Hacker News new | past | comments | ask | show | jobs | submit login
I Am Not Satoshi (dustintrammell.com)
336 points by citricsquid on Nov 26, 2013 | hide | past | favorite | 170 comments

General consensus seems to be that Ron&Shamir's publications on this topic are extraordinarily weak given how stellar a record Shamir, in particular, has.

The conclusion seems obvious: It's a misdirection. Adi Shamir is Satoshi Nakamoto.

(Note: No, I do not in fact believe this.)

I think it's important to note that this paper was a research paid by the Citi foundation, which belongs to Citi Group, a financial services corporation formed following the merger of banking giant Citicorp and financial conglomerate Travelers Group.

Why exactly is that important? Because it suggests that Citi is involved in hiding the identity of Satoshi and that implies their involvement in setting up Bitcoin?

Or am I missing an angle here?

I think the claim made is that the powers that be are actively working against Bitcoin, here by tarnishing its reputation with sensationalist research.

This sounds like a fairly typical case of an advisor giving a student free reign. Most professors do not invest the time to understand their students' work as much as you might think.

As your comment is 3rd from the top of page:

You could investigate that with a few minutes of googling - the 'student' has been writing CS papers since the mid '80s [0]

This reminds me of when someone on HN described both the authors as 'some Israeli CS students' [1]

Whatever you think about this particular paper, the authors are experienced researchers.

[0] http://www.wisdom.weizmann.ac.il/~dron/ [1] https://news.ycombinator.com/item?id=5209356

So what we are saying here is that in the "did a bit of preliminary googling before writing something foolish" department, they did about as well as a HN commenter.

Seriously, the slight difference here makes your comparison less than flattering. This seems like some form of "damning with faint praise".

And as Adi Shamir could have found out with a little more Googling, the address belonged to Trammell, not Satoshi.

It takes a bad Googler to know a bad Googler.

I guess we're all just bad Googlers.

We should really brush up on our Googling.

I stand corrected and I apologize to Dr. Ron. I am still not sure how much Shamir is responsible for the flaws in this research given that he's not the first author.

I'm not sure about this particular paper, but in most theoretical fields the authors are listed alphabetically by last name (the assumption being that each of them made a contribution without which the paper wouldn't exist - so ranking them is not important).

Too obvious.

Backwards that's "I hso tasto nmai" which is phonetic late R'lyehian for "Up yours Bernanke".

C'mon Dustin.

"I Am Not Satoshi" is also an anagram of "I, Homo Satanist".

Correct. I like the idea.

This is not even the first paper by Dorit Ron and Shamir on Bitcoin; they did an analysis of the transaction graph earlier: http://eprint.iacr.org/2012/584.pdf‎

And that one too was quite poorly done; from the text, it actually seemed like they thought that "the blockchain" is a file stored on blockchain.info. Disappointing from the inventor of Shamir's Secret Sharing and differential cryptanalysis.

  We acquired the complete state of the Bitcoin transaction system [...]
  This required downloading 180,001 separate but linked HTML files [...]
  following the links backwards to the zeroth block [...]
  Each file was parsed in order to extract all the multisender/multireceiver transactions in it, and then the collection of transactions was encoded as a standard database on our local machine.
This is definitely a very strange way of retrieving the blockchain for research purposes. Couldn't they have simply issued RPC calls to the regular bitcoind client after downloading the blockchain via the built-in peer-to-peer mechanism?

Yes. In fact, I'm sure (formally, "I suspect") that what you are describing is exactly how blockchain.info gets its data in the first place.

No. Blockchain.info indexes the block chain by address. bitcoind indexes the block chain by transaction IDs (if you enable it). You'd still have to index the data you get from RPC calls by address if you want to track the movement of certain coins.

It's a lot easier to just get it from blockchain.info.

> it actually seemed like they thought that "the blockchain" is a file stored on blockchain.info

People seem to confuse that a lot. It's a badly named service at the best of times. I wonder how many legal requests the site will get from people believing they run Bitcoin.

I was about to argue with you about it not being very confusing, but then I read the "About" section on the front page:

"This site allows you to navigate the bitcoin blockchain (a database which holds information about all transactions)."

That really does make it sound like they are storing the centralized database for bitcoin.

Edit: changed "storing a" to "storing the" to clarify my point per gojomo's reply.

