The conclusion seems obvious: It's a misdirection. Adi Shamir is Satoshi Nakamoto.
(Note: No, I do not in fact believe this.)
Or am I missing an angle here?
You could investigate that with a few minutes of googling -
the 'student' has been writing CS papers since the mid '80s 
This reminds me of when someone on HN described both the authors as 'some Israeli CS students' 
Whatever you think about this particular paper, the authors are experienced researchers.
Seriously, the slight difference here makes your comparison less than flattering. This seems like some form of "damning with faint praise".
It takes a bad Googler to know a bad Googler.
I guess we're all just bad Googlers.
We should really brush up on our Googling.
Backwards that's "I hso tasto nmai" which is phonetic late R'lyehian for "Up yours Bernanke".
And that one too was quite poorly done; from the text, it actually seemed like they thought that "the blockchain" is a file stored on blockchain.info. Disappointing from the inventor of Shamir's Secret Sharing and differential cryptanalysis.
We acquired the complete state of the Bitcoin transaction system [...]
This required downloading 180,001 separate but linked HTML files [...]
following the links backwards to the zeroth block [...]
Each file was parsed in order to extract all the multisender/multireceiver transactions in it, and then the collection of transactions was encoded as a standard database on our local machine.
It's a lot easier to just get it from blockchain.info.
People seem to confuse that a lot. It's a badly named service at the best of times. I wonder how many legal requests the site will get from people believing they run Bitcoin.
"This site allows you to navigate the bitcoin blockchain (a database which holds information about all transactions)."
That really does make it sound like they are storing the centralized database for bitcoin.
Edit: changed "storing a" to "storing the" to clarify my point per gojomo's reply.
(They have some earned authority, by a record of useful service.)
Bitcoin isn't the simplest concept around. Unless you are in the business of packaging up bitcoin for non-technical consumers, I think it is reasonable to expect your users to bring some knowledge about bitcoin to the table.
Indeed, as I was reading the post I thought to myself "it couldn't be that Shamir, could it?" Oh.
The New World is built on the results of that generation of cryptographers, but they can't keep up.
Yeah, I'm more than a little bitter about the technologically illiterate being allowed to judge complex technology.
Meanwhile these guys are merely riding on the huge waves which that 'poorly researched' paper left in its wake, trying to catch some press-coverage-by-association with their shoddy research. I'm failing to see the irony here, this is apples and oranges stuff. Really seems like you just wanted to sneer at 'Bitcoin supporters'.
I mean that it was poorly researched. There was no definition of security, no mention of the vast body of related work in digital cash or secure multiparty computation, a weak security analysis, no mention of the fact that polynomial time attacks are usually considered to indicate that a system is not secure (one would think that a different security model would require at least some justification), and so forth. That is not the mark of a solid research paper; the fact that Bitcoin has become so famous or that people are making money with it has no bearing on the quality of Satoshi's own research.
The Bitcoin whitepaper does what it says on the tin, you're the one inventing criteria for it that it doesn't meet. The white paper is also remarkably readable, which is something you can't say for most academic works.
I don't think there is any way to get him to stop saying that bitcoin isn't an achievement and that it is a priori invalid because it doens't have a "formal security model."
1. It is irrelevant to this thread, because I was only talking about Satoshi's paper.
2. It is not the sort of security people demand out of other cryptosystems. There is a reason nobody uses this:
That is because no falsifiable claims were made.
(Edit: Strictly speaking, this is not true. Falsifiable claims were made; this, for example:
An attacker can only try to change one of his own transactions to take back money he recently spent.
This claim has already been falsified: an attacker who can control the block chain can also selectively deny transaction verifications and prevent miners from receiving the mining reward.)
"you're the one inventing criteria for it that it doesn't meet"
No, I am just stating the criteria that determine how well-researched a paper is. If a paper does not cite the relevant previous work, it is poorly researched -- that is the standard that every other paper is held to. If a cryptography paper does not have a well-formed or clearly articulated security definition, it is poorly researched -- that is the standard other cryptography papers are held to. If a security paper breaks from widely accepted notions of security but never bothers to justify that, it is poorly researched. These are not unheard-of criteria, these are standard fare.
"The white paper is also remarkably readable"
What is your point? Readability is orthogonal to how well-researched a paper is.
This is elevating form above substance. Ron & Shamir's work has the proper form, the proper names, and yet the material it contains is rubbish. It cites "relevant previous work", so long as you think that none of the work in industry is relevant.
