Craig Wright has failed to prove that he is Bitcoin's creator, Satoshi Nakamoto. This article will explain technical facts that show how Craig Wright has not offered any conclusive evidence that he is Satoshi Nakamoto. Furthermore, Craig Wright's self-published verification script reveals the he had played a clever deception, but had not been smart enough to hide it from even cursory technical scrutiny.
This article explains several proofs that debunk Craig Wright's claims that he is Satoshi Nakamoto. It has recently become apparent that Satoshi Nakamoto was (and still is) a team of individuals. Wright may be a member of the team, but his claim is singular, and this is the claim being refuted below.
The definitive finding is that Craig Wright has not proven key ownership, and that the verification script he used (and self-defeatingly published) contains a deception that may have fooled non-technical journalists, but that is apparent to the average command line user.
Proving Private Key Ownership
Various tools allow us to generate public-private key pairs. You keep the private key secret. Public keys are ordinarily published to key-servers distributed across the internet, or can be included in a web page or email. Anyone can download anyone else's published public key.
The procedure for proving private key ownership involves a simple standard task. Someone sends you a message, you sign it with your private key, return the signed message to the sender who is then able to verify your private key signature with your corresponding public key.
Craig Wright has avoided this self-evident, simple procedure at every request.
Instead he has opted for a complicated process of verifying signatures via raw command line tools. In private demonstrations to journalists at the BBC and The Economist, Craig Wright signed a message provided by himself and then verified its signature, again by himself, in front of his audience.
Based on these demonstrations, to convince his non-expert audiences, the interviews could then proceeded: "So, you have proven that you are Satoshi Nakamoto... Why do you choose to reveal yourself now?"
Non-technical readers (or viewers) are coaxed into believing the revelation based on the quick opening scene where the BBC's and Economist's authority establishes that Craig Wright has proven that he is Satoshi Nakamoto. In the absence of any public proof, the reader can only assume that the privately demonstrated evidence was credible, else why would the interview with Craig Wright (as Satoshi Nakamoto) proceed?
Technical scrutiny reveals that the supposed evidence is not evidence at all.
Wright used amateur magician tactics to distract non-technical or non-expert staff of the BBC and the Economist during a stage-managed demonstration.
- patio11 (Github)
Undisclosed Sartre Text, Signature Reuse
In his blog-post released around the same time as the BBC and Economist announcements, Craig Wright offers a long-winded explanation of signature verification. His verification example presents a technical anomaly that was first identified by Reddit user JoukeH and outlined at ycombinator.com. Craig Wright's chosen source material (an article in which Jean-Paul Sartre explains his refusal of the Nobel Prize), surprisingly, generates the exact same signature as can be found in a bitcoin transaction associated with Satoshi Nakamoto.
The likelihood that a private key will generate two identical signatures when signing two different sources - a Bitcoin transaction on the one hand, and a Sartre text on the other - is so infinitesimally small that it is unlikely. That such a collision will occur in this awkward moment seems implausible. The only remaining explanation is that Craig Wright's alleged ownership of the Satoshi Nakamoto's key is a deception.
Wright provides the following signature filed [sic] for an undisclosed portion of Sartre's text:
To verify it, convert from base64 to hex:
Wright saves the decoded base64 in a misspelled signiture.der file (more on that in a minute), but as discovered by JoukeH, the resulting hexadecimal signature is identical to one found in Bitcoin block 258. The (script) signature is identical to the command line output above and is underlined in orange near the bottom:
The implication is that either Craig Wright has stumbled upon an infinitesimally rare occurrence of an SHA256 collision, or that he had used the signature from block 258 to reverse engineer a hash (the first shown in his blog demonstration) and hoped that nobody would notice. ycombinator user JoukeH noticed.
Craig Wright does not provide the source text of the Satre article he claims to have signed, so verification is impossible and the "proof" empty. Ryan Castellucci, in a technical post, finds Craig Wright's verification procedure to be highly irregular and refers to the deception as "digital slight of hand". In a Reddit response, Gavin Andresen calls the verification procedure "funky".
Verification Script Funky, Too
The following screenshot is from Craig Wright's blog post:
The script above is what Craig Wright says he used to verify his signature against Satoshi Nakamoto's public key, as proof to non-experts at the BBC and the Economist.
Note how a variable 'signature' (highlighted in red) takes input from the command line. Next, the signature variable is base64 decoded and written to a file, after which the actual verification is performed using OpenSSL.
At first glance, this seems like a valid verification process. However, note the spelling of the supposed second reference to the $signature variable. It is misspelled with an 'i': $signiture
To a script the two differently spelled variables are two different variables and the verification proof is, therefore, invalid: a deception that will seem to verify Satoshi Nakamoto's key signature but that is actually verifying whatever Craig Wright wants it to verify, in this case, the content of the environment variable $signiture.
Hiding His Deception In Plain Sight
Why Craig Wright has chosen to publish this deception is puzzling. Either he had blundered in his haste, or he wants to be "found out" now that the media sensation has convinced most of the world that he is Satoshi Nakamoto.
Craig Wright has not provided technical proof that he is Satoshi Nakamoto. He has avoided providing the most obvious proof. His complicated demonstration has merely re-used information relating to Satoshi Nakamoto that was already public.
When asked why he doesn't simply sign a message for someone else to verify, Craig Wright exasperatedly responds:
I’m not going to keep jumping through hoops.
As ycombinator user bambax remarks: signing a new message represents a small jump through a large hoop, compared to the elaborate process Craig Wright had blundered through.
Defer To Trusted Parties
The public is expected to believe non-public demonstrations of proof made to trusted authorities, and using a verification tool with a deception mechanism. But how did Craig Wright fool a technically adept Gavin Andresen?
A possible answer is that he used a similar deception to his verification script. Gavin Andresen's unconditional endorsement seems odd on the surface, but reading between the lines, he might also be a collaborator to the hoax - Craig Wright is, after all, talking about a blocksize of 300GB+ and that he intends to apply his authority to "tidying up Bitcoin".
Previous Proof Failure
Craig Wright initially attempted to prove that he is Satoshi Nakamoto in December 2015 but his proof was debunked when Greg Maxwell and others uncovered evidence that the public keys being used had presumably been tampered with.
Craig Wright took a few months to regroup and plan his Second Coming but has again failed to provide even one convincing piece of evidence to support his claim. In fact, Craig Wright has only managed to discredit himself:
1) By presenting an existing Satoshi Nakamoto transaction signature as a newly generated signature, Wright has ensured that his signature verifications are valid. Unfortunately for him, discovery of this fact (reuse of an existing signature), reveals that he does not provably own any of Satoshi Nakamoto's private keys, and why he avoids signing new messages - the standard and most trivial proof.
2) Publishing his verification script has revealed his digital slight-of-hand - his script can be fed information other than that which it pretends to verify, and thus produce a verification that appears valid.
Craig Wright's "proof" involves deception. Based on his actions and poorly manufactured evidence, Craig Wright is not Satoshi Nakamoto.
Long Live Satoshi Nakamoto! Long Live!
Bitcoin's decentralized and consensus-based design redeems it from ever needing a leader. Bitcoin challenges us to decentralize decision-making and to elevate our conception of consensus. That's why Satoshi tells us: we are all Satoshi.
Bitcoin doesn't need lobbying and leadership for it to continue to be useful - it only asks that we observe its Rule of Consensus.
Disclaimer: The views expressed in the article are solely that of the author and do not represent those of, nor should they be attributed to CCN.
Featured image from Shutterstock.