Blockchain.info is storing a centralized database for Bitcoin. Just not the centralized database... because there's not any official one. They're a value-added replica (via indexing & UI), not a constitutional authority.

(They have some earned authority, by a record of useful service.)

It's not 'a centralized' database at all. Calling it that only adds to the confusion.

I can see where you are coming from, but how could you word that to be technically correct, succinct (not a full blown lecture on what bitcoin is), and not leave yourself open to giving people that impression?

Bitcoin isn't the simplest concept around. Unless you are in the business of packaging up bitcoin for non-technical consumers, I think it is reasonable to expect your users to bring some knowledge about bitcoin to the table.

"This site allows you to navigate through a copy of the bitcoin blockchain"

Yeah, that's definitely better. You might still have people falling into the weird "the blockchain is a bunch of html documents" hole though.

"Disappointing from the inventor of Shamir's Secret Sharing and differential cryptanalysis."

Indeed, as I was reading the post I thought to myself "it couldn't be that Shamir, could it?" Oh.

Yes indeed. The first time they actually scraped the blockchain.info website, this time they've finally figured out that the blockchain is public and parsed a local blockchain.dat

The New World is built on the results of that generation of cryptographers, but they can't keep up.

I'd be shocked if the NSA hadn't "invented" differential cryptanalysis long before Shamir.

Does that matter? If two people independently invent the same thing, they're both inventors with equal standing. The classic example being Leibniz and Newton with regards to calculus of infintesimals.

Apparently it matters to the good people of Marshall, Texas. According to them, Whitfield Diffie didn't invent public key encryption for exactly that reason.

Yeah, I'm more than a little bitter about the technologically illiterate being allowed to judge complex technology.

Isn't it a given that they did? They strengthened DES's s-boxes against it 10 or so years before it was publicly discovered iirc.

You're right, that's precisely why they changed DES.

And the S in RSA.

I find the criticism of research papers on the part of Bitcoin supporters a bit ironic. Have people forgotten how poorly researched the original Bitcoin paper was?

Not sure what you mean by 'poorly researched'. Whatever it's flaws, it produced a hell of an innovative idea (or rather, a conglomeration of ideas into something innovative), and it has grown into something undeniably huge. Something people are building businesses upon. Something that is trading at over $900 USD/unit right now, despite countless rounds of naysayers decrying its intrinsic worthlessness and foretelling it's doom.

Meanwhile these guys are merely riding on the huge waves which that 'poorly researched' paper left in its wake, trying to catch some press-coverage-by-association with their shoddy research. I'm failing to see the irony here, this is apples and oranges stuff. Really seems like you just wanted to sneer at 'Bitcoin supporters'.

"Not sure what you mean by 'poorly researched'."

I mean that it was poorly researched. There was no definition of security, no mention of the vast body of related work in digital cash or secure multiparty computation, a weak security analysis, no mention of the fact that polynomial time attacks are usually considered to indicate that a system is not secure (one would think that a different security model would require at least some justification), and so forth. That is not the mark of a solid research paper; the fact that Bitcoin has become so famous or that people are making money with it has no bearing on the quality of Satoshi's own research.

It was a simple white paper, offered up anonymously for only what it was. It made no claims which have been demonstrated to be false, which is more than you can say about the paper being discussed here.

The Bitcoin whitepaper does what it says on the tin, you're the one inventing criteria for it that it doesn't meet. The white paper is also remarkably readable, which is something you can't say for most academic works.

Betterunix has been in this discussion many, many times.

I don't think there is any way to get him to stop saying that bitcoin isn't an achievement and that it is a priori invalid because it doens't have a "formal security model."

Well he stopped saying there was no formal security analysis once someone linked him to one, I think. :)

I believe that I responded to that paper at least once. By my memory, the formalization of Bitcoin's security left room for a polynomial time attack on the system. That is a fine restatement of what we already know about Bitcoin, but:

1. It is irrelevant to this thread, because I was only talking about Satoshi's paper.

2. It is not the sort of security people demand out of other cryptosystems. There is a reason nobody uses this:


If someone could link me to the paper in question, I would really appreciate it.

A little late, but I believe this is the paper mentioned: https://socrates1024.s3.amazonaws.com/consensus.pdf

"It made no claims which have been demonstrated to be false"

That is because no falsifiable claims were made.

(Edit: Strictly speaking, this is not true. Falsifiable claims were made; this, for example:

An attacker can only try to change one of his own transactions to take back money he recently spent.