The gold standard should not be if a work follows a set of practices, advisable as they may be, it should be if a work advances the understanding of mankind. One of these papers did, the other does not.
G. H. Hardy said that his most important contribution to the study of mathematics was the discovery of Ramanujan. One could easily make the mistake of thinking this contribution could have been easily replicated by someone else, but its entirely likely that never would have happened at all because Ramanujan was not aware of much of the contemporary work that he blitzed past.
Block ciphers do have security definitions; what AES lacks is a rigorous proof that it satisfies the definition of security for a block cipher. There are different definitions for different notions of security, but that does not mean there is no security definition. It is also untrue to suggest that security parameters are fixed in practice; this is certainly false for public-key cryptography, but Rijndael was designed to support arbitrary parameters, as are many other practical block ciphers and hash functions.
"Coming up with a good security definition is hard, the 2013 Turing award was given for one."
Not one definition, but several definitions and an entire paradigm for definitions. The work also set the groundwork for proving that cryptosystems and cryptographic constructions meet such definitions.
Really, the importance of having a security definition cannot be understated. Without a security definition, you cannot have any falsifiable claims about security. If I claim a system without a definition is insecure, you can always refute me by claiming that the system was never designed to defend against my attack -- which is technically correct, because without a definition the system cannot be said to be designed to defend against any attacks.
Also, note that I did not say that Satoshi failed to give a good security definition for Bitcoin. What I said is that Satoshi failed to give any security definition. If Satoshi had given an unrealistic or otherwise bad security definition, then we could have a productive conversation about the definition and about whether or not Bitcoin satisfies it.
"I think it will take a long time before we get a realistic security definition for Bitcoin."
The thing is that we do have realisitic security definitions for digital cash -- the definitions just happen to rely on the existence of a central authority that issues the currency, which is a deal-breaker for the Bitcoin community.
That brings the frontrunners of Bitcoin in a predicament.
On the one hand they are often libertarians and very happy with the succes of Bitcoin. On the other hand, getting in early gives them some windfall gains, and law enforcement will go after them, since many of the real criminals using Bitcoin will remain elusive to them.
A little tidbit that will hit any of them sooner or later: did they properly file their taxes on the Bitcoins they mined? Trammell just admitted holding 800K$ worth of Bitcoins. Where did they come from? (Mining, I know, but those lawsuits will get hairy, because lack of knowledge.)
Well, no. He admitted to holding an amount of Bitcoins that would now be worth 800k. At the time he transferred them they were worth a 20th of that amount.
More people see that having financial privacy is a good thing, and trust in bitcoin grows.
This could also have a maybe unintended consequence of increasing equality, because some people, knowing who has the most bitcoins, might act to decrease the influence they feel is too large by, for example, choosing alternative product or service to use or buy. We see this effect already with people feeling that corporations like Google have grown too big and some go out of their way to not use their services.
I think someone should do a quantified textual analysis of posts to to derive some sort of written language fingerprint for each author on the Cryptography Mailing List. Has anyone been able to derive a unique fingerprint of written language that accurately predicts the identity of the author? Has an analysis like this been done and come up empty?
A copy of the original pdf would also be really helpful. Not the one that md5 hashes to d56d71ecadf2137be09d8b1d35c6c042 please.
Here is some content in return: http://diyhpl.us/~bryan/irc/bitcoin-satoshi/
I am secretly hoping that Satoshi (and many others like him) really were lurking throughout the entire cypherpunk history, because it plays well into the cyberpunk fantasy unrolling in my head.
Now there is one Wikipedia article http://en.wikipedia.org/wiki/Proof-of-work_system started by 'Julian Krause', so Satoshi might be Julian Krause.. ;)
He didn't do anything illegal so why should anyone try to uncover his identity even though he's chosen anonymity for himself?
What if Satoshi were a NSA stooge and the algorithm had currently-unknown weaknesses that would allow a selected group of in-the-know people to generate BC at rates much higher than regular miners?
Cryptography does not lie, but we often don't know what (or how) to ask the right questions. Satoshi's identity could help shape those questions.
And even if no one did, it is obvious that the person/organization that started the whole thing would have the highest profit by definition without the need of any backdoor.
Just look at how many Bitcoins Satoshi made at the start, when competition and mining difficulty was low.
But yes, I share your concerns, since it could be a pyramid scheme.
The one that starts it profits the most, everyone that enters the game later earns less but hopes that the value increases as long as more and more new players are joining.
And this currency is deflationary by design, which obviously helps driving profit expectations for everyone. (why the hell would you want deflation in a currency? Deflation reduces circulation which defeats the purpose of a currency)
These kinds of analysis are usually more "fuzzy" than "unique" and "accurate". And can be easily fooled if you are trying to remain anonymous. Especially in the case that Satoshi isn't a single person.
I would imagine the FBI amongst other Government organisations and figures would love nothing more than to pick Satoshi's brain (by force if need be) if his or her identity were to ever be truly revealed. We won't ever know who the real Satoshi is.
I can make baseless and factless accusations as to who I think Satoshi is as well. I think it's Al Gore, he invented the Internet after all.
If it's part of a policing effort, then it's obviously part of the UN, which according to Tim LeHaye, rules over the United States with an iron fist and is where the shadow government of totally-not-Jews would do exactly this kind of thing.
The only name I have for that is New World Order.
If Bitcoin is a targeted strike against China somehow (not completely impossible), then the CIA is the likeliest candidate. Otherwise, of the USGov national agencies, the NSA is most likely.
The FBI doesn't really get anything out of it. The only reason I can think of for the FBI to do it is for paying off informants anonymously. (And as I've pointed out before, if anyone's an expert on money laundering, it's the FBI.)
1,600,000.00 bitcoins can be sold for 35,066,701.01 USD on Mt. Gox with a slippage of 1,544,789,298.99 USD (97.78%)
222,043.14 bitcoins (insufficient bid volume) can be sold for 15,395,973.27 USD on Bitstamp with a slippage of 1,493,404,026.73 USD (98.98%)
They should include revelation in their will. For history's sake if nothing else.
I suspect it's just very easy to get funding for Bitcoin related research right now because it's a hot topic, but that would be a much more fun explanation...
Whether that counts as "rich" is a matter of perspective, I guess.
As I understand it those are offers to buy that are on the market right now, so you could execute the trades instantly.
rune@rune-desktop:~/Programming/scripts/bitcoin$ ./depth.py 1000
1000.00 bitcoins can be sold for 956,782.15 USD on Mt. Gox with a slippage of 28,317.85 USD (2.87%)
1000.00 bitcoins can be sold for 922,365.80 USD on Bitstamp with a slippage of 18,434.20 USD (1.96%)
1000.00 bitcoins can be sold for 864,201.16 USD on Bitfinex with a slippage of 76,548.84 USD (8.14%)
44.38 bitcoins (insufficient bid volume) can be sold for 22,951.93 USD on Kraken with a slippage of 964,703.67 USD (97.68%)
rune@rune-desktop:~/Programming/scripts/bitcoin$ ./depth.py -c EUR 1000
1000.00 bitcoins can be sold for 697,614.73 EUR on Mt. Gox with a slippage of 17,392.27 EUR (2.43%)
No orderbook for BTCEUR on Bitstamp
No orderbook for BTCEUR on Bitfinex
81.19 bitcoins (insufficient bid volume) can be sold for 52,229.71 EUR on Kraken with a slippage of 679,770.29 EUR (92.86%)
It is also possible that satoshi is a group of people and not a person.
Lastly, the idiosyncratic nature of someone who spends their time on crypto mailing lists and making crypto currency is likely to take privacy seriously for its own sake.
A better question might be, why would satoshi want to be found out?
Since Satoshi seems to be heavily influenced by cypherpunk community, maybe it really is one person who just wanted the bitcoin really work and made everything that's the best for the currency? If so, one day, when bitcoin or it's derivative will be a thing on which the world economy depends, he will be the man of the year. Maybe he will even disclose his identity, since that will not have an effect on bitcoin itself any more.
Also, Satoshi mined ~1.5M BTC, now "worth" over $1B.
The 1.5M claim is bullshit, however. People come up with these gigantic numbers by claiming that all coins unspent mined in the first year (or all coins mined in the first year at all!) were Satoshi. This is known to be untrue because there are many other people who mined in the first year and have coins unspent (or lost!) from then.
Would that Satoshi want to be identified?
Similar problems as OP's have been noticed with non "post-journal open access publishing model". That's generally called "science by press conference" now - the most famous case was the arsenic life paper, which was published in Science, a "traditional" journal, and then later retracted after their press conference before the publication generated a huge buzz (and two later papers contradicted their findings).
This isn't a problem that's caused by open access or new publishing models.
I hope they also apologized.
In other words, "we're covering our asses so we don't have to retract, but we're expert and relevant to this bitcoin thing."
And anyone who knows one of the subsequent addresses those coins touched in the blockchain. Of course, it also doesn't really matter who they went to.
What does that mean?