Is Craig Wright?

Today there has been an explosion of media interest in the claim by Craig Wright that he is the identity behind the pseudonymous creator of Bitcoin, Satoshi Nakamoto. However, his blog post is rather suspicious, as it contains various misconceptions that one would not expect from an expert in the field, let alone the originator of Bitcoin.

“A process known as combinatorics”

Several paragraphs into the post, he begins discussing technical details and making various errors:

Wright writes: The SHA256 algorithm provides for a maximum message size of 2^128 – 1 bits of information whilst returning 32 bytes or 256 bits as an output value.

No, the SHA-256 algorithm only supports inputs of length up to $2^{64}-1$. Specifically, there is a preprocessing stage where extra bits are appended to the end of the input as follows:

• Input data (n bits)
• Padding (512 – (n+64 mod 512) bits)
• Binary representation of n (64 bits)

This ensures that the prepared input has a length divisible by 512, which is necessary for the mixing algorithm which operates on blocks of 512 bits.

Anyway, this error is just about excusable since it pertains to the obscured internal details of an algorithm which people often use simply as a ‘black box’ for generating cryptographically secure message digests. The next sentence was much more concerning, since it suggests a serious mathematical misconception:

Wright writes: The number of possible messages that can be input into the SHA256 hash function totals (2^128 – 1)! possible input values ranging in size from 0 bits through to the maximal acceptable range that we noted above.

This does not even remotely resemble the correct number of possible inputs, which is $2^{2^{64}} - 1$. The use of a factorial to count the number of binary strings should immediately trigger alarm bells in anyone with a rudimentary undergraduate-level understanding of discrete mathematics.

This is followed by the rather amusing deviation:

Wright writes: In determining the possible range of collisions that would be available on average, we have a binomial coefficient (n choose k) that determines the permutations through a process known as combinatorics [1].

The reference is to a paper by Lovasz, a great mathematician who would be either amused or offended to hear the field of combinatorics described as ‘a process‘. Moreover, binomial coefficients count subsets, rather than ‘determine permutations’, and most professional cryptanalysts would struggle to decipher the phrase ‘possible range of collisions that would be available on average’.

Nitpicking the code

In one of the images on Craig Wright’s blog post, there is a screenshot of Notepad displaying a putative shell script for verifying an ECDSA signature. With the comments removed, the code reads as follows:

filename=$1 signature=$2
publickey=$3 if [[$# -lt 3 ]] ; then
echo "Usage: verify <file> <signature> <public_key>"
exit 1
fi

base64 --decode $signiture > /tmp/$filename.sig
openssl dgst --verify $publickey -signature /tmp/$filename.sig $filename rm /tmp/$filename.sig

Note that the antepenultimate line says ‘signiture’ instead of ‘signature’, so the script doesn’t do what is claimed. In particular, it reads the signature from the environment variable ‘signiture’ rather than from the command-line argument. Hence, if you populate the environment variable with your own public-key, rather than Satoshi’s, you can cause the test to pass!

Whether this was indeed a malicious trick to convince spectators (or economists, as the case may be) or simply an innocent typo is unclear. But in the latter case, the script clearly was never tested; otherwise, the error would have been quickly detected. Either way, this seems somewhat suspicious.

“I’m Satoshi, and so’s my wife”

This is by no means the first time someone has claimed to be Satoshi. However, on this occasion there is the added caveat that two well-known Bitcoin developers, Jon Matonis and Gavin Andresen, purport that Wright is indeed right. This rules out the possibility that Wright is merely trying to seek attention, and instead suggests the following dichotomy:

1. Matonis and Andresen genuinely believe that Satoshi is Wright.
2. The triumvirate have ulterior motives for perpetuating a ruse.

Several explanations for (2) have been proposed. In particular, there is a rift amongst the Bitcoin developers between the ‘big-blockians’ and the ‘little-blockians’ (to parody Jonathan Swift), which I shall attempt to summarise here. Firstly, note that block size is essentially a measure of how many transactions can be handled in a 10-minute interval.

The little-blockians want the block sizes of Bitcoin to remain small, and thus for it to be a pure decentralised currency that can be used by anyone with a computer. This would maintain it as a peer-to-peer currency, but would limit its growth.

By comparison, the big-blockians believe Bitcoin should grow into a universal currency, expanding the block size to accommodate absolutely every transaction. The downside is that this is beyond the computational limits of domestic machines, thereby meaning that Bitcoin could only be regulated by banks, governments, and other large organisations: thereby moving it away from a libertarian idyll into something more akin to a regular currency.

Matonis, Andresen and Wright are all big-blockians. Having the esteemed creator Satoshi on their side would help their argument, and it is entirely plausible that there are several large organisations who would benefit from having more control over the regulation of Bitcoin.

Whether these motives are indeed the case, rather than mere speculation, will require further evidence. But as the evidence stands, I would not like to bet any money, cryptographic or otherwise, on the validity of Wright’s claim…

This entry was posted in Uncategorized. Bookmark the permalink.

26 Responses to Is Craig Wright?

1. Usually, when someone heckles petty points, they have nothing better to use.
If on the other hand, you checked out the history of this character, and notice that he is a world recognised expert in financial auditing, a PHD in various IT security disciplines as well as having developed the first online casino – all of which is easily checked through 3rd parties, you might come to the conclusion that a few spelling errors doesn’t prove anything.

• apgoucher says:

He may well be a world expert in financial auditing, but that has no relation whatsoever to his credentials as a cryptographer. Analogously, Stephen Hawking is a world expert in theoretical physics, but I would not give the same weight to his judgement on 18th-century politics.

I think his fundamental misconceptions about basic enumerative combinatorics are slightly more than ‘petty points’.

• Crispin says:

Expert in financial auditing? LoL.
I guess even “a world expert in financial auditing” does not guarantee the ability to run a company, or avoid insolvency (more than once). Several of Craig’s companies have been forcibly wound up by insolvency accountants.
As to the claim of developed the first online casino? I will credit that Craig *was* responsible for selling, deploying and configuring the firewalls & internet gateway environment for Lassetters Casino in the Northern Territory during the mid-late 1990’s.
It wasn’t his casino, and he didn’t design/build/deploy/manage or operate any of the gaming systems, and was not responsible for operation/management/update or configuration of the firewalls post deployment. Demorgan Pty Ltd (as it was then called) *did* sell the firewalls, and did perform major upgrades at least twice until mid 2001 when the company went into receivership & was purchased by Rural Telecomms Pty Ltd.

• Chris Ball says:

a PHD in various IT security disciplines

His “PhD” is in theology. According to the university that awarded it, it is two masters’ degrees rather than a PhD.

• j2kun says:

Mathematics is the basis of bitcoin, and Satoshi successfully does mathematics in his white paper. His error here, on the other hand, is a high-school level error.

It’s like if an anonymous Monet suddenly revealed himself and his proof was paint-by-number, but done wrong.

• Daz says:

Whoever your are, 123db, you would have a great deal more credibility if you knew how to spell PhD.

• David Marris says:

What is “a PHD in various IT security disciplines”? A PhD is a qualification, not a person, and a PhD in a cross-disciplinary field is not ipso facto any more weighty than one in a single discipline. Basically you are saying that this guy has a PhD in IT security.

2. Anonymous says:
3. mmortal03 says:

” This rules out the possibility that Wright is merely trying to seek attention, and instead suggests the following dichotomy”

No, it could also be that Craig is seeking attention/trying to perpetuate a scam, and Gavin and/or Jon are independently capitalizing upon it. Not saying it’s likely, just that it’s a possibility. There could also be scenarios where Gavin was tricked by Craig *and* Jon, or where Jon was tricked by Craig *and* Gavin.

4. Anonymous says:
5. Elfdring says:

Meanwhile my fiats keep on trucking!

6. There is a small error: the number of possible inputs is 2^{2^{64}}, not 2^{2^{64}} – 1.

• apgoucher says:

The possible inputs are:
— 1 empty string;
— 2 strings of length 1;
— 4 strings of length 2;
— 8 strings of length 3;

— 2^{2^{64} – 1} strings of length 2^{64} – 1.

So the total number of possible inputs is 1 + 2 + 4 + 8 + … + 2^{2^{64} – 1}
= 2^{2^{64}} – 1.

7. Anonymous says:

you may be interested in this: new raw audio footage has very recently been released by gq magazine of this craig wright guy. in it, he is being interviewed by someone who is trying to reasonably cast doubt on his supposed proof of him being satoshi. craig wright, being unable to properly respond, instead decides to launch into a realistic impersonation of gordon ramsay:

http://www.gq-magazine.co.uk/article/craig-wright-bitcoin-interview

8. S K says:

http://researchoutput.csu.edu.au

seems you can search on wrights phd.

9. Hello,nice share.

10. Hello,nice share.

11. Pingback: Timeline (BitCoin) | Ramon Quesada

12. Pingback: Cronograma (BitCoin) | Ramon Quesada