Post-Mortem Of A Con: To Be Satoshi Nakamoto or Not To Be?
The con is over. Dr. Craig Steven Wright will not provide proof he is Satoshi Nakamoto. While Gavin Andresen admits he might have been fooled, Jon Matonis stands behind Wright’s claim that he is Satoshi.
There won't be an on-chain signing from early bitcoin blocks, but there also won't be another Satoshi.
— Jon Matonis (@jonmatonis) May 5, 2016
Dr. Satoshi Exits the Building
The Economist, BBC and GQ broke May 2 that Craig Steven Wright, whose political views Julian Assange called “amaeteur” in a 1996 e-mail, has provided proof he is Satoshi Nakamoto, the inventor of Bitcoin. Experts doubted this claim based on the ‘proof,’ but Wright promised further “extraordinary evidence” to back his assertions.
Regardless, Craig Steven Wright, whose home was raided in December by Australian tax authorities as part of an ongoing tax investigation involving a $54 million tax refund, has yet to provide cryptographic proof that he invented Bitcoin. The ways in which he tried to prove his assertion that, in fact, he is Satoshi Nakamoto, furthermore, have seemed manipulative. For instance, Wright admitted to the BBC that he purposefully wrote a “convoluted” blog post. He could have simply provided the cryptographic proof the real Satoshi would have no problem providing.
“There are much better ways, and clearer ways he could do that by signing with his PGP key or the Genesis Block receiving key,” Trace Mayer, a lawyer and early Bitcoin investor, said on his Bitcoin Knowledge podcast. Moreover, this was not the first time Wright tried to fabricate evidence that he was the creator of Bitcoin. [Bitcoin developer], Greg Maxwell, disproved his last attempt by arguing Wright had backdated a PGP key. Realistically, if Wright is Nakamoto, he should be able to sign transactions on the Genesis Block.
“[That] would be much better than what we have seen” Jonas Schnelli, Bitcoin core developer, told Mayer in an interview. “[That] would be a very clear cryptographic proof that he could be the same person…But what he showed today [contains missing pieces] to the puzzle and it was proven by some crypto-analysts within one or two hours that this proof is almost worth nothing in terms of math and cryptography.” Mayer spelled out what Wright must do to prove he is truly Nakamoto.
“He needs to come up with a message – for example, ‘Craig Wright, Satoshi’ – and he needs to sign that message with the private key to the Genesis Block,” Mayer explained. “And also, sign the message with one of the PGP keys that is not backdated but that Satoshi used then we would have two different authentications based on the timing of when these keys would have been created.
“It would be extremely simple, even if he could sign something or sign a simple sentence with [Satoshi’s] PGP key. That would even be better proof.”
Wright’s assertions were backed by two main participants in the Bitcoin community: Gavin Andresen, the one to whom Nakamoto originally entrusted the Bitcoin source code, and Jon Matonis, an early Bitcoin writer at Forbes. Both are founding members of the Bitcoin Foundation. That foundation, a failed non-profit by any stretch of the imagination, was originally funded by Mt. Gox, whose beleaguered CEO Mark Karpeles currently sits in a Japanese jail. Former founding and board member Charlie Shrem is in jail for abetting illegal money transmission on the Silk Road.
That leaves Andresen and Matonis as the other founding members. Each claimed, though Andresen seemed less convinced than Matonis after a convoluted blog post by Wright appeared online, they saw cryptographic proof by Wright that he is Satoshi. ‘Proof’ has yet to be delivered to the public. The confusion cost Andresen his developer status on the Bitcoin core project. No proof obtained, it’s unclear whether Andresen will receive it back.
Before the fiasco, he had commit access to the Bitcoin core protocol, meaning he could propose updates to the protocol which would then only be implemented after the network agreed to download and run the new version. Bitcoin Core developers revoked it citing a “muddled environment” in the aftermath of Wright’s claims and Andresen’s support.
“His commit rights were revoked because there is a certain risk or possibility that he is hacked,” Schnelli, a Bitcoin core developer, told Mayer. While commit access doesn’t allow anyone to hack the Bitcoin code and change it, one with such access could create a mess of proposals which other developers would then have to clean up. One can imagine Andresen would receive commit access once more when Wright provides his cryptographic proof that he is indeed Satoshi.
There are, to be sure, other motives in revoking Andresen’s commit access; that is, his involvement in several projects seeking to fork (read: change) the Bitcoin code. Andresen has championed two different code forks – Bitcoin XT and the acid influenced Bitcoin Classic – to the Bitcoin protocol.
Trace Mayer told me: “For Matonis or [Andresen] to not retain cryptographic proof of Wright’s assertion is either intentional complicity in deception or grossly negligent and the only way such credibility damage might possibly be rectified, if it even can be at all, is if solid cryptographic proof is provided.” Andresen has stated he is assured beyond reasonable doubt that Wright is Nakamoto.
“He fits the style of person I was working with,” he said. “He can also say things that sound, at first, ridiculous…After spending time with him I am convinced beyond a reasonable doubt: Craig Wright is Satoshi.” The Economist, one of the chosen papers, left room for doubt in Wright’s claims.
“We are not so sure. Although they are not completely satisfactory, Mr Wright provided credible answers to the questions which were asked of him after he was outed last year. He seems to have the expertise to develop a complex cryptographic system such as bitcoin. But doubts remain: why does he not let us send him a message to sign, for example? Perhaps he has access only to one proof: the real Mr Nakamoto could have used the Sartre text to prove his identity to one of his peers and this proof is now being used to show that Mr Wright is Mr Nakamoto. Mr Wright could have used his supercomputer to calculate the signature for this particular text in what is known as a “brute-force attack”. And then, as mentioned before, there is always the possibility that he could have obtained the keys from someone else, perhaps [early Bitcoin participants] Hal Finney or Dave Kleiman. Since both are dead, they cannot be asked.”
Cryptography experts bemoaned the lack of fact checking done by BBC, The Economist, and GQ. Since cryptographic data is easily verified with the right knowhow, why would these major publications not invest no time towards proving or disproving Wright’s “proof”?
“I don’t get why we are not looking at the facts,” Schnelli said. The publications, since they’ve been sitting on the information since December, had plenty of time to verify the claims. So, why didn’t they?
The information could have been proven in minutes and experts could conclude for sure within two hours whether or Wright was Satoshi. Wright could have used a website like Bitcoinocracy.com, where one can sign messages backed by a private key, a public key and a message, such as: ‘Craight Wright, Satoshi
In short, the methods of Wright have cast doubt on his assertions – even in Matonis and Andresen, who at one time or another had been totally convinced by Wright. Dan Kaminsky, well-regarded American security researcher, wrote of an e-mail exchange he had with Andresen, where Andresen seemingly backs off that he believes “Craig Wright is the person who invented Bitcoin.” As Kaminsky details:
“What is going on here?” Kaminsky wrote to Andresen. “There’s clear unambiguous cryptographic evidence of fraud and you’re lending credibility to the idea that a public key operation could should or must remain private?”
Andresen replied: “Yeah, what the heck? I was as surprised by the ‘proof’ as anyone, and don’t yet know exactly what is going on.
“It was a mistake to agree to publish my post before I saw his– I assumed his post would simply be a signed message anybody could easily verify.
“And it was probably a mistake to even start to play the Find Satoshi game, but I DO feel grateful to Satoshi.
“If I’m lending credibility to the idea that a public key operation should remain private, that is entirely accidental. OF COURSE he should just publish a signed message or (equivalently) move some btc through the key associated with an early block.”
I personally exchanged e-mails with Kaminsky, who has no problem calling Wright a “con man.” I also spoke with Michael Perklin, a blockchain-focused security expert. He asserts there was never publicly-available proof that Wright is Satoshi. He takes it further: “All of the available facts are covered with cognitive dissonance that casts doubt on his claim.”
He continues: “[Nakamoto] wrote a trustless system that allows people to carry out transactions without the need for any trusted third party. Why, then, did he announce his proof in a way that required trust in Gavin and Jon?”
Perklin casts doubt on the circumstances surrounding the early days of Bitcoin and Wright’s public assertions.
“Satoshi Nakamoto trusted Gavin enough to transfer control of his open source project to Gavin, which took a lot of faith,” Perklin told Bitcoinist in a written e-mail statement. “He also trusted Gavin to be on the security mailing list and receive/address security notifications/vulnerabilities with Bitcoin, and to hold the broadcast key. Why, then, did Craig Wright not trust Gavin to hold a digital signature for a few days during a press embargo?” Perklin also highlights contradictions in Wright’s actions. For instance, Wright claims he provided proof in the way he did to protect his privacy.
“Why, then,” Perklin questions, “did he announce his identity in the first place? Why go on a BBC interview? If you were identified as Satoshi in December, got your 15min of fame, and then were forgotten, why resurface when you want to be left alone?” This sort of behavior does not fit the behavior profile of the individual who wrote as Nakamoto in the early days of Bitcoin.
“He used [extreme amounts of patience, discipline, and reasoned/tempered thought processes] to remain anonymous despite numerous opportunities to bask in the limelight,” Perklin reasons. “He asked many early adopters to refrain from advertising Bitcoin because he felt Bitcoin wasn’t yet ready for mass adoption. Craig Wright strongly implied he was Satoshi Nakamoto on a panel, apparently back-dated blog posts, and seems to have taken steps to purposely place himself in the spotlight. These two sets of personality traits are not consistent.” Still, Perklin found other facets of the claims most bizarre.
“[Nakamoto] built a protocol that made use of multiple cryptographic digest algorithms and novel uses of public key cryptography to build bitcoin,” Perklin elucidates. “He clearly understood cryptography thoroughly. Craig Wright seems to have produced a digital signature to “prove” his identity that is a direct replay of one of Satoshi’s old transactions. Surely Satoshi would know that a replayed signature would not stand up to independent scrutiny.”
Wright promised “extraordinary proof.” Perklin promised to independently verify the proof himself “using repeatable and publicly auditable cryptographic methodologies.” Perklin planned to look at one aspect specifically. He won’t get the chance. He told me before Wright disappeared:
“I look forward to seeing which key he chooses to use so I can compare the nonce value of the block that paid the block reward to see if it fits the well-documented patterns created by Satoshi’s mining rigs,” Perklin imparts. “This type of publicly auditable validation is the only validation that I believe Satoshi would accept, and is the only one that would convince me.”
Nakamoto walked away from the Bitcoin project in 2011. Some believe he grew nervous once Wikileaks began accepting Bitcoin donations when major payment processors cut off the whistleblower organizations’ service. Andresen suspects it could have had something to do with his briefing the Central Intelligence Agency on Bitcoin around the same time.
There are still other bizarre aspects to the story. For instance, when Wright first claimed he was Satoshi, he said he invented it with a friend, Dave Kleinman. Kleinman, a Palm Beach County, Florida-based computer forensics expert, died in 2013 from complications of MRSA and never cashed out his Bitcoin position.
Kleinman, an Army veteran and paraplegic, was a computer wizard. He occasionally appeared on national TV networks for computer forensics and security interviews. Despite his knowledge of computers, a skill in demand in the early nineties, he worked as a Palm Beach County Sheriff, citing his dream to work in law enforcement.
A 1995 motorcycle accident left Kleinman handicapped and bound him to a wheelchair. He received tireless computer training, and became known as “Dave Mississippi” thanks to the many three-letter certifications after his name. He has appeared on CNN and ABC, and authored books on perfect passwords, security threats for business, and other aspects of computers. Kleinman contributed to security mailing lists, including metzdowd.com, which Nakamoto used to first introduce Bitcoin. In Late 2010, months before Nakamoto ceased contributing, at least openly, to Bitcoin’s code, Kleinman fell in the shower and would spent most of the rest of his life in medical treatment centers. Kleinman continued his work, returning to his computer soon after his many surgeries.
The first version of the Bitcoin software was released in 2009. Wright supplied Gizmodo with an e-mail he supposedly penned to Kleinman in the months before the Bitcoin paper was published: “I need your help editing a paper I am going to release later this year. I have been working on a new form of electronic money. Bit cash, Bitcoin…” it reads. “You are always there for me Dave. I want you to be a part of it all.”
Kleinman’s colleagues, though skeptical their friend invented Bitcoin, believe he had the skills to do so. Kleinman was known as a private person, generally, and his friends used “compartmentalized” and “genius” to describe him. Kleinman’s health deteriorated, and he passed away in 2013.
The Palm Beach County Medical Examiner’s Office documented a ghastly scene upon finding Kleinman’s decomposing body, including a loaded handgun and a bullet hole in his mattress, but no ammunition casing. Nobody knows who fired the gun or cleaned up the casing. The official cause of death is natural, complications from MRSA.
Rory Cellan-Jones, BBC technology writer, explained the ultimate outcome of Wright’s outrageous claims:
“Here’s what happened. On Monday evening, I suggested to Wright’s PR firm that if he could send me a fraction of a coin from an early Bitcoin block – which of course I would return – that might show he had Satoshi’s keys. But Wright’s team came up with a different plan on Wednesday afternoon. They sent me a draft blog in which he outlined a scheme that would see Matonis, Andresen and the BBC all send small amounts of Bitcoin to the address used in the first ever transaction. Then he would send it back, in what would be the first outgoing transactions from the block since January 2009. We went ahead with our payments – I sent 0.017BTC (about £5), which you can still see in the online records. Matonis and Andresen sent similar amounts. Then we waited. And waited. Then my phone rang – with the news that the whole operation was “on hold”, with no reason given. Eighteen hours later we are still waiting for the payments to be made – and now Wright’s new blog says that is not going to happen.”
So, ultimately, Craig Steven Wright scammed Jon Matonis, Gavin Andresen and the BBC for 15 pounds.
It may matter to some people who Satoshi is. Regarding the functioning and development of the underlying Bitcoin network, though, it is largely irrelevant who Satoshi is.
Images courtesy of Forbes, The Rise and Rise of Bitcoin Documentary.