This claim has already been falsified: an attacker who can control the block chain can also selectively deny transaction verifications and prevent miners from receiving the mining reward.)

"you're the one inventing criteria for it that it doesn't meet"

No, I am just stating the criteria that determine how well-researched a paper is. If a paper does not cite the relevant previous work, it is poorly researched -- that is the standard that every other paper is held to. If a cryptography paper does not have a well-formed or clearly articulated security definition, it is poorly researched -- that is the standard other cryptography papers are held to. If a security paper breaks from widely accepted notions of security but never bothers to justify that, it is poorly researched. These are not unheard-of criteria, these are standard fare.

"The white paper is also remarkably readable"

What is your point? Readability is orthogonal to how well-researched a paper is.

> If a paper does not cite the relevant previous work,

This is elevating form above substance. Ron & Shamir's work has the proper form, the proper names, and yet the material it contains is rubbish. It cites "relevant previous work", so long as you think that none of the work in industry is relevant.

The gold standard should not be if a work follows a set of practices, advisable as they may be, it should be if a work advances the understanding of mankind. One of these papers did, the other does not.

Reference to previous work is not some perfunctory requirement to satisfy for academic due process. It is critical for the advancement of knowledge. Also, its pretty much entirely the definition of "well-researched". Work that is done completely independent of the established base of knowledge in a field can be valuable but someone has to do the work of integrating it and contrasting it with what was already known or else how can you weed out the cranks without many people spending many hours working through their enormous stacks of drivel?

G. H. Hardy said that his most important contribution to the study of mathematics was the discovery of Ramanujan. One could easily make the mistake of thinking this contribution could have been easily replicated by someone else, but its entirely likely that never would have happened at all because Ramanujan was not aware of much of the contemporary work that he blitzed past.

Real-world cryptography often doesn't have security definitions, e.g. AES. In parts that is because security definitions tend to be asymptotic (which is a massive simplification), and real cryptography is working at a fixed parameter. Coming up with a good security definition is hard, the 2013 Turing award was given for one. I think it will take a long time before we get a realistic security definition for Bitcoin.

"Real-world cryptography often doesn't have security definitions, e.g. AES"

Block ciphers do have security definitions; what AES lacks is a rigorous proof that it satisfies the definition of security for a block cipher. There are different definitions for different notions of security, but that does not mean there is no security definition. It is also untrue to suggest that security parameters are fixed in practice; this is certainly false for public-key cryptography, but Rijndael was designed to support arbitrary parameters, as are many other practical block ciphers and hash functions.

"Coming up with a good security definition is hard, the 2013 Turing award was given for one."

Not one definition, but several definitions and an entire paradigm for definitions. The work also set the groundwork for proving that cryptosystems and cryptographic constructions meet such definitions.

Really, the importance of having a security definition cannot be understated. Without a security definition, you cannot have any falsifiable claims about security. If I claim a system without a definition is insecure, you can always refute me by claiming that the system was never designed to defend against my attack -- which is technically correct, because without a definition the system cannot be said to be designed to defend against any attacks.

Also, note that I did not say that Satoshi failed to give a good security definition for Bitcoin. What I said is that Satoshi failed to give any security definition. If Satoshi had given an unrealistic or otherwise bad security definition, then we could have a productive conversation about the definition and about whether or not Bitcoin satisfies it.

"I think it will take a long time before we get a realistic security definition for Bitcoin."

The thing is that we do have realisitic security definitions for digital cash -- the definitions just happen to rely on the existence of a central authority that issues the currency, which is a deal-breaker for the Bitcoin community.

Personally, I say thank god it was poorly researched. If the whole thing was inundated with 20 pages of obscure terminology and various arcane inequalities far fewer people would have understood it. Also, Bitcoin takes such a completely different tack from existing digital cash and SMPC schemes that I think including any discussion on those would have been distracting.

One of the consequences of a public transaction chain is the great potential for witch hunts. Here's one of the first examples, but it surely won't be the last.

The scary thing of these kinds of witch hunts is that law enforcement is listening / reading / conducting hunts of their own. And they will be prone to the same mistakes as these readers.

That brings the frontrunners of Bitcoin in a predicament.

On the one hand they are often libertarians and very happy with the succes of Bitcoin. On the other hand, getting in early gives them some windfall gains, and law enforcement will go after them, since many of the real criminals using Bitcoin will remain elusive to them.

