understood to the general public. It's just not feasible. And I posit that Bitcoin (whilst maybe not as technical as the Riemann hypothesis) similarly requires a large amount of background knowledge and is not an "easy" concept to understand in 30 minutes.

The good news is that there are millions of things that people use every day that they don't understand - cars, computers, TVs - in fact, due to the specialization of knowledge, most things people encounter they do not fully understand. I don't think this is a big deal.

Interesting video, but the resolution is awful, is there a better version out there somewhere?

Broadly disagree with you here.

How long have you spent looking into it?

I wrote an academic paper on Bitcoin; now, I don't understand e.g. the detailed cryptanalysis of SHA256, which it uses. But I've a pretty solid understanding of how, given the availability of such hashing functions, and assuming they live up to their promises, you build a distributed ledger from them, and what some of the properties of that ledger might be. Not every implementation detail, but the high level principles.

I reckon most folk with degree or grad level CS education (or equivalent) would get to around that point in a few weeks (full-time?) study, probably less. (Given we can read the Bitcoin paper, nice explanations of it etc - not if we had to invent it ourselves.) I even think I've explained the main principles successfully to technical friends over the course of a few hours.

Yes, you don't just read a blog and understand how the whole system works, but thats true of many systems. Compare understanding Paxos (I'd say this is harder?), or DynamoDB, etc.

IMO there's nothing especially mysterious about Bitcoin here. Its clever, and its too complicated to explain in a paragraph in a media article, but its not an order of magnitude more complex than comparable distributed systems.

The paper introducing Bitcoin (https://bitcoin.org/bitcoin.pdf) is well-written and easy to read. Understanding _how_ it works should be simple.

On the other hand, understanding _why_ it works is difficult, as it requires understanding the hard math underlying the system. In fact, nobody knows _why_ it works, because, AFAIK, we do not know whether the hash functions used have the necessary properties (in fact, it is worse: we do not even know whether one-way functions exist, let alone that we can point to one)

While the paper is certainly well-written and reader-friendly, I politely disagree that understanding how it works is simple. Even understanding digital signatures is hardly simple, and that's merely a small subcomponent of the bitcoin system.

Moreover, there's not much point in saying things like that to people who are trying to learn, as it adds nothing except to suggest that if someone doesn't understand this easily just by reading that paper, they might be a bit less capable than some of the rest of us.

The white paper doesn't explain a lot of the very complicated additional bits needed to build the Bitcoin system that were already well documented elsewhere- For instance, the node discovery algorithm.

I understood the important obvious parts of Bitcoin at one point, but haven't cared enough to retain that knowledge perfectly well. But I gather the key plot points of this fiasco revolve entirely around simple public-key cryptography- underneath all this mess about genesis blocks and transaction hashes, the issue is that Craig hasn't shown us he can encrypt messages with any of Satoshi's special private keys. (Correct me if I'm missing something there.) That, along with a two-sentence "public-key cryptography is magic that lets you..." primer, could be explained to any interested highschool graduate in a short blog post... by someone who cared more about being understood than generating ad revenue, at least.

You have a better technical background than me, so take this recommendation with a grain of salt, but I've found this textbook very useful: https://freedom-to-tinker.com/blog/randomwalker/the-princeto... I've only read the first few chapters, but it seems to avoid the obvious traps of inaccessibility and misleading simplification.

I found this article to be really helpful in understanding how Bitcoin works.


When I finally came to the realisation about what mining is actually doing and why it's necessary to reward miners (it actually keeps the entire network secure): mind = blown.

I second you on that one. I attended the Consesus hackathon over the weekend, which is like the culmination of the blockchain community before the summit started today. I asked a whole bunch of the lot to explain bitcoin and blockchain in simple terms. All I got were more and more big words. It seems the language is very foreign, maybe it's just me.

I think that lack of simple explanation is what has slowed down innovation around blockchain. A lot of developers simply don't understand fully what they are dealing with. The presentations were mediocre at best and the recurrent question was "How is this better than what people currently use?" Unfortunately, the answer was mostly, "It uses blockchain." I doubt that suffices.

Or maybe I'm just the daft one, I doubt so.

Sorry to hear about your somewhat negative experience at the hackathon. I was there hoping to explain bitcoin things to folks, I co-hosted the bitcoin 101 session on Saturday but maybe you missed that? Catch me at the event and I can answer whatever questions.

Plenty of people understand what's going on? I'm unsure where you're going with this.

"Where I'm going" is that bitcoin keeps coming up in the news in various forms like this thread, yet I don't think most people really understand what it is.

You understand the bitcoin software and how the system is built and functions, end to end? Cool, I'm jealous.

You think most other developers share that understanding? Given that in my experience most developers have only a so-so understanding of basic cryptography to begin with, I find that very, very dubious.

I just read the original whitepaper and it isn't exactly trivial. Statements of the form "Because we do X in the implementation, bitcoin has property Y" are where it takes a fairly strong knowledge to truly follow along with the logic. The implications of the methodologies are not obvious, or else this whitepaper (and by extension the identity of Nakamoto) wouldn't be quite so important.

If you want to understand Bitcoin right down to the data structure, network packets and encyption algorithms, check out these articles, including Bitcoin mining with pencil and paper. (I'm hesitant to tout my own articles, but I think they are what you're looking for.)

http://www.righto.com/2014/02/bitcoins-hard-way-using-raw-bi... http://www.righto.com/2014/09/mining-bitcoin-with-pencil-and... http://www.righto.com/2014/02/bitcoin-mining-hard-way-algori...

'end to end' is probably an unattainable goal. I'd go for understanding it at some level given some axioms, and gradually dig in to the axioms.

I think it's difficult to create an all encompassing post for that reason. It's a bit like trying to describe how any application protocol works - can you assume knowledge of TCP/IP? Do you just black-box it? etc.

My contact details are in my profile and I'm happy to lend a hand if you think that might be useful.

The wiki page is surprisingly good. https://en.wikipedia.org/wiki/Bitcoin#Design

You'll also need to know what Proof of work is, explained in https://en.wikipedia.org/wiki/Proof-of-work_system

See also https://en.bitcoin.it/wiki/Introduction, or the rest of the wiki, or the StackExchange site.

Theory: Wright made promises that he would use his weight as Satoshi to overcome current political conflict within the Bitcoin community in a way that would satisfy Gavin. Gavin sees him as an ally and has vouched for him. A distasteful ally, but for the greater good.

Given how swiftly people are attacking Wright, chances are this would fail before the political situation can be resolved.

This seems extremely unlikely for several reasons, not least of which is that of course the bitcoin community would demand simple cryptographic proof of identity.

As others have pointed out in previous threads, citing James Randi, you don't have to be stupid to fall for a con. It's quite easy to be tricked even when you think you're being skeptical.

I feel like there should be some way for Gavin to conclusively demonstrate that Wright = Satoshi. Something in an email, a person preference for something, his favorite song. Some kind of unique information that was shared between the two that only they would know.

> On his LinkedIn profile, Wright claimed to hold two Phd’s from Charles Sturt University. The University told Forbes that it never granted Wright those Phd’s.

My goodness. At which point does it become possible to press charges? Can one just go around faking that they have degrees?

He also claims to have about 8 master degrees, which is ridiculous by itself. Plus tens of certifications including the 'prestigious' Microsoft ones. Just red flags all over the place.

Cached Linkedin profile: https://archive.is/Q66Gl

According to that link, he is the CEO of a company called DeMorgan, which is listed on that page as "DeMorgan Ltd (Panama)".

I wonder if there is any connection to the Panama Papers leak. Time will tell, I guess.

The perfect proof: a guy whose blog is titled _Dr._ Craig Wright and has a huge picture of his ugly face as a banner (look at that "about" section > pretty hard to fix those pictures more than two seconds) can't be a guy who used a pseudo for years and created something that would give the fame he seeks.

Psychology > cryptography.

The thing that convinced me of his insincerity is that his website has right-click "protection." And it alert()s if you press ctrl-C in another hamfisted attempt at "copy protection". What genuine computer expert does that, let alone in 2016? Especially one who has thought seriously about cryptography.

FYI, Electrum has stated that there was no download of a signature file of Electrum from a UK IP address on April 7 [1].

This in itself does not prove that there was no download of an Electrum signature file to the laptop that Gavin was given. He could have connected using Tor or other services through which the real IP address is hidden, but this could be another reason to suspect there was some kind of MITM hack that Wright used. Also worth mentioning that the laptop was supposedly a factory sealed unit [2].

[1] https://twitter.com/ElectrumWallet/status/727366861592076288

[2] http://gavinandresen.ninja/satoshi

You have a priceless Stradivarius violin. For some unfathomable reason, you stamp your violin with the words "Made in China". Now, no one believes it's a Strad. You take it to an appraiser, and he immediately says it's a fraud. "Strads are not made in China and you're a con man," he says.

Why would you stamp "Made in China" on a treasure like that? Maybe you were trying to make it less tempting for thieves, maybe you were trying to hide its value from the tax authorities, maybe you forget to take your meds and were acting irrationally that day.

It is a defaced Stradivarius, but still a Stradivarius. It doesn't matter because no one believes you.

Craig Wright does some silly things. Now, no matter what he says, ...

Your analogy doesn't really exemplify what actually happened. I think this is a better one:

Craig brings a set of high-resolution pictures of a Stradivarius violin to an appraiser. The appraiser(Gavin) goes over them - they all look exactly how a Stradivarius violin would look. However, his colleague(public commentators, in this case) says the only way to really appraise a Strad is to see it in person, and that going through all the trouble of getting high-res pictures when you could just bring it over was pointless. Further, the colleague notes one of the pictures shows a "Made in China" stamp on the Strad, and as such guesses that Craig is trying to con them.

If a "Made in China" stamp in itself made an appraiser instantly discard the violin, then they haven't done their job. Similarly, if Craig had provided a strong crypto proof that he was Satoshi(the physical violin, in this scenario), but people disregarded it just because it's him, then we would match your analogy.

The analogy still doesn't really match reality - the reason why Gavin was convinced is because he used tools that gave him a high confidence that he wasn't being conned. Still, the way Craig decided to demonstrate that he was Satoshi was long-winded and complicated, for no discernible reason.

Now if only there were a way to mathematically prove it was a Stradivarius...

Electrum verifies signatures offline (https://github.com/spesmilo/electrum/blob/5ae2f30fa52ebcec37...). So the `fake server` theory is wrong.

OP here. After discussing this with a few people I updated the post to lay out some other possibilities.

It is true that Electrum verifies locally, and in this case it was simply used as a replacement for running openssl or an alternative.

You still need to verify the address and key, tho - and it isn't stated what the process was in this case.

Whence does it get the public key with which it verifies the signature? How is the public key verified?

That piece of code likely gathers all the key recovery candidates it can from the signature, hashes and tests each one against the hash in the address to find the correct key. Then it performs the verification. Obviously the verification would fail if none of the keys hash to the hash contained in the address.

I don't know how the public key has been obtained, but it's present in many places in the Internet (blockchain.info, blockr.io, etc..).

People are still asking the question? The story is obvious. He didn't pay his taxes since '08, he needed an excuse, he can't move original coins. End of story. It ain't him

Hard to say. Gavin Andresen says he is, but Wright didn't publish an unquestionable proof. Why would Gavin risk his reputation on that without the confidence that he really is Satoshi ?

Why would Gavin risk his reputation on that without the confidence that he really is Satoshi?

People who are smart, even experts in their field, can be fooled by conmen. Remember that while the experts are experts in their field, the conman is also an expert in their field. Their field just happens to be exploiting human nature to fool people. Without more information, it's hard to know if that's what happened, but it's a reasonable answer to the question.

Theory: Andresen met with Wright on Wright's terms, in a hotel conference room prepared and controlled by Wright. Wright anticipated that Andresen would ask for a clean-room laptop to work with. One of two things happened: either (a) Wright had his "assistant" go out and "shop" for a "brand-new" laptop that was actually a pre-bought laptop with a modified copy of Electrum on it. This is the copy of Electrum that was running when Andresen thought that his freshly-downloaded copy was running. Or (b) Wright actually did have a clean laptop bought, but suggested that Andresen connect to a Wi-Fi Network set up and controlled by Wright with a password provided by Wright, by which he then provided the false copy of Electrum through a MITM attack.

Both scenarios require the ability to modify Electrum in a deceptive way (presuming Andresen is familiar with Electrum and uses it frequently). The complexity of either scenario would require considerable literacy both with networking and code, and perhaps months of practice to make sure everything went off without a hitch. Thus, they seem pretty implausible. But if anything out of this scenario is true, I give props to the guy for really committing, you know?

I fully expect Gavin to come to his senses in the next 48 hours, acknowledge that there was a chance he was misled, acknowledge Wright is a shady character making a huge claim, realise a proper proof is necessary (which is trivially easy, without any excuses of 'leaks' left), and demand it.

I then expect Wright to come up with some bs, and then we'll all move on.

Gavin is only human, I can say I'm surprised to the extent he stated so adamantly 'without a reasonable doubt', but again, he's human.

Gavin is only human, I can say I'm surprised to the extent he stated so adamantly 'without a reasonable doubt', but again, he's human.

He said "I am convinced beyond a reasonable doubt." That's still a very high standard, but he left room for some doubt.

Not just that he hasn't published good proof. It's that he published fake proof. I don't see any reason satoshi would publish fake proof besides trying to troll people or something like that.

he could have been paid an enormous sum of money

Exactly this. Plenty of motivation.

That's silly, there was no play here. Nobody will believe Wright solely on Gavin's word in anything but the extreme short term, which has already passed (without a play, like Wright announcing he is Satoshi, owns half a billion in bitcoin and will sell it, thereby manipulating the price). What did Wright and Gavin gain from this? Yet Gavin lost a lot of credibility.

In short, I don't this this is likely.

I don't think Wright gained anything. Gavin, however, gained an enormous sum of money. If Wright paid him.

Assume incompetence (or normal human gullibility) over malice.

I do assume. But my point is I think most people would probably sacrifice their credibility for a lump sum, especially if they knew the person wasn't going to be able to convince the public.

But why would Wright pay Gavin? What did he expect to gain?

The article goes a bit into detail - Wright is on the hook for a few million dollars of tax issues, and seems to urgently need a plausible (to a judge) legal source of extremely large amounts of bitcoin or face persecution (possibly criminal) for tax fraud.

Regardless of is/not, Wright says he did it to never do it again.

Gavin fell for a con job.

It is beyond me that anyone would actually try to fake such a significant identity. Does this man have any self-respect?

People don't have self respect in a lot of situations. For example: http://www.nytimes.com/2016/04/10/sports/julie-miller-ironma...

"and that the only thing she did wrong, besides winning too often, was to lose her timing chip in a couple of races."


It sounds like he might be a scam artist, so I guess the answer is no. If you're going to con the tax man out of millions of dollars, creating a fake identity probably isn't going to worry him too much.

But I'm wondering: what if he is a scam artist and he actually is Satoshi?

If I walk into the room and you see me, you'll (subconsciously) assign a zero-chance that I'm the queen on England. Why would that become non-zero when I present obviously faked proof (a paper crown, etc).

Why would CW's obviously faked evidence provide any support for his claims?

As I see it, it is pretty clear to me. If I add together that Wright had the means, motive, and opportunity to pull a con like this and the fact he hasn't done the one simple thing that could absolutely prove it really is him it adds up to Wright clearly not being Satoshi.

Surprised this hasn't been posted yet. From Gavin's reddit account,

"Craig signed a message that I chose ("Gavin's favorite number is eleven. CSW" if I recall correctly) using the private key from block number 1. That signature was copied on to a clean usb stick I brought with me to London, and then validated on a brand-new laptop with a freshly downloaded copy of electrum. I was not allowed to keep the message or laptop (fear it would leak before Official Announcement). I don't have an explanation for the funky OpenSSL procedure in his blog post." src:https://www.reddit.com/user/gavinandresen

If this is a hoax, I really don't understand what a Craig Wright can materially gain from claiming he is Satoshi. Unless he's playing some sort of long con, where he claims he doesn't want publicity or to profit from it, but then accepts a deal from someone to trade his non-existent genesis block Bitcoins for real hard currency. It'd be like a grifter in Las Vegas claiming he was a Sheikh or a Saudi Prince and refusing all inquiries from public, but then allowing one person to reach him and then swindling that person in a deal.

Or maybe the 'real' Satoshi Nakamoto offered Craig Wright a big chunk of bitcoins if he would claim to be Satoshi, so that his true identity would never be revealed.

Or maybe he is just taking the piss. As an Australian, I'd applaud that.

The con is plausible. If I could point to a BBC article claiming I was indeed the founder of Bitcoin, I'd be able to turn some heads that wouldn't otherwise turn..

This is getting old.

Given the frequency of these fraudulent or mistaken Satoshi identifications, it's probably time that someone puts together a simple, publicly visible procedure for verifying Satoshi's identity. Make a web-site, call it something like satoshi-test.com, and include a step-by-step procedure for journalists to follow. If they can't get their Satoshi claimant to complete the test, then they shouldn't write the story. If they ignore the test, then we should ignore their story.

Here it is: https://medium.com/@SatoshiLite/satoshilite-1e2dad89a017#.1t...

Many journalists will jump on the opportunity even if they know that it is 100% fake.

Could you explain what is going on in that post?

Litecoin is one of the first altcoins of Bitcoin. It is a nearly identical fork of Bitcoin except with a few parameters changed. All of the following that I am about to discuss work identically on both, so I will just talk about Bitcoin for expediency.

Bitcoin is a digital currency that is based on cryptography, specifically public-key cryptography. The way you spend money through Bitcoin is by using a private key that only you have access to to sign a transaction that sends Bitcoin to someone else. The rest of the network validates that transaction using the corresponding public key and rejects it.

Satoshi Nakamoto wrote Bitcoin. He mined the first block and authored the first transaction. As a consequence of this, several public keys are known that are recorded right into the very beginning of the blockchain. So anyone claiming to be Satoshi Nakamoto should be able to digitally sign a message to that effect with the private keys corresponding to the known public keys, either a transaction on the blockchain or a simple text message.

Anyone who claims to be Satoshi Nakamoto but cannot digitally sign proof to that effect is not Satoshi Nakamoto. The first thing the real Nakamoto would do should he ever come out publicly (which is highly unlikely) would be to provide this incontrovertible proof. As the creator of Bitcoin, he more than anyone knows that you can't take this kind of stuff on faith; it has to be proven mathematically.

The linked post shows the creator of Litecoin demonstrating that he is in possession of the private key corresponding to the genesis block of the Litecoin blockchain. It's really that simple. He has a private key, and he's signed a message that anyone can verify.

The post is by Charlie Lee, the creator of Litecoin. He's demonstrating that he indeed controls Litecoin's genesis block (i.e. the first block in its blockchain). He's demonstrating a very simple, unequivocal way to prove that you own the genesis block. Anyone claiming to be Satoshi can easily prove it by similar means.

I somehow doubt a typical journalist would be able to do anything with that.

We need better journalists, then.

I'm pretty comfortable with the technical competence of a subset of tech journalists -- nikcub is one of them. Other fields often get fairly competent journalists; tech journalism deserves the same.

The key thing here isn't necessarily technical competence but skepticism, which is the thing journalists are supposed to be oversupplied with.

> Other fields often get fairly competent journalists;

That's... not really true, especially when it comes to stuff like Bitcoin, which even a lot of experts don't understand (remember, people in our field are still struggling to write CRUD web apps). Medicine, for example, has equally complicated areas (cancer, epidemiology). I can't speak from personal experience (I'm not an expert in that field) but I have friends who are medical researchers and they are equally frustrated with medical journalism.

Ultimately, what we need are people who are actual experts in fields to be writing about those fields for a general audience, and get rid of journalists who aren't experts.

One thing that medicine does better is regulation. With odd exceptions like abortion, regulation of how doctors do their jobs is managed by other doctors. I would love if that was how things were done in computer fields.

The thing about journalism is you don't need all of them to be good, or even the median or mean journalist to be good -- just the top few to be amazing.

I agree -- we need people who are actual experts in the field, but also good at communicating, when communicating about topics where expertise is valuable. There are some amazing war correspondent journalists who go into harm's way and have both shared experience and a reasonable background.

> We need better journalists, then.

Sure. Donate to NPR or sub to the WSJ :)

I like NPR, but what I like about them is usually that they ask a question and get out of the way so the expert can talk. That means that you hear what the expert wants to say on the topic, which is great. But the expert doesn't get to choose the topic, and unless they're particularly assertive, the expert usually doesn't tell us when the question isn't really relevant, or when a better question could be asked. They're great, and I agree about donating to NPR, but I think journalists who were actually experts in the fields they reported on would be able to do better.

    Welcome to Satoshi-test.com!
Please enter the private key for the genesis block here: _____ [Submit]

No. A private key must be kept private.

Not necessarily. He can first transfer whatever amount is still in the address controlled by that key to another address and then publish the private key of the address that now has a balance of zero. What's the problem with that?

Because now the people behind satoshi-test.com have it and can claim to be satoshi.

It needs to be something like "Please sign `<challenge string> + your name`"

If someone spends the first block or any which is believed to be held by Satoshi would be noticed and the bitcoin market would panic. Satoshi is alive and spending their money!! Sell now!

Way you go then.

Here's the thing. Craig Wright was probably there, he may have even had the original idea, but it was his coworker/friend David Kleiman that actually implemented it. Or perhaps contracted someone else to implement it, as he was involved in the security industry and may have known players heavy enough to develop such algorithms. Either way, it was Kleiman that had the keys. It has become painfully obvious that Wright does not possess the technical skills to have created Bitcoin, and it also should be very obvious that he does not have the coins. He may have even written or at least contributed to the original paper. He might even be as close to a living "Satoshi Nakamoto" as there is, because David Kleiman died of MRSA in 2013. At this point, I don't think anyone alive has those keys, and Craig is trying to parlay his former role into something that he can actually turn into cash.

The whole thing seems to be handwaving that only a non technical person could believe.

Because when you're not a technical person, you won't have good priors for what constitutes proof. You'll be falling back on the same intuition you use when reading a detective story. Who has motive, who has skill, and so on. None of which take you out of the zone of doubt (say between 10 and 90 percent certain) which is why detective stories are fun.

If you're a technical person, you can see how big a deal being able to sign is.

For me, it's pretty easy. If someone says they're Satoshi, we ask him to move some BTC from one of his addresses to another. They'll still be in trust (crappy excuse). If you can do that, you're either him or he essentially gave you his identity by giving you the key.

This whole thing is like some 90's cyberpunk novel.

After Newsweek named Dorian Nakamoto as the bitcoin creator I remember reading a post on Hacker News where a coffee shop owner's wife remembered seeing the same man use bitcoin to pay for a coffee. Was there any truth to this story?

Eye witness testimony is notoriously bad. Confirmation Bias. Power of suggestion. etc.

Wouldn't surprise me: as I recall, there was a fund raised for him by some people in the community as a gesture for having been a victim of "Bitcoin blowback."

Warning: hate speech ahead.

Sad fact: a single impostor clown wasted millions of hours of experts' and other smart people's time that could have been spent productively otherwise.

Real question: has Gavin got insane or what game is he playing?

Speculation: I lost my faith in Gavin in 2014 in Amsterdam where I could observe him joining The Bitcoin Foundation while it was already clear that TBF was full of shit, pedophiles and nonentities focused on self-promotion and earning a quick buck (with few exceptions). So my bet is on Gavin's gullibility. He's got tricked by the con artist to the level that he is going to defend his position against the evidence.

Who cares?

Put the whole lore of bitcoin on the backburner for a moment and think about what this would really mean if he was Satoshi. Pretend that the proof was more than adequate, and pretend that Satoshi-signed messages started popping up on the Bitcoin mailing list again.

What should that matter? He's got millions of dollars of Bitcoin. He dropped out of the bitcoin world 5 years ago. If Satoshi came out on the mailing list with a signed message talking about the block size, would it matter at this point?

Of course it would matter. It would be like George Washington being somehow magically resurrected and chiming in on the 5th amendment and the controversy of the government coercing people into revealing their password.

Another theory: he destroyed the genesis block signing key and everything else that could prove he's satoshi in the beginning. Because, well, he didn't want to be linked to Bitcoin in case of unsavory government or corporate interactions.

But now Bitcoin has more or less gone mainstream and it's safe for him to reveal his identity, his human is kicking in and he's trying everything he can to claim the fame

If this individual can pull these shenanigans, is it fair to conclude that the real satoshi does not exist (or is not alive), and mr Wright knows it?

Reminds me of the Howard Hughes hoax autobiography: https://en.wikipedia.org/wiki/Clifford_Irving#Fake_autobiogr...

Forget any of the crypto stuff, just ask Mr Wright to open another thread here (http://p2pfoundation.ning.com/profile/SatoshiNakamoto) or any of the other forums he used to interact or edit one of his own forum posts! This should be trivially easy for the real Satoshi.

What if he presented a fake proof, so people can refute it, and in this way he can finally stop people from accusing him from being Satoshi?

What is the benefit of having people know you are Satoshi? probably none. Any money he can make from being recognized as the creator of Bitcoin is not comparable to the money he could have made from early bitcoins.

Man this is turning into something like the Kennedy assassination or Jack the ripper. There will be endless speculations and theories. At some point we will be all so confused that even if the real Satoshi stepped forward we wouldn't be able to believe it.

plot twist - Satoshi Nakamoto is Keyser Söze

A lot of Craig Wright's presence on the Internet - wikipedia, linkedin, etc. is full of ego-inflating hyperbole. To go to these lengths though, for the sake of publicity (or notoriety) is pretty incredible.

What are the chances that Gavin is Satoshi, or knows who Satoshi is and wants to corroborate Wright in order to protect Satoshis identity.

Why did he lie?

Is he a serial liar trying to take credit for someone else's work or is this an elaborate attempt to get the real SN to reveal himself?

I don't know much about cryptography, but can his keys be recreated with all the computing power all Bitcoin miners have ?

Bitcoin would be useless if that were possible.

To answer the question directly, no.

Another option to consider: Craig is being pressured to make this claim to flush out the real Satoshi.

"administrative assistant working with Wright left to buy a computer from a nearby store, and returned with what Andresen describes as a Windows laptop in a “factory-sealed” box."

suckers, every day

Really though.

I wouldn't even trust going to the nearest computer shop myself and picking out a computer.

Presumably the assistant was believable because they weren't dressed in spandex and sequins.

I searched for Craig Wright's Linkedin profile. It's not available any more. Unfortunately, the Wayback Machine doesn't track Linkedin. Does anyone have a cached copy of his Linkedin profile?

It was linked above: https://archive.is/Q66Gl

I am starting to think that all this is a postmodernist spectacle designed to instill the thought that searching for Satoshi is a lost cause.

We are seeing the Apprentice/Padawan here which does a good but not excellent magic illusion show in proving he is the one. Meanwhile the Sith-Master himself is hiding in the shadows and has probably an evil grin on his face.

I do not think that Wright is Nakamoto.

However, posting in the form of a screenshot could be a smart move generally, because of the possibility of the text being changed[0], or people cutting and pasting code that does not present as malicious, but is embedded in the website to be so.

[0]: Of course, this can still happen with an image!

Plot twist: Wright as Satoshi isn't the con. Bitcoin is the con.

After all, what better con is there to convince millions of people that you've invented a currency, and that they should hand over real money for bits and bytes on computers you don't even control. Wright had recurrent run-ins with Australian tax authorities, so he has a strong motive to shelter his wealth in a virtual currency. The article admits that all his business relationships say Wright is the best con-man they know. And the Bitcoin con has netted Satoshi over a billion dollars.

Double plot-twist: Bitcoin isn't the con. Money is the con. All the reasons why Bitcoin is a hoax apply to the U.S. dollar and other forms of currency as well.

Money is not a con. It is a very valuable invention that makes exchange of goods way more efficient. Just because something unfairly advantages some people it doesn't follow that it's not useful.

PS: Yes I heard the sarcasm in your post. It's all good.

> And the Bitcoin con has netted Satoshi over a billion dollars.

A huge amount of faith in bitcoin will be lost if Satoshi ever starts moving his btc. Its like the founder or CEO of a company - if you try to sell your stake confidence in the business evaporates.

Well considering the central bank can't just manufacture new bitcoin whenever they please I'd say bitcoin is a better con than money

Dude, you better be careful. Don't diss the idea of Bitcoin on the internet or you'll get embroiled in a flamewar of epic proportions. The Bitcoin-acolytes are few but extremely vocal.

I have never once commented upon Bitcoin without being immediately downvoted on any forum, this thread included. Not once.

Watching the community fight is kind of depressing, because that's a lot of energy that could be channeled into positive endeavors.

Have you written a well thought argument or was it just "bitcoin is a con"? I've seen plenty of criticism of bitcoin get upvoted.

Just naming it as a con seems odd as it actually works and people buy things with it every day.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact