Press J to jump to the feed. Press question mark to learn the rest of the keyboard shortcuts
Posted by
3 years ago
This thread is archived
New comments cannot be posted and votes cannot be cast
Sort by
level 1
Gavin Andresen - Bitcoin Dev290 points · 3 years ago

Craig signed a message that I chose ("Gavin's favorite number is eleven. CSW" if I recall correctly) using the private key from block number 1.

That signature was copied on to a clean usb stick I brought with me to London, and then validated on a brand-new laptop with a freshly downloaded copy of electrum.

I was not allowed to keep the message or laptop (fear it would leak before Official Announcement).

I don't have an explanation for the funky OpenSSL procedure in his blog post.

level 2
98 points · 3 years ago · edited 3 years ago

brand-new laptop

I was not allowed to keep the message or laptop

so the laptop was provided by him? and he took your usb stick?

edit: from the wired story:

Andresen says an administrative assistant working with Wright left to buy a computer from a nearby store, and returned with what Andresen describes as a Windows laptop in a “factory-sealed” box.

I'm sad. I'm really really sad.

level 2
55 points · 3 years ago

For future reference, here's a safer way to give proof without the possibility of leak: First, on your own system separate from anything that has ever been near the claimant, generate a private key. Encrypt that private key with the key the claimant says they are in possession of. Then send it to them. Request that they sign a specific message (i.e. yours above is fine) with the private key. Done. You now have nothing that you can leak but have been completely convinced. Once you tell them you are satisfied, they can even just publish the key to ensure you can't prove your story cryptographically.

level 2
105 points · 3 years ago

Why not just publish the signature? There is no need for any doubt in this case. If it were not safe to publish signatures, Bitcoin wouldn't even work!

level 2
108 points · 3 years ago

Actually, if you look at the 'bug' people are pointing out, it looks like his shell script was intentionally designed to mislead people.

The way his script is witten, it looks like it verifies the data the file path "$signature" which is the second command line parameter.

But in fact, it reads from a file referenced in the variable"$signiture"

So, if you were demoing this to someone you could do

cat whatever.txt

EcDSA.verify output whatever.txt pub.key

the contents of "whatever.txt" would be output to the screen when you run cat, but openssl would actually read a completely different file, whatever you'd set the $signiture environment variable too

I was not allowed to keep the message or laptop (fear it would leak before Official Announcement).

That's crazy.

level 2
61 points · 3 years ago · edited 3 years ago

Hey Gavin,

Thanks for providing the details. Some questions:

  1. Did you suggest using electrum or did they?

  2. Did you check the pgp signature of the "freshly downloaded copy of electrum"?

  3. Did you verify the signature using the electrum command-line or the GUI?

  4. Did you get to examine the electrum source code in any way?

  5. Did you connect the laptop over wifi or 4g?

Thank you.

level 2
24 points · 3 years ago

This sounds interesting but (if it's even really you) it lacks details. Please provide specific and detailed steps, how verification was performed.

Some questions for you:

  1. did you buy the laptop?

  2. did you install the operating system? (which OS, BTW?)

  3. did you connect to secure, trusted Wi-Fi?

  4. did you type the address of electrum, checked spelling and certificate?

  5. did you perform downloading and installing?

  6. did you copy and verify the signature?

  7. are you sure that you used correct verification tool?

  8. did you try to change the signature or the message and check that it would be considered invalid?

  9. did you verify the source code of electrum? (It's Python, BTW)

If you did this procedure with me, then I'm almost sure I could trick you into thinking I'm Satoshi if you violated any of those things (some of them may be hard). (BTW, if I provided the laptop, there are so many ways I could do it, that I can't even count them.)

level 2
262 points · 3 years ago

I was not allowed to keep the message or laptop (fear it would leak before Official Announcement).

This is simply inexcusable. You claim you had proof that Wright was able to produce chosen-plaintext signatures with a private key that is very intimately tied to the "Satoshi Nakamoto" identity.

This isn't something you delete out of fear of it leaking before Wright's pretentious blog post. This is a matter of historic significance.

Cryptography wasn't created so that people have to take your word for this. It was made specifically so that we don't.

level 2
Bitcoin Cash Developer18 points · 3 years ago

Ok ... so is there an announcement of a message verifiable by anyone to be expected?

Why do you say "if I recall correctly"?

You surely must see the significance of this identity proof?

Also: What does brand new mean? Did you buy one? As in: Craig, you pick the suburb the we buy in, and I pick the store that we buy it from?

level 2
20 points · 3 years ago

VB: I will explain why I think he's probably not Satoshi. ((applause)) He had the opportunity to take two different paths of proving this. One path would have been to make this exact proof, make a signature from the first bitcoin block, put the signature out in public, make a simple 10 line blog post, so that Dan Boneh would be convinced and verified.... he would let the crypto community verify this. But instead he has written a huge blog post that is long and confusing and it has bugs in the software and he also says he wont release the evidence. Signaling theory says that if you have a good way to prove something and you have a noisy way to do it, then the reaosn why you picked the noisy way was because you couldn't do it the good way in the first place.

level 2
Comment deleted by user3 years ago
level 2
29 points · 3 years ago

Dude, I mean this with the utmost respect. I would suggest pulling up stumps today, and just get to the bottom of this whole thing, and leave the forums alone until you're sure what's happened.

He said, she said, it said, they said... it all means nothing. Until you have that evidence in your hands, I think you've got more to lose in this exchange than most. It's alright being duped. Perhaps that's not the case. But I would want to be very clear in my head what has happened, before I continued commenting on this subject.

My 2.2c (10% AUD GST Incl.)

level 2
29 points · 3 years ago

Well, now that it's announced, how about he share the signed message?

This is supposed to be trustless.

level 2
28 points · 3 years ago

Are you being held against your will?

More posts from the btc community
Continue browsing in r/btc
/r/btc was created to foster and support free and open Bitcoin discussion, Bitcoin news, and exclusive AMA (Ask Me Anything) interviews from top Bitcoin industry leaders! Bitcoin is the currency of the Internet. A distributed, worldwide, decentralized digital money. Unlike traditional currencies such as dollars, bitcoins are issued and managed without the need for any central authority whatsoever.



Online Now

Created May 20, 2011
Cookies help us deliver our Services. By using our Services or clicking I agree, you agree to our use of cookies. Learn More.