Press J to jump to the feed. Press question mark to learn the rest of the keyboard shortcuts

Craig Wright's signature is worthless

Posted by3 years ago

Craig Wright's signature is worthless

JoukeH discovered that the signature on Craig Wright's blog post is not a signature of any "Sartre" message, but just the signature inside of Satoshi's 2009 Bitcoin transaction. It absolutely doesn't show that Wright is Satoshi, and it does very strongly imply that the purpose of the blog post was to deceive people.

So Craig Wright is once again shown to be a likely scammer. When will the media learn?

Take the signature being “verified” as proof in the blog post:

Convert to hex:

Find it in Satoshi's 2009 transaction:

Also, it seems that there's substantial vote manipulation in r/Bitcoin right now...

87% Upvoted
This thread is archived
New comments cannot be posted and votes cannot be cast
Sort by
level 1
283 points · 3 years ago · edited 3 years ago

This is just really bizarre. Why did he go to the trouble to write that post on "verifying" the signature without providing a valid signature any where on the page? I first thought the base64 encoded string at the top was the real signature but all it decodes to is: "Wright, it is not the same as if I sign Craig Wright, Satoshi."

Simple code to show the sig is the same as the sig in TX: 828ef3b079f9c23829c56fe86e85b4a69d9e06e5b54ea597eef5fb3ffef509fe:

import base64

import binascii

x = base64.b64decode("MEUCIQDBKn1Uly8m0UyzETObUSL4wYdBfd4ejvtoQfVcNCIK4AIgZmMsXNQWHvo6KDd2Tu6euEl13VTC3ihl6XUlhcU+fM4=")


3045022100c12a7d54972f26d14cb311339b5122f8c187417dde1e8efb6841f55c34220ae0022066632c5cd4161efa3a2837764eee9eb84975dd54c2de2865e9752585c53e7cce (which is the same sig used in -- which can be decoded here -- note the input script hex)

This outcome is just incredibly strange. Did he expect to convince us with that article or that no one would notice? Not sure what's going on here but I'd really like to know ...

He apparently gave cryptographic proof to multiple different people. Where is said proof?

Edit - other possibilities:

  1. Gavin might have been hacked.

  2. The article might not have been intended as proof but a protocol for journalists to verify his claims (though its strongly implied that he's signing the Sarte text but maybe the sig in the article was intended as an example.)

  3. Gavin might have been tricked (but the post seems to imply that he at least verified the signatures himself - so where are they?)

  4. Gavin is a liar (I'd like to believe this isn't true.)

Update: Gavin's commit access just got revoked. It seems I'm not the only one who thinks Gavin might have been hacked.

Update: I hate to say it but its looking like Gavin was tricked.

level 2
61 points · 3 years ago

I posted this in another thread, but I think there's a good chance that the "bug" in his script is actually designed to fool people who think they're watching him verify the signature in person, which is how this guy "verified" himself to people.

-- The way his script is witten, it looks like it verifies the data the file path "$signature" which is the second command line parameter.

But in fact, it reads from a file referenced in the variable"$signiture"

So, if you were demoing this to someone you could do

cat whatever.txt

EcDSA.verify output whatever.txt pub.key

the contents of "whatever.txt" would be output to the screen when you run cat, but openssl would actually read a completely different file, whatever you'd set the $signiture environment variable too

level 2
32 points · 3 years ago

The article might have never been intended as proof but a protocol for journalists to verify his claims.

That's sort of the impression he seems to be giving, now that I re-read it. But, again, why not just publicly prove it instead of only demonstrating it to a select few people?

level 2
69 points · 3 years ago

The intent is obviously to obfuscate and to fool as many people as possible as quickly as possible.

level 2
8 points · 3 years ago

As an aside, you don't need to import anything.

level 2
33 points · 3 years ago

He is maybe shorting the market.

level 2
13 points · 3 years ago

5: Gavin is Satoshi, trying to throw us off track :)

level 2
18 points · 3 years ago

Great, core needed an excuse to remove Gavin, and now they got it.

level 2
10 points · 3 years ago

maybe someone can just call/mail Gavin and ask? o.O?!

level 2
3 points · 3 years ago

Gavin could have been blackmailed.

level 2
3 points · 3 years ago

. 5. Gavin teaches us a lesson: "Don't believe authority (not even me!), only believe cryptography".

And to prove that this lesson-teaching was made up well in advance, he'll accordingly provide proof-of-existence of a statement written sufficient time in advance that clarifies the whole social experiment about Craig & Satoshi.

level 2
2 points · 3 years ago

n00b here:

Why are we using OpenSSL to verify PGP signatures?

level 2
2 points · 3 years ago

I just realized that Satoshi Nokomato also had a bitcointalk account that hasn't been active since December 2010. If it suddenly had a message saying 'I am Craig Wright', that would convince me.

More posts from the Bitcoin community
Continue browsing in r/Bitcoin
A community dedicated to Bitcoin, the currency of the Internet. Bitcoin is a distributed, worldwide, decentralized digital money. Bitcoins are issued and managed without any central authority whatsoever: there is no government, company, or bank in charge of Bitcoin. You might be interested in Bitcoin if you like cryptography, distributed peer-to-peer systems, or economics. A large percentage of Bitcoin enthusiasts are libertarians, though people of all political philosophies are welcome.




Created Sep 9, 2010
Cookies help us deliver our Services. By using our Services or clicking I agree, you agree to our use of cookies. Learn More.