The post linked to in the OP is an excellent explainer for those who aren't familiar with the process of signing a message using a Bitcoin address' private key:
<pedantry>
Well, but he's not really "cryptographically provable" con man. It's just that, if he were not a con man, his innocence would have been cryptographically provable. Right?
</pedantry>
Maybe not just pedantry ... there were serious discussions on a previous thread that he's really Satoshi but is intentionally deflecting so that a close inspection makes it seem as if he's not. Doesn't seem likely to me, though.
That's exactly what makes this cool! Since we know the signed hash is a chunk from the Blockchain that is most assuredly not Sartre, we also know with cryptographic certainty that Wright does not possess a copy of Sartre with that hash. That would be what's known as a preimage attack -- given the hash from the Blockchain, find another SHA256 file with that hash. Wright could not even generate a malicious Sartre document with that property, without having executed a much larger crypto hack than Bitcoin itself.
here[1] is the text that he claims he signed. I wasn't able to tweak it in any reasonable way to make it match the supposed hash. You can give it a go if you want.
Good on Dan for being a voice of reason and collecting the findings of reddit/hn/#bitcoin into a central location. And as he says, good on Gavin for being equanimical despite the vitriol being thrown his direction from some quarters. The only thing to do now is to watch this play out... and I hope it does continue to play out, rather than Craig just going silent again. That would be much less exciting.
Craig is Satoshi, and people were on the verge of discovering that. So, smart as he is, he decides to reveal he is Satoshi, but in the worst way possible, so people thinks he is a fraud, and hence making sure he is off the radar for good and ever.
Maybe whomever started Bitcoin lost any record of their early mining efforts. It's either that, or they're walking away from several hundred million dollars. Or they're dead.
Might have never stored the private key they mined to in the beginning. (I can see why someone with a specific ethic might start the currency that way---especially if they were still optimizing for bitcoin to take off at all, similar to avoiding pre-mining.)
It would be better to transfer the money publicly later to destroy the key. I think accidentally or non-provably losing the key to this is the worst possible thing -- no one can believe you, so they have to act as if you have the money, but you don't have control of it to do anything with it (including verifiably destroy it.)
Except everyone involved in Bitcoin's creation was aware of about 20 years of precedent and discussion about these kinds of issues -- http://cypherpunks.venona.com/ -- so it wasn't really hindsight
Not everything (hashcash, some of Wei Dai's stuff, etc.) -- but I was more referring to how to do tests/proofs in mutually-distrustful environments, not the protocols themselves.
Bitcoin was exceptional in a lot of ways -- most importantly, getting traction! -- decentralization, the ramping up, etc.
I'm interested in more of your perspective here. I was around back in the Mojo Nation era as something of an observer, but there's lots maybe I didn't see.
The good stuff was always buried deeply on threads, and mainly pre 1996. I should do something better with the archives to pull out the specific good stuff.
What's puzzling here is that Wright proceeds with his charades as though he somehow knows the real Satoshi will not emerge to call him out on it. (There is some precedent for this: a long-dormant account controlled by the real Satoshi stirred to disclaim the identity of Dorian Nakamoto in 2014. http://www.forbes.com/sites/kashmirhill/2014/03/06/bitcoin-c...)
If Satoshi disclaimed the identity of D. Nakamoto in 2014, why wouldn't he disclaim the identity of Craig Wright today?
I do not believe, for an instant, that Wright is Satoshi. But given the history, it seems plausible that Wright might have once been in the know as to Satoshi's true identity. Should he know the real Satoshi(s) to now be absent, it would likely embolden him to undertake this scam...
>If Satoshi disclaimed the identity of D. Nakamoto in 2014, why wouldn't he disclaim the identity of Craig Wright today?
One reason he might disclaim Dorian is that he simply wanted the poor man left alone. The claim that Dorian was the creator of Bitcoin was not only completely ridiculous on its face, but also a huge intrusion in the life of a clueless old man.
Wright has brought a bunch of ridicule upon himself, but it's his own fault.
It probably wasn't the real Satoshi that posted the comment on that site.
His @gmx.com email account had been compromised so it's very possible the poster gained access just by issuing a password reset. Some old CMS systems also issue generated passwords sent to your email upon registration, so the password could have been obtained that way as well.
The GMX account password could be reset by knowing the accounts date of birth. The p2p foundation site leaked the date of birth used by the account there.
(the date used was the day of the year that eo6102 made private gold ownership unlawful, and 1975-- when it became lawful again)
Given that he has the balls to attempt to pull off this kind of con which is transparent to anyone with half a clue, I doubt that the knowledge the real Satoshi could discredit him would weigh that heavily.
"If Satoshi disclaimed the identity of D. Nakamoto in 2014, why wouldn't he disclaim the identity of Craig Wright today?"
If I were Satoshi, I really wouldn't like to make a precedence to come forward whenever some clown claims he's Satoshi. As jere mentioned, the first time (Dorian case) Satoshi probably felt pity for an old man.
> If Satoshi disclaimed the identity of D. Nakamoto in 2014, why wouldn't he disclaim the identity of Craig Wright today?
What if he knows the real Satoshi and that the real Satoshi wouldn't out him? For example he knows that the real Satoshi is deceased and/or won't come forward.
The one theory I've seen that makes it make sense is that Dave Kleiman was the real Satoshi Nakamoto. Kleiman died in 2013. Wright is trying to set up a claim on hundreds of millions of dollars of bitcoins, if they can ever be recovered from Kleiman's effects.
Someone posted on his P2P Foundation account back in March 2014 during the Dorian Nakamoto fiasco. I'd think it's very unlikely at best that Kleiman is Satoshi based on that alone.
That would be Wright's second choice for what to get you to believe. But as I see it, Kleiman doesn't have nearly the credentials to be Sakamoto. He was well-informed on cryptography - for a policeman, which is what he was.
There are only a handful of people in the world who can reliably design crypto protocols and have them not fail disastrously in practice. It's not something you do correctly at first try, so you can limit your search to academics who have published research on digital cash systems. You can count those people on one hand (and rule out most).
Dave Kleiman isn't one of them, he only wrote stuff on forensics (hard drive wiping and stuff).
I've read the original bitcoin paper, as well as thousands of academic papers, and written a few myself. The author of the bitcoin paper was clearly not an academic. They have an understanding of the form and style of academic writing. But they do things like include in the the source code for a c++ program to carry out an auxilary calculation. An academic would not have included that.
Kleiman has a plausible background for this. He was an obsessive self-learner, collecting professional certifications like baseball cards. He was familiar with academic writing but not an academic, familiar with programming but not a professional developer. He was active on many security and crpytography oriented mailing lists, including the metzdowd list where bitcoin was introduced.
Yes, it is pretty amazing, if Kleiman is the guy, that his first and only shot at introducing a cryptosystem had no major flaws. But that part would be amazing from just about anyone.
I find it a lot more plausible that someone can adapt their style to their audience. Satoshi wasn't selling an academic idea, but a practical implementation which he hoped people would use. It's a lot more natural to include source in such a thing.
But that part would be amazing from just about anyone.
Thing is, you don't have to assume it if you posit that Nick Szabo, Wei Dai, or Hal Finney - or some combination of them - wrote it. They were working on a very closely related concept, Bit gold. Szabo's Bit gold paper may be the academic counterpart to Satoshi's technical white paper directed at the crypto mailing list community.
It's also plausible, but more farfetched, that a senior cryptographer like David Chaum could have done it. This would still be impressive, since they would have had to have done the groundwork in secret (unlike if it's Szabo and friends, in which case it would be in public in the form of the Bit Gold stuff). But someone like Kleiman - no.
http://blog.erratasec.com/2016/05/satoshi-how-craig-wrights-...