A little tidbit that will hit any of them sooner or later: did they properly file their taxes on the Bitcoins they mined? Trammell just admitted holding 800K$ worth of Bitcoins. Where did they come from? (Mining, I know, but those lawsuits will get hairy, because lack of knowledge.)

> Trammell just admitted holding 800K$ worth of Bitcoins.

Well, no. He admitted to holding an amount of Bitcoins that would now be worth 800k. At the time he transferred them they were worth a 20th of that amount.

That's a positive thing, because it only grows trust between members of community.

I don't think so; witch hunts didn't exactly grow trust between people in the middle ages. Witch hunts grow mob feelings between people against whoever happens to get crushed by their collective paranoia that day.

I think the parent poster meant that the witch hunts in the 21st century related to bitcoin only grow trust in the bitcoin community that witchhunts are destined to fail.

More people see that having financial privacy is a good thing, and trust in bitcoin grows.

Pedant's note: Contrary to popular belief, witch hunts were rare in the Middle Ages. They took off in popularity during the Renaissance.

Annoying meta-pedant note: You presumably mean that witch hunts mainly occurred in puritanical areas, at a time in which the Renaissance was occurring elsewhere in the world.

I thought the parent was being sarcastic.

If/When bitcoin grows as large as some think/hope it will, there won't be "a bitcoin community" anymore than there is a "USD community". Sure, you'll have communities of various sorts surrounding different aspects of the currency, like you do with any other currency, but for the most part the users of it won't really have any real sense of "community membership". I pay for things with paypal on occasion, but I don't have any sense of a "paypal community".

Unless you are the one being hunted and have to stop your life to explain yourself and hope they get it before someone on FBI believes on it.

I think if you have much influence, people should know at least who you are. The same applies to any kind of influence, but with fiat currencies it is much easier to hide it in certain positions.

This could also have a maybe unintended consequence of increasing equality, because some people, knowing who has the most bitcoins, might act to decrease the influence they feel is too large by, for example, choosing alternative product or service to use or buy. We see this effect already with people feeling that corporations like Google have grown too big and some go out of their way to not use their services.

Until Zerocoin gets kicking. Zerocoin is no longer to be integrated into bitcoin but released as an altcoin.

I think we should look closer at the cryptography mailing list for evidence of Satoshi's identity. It seems likely that at some point Satoshi posted under his real name about something unrelated to BitCoin, before he decided to switch identities to release BitCoin under a pseudonym. I really doubt that Satoshi would have lurked silently there for many years before suddenly dropping the BitCoin whitepaper on the list without once contributing under his own name, perhaps before he was even thinking about BitCoin.

I think someone should do a quantified textual analysis of posts to to derive some sort of written language fingerprint for each author on the Cryptography Mailing List. Has anyone been able to derive a unique fingerprint of written language that accurately predicts the identity of the author? Has an analysis like this been done and come up empty?

At the moment, it would be really helpful if you could submit archives of the original cypherpunk mailing list, the p2p-hackers mailing list, the cryptology mailing list, and the original member list of the p2presearch mailing list (not the current one).

A copy of the original pdf would also be really helpful. Not the one that md5 hashes to d56d71ecadf2137be09d8b1d35c6c042 please.

Here is some content in return: http://diyhpl.us/~bryan/irc/bitcoin-satoshi/

I am secretly hoping that Satoshi (and many others like him) really were lurking throughout the entire cypherpunk history, because it plays well into the cyberpunk fantasy unrolling in my head.

The term "proof-of-work" (with the dashes) is not used very often. But in all Bitcoin documentation it's written with the dashes.

Now there is one Wikipedia article http://en.wikipedia.org/wiki/Proof-of-work_system started by 'Julian Krause', so Satoshi might be Julian Krause.. ;)

Why does it really matter who Satoshi is?

He didn't do anything illegal so why should anyone try to uncover his identity even though he's chosen anonymity for himself?

You could argue that it's in the public interest to know who created Bitcoin and why.

What if Satoshi were a NSA stooge and the algorithm had currently-unknown weaknesses that would allow a selected group of in-the-know people to generate BC at rates much higher than regular miners?

Cryptography does not lie, but we often don't know what (or how) to ask the right questions. Satoshi's identity could help shape those questions.

As far as I know, everything is open source, and I'm sure that some cryptography experts already analyzed that.

And even if no one did, it is obvious that the person/organization that started the whole thing would have the highest profit by definition without the need of any backdoor.

Just look at how many Bitcoins Satoshi made at the start, when competition and mining difficulty was low.

But yes, I share your concerns, since it could be a pyramid scheme.

The one that starts it profits the most, everyone that enters the game later earns less but hopes that the value increases as long as more and more new players are joining.

And this currency is deflationary by design, which obviously helps driving profit expectations for everyone. (why the hell would you want deflation in a currency? Deflation reduces circulation which defeats the purpose of a currency)

I'd rather not know. It's more fun this way - almost like a Banksy of cryptography.

> a unique fingerprint of written language that accurately predicts the identity of the author

These kinds of analysis are usually more "fuzzy" than "unique" and "accurate". And can be easily fooled if you are trying to remain anonymous. Especially in the case that Satoshi isn't a single person.

Agreed, but strong evidence could plausibly be found. Also the style of writing/spelling errors can sometimes reveal nationality if you're familiar enough with different languages. I don't think someone would go through that much work, though.

If it pointed to a particular individual then people would quickly find corroborating evidence (or not), so the fuzziness doesn't make the analysis useless.

I doubt the real identity of Satoshi will ever be revealed. Seriously, if the claims of Satoshi mining the first 20,000 Bitcoins is true (with a value of almost one billion), would he seriously want to be publicly known?

I would imagine the FBI amongst other Government organisations and figures would love nothing more than to pick Satoshi's brain (by force if need be) if his or her identity were to ever be truly revealed. We won't ever know who the real Satoshi is.

I can make baseless and factless accusations as to who I think Satoshi is as well. I think it's Al Gore, he invented the Internet after all.

I think Satoshi is the NSA. This is 99% because it would be the most entertaining result, and 1% actual reasoning ( https://news.ycombinator.com/item?id=6206086 ).

It would be entertaining if the NSA could use blockchain data as an aid to cracking systems which employ SHA-256. It would be doubly fun if bitcoin was originally some off-the-cuff gamification scheme to help generate lookup tables for the NSA.

Are there any papers about practical (slash nefarious) uses one could make from the work put into the blockchain? I had the same thoughts as you recently, but don't have the background to imagine what's possible.

Each miner includes their own address and a nonce value in the work they are doing. Most of the work that goes into mining is generating failed hashes and is discarded by the client. Assuming a lack of mathematical attacks on sha 256, there isn't really anything nefarious to do with the published blocks.

I want a universe to exist where the answer to every question is based on its entertainment value.

Can we rule out the FBI?

I think so. Bitcoin is too global to be interesting to a domestic agency. It's more likely to be CIA.

If it's part of a policing effort, then it's obviously part of the UN, which according to Tim LeHaye, rules over the United States with an iron fist and is where the shadow government of totally-not-Jews would do exactly this kind of thing.

The only name I have for that is New World Order.

I would believe NSA before CIA. The FBI gets involved in the internet space, but it doesn't seem like the CIA does all that much.

You're not supposed to think the CIA does much. They're the actual spy agency; the whole "just a star on the wall at Langley" thing is CIA; you don't hear about their victories, and if you do, it's a failure of some kind. Stuxnet, for instance, was almost certainly CIA.

If Bitcoin is a targeted strike against China somehow (not completely impossible), then the CIA is the likeliest candidate. Otherwise, of the USGov national agencies, the NSA is most likely.

The FBI doesn't really get anything out of it. The only reason I can think of for the FBI to do it is for paying off informants anonymously. (And as I've pointed out before, if anyone's an expert on money laundering, it's the FBI.)

Not smart enough?

Where did you get that 20,000 Bitcoins are worth (even hypothetically) one billion? Even at $1,000 per BTC that's just $20M.

The paper linked speculates that a small group of people mined the first 20,000 blocks of Bitcoin. 20,000 blocks (@50 coins each) is 1,000,000 bitcoins, which @ $1000 is $1 billion.

Ah, got it. Confused bitcoin with blocks. Thanks.

Some people estimate his net worth to have been not 20,000, but 1.6 million bitcoins. That adds to over a billion dollars.


But $1B in nominal marginal priced BTC is faaar less liquid (less order book depth) than most other assets.

Yeah, it's worth more like $50M if you place your sells across exchanges:

    1,600,000.00 bitcoins can be sold for 35,066,701.01 USD on Mt. Gox with a slippage of 1,544,789,298.99 USD (97.78%)
    222,043.14 bitcoins (insufficient bid volume) can be sold for 15,395,973.27 USD on Bitstamp with a slippage of 1,493,404,026.73 USD (98.98%)

I think that's coming from the idea that the "ultimate value" of the BTC money supply should be ~$1 trillion (in order for it to replace real-world currencies in a significant fraction of transactions). 20,0000 Bitcoins is ~1/1000th of 21,000,000 potential Bitcoins.

> I doubt the real identity of Satoshi will ever be revealed.

They should include revelation in their will. For history's sake if nothing else.

It would be interesting if (inplementors of a majority of the client software installed base of) the community declared and anti-hoarders coup, and refused to verify transactions involving the low ID bitcoins.

If his statement is true the "research" by Dorit Ron and Adi Shamir seems more than just accidentally flawed, not to say even highly misleading.

Well, he said that the research was funded by Citi bank's 'philanthropic' foundation. Is he mentioning that to insinuate that a bank is trying to produce de-anonymizing scare research about Bitcoin, which need not be true so long as it shakes consumer confidence?

I suspect it's just very easy to get funding for Bitcoin related research right now because it's a hot topic, but that would be a much more fun explanation...

In theory I would like to assume that especially seasoned academics are more concerned about their reputation than a few thousand Citi bank dollars.

As have been their previous papers on the subject.

Here's a scathing breakdown of the paper in question from /r/bitcoin: http://www.reddit.com/r/Bitcoin/comments/1reuwq/vigorous_deb...

I wonder if this person is enormously rich now from BTC, considering how early he got in. Not that it's any of our business...

Rich in bitcoins - yes. Rich in USD? Not yet.

He had a balance of ~1200 btc on mtgox in March of 2013, during a time when bitcoin was hovering around $50. Had he sold it all then it would have been a cool $60k. Had he kept it until now, it would be approximately $1MM (it's never been below $50 since that time).

Whether that counts as "rich" is a matter of perspective, I guess.

It only counts as "rich" if he can use the money. I suspect that in practice, such large amounts of Bitcoin money have limited usefulness. It would be hard to get the actual million dollars his wallet is supposedly worth. There are still exceedingly few businesses that accept Bitcoin payments. At best, he could get augment whatever other income he has by selling small amounts of his Bitcoin money at a time.

According to [1] and [2] I can sell 100 bitcoins for $88,631 or $96,805 at Bitstamp and Mtgox respectively - or 10,000 bitcoins for $7,155,446 and $8,797,257

As I understand it those are offers to buy that are on the market right now, so you could execute the trades instantly.

[1] http://bitcoincharts.com/markets/bitstampUSD_depth.html [2] http://bitcoincharts.com/markets/mtgoxUSD_depth.html

Yes, but in doing so you increase supply and therefore decrease the price. When you have a large amount of bitcoins, selling them all means flooding the market and ultimately selling them at a very low price. The best you can do is sell a portion every day.

We are only talking about 1000 in this case. There is enough book depth to sell 1000.

Yes, that's correct. The market isn't nearly as illiquid as some of the commentors on this forum would like you to think.

According to my calculator, selling 1000 BTC on Bitstamp would yield $867,833 with a slippage/liquidity cost of $28,958, or around 3% of 'face value.'

I made a little Python script that calculates the slippage from selling/buying an amount of BTC on various exchanges. Here's the result for selling 1000 BTC right now (in both USD and EUR):

    rune@rune-desktop:~/Programming/scripts/bitcoin$ ./depth.py 1000
    1000.00 bitcoins can be sold for 956,782.15 USD on Mt. Gox with a slippage of 28,317.85 USD (2.87%)
    1000.00 bitcoins can be sold for 922,365.80 USD on Bitstamp with a slippage of 18,434.20 USD (1.96%)
    1000.00 bitcoins can be sold for 864,201.16 USD on Bitfinex with a slippage of 76,548.84 USD (8.14%)
    44.38 bitcoins (insufficient bid volume) can be sold for 22,951.93 USD on Kraken with a slippage of 964,703.67 USD (97.68%)
    rune@rune-desktop:~/Programming/scripts/bitcoin$ ./depth.py -c EUR 1000
    1000.00 bitcoins can be sold for 697,614.73 EUR on Mt. Gox with a slippage of 17,392.27 EUR (2.43%)
    No orderbook for BTCEUR on Bitstamp
    No orderbook for BTCEUR on Bitfinex
    81.19 bitcoins (insufficient bid volume) can be sold for 52,229.71 EUR on Kraken with a slippage of 679,770.29 EUR (92.86%)

Mtgox had millions is USD daily volume at that time.

Is that all he had, though?

Doesn't matter for a lower bound, of course...

I don't really understand why Satoshi wants to be hidden. Is it because of the legal issues or does he want be a hidden super character?

If you've been paying attention for the last three years, almost everyone thought the US government would crack down on bitcoin with a vengence, satoshi very well may have been genuinely fearful of the ramifications of his software.

It is also possible that satoshi is a group of people and not a person.

Lastly, the idiosyncratic nature of someone who spends their time on crypto mailing lists and making crypto currency is likely to take privacy seriously for its own sake.

A better question might be, why would satoshi want to be found out?

If he is not motivated by anything like ego or credit then - as Charleton Heston would have said in a lame 50s Bible movie - 'He really is the son of God.'

Me neither. As it appears he have not premined any significant amount of bitcoins, so it's not like he is going to cash out. So the version, besides that he wants to be "hidden super character" may be that he was not allowed by some organization to reveal who made this breakthrough. It's not even clear if it was a single person. But even if it was by some organization, why hide? Maybe they didn't want bitcoins forever be associated with NSA for example, which would repulse people and led into believing that the organization controls the currency. But it still doesn't make much sense.

Since Satoshi seems to be heavily influenced by cypherpunk community, maybe it really is one person who just wanted the bitcoin really work and made everything that's the best for the currency? If so, one day, when bitcoin or it's derivative will be a thing on which the world economy depends, he will be the man of the year. Maybe he will even disclose his identity, since that will not have an effect on bitcoin itself any more.

A movement cannot outgrow its charismatic leader until the leader dies. Satoshi would find it very difficult to retire if he wasn't anonymous.

Also, Satoshi mined ~1.5M BTC, now "worth" over $1B.

Founder's syndrome (http://en.wikipedia.org/wiki/Founder%27s_syndrome) is a common problem that Satoshi nicely sidestepped for Bitcoin. Bitcoin is a zero-trust system, it should be judged on its merits, not extrapolations of its creators motivations.

The 1.5M claim is bullshit, however. People come up with these gigantic numbers by claiming that all coins unspent mined in the first year (or all coins mined in the first year at all!) were Satoshi. This is known to be untrue because there are many other people who mined in the first year and have coins unspent (or lost!) from then.

Here's a detailed analysis (just under 1M BTC; I'm not sure why I remembered 1.5M): http://bitslog.wordpress.com/2013/04/17/the-well-deserved-fo... http://bitslog.wordpress.com/2013/04/24/satoshi-s-fortune-a-...

Yes, but the 1M number there is simply counting up all the unspent blocks in the first year. Though the author presented an argument for further distinguishing blocks into "maybe satoshi" "not satoshi" sets, that wasn't actually done for the count.

What if Satoshi is actually a group of NSA agents who created a new crypto-currency as a honey-trap to attract bad guys so that they could either stop them or use them as slave agents. What if?

Would that Satoshi want to be identified?

NSA is still against "the bad guys" in the minds of some people?

My guess is that Satoshi died and that we will never know his identity.

For what it's worth, I'm not Satoshi Nakamoto either.

I am Satoshi. And also Spartacus

I'm Satoshi and so is my wife.

I knew it! Thanks for making this clear.

Not sure why this was downvoted. Was my humor so hard to spot?

Many people here don't like to see HN turning into reddit

In fact, 99.99999998596% of people are also not Satoshi Nakamoto.

I broke the dam.

Why he calls Satoshi Nakamoto "infamous"? Did he mean "famous" or actually thinks Satoshi Nakamoto is evil?

in common use, "infamous" has become mostly interchangeable with "famous" or "notorious" and the negative connotations are somewhat dulled.

Hah, I thought it was a reference to this PBF comic at first. http://pbfcomics.com/45/

I wonder, is research like journalism where an academic is morally obliged to issue a retraction or correction for conclusions shown, conclusively, to be false?

More or less. However it's also like journalism in that you shouldn't necessarily hold your breath until it happens.

If it were published in an academic journal, the journal would publish these remarks by Dustin Trammell in the next issue. But this "paper" was published online without peer review, so it's up to Ron and Shamir to do the right thing.

Most of the research Shamir does at this point is basically crap like this, which is why it's on a website instead of in a conference or journal.

Exposing a weakness in the post-journal open access publishing model. Non peer reviewed work getting more attention thannpeer reviewed work. At least on boards like HN, which I guess never respected the academic community as much as bloggers anyway.

Post journal open access publishing _includes_ peer-review; see PLOS ONE, PeerJ etc.

Similar problems as OP's have been noticed with non "post-journal open access publishing model". That's generally called "science by press conference" now - the most famous case was the arsenic life paper, which was published in Science, a "traditional" journal, and then later retracted after their press conference before the publication generated a huge buzz (and two later papers contradicted their findings).

This isn't a problem that's caused by open access or new publishing models.

Looks like they posted a retraction: http://money.cnn.com/2013/11/27/technology/bitcoin-silk-road...

I hope they also apologized.

So, they put forward a theory, it turned out to be wrong, they said "ok, we agree, we were wrong". I think this is how the science is supposed to work, not? Vast number of theories and ideas are put out and most of them prove to be wrong, some prove to be true. I think it is a very normal and healthy process and I wonder why so many people feel the need to attack the researchers personally just because one of their ideas turned out to be wrong.

Because their theory inculpated a person (Satoshi) with criminal activity and they were wrong. That is why an apology was appropriate. This isn't just a matter of scientific incorrectness - someone's reputation was attacked.

Aim to astonish.

I just realized this is quite smart. Point for you.

Into Math Oasis ?

Outed with heresy idea

The downvoter of the parent comment probably didn't notice that it's an anagram for "I see what you did there".

This is the amazing "Sunday" research paper. It's OK if you stop at the giant red typo, but you may eventually get the point: "The short path we found (which is depicted in Figure 6) suggests (but does not prove) the existence of a surprising link between the two mysterious figures of the Bitcoin community, Satoshi Nakamoto and DPR. It is reasonable to assume that all the accounts described along the top of Figure 6 belong to the same person, but to be on the safe side we refer to him as a “Founder” rather than as Satoshi Nakamoto. We are sure that analyzing this figure will start a very vigorous debate in the Bitcoin community."

In other words, "we're covering our asses so we don't have to retract, but we're expert and relevant to this bitcoin thing."

That's exactly what Satoshi would say...

I bet if we piled a bunch of rocks up on his chest, he would admit to being Satoshi.

No, Satoshi would not say anything...

That would be suspicious, especially in light of such weak paper. Possibly paper is bait for Satoshi?

I'm not sure it's significantly more likely that he'd deny it if it wasn't him than if it was, so I don't know how it could be bait.

I would just like to make it known that I am also not Satoshi.

That's exactly what Satoshi would say.

"only Mt. Gox knows who controlled those specific coins after I began trading them."

And anyone who knows one of the subsequent addresses those coins touched in the blockchain. Of course, it also doesn't really matter who they went to.

"I am not Spartacus!"

argh you beat me to it

Ron and Shamir were very eager to see what they wanted to see. Some people got stuck in looking for "ghost under the bed" well beyond their childhood years.

Y'know, with all the snooping they've been doing, I wouldn't be surprised if the NSA/GCHQ knew Satoshi Nakamoto's true identity.

Isn't this supposed to be "I am Spartacus" or something like that?

If I really want to find out who satoshi is I would have lie to all and wait until the actual Satoshi to come out and call me a liar. Anyway, life goes on - I do want to find out who Satoshi is really...

Here's another thing to consider: the NSA and other intelligence agencies have most likely already figured out who is behind Bitcoin, even if the general public have not.

What does that mean?

The next obvious question would be: are you batman? That said, I believe him. I have a great deal of respect to Shamir but I think he got it a little bit wrong.

Disinformation is key to success. By actively participating in denying his identity people will become even more skeptical leading to more confusion.

OT: Reminded me of this: http://pbfcomics.com/45/

So, a global quest for the hidden wise one who lives in the middle. This whole affair has a solidly mythic feel about it.

Satoshi is a perl programmer

A perl programmer who uses Windows? IP: server location: Malaysia ISP: Piradius Net

Will the real Satoshi please stand up?

Tips welcome @WhoIsSatoshi

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact