Hoaxtoshi aka Craig Wright busted - collection of quality research posts

[LiteCoinGuy]

-Hoaxtoshi aka Craig Wright busted-

Craig Wright is not Satoshi Nakamoto

Craig Wright is not Satoshi Nakamoto. He wasn’t Satoshi Nakamoto before or after Wired and Gizmodo suspected him to be last year, and he still isn’t Satoshi Nakamoto after trying to reveal himself to be on his own blog and to The BBC, The Economist, GQ, Jon Matonis and Gavin Andresen.

https://www.nikcub.com/posts/craig-wright-is-not-satoshi-nakamoto/


-------------------------------------------


Satoshi: how Craig Wright's deception worked

My previous post shows how anybody can verify Satoshi using a GUI. In this post, I'll do the same, with command-line tools (openssl). It's just a simple application of crypto (hashes, public-keys) to the problem.

http://blog.erratasec.com/2016/05/satoshi-how-craig-wrights-deception.html


--------------------------------------------


Extraordinary Satoshi Claims

It has become an annual exercise for the press to jump on a Satoshi sighting that it has almost become an ordinary event. What is extraordinary is when a previously attempted and debunked contender emerges with, yet again, unconvincing "proof."

http://hackingdistributed.com/2016/05/02/extraordinary-satoshi-claims/


---------------------------------------------


Validating Satoshi (Or Not)

Yes, this is a scam.  Not maybe.  Not possibly.

https://dankaminsky.com/2016/05/02/validating-satoshi-or-not/


--------------------------------------------



Dr. Wrong and the Art of Digital Misdirection

http://jere.in/dr-wrong-and-the-art-of-digital-misdirection


--------------------------------------------


Craig Wright is a brilliant troll

http://blog.oleganza.com/post/143781316553/craig-wright-is-a-brilliant-troll


--------------------------------------------


A Short Human-Verifiable Proof that Craig Wright has Cheated the Press

http://blog.bettercrypto.com/?p=2614


---------------------------------------------


Is Craig Wright?

https://cp4space.wordpress.com/2016/05/02/is-craig-wright/


---------------------------------------------


https://de.reddit.com/r/Bitcoin/comments/4hhreq/how_craig_constructed_the_message_that_he_signed/

https://imgur.com/IPDPXZm


---------------------------------------------

https://www.reddit.com/r/Bitcoin/comments/3w027x/dr_craig_steven_wright_alleged_satoshi_by_wired/cxslii7

--------------------------------------------

Have journalists found the inventor of Bitcoin or simply been duped?

http://www.computerworld.com.au/article/590543/journalists-found-inventor-bitcoin-simply-been-duped/

[1715387995]

1715387995

[1715387995]

1715387995

[1715387995]

1715387995

[1715387995]

1715387995

[1715387995]

1715387995

[r1cochet]

I wonder if Gavin's commit access will be permanently revoked? Do people honestly believe he wasn't in cahoots with Wright?

[Lauda]

How many more threads are people going to open on this subject?

I wonder if Gavin's commit access will be permanently revoked? Do people honestly believe he wasn't in cahoots with Wright?

It should be. This is one strike too many; it is time to say farewell to GA.

[LiteCoinGuy]

How many more threads are people going to open on this subject?

this is the mother of all threads 

[RealBitcoin]

Busted my ass, there are still 20-30% of this forum that believe his hoax.

We need to expose it better, i cannot believe there are dumb people enough to believe this crap, but apparently there are.

Just go to /bitcoin reddit and you will see what i`m talking about

[Lauda]

this is the mother of all threads 

Then it should be constantly edited and updated, rather than opening another thread (which would become the 'new' "mother of all threads").

Busted my ass, there are still 20-30% of this forum that believe his hoax.

While the exact numbers are unknown, it is true that there's a certain amount of people that either believe this nonsense and/or don't know why it is false.

Just go to /bitcoin reddit and you will see what i`m talking about

On r/btc you will find out that this was all planned by Blockstream to get rid of Gavin.

[Fatman3001]

Busted my ass, there are still 20-30% of this forum that believe his hoax.

We need to expose it better, i cannot believe there are dumb people enough to believe this crap, but apparently there are.

Just go to /bitcoin reddit and you will see what i`m talking about

Would probably help if some of the mudslingers stuck to the message (Yes, I'm looking at you Lauda).

[RealBitcoin]

While the exact numbers are unknown, it is true that there's a certain amount of people that either believe this nonsense and/or don't know why it is false.

This is the problem, because every bullshit creates a divide & conquer effect.

There will always be dumb people to believe the biggest lies. So if they keep pushing many lies one after another, we lose more an more people, and they could attempt a shady takeover like the bitcoin classic was.

If they gain enough support for that, then it could pose a serious risk to bitcoin after that.

[ebliever]

Excellent compilation, thanks! Share this around folks, I'm still seeing new articles appearing today in the mainstream media declaring that Wright is Satoshi. (For example, a Bloomberg article on the topic is currently featured on the RealClear family of websites and getting extensive play, that is pathetically outdated.)

[LiteCoinGuy]

Excellent compilation, thanks! Share this around folks, I'm still seeing new articles appearing today in the mainstream media declaring that Wright is Satoshi. (For example, a Bloomberg article on the topic is currently featured on the RealClear family of websites and getting extensive play, that is pathetically outdated.)

thank you 

the attempt is to only add quality stuff. i guess that is a convincing collection already.

[TPTB_need_war]

Craig "Satoshi" Wright said he was going to move them

hahah this guy is so funny lol. He doesn't need to move any coin to prove it, just sign the fcking message if he has the prive keys

Something is weird. He provided a message and a signature, but there's nothing in the message to indicate that he signed it himself, or when it was signed. It could have been signed months or years ago and there's no way to prove otherwise.

To understand what is really going on, you need to read carefully what Craig Wright has always said and continues to reiterate:

In his initial blog post, Wright noted that “Satoshi is dead... but this is only the beginning.” He also said that he would follow up with a more detailed mathematical explanation for the revelation. Now, the world will likely have to wait for “the coming days”—however long that may be—for more clues.

If I sign Craig Wright, it is not the same as if I sign Craig Wright, Satoshi.

I think this is true, but in my heart I wish it wasn’t.

Since those early days, after distancing myself from the public persona that was Satoshi,

Satoshi is dead.

But this is only the beginning.

You need to remember that Craig Wright has never claimed he is Satoshi Nakamoto. Instead, he has claimed that his former colleague (who died) was Satoshi. He claims he was backing his colleague's the development of Bitcoin.

This Australian Says He and His Dead Friend Invented Bitcoin

David Kleiman, Craig Wright's friend more likely Satoshi Nakamoto

OK so this might get a little meandering but I keep finding tidbits of David Kleiman's life that makes him a far more likely candidate for Satoshi than Wright. So here are some in no specific order.

Remember that Craig Wright had obtained funding for and was running a the largest Supercomputer in Australia. So what Craig has ostensibly done is he is used supercomputer resources to find the inverse of a hash function and then used one of Satoshi old transactions to pretend he has the private key:

The implication is that either Craig Wright has stumbled upon an infinitesimally rare occurrence of an SHA256 collision, or that he had used the signature from block 258 to reverse engineer a hash (the first shown in his blog demonstration) and hoped that nobody would notice. ycombinator user JoukeH noticed.

Realize that he has probably promised to endorse Andresen's block chain scaling preferences and thus probably why Gavin wants him to be Satoshi:

Andresen’s only attempt at an explanation for Wright’s bizarre behavior, he says, is an ambivalence about definitively revealing himself after so many years in hiding. “I think the most likely explanation is that … he really doesn’t want to take on the mantle of being the inventor of Bitcoin,” says Andresen, who notes that his own credibility is at stake, too. “Maybe he wants things to be really weird and unclear, which would be bad for me.”

That uncertainty, Andresen says, seemed to be evident in Wright’s manner at the time of their demonstration. Andresen describes Wright as seeming “sad” and “overwhelmed” by the decision to come forward. “His voice was breaking.

Remember that after his death, David Kleiman's family recovered his USB flash drive and gave it to Craig Wright. Thus likely Craig Wright may have an unpublished transaction but not the actual private key. So he may be about to fool the world into thinking he is Satoshi, or making some proof that he was the man behind the man who was the real Satoshi.

[Lauda]

-snip-

Stop spamming the same post in every single thread related to CW.

You need to remember that Craig Wright has never claimed he is Satoshi Nakamoto.

He did claim this, and he even keeps insisting that he is Satoshi. Stop defending him.

This is the problem, because every bullshit creates a divide & conquer effect.

That's what the idea behind it is; I don't think it is a coincidence that this happens at the time of Consensus 2016 and the CME group - related news about Bitcoin (which was basically, completely, suppressed).

[TPTB_need_war]

No - what Craig did was grab an existing signature used by Satoshi and pretend he had created it to sign a document by Sartre (which is fraud and even Gavin is not sure what on earth to make of that).

And he *is* claiming to be Satoshi (which is why he asked Gavin to come and *verify* his claim).

Also - why are you posting the exact same thing in multiple topics?

Re-read my post, you didn't seem to understand it. Craig has not said he is Satoshi. Find a quote where he said that. You won't. He has always said it was his colleague.

And with his access to a supercomputer, it is plausible he was able to reverse the hash in order to find a text that matched the signature that was already on the blockchain. Without that explanation, then he must have the private key! You seem to not understand the technology. 

I am replying to every topic where my post is relevant. I am not the one who created so many duplicate topics.

[Lauda]

The tweets of this account might be worth reading.

[Gleb Gamow]

How many more threads are people going to open on this subject?

this is the mother of all threads 

<my last post of the night>

Tomorrow, I'm goin' to start a thread entitled: The Mother of all Threads

nite

[cjmoles]

No - what Craig did was grab an existing signature used by Satoshi and pretend he had created it to sign a document by Sartre (which is fraud and even Gavin is not sure what on earth to make of that).

And he *is* claiming to be Satoshi (which is why he asked Gavin to come and *verify* his claim).

Also - why are you posting the exact same thing in multiple topics?

Re-read my post, you didn't seem to understand it. Craig has not said he is Satoshi. Find a quote where he said that. You won't. He has always said it was his colleague.

And with his access to a supercomputer, it is plausible he was able to reverse the hash in order to find a text that matched the signature that was already on the blockchain. Without that explanation, then he must have the private key! You seem to not understand the technology.  

I am replying to every topic where my post is relevant. I am not the one who created so many duplicate topics.

Here is is another: https://www.youtube.com/watch?v=5DCAC1j2HTY

BBC: "So you are going to show me that Satoshi Nakamoto is you?"
Craig Wright: "Yes."

[CIYAM]

Unfortunately @TBTB is not very good at doing (even the most basic) research and doesn't know how to ever admit he is wrong (he will now say that the BBC and everyone else is wrong rather than admit his own mistake).

[hv_]

Unfortunately @TBTB is not very good at doing (even the most basic) research and doesn't know how to ever admit he is wrong (he will now say that the BBC and everyone else is wrong rather than admit his own mistake).

I d understand TPTB saying CW never posted this until he lately tried to claim it in the BBC interview.

This oral claim seems to be more panic driven than wanted and given that Dave and CW might have had some close relation and Dave adressed some last wish to CW to never uncover the truth about Dave might be Satoshi, CW now desperately tries to proof its rather him (CW) before others (the hidden drivers) might find out / proof it was Dave....

so guess CW is in the shit doesnt matter how you see it

[TPTB_need_war]

He is not satoshi.

https://twitter.com/ICOcountdown/status/727648910647431170

https://github.com/patio11/wrightverification/blob/master/README.md

That is a jumbled analysis which doesn't explain well the situation.

I already explained it more clearly:

Remember that Craig Wright had obtained funding for and was running a the largest Supercomputer in Australia. So what Craig has ostensibly done is he is used supercomputer resources to find the inverse of a hash function and then used one of Satoshi old transactions to pretend he has the private key:

The implication is that either Craig Wright has stumbled upon an infinitesimally rare occurrence of an SHA256 collision, or that he had used the signature from block 258 to reverse engineer a hash (the first shown in his blog demonstration) and hoped that nobody would notice. ycombinator user JoukeH noticed.

And with his access to a supercomputer, it is plausible he was able to reverse the hash in order to find a text that matched the signature that was already on the blockchain. Without that explanation, then he must have the private key! You seem to not understand the technology. 

Let me unpack that more for n00bs. The point is that every Bitcoin signature signs the hash (of a hash) of the transaction. And so if someone can create two transactions that have the same hash, then one can use the same signature for both, i.e. no need to have the private key to generate a new signature.

What Craig did was reuse an existing signature from the block chain which is attributed to Satoshi, and supplied it as the signature for a new transactions. Specifically the new transaction is some text written by Sartre but the key point is that normally it should impossible to find a new set of data which can generate the same hash, because of the preimage resistance security property of the SHA256 cryptographic hash function.

Craig Wright’s chosen source material (an article in which Jean-Paul Sartre explains his refusal of the Nobel Prize), surprisingly, generates the exact same signature as can be found in a bitcoin transaction associated with Satoshi Nakamoto.

The likelihood that a private key will generate two identical signatures when signing two different sources – a Bitcoin transaction on the one hand, and a Sartre text on the other – is so infinitesimally small that it is unlikely.

That Craig didn't create a new signature is indicative that he does not hold Satoshi's private keys, if we can find some other explanation for how he broke the preimage security of SHA256. That is why I offered the supercomputer information, because I remember that Craig had used his claim he was close to Satoshi in order to garnish government funding which enabled him to assemble the most powerful supercomputer in Australia.

It is very unlikely that Craig is Satoshi, and instead it appears he was on the scene very early when Bitcoin was launched:

What I'm expecting to happen next is that Wright is going to move some early coins (or produce a signature from some early coins) some time soon, but this is only going to fuel the speculation even more because it won't be a definitive proof from a GPG key or a genesis block.

I'm guessing the reason why Wright will be able to do this is because he found out about Bitcoin from Kleiman from the cryptography mailing lists (which we know Kleiman was a member of.) We already know that he mined coins early on so it won't be that much of a surprise when he moves coins. But as has already been pointed out by other people -- this also doesn't prove anything -- since Bitcoin was released -publicly- anyone could have mined those coins (or he could have simply purchased access to the private keys of any early block.)

If I had to speculate: I'd say that in all likelihood neither of them are Satoshi. Kleiman's work was on digital forensics which means he was focused on doing things like scrubbing memory dumps for meta-data to find files pointers and then using them to find hidden files on disk. It would have required fairly low level programming to write the tools needed to do this (so its plausible Kleiman had the skills to code something like Bitcoin but still highly unlikely given how expertly the original source code was – so I'd be surprised if the person(s?) who created Bitcoin didn't have a background in software.)

Consider that Forensics is also quite a specialized field and that a person participating in it wouldn't necessarily have needed to know anything about digital signatures to do their work. Hashcash-style proof-of-work in that regard is even more esoteric and I'd expect to see a lot more interest in general cryptography (and economics) if Kleiman was actually Satoshi. But if you look at what he replies to -- he's only really interested in forensics and talking about his own work. I think it's far more likely that the two of them were early adopters / miners who were intimately associated with Satoshi in some way (possibly they corresponded at some point via email like a lot of people at the time) but weren't actually Satoshi themselves.

My profile for Satoshi is a lot closer to the group of people currently involved in the Bitcoin-space, to be honest: people who find cryptography interesting (but aren't necessarily cryptographers) and enjoy programming (but aren't necessarily "software engineers" by trade.) This would make a lot more sense since all the pieces needed to produce Bitcoin were in place for years before it was invented: digital signatures, hash functions, and proof of work – so at the least I'd expect some kind of evidence of an interest in those areas.

Tl; dr, I think Wright was just in the right place at the right time and that Kleiman was unlikely to have had the skills, knowledge, or time to have invented something as massive as Bitcoin even being an “expert” in digital forensics. Both Wright and Kleiman strike me as men who were more interested in building up their respective careers as “experts” through academic channels and the press, rather than people who are genuinely passionate enough about economics and crypto to have invented Bitcoin in their spare time.

However, what Craig is doing now is very peculiar. He appears to have the confidence to manipulate the entire Bitcoin community, including Gavin Andresen as I had explained my prior posts. Thus it appears to me he may have the support of some very powerful players in the Bitcoin ecosystem, even perhaps the government or the national security agencies.

Re-read my post, you didn't seem to understand it. Craig has not said he is Satoshi. Find a quote where he said that. You won't. He has always said it was his colleague.

Listen to the first few minutes of the BBC interview

http://www.bbc.co.uk/news/technology-36191165

"You're going to show me that Satoshi is you?"

Craig - "yes"

Remember Craig is a lawyer. Remember how Bill Clinton explained in court what the meaning of 'is' is.

Craig has consistently claimed he was backing "the persona behind Satoshi" and was part of a group involved with Satoshi, so the above statement is consistent with that, without him actually being the man who developed the code of Bitcoin with his own fingers. The interviewer did not ask Craig "are you going to prove you are the man who wrote the code of Bitcoin?" which obviously can't be proved nor disproved by any signature since Satoshi did not sign the code of Bitcoin.

Is Satoshi after all of Blockstream?

I have had no communication with Mr Wright at all, let alone signed anything. I understand that there is some information sheet Wright is giving reporters that specifically attacks me, however!

https://www.reddit.com/r/Bitcoin/comments/4hs2ca/can_all_core_developers_confirm_they_havent/

Hey dufus - why don't you look at the BBC article itself: http://www.bbc.com/news/technology-36168863

It says: "Australian entrepreneur Craig Wright has publicly identified himself as Bitcoin creator Satoshi Nakamoto."

Where did they get the information from - they got it from Craig Wright - still going to say he hasn't identified himself as being Satoshi?

You are quoting what a reporter has said, not what Craig has said. I said find a quote where Craig has claimed his is the man who wrote the code for Bitcoin. You will never find that.

Butthurt idiot. Bye.

I see you locked your thread again. You are an emotional basketcase.

I am replying to every topic where my post is relevant. I am not the one who created so many duplicate topics.

It isn't relevant and it is just spamming (you could start your own topic of course).

And if he was saying that he just knew Satoshi and is not Satoshi then why does Gavin come out this "meeting" saying that he is Satoshi (surely he would  have told Gavin it was his friend and not him).

You are just butthurt.

It is very relevant.

Craig has played Gavin. He knows Gavin needs support for his preferences for the block scaling debate.

Butthurt by what exactly?

(perhaps due to seeing your same post spammed in every topic?)

Don't pretend you've forgotten when you closed the technical thread where we were debating and told me in PM that you never wanted to talk to me again.

I don't have time for your melodrama. Bye.

It's increasingly obvious that despite not being able to present actual cryptographic proof Wright is putting a lot of effort into obfuscation and trying to sway the public opinion, whether it's for his business interests or something else.

You do not seem to understand the math. Either Craig broke SHA256 or he has Satoshi's private key.

Also by getting core Bitcoin devs and their tribe to claim that the proof Craig provided is not a proof, he has revealed them as being disingenuous. Very clever political game theory he has concocted.

Craig has astutely accomplished his goal, as only 42% of Bitcoiners conclude he can't be Satoshi. And when and if Craig signs coins from an early block of Bitcoin, the level of confusion will increase. Craig is playing a political game theory.

I think bringing in a dead person into this is just a scapegoat by Craig Wright to confuse spectators. If this is true, why would he pretend being Satoshi by signing a fake message? Until Craig comes up with this extraordinary proof he says, I refuse to believe anything that came from him.

Refusing to believe is not the same as proving he is not. Craig is winning the political game theory. He is a clever lawyer mofo.

Reading this, quite interesting:

http://gizmodo.com/this-australian-says-he-and-his-dead-friend-invented-bi-1746958692

One theory that is being floated on Reddit runs like this:

Kleiman is Satoshi, and had the keys to the ~1 million bitcoins. He dies, and his USB stick/computer/whatever went to a relative, who doesn't realize what he is holding. Wright knew Kleiman and knew he was Satoshi. So he invents this crazy story about being Satoshi, but that he can't spend the coins because they are all in a trust that was held by Kleiman.

So now Wright comes public claiming to be Satoshi - and sets himself up to launch a lawsuit against Kleiman's relative to get "his" bitcoins back. If Wright pulls this off, he gains the fabled treasure of 1 million bitcoins off Kleiman's estate.

Thoughts pro and con?

I just came up with another theory though...we might be missing the forest for the trees. Much of what CW has said has proven sketchy, or even downright lies (claiming multiple fake phd's for instance). We do know one thing that's incontrovertible: CW was very interested in high performance computing / supercomputing. Think about that for a minute.

Now what if Kleiman, being the typical computer geek, enjoyed the intellectual challenge of creating the code but had little interest in testing...and asked his friend CW to help test Bitcoin by mining. It's very possible that CW could own Block 1, and even if not, it's still possible that a significant part of Satoshi's stash...actually doesn't belong to Satoshi. What if most/all the coins we thought were Satoshi's were actually CW's?

It's also possible that Kleiman wrote the first version of the Bitcoin code, and that CW took over testing, bug fixing, and future development. Kleiman could have written the code, while CW could have been the "Satoshi" that communicated extensively with Gavin and others...

I think that CSW stumbled upon Bitcoin circa 2013 (late 2012 at the earliest) and started concocting a narrative to fit his long con. Stumbling upon the death of David Kleiman, a person who CSW co-wrote with, Craig saw that the pieces of Dave's life fit nicely in what's known about Satoshi. It was just a matter of creating docs to make it look like he and Dave were partners of sorts which I've demonstrated he's done.

[MingLee]

I'm not going to get an deeper in this than I have to, but for the love of god can you please move this drama to some other thread and figure your beef out there? This is getting stupid and is polluting actual discussions.

I do not care who is in the right or wrong, just go do it somewhere else.

As for the actual thread,

I like the collection of papers/articles and it really does outline a lot of the issues here. Have you been to reddit.com/r/bitcoin and used some of the resources there as a supplement for your information?

I plan on using these in the future, thanks for compiling all of these.

[mixan]

Is he going to show up here to give a formal apology to the bitcoin community for his lying and deceit for trying to masquerade around as bitcoins creator and founder?
He should give every forum member 0.1btc for us enduring this traumatic situation.

[bittraffic]

I wonder if Gavin's commit access will be permanently revoked? Do people honestly believe he wasn't in cahoots with Wright?

sure he is. he should know better to verify proof. but nooo he instead tried to convince people to believe wright.

[adamstgBit]

Is he going to show up here to give a formal apology to the bitcoin community for his lying and deceit for trying to masquerade around as bitcoins creator and founder?
He should give every forum member 0.1btc for us enduring this traumatic situation.

i think at this point Craig Wright actually believes he is satoshi, he was part of the original dev team, he was mining when it first started he is satoshi.

soon he will prove to us that he was a day 1 miner.

SOON!
as soon as he supercomputer finds a hash-sig-thingy that matches an early TX

[TPTB_need_war]

Click this quote to read what Gmaxwell and others will respond:

Wholly shit! I am contemplating the possibility that Craig has revealed that who ever created Bitcoin put a backdoor in it!

As I already explained, the signature Craig has provided proves either he has cracked something about the way Bitcoin uses SHA256 or he has Satoshi's private key. Afaics, there are no other mathematical possibilities.

But note this small detail:

You'll note that Bitcoin, for reasons known only to Satoshi, takes the signature of hash of a hash to generate the scriptSig. Quoting Ryan:

Well that isn't so insignificant of a detail when you think more about it in this context.

A cryptographic hash function has a property named collision resistance. Collision resistance is related to preimage resistance in that if we have a way to quickly find collisions, then if the preimage is collision then we also break the preimage resistance for that particular hash value.

Collision resistance is normally stated as the number of hash attempts required to find a collision or the number of rounds to break collision resistance with reasonable hardware. Normally this is exponentially less than computing the SHA256 hash function 2²⁵⁶ times. For SHA256, there are collision resistance attacks up to 46 of the 64 rounds of SHA256 (and 52 of 64 rounds for preimage attack).

So what happens to collision (and preimage in this context) resistance when we hash the hash? Well all the collisions from the first application of hash become collisions in the second hash, plus the new collisions in the second application of the hash thus increasing the number of rounds that can be attacked.

It seems likely that Craig has identified the back door that was placed in Bitcoin as explained above, and used his supercomputer access to find a preimage of SHA256.

If am correct, this is major news and Bitcoin could crash.

I urge immediately peer review of my statements by other experts. I have not really thought deeply about this. This is just written very quickly off the top of my head. I am busy working on other things and can't put much time into this.

[smoothie]

The tweets of this account might be worth reading.

lol

"I am the real god and I don't need to prove it to you because it's true."

[Heutenamos]

i cannot believe there are dumb people enough to believe this crap, but apparently there are.

I cannot believe there are dumb people who believe in the pseudonym "Satoshi".

soon he will prove to us that he was a day 1 miner.

SOON!
as soon as he supercomputer finds a hash-sig-thingy that matches an early TX

There is no context. It makes no difference if he signs the message standing naked on the liberty.

bitcoin is under termos and anything else is altcoin.

Bitcoin could crash.

It will crash when termos will move his block #1 coins 

[Lauda]

This might be interesting and relevant. This definitely sounds like something that Satoshi would do, considering he has ~1 Million Bitcoin. 

According to the Mtgox leaks from early 2014, our brand new 'Satoshi' Craig Wright bought 17.24 bitcoins at a rate of $1198 each.

As /u/winlifeat posted here, Craig was user 'e62d5e53-0dbc-44be-9591-725cd55ca9dd' at the Mtgox exchange. With this identifier, it's possible to look up his trades in the 2014 leak. I posted the raw data in this pastebin, you can import it into spreadsheet software like Excel to play with it yourself.
He started trading at 22/04/2013, this is just after the crash of the April 2013 bubble (or the 'Cyprus bubble'). He lost interest pretty quickly, because activity stopped 27/04, only to come back 25/11 around the peak of the last bitcoin bubble. His average price is actually $120 and he bought around 50 bitcoins, but his last buy was 17 bitcoins at around $1200. He ends up with a balance of just under 15 bitcoins when mtgox shuts down, so he probably lost another few bitcoins with trading. (The trade data in the leak stops at November 2013)

[spartacusrex]

hmm..

I really don't think he is Satoshi, if only because it would be SO EASY to prove correctly and without any doubt ( As Litecoin Creator did), that this cluster-f**k of crap he has posted is a big red flag.

But breaking Pre-Image resistance for SHA256, just doesn't add up.. Sorry.

There is no way he found a hash that matches a hash that has already been signed. No Way.

Can someone explain how he signed the 'Satre' quote WITHOUT having to break SHA256 (finding a collision) ?

It's pretty important, as if he did do that, Bitcoin is broken.

..

( WOO HOO 400 posts!  )

[TPTB_need_war]

The tweets of this account might be worth reading.

Craig also has training in law. Remember how Bill Clinton explained in court what the meaning of "is" is.

Note he did not write "Satoshi Nakamoto". He wrote #SatoshiNakamoto" meaning he is the real hashtag, not the person or persona.

Meanwhile, we have a bigger problem of Bitcoin core (Blockstream) developer Gmaxwell deleted my thread into a black hole (normally threads get moved some where) about the potential technical back door in Bitcoin illuminated by Craig's recent actions.

Note last time he did this, he moved my thread to Off-topic, but I checked there and nothing there.

[freshman777]

Is he going to show up here to give a formal apology to the bitcoin community for his lying and deceit for trying to masquerade around as bitcoins creator and founder?
He should give every forum member 0.1btc for us enduring this traumatic situation.

Do you mean to say you are not enjoying the entertainment?

[CIYAM]

Can someone explain how he signed the 'Satre' quote WITHOUT having to break SHA256 (finding a collision) ?

It's pretty important, as if he did do that, Bitcoin is broken.

He never used the hash of any Sartre quote (that was just misdirection) - the double hash that he used was simply that used in Satoshi's tx along with the signature that was used in the tx.

(basically he just copied and pasted from the blockchain then put together an elaborate pretense that he had somehow managed to sign something else using a private key known to belong to Satoshi)

Even the silly BBC report has been corrected once they finally worked out that they had been tricked.

[TPTB_need_war]

Can someone explain how he signed the 'Satre' quote WITHOUT having to break SHA256 (finding a collision) ?

It's pretty important, as if he did do that, Bitcoin is broken.

He never used the hash of any Sartre quote (that was just misdirection) - the double hash that he used was simply that used in Satoshi's tx along with the signature that was used in the tx.

(basically he just copied and pasted from the blockchain then put together an elaborate pretense that he had somehow managed to sign something else using a private key known to belong to Satoshi)

You don't know that he didn't. He hasn't yet revealed which portion of the Sartre text he claims hashes to the same hash. That was what I explained and discussed in the thread I created which Gmaxwell has apparently sent to the ether.

[CIYAM]

You don't know that he didn't. He hasn't yet revealed which portion of the Sartre text he claims hashes to the same hash. That was the point of the thread I created which Gmaxwell has apparently sent to the ether (against forum rules).

And you really believe that the double hash of some Sartre document just happens to be identical to the hash of the first (or one of the first) txs in the blockchain?

Am guessing you have a very strong belief in the tooth fairy as well.

Again - if he wanted to demonstrate that the double hashes match that would be trivial to show (but of course again he won't do that now will he).

It should be noted that not a single SHA256 collision has been found to date (so CW's claims of world's firsts and amazing achievements just keep on piling up).

[TPTB_need_war]

You don't know that he didn't. He hasn't yet revealed which portion of the Sartre text he claims hashes to the same hash. That was the point of the thread I created which Gmaxwell has apparently sent to the ether (against forum rules).

And you really believe that the double hash of some Sartre document just happens to be identical to the hash of the first (or one of the first) txs in the blockchain?

Am guessing you have a very strong belief in the tooth fairy as well.

CIYAM I would never work with you as programmer because you aren't very smart.

Surely you should understand that the permutation of portions of the Sartre text covers a combinatorial explosion of possible preimages. Craig didn't specify which portion he signed. We can presume that might be forthcoming. He is playing a game with idiots like you.

[CIYAM]

He is playing a game with idiots like you.

The only idiot here is you - and I'm glad you keep on posting your belief in this CW guy as it is just going to make you look even more idiotic as it pans out that he is the fraud that he is.

And your ad-hom attacks upon me are really not on-topic are they?

(so why don't you just stop the butthurt remarks aimed at me and stick to the topic which is CW and whether or not he is a fraud)

[TPTB_need_war]

He is playing a game with idiots like you.

The only idiot here is you - and I'm glad you keep on posting your belief in this CW guy as it is just going to make you look even more idiotic as it pans out that he is the fraud that he is.

I have stated (in the thread that Gmaxwell apparently deleted entirely, that if CW does not reveal the Sartre text that hashes correctly, then he is a fraud.

But if he does, then there is something broken in Bitcoin's cryptography. That is why I think Gmaxwell deleted my thread. He apparently doesn't want the truth to be known.

Idiot is factual in this context, as evident by your inability to refute my refutation.

[CIYAM]

Idiot is factual in this context, as evident by your inability to refute my refutation.

Your ideas about facts are far removed from the rest of the world and are again off-topic (so I am not going to waste my time bothering to refute such off-topic snide remarks from you).

Why not try and just stick to the topic rather your insatiable need to attack other forum members?

(it doesn't add anything to your points at all)

Back on topic - CW is apparently not only go to show the world that he has broken SHA256 but also how he managed to create an identical signature to one already existing (because even the SHA256 collision would not result in an identical signature as anyone who knows how this stuff works will attest to).

[2dogs]

Back to the original topic, here's another worthwhile article if it hasn't been mentioned before:

https://www.cryptocoinsnews.com/technical-proof-craig-wright-not-satoshi-nakamoto/

The Takeaway

This article explains several proofs that debunk Craig Wright’s claims that he is Satoshi Nakamoto. It has recently become apparent that Satoshi Nakamoto was (and still is) a team of individuals. Wright may be a member of the team, but his claim is singular, and this is the claim being refuted below.

The definitive finding is that Craig Wright has not proven key ownership, and that the verification script he used (and self-defeatingly published) contains a deception that may have fooled non-technical journalists, but that is apparent to the average command line user.

Proving Private Key Ownership

Various tools allow us to generate public-private key pairs. You keep the private key secret. Public keys are ordinarily published to key-servers distributed across the internet, or can be included in a web page or email. Anyone can download anyone else’s published public key.

The procedure for proving private key ownership involves a simple standard task. Someone sends you a message, you sign it with your private key, return the signed message to the sender who is then able to verify your private key signature with your corresponding public key.

Craig Wright has avoided this self-evident, simple procedure at every request.

[TPTB_need_war]

Idiot is factual in this context, as evident by your inability to refute my refutation.

Your ideas about facts are far removed from the rest of the world and are again off-topic (so I am not going to waste my time bothering to refute such off-topic snide remarks from you).

You didn't rebut my point that a portion of the Sartre text (and especially if permutation combinations of portions) is a combinatorial explosion of possible preimages and thus your entire claim was erroneous.

Now please stop making incorrect statements.

Here's another worthwhile article if it hasn't been mentioned before:

https://www.cryptocoinsnews.com/technical-proof-craig-wright-not-satoshi-nakamoto/

I rebutted that article in the thread that Gmaxwell deleted and is hiding from the readers.

I basically pointed out that until CW reveals which portion of the Sartre text he claims to have signed, we can't conclude anything.

[CIYAM]

Now please stop making incorrect statements.

Please name me one single SHA256 collision - idiot!

And now work out for me the odds of CW having found such a collision (and it happening to come from whatever Sartre document).

It is your ego that prevents you realising why @gmaxwell (assuming it was him) trashed your silly topic.

[TPTB_need_war]

Now please stop making incorrect statements.

Please name me one single SHA256 collision - idiot!

And now work out for me the odds of CW having found such a collision (and it happening to come from whatever Sartre document).

The entire point of the thread I created is that the double hashing that Satoshi put in Bitcoin (and nobody knows why) can make the collision resistance twice as bad. SHA256 is already broken for 46 - 52 of the 64 rounds. So thus doubling the hash may have been enough to break it given also that Craig apparently had access to a supercomputer.

Dude I am more expert about cryptographic hashes than you are. I designed my own already. I have done a lot of research in that area in 2013.

[CIYAM]

Dude I am more expert about cryptographic hashes than you are. I designed my own already. I have done a lot of research in that area in 2013.

Priceless - please show us your own cryptographic hash algorithm - we are all dying to see it!



My guess is that you are going to offer your amazing cryptographic hash algo (which I am guessing has been peer reviewed by many experts all over the world) to Bitcoin?

No wonder @gmaxwell isn't very interested in what you have to post!

(and unlike you I am not claiming to have designed a cryptographic hash algorithm)

[TPTB_need_war]

Dude I am more expert about cryptographic hashes than you are. I designed my own already. I have done a lot of research in that area in 2013.

Priceless - please show us your own cryptographic hash algorithm - we are all dying to see it!



My guess is that you are going to offer your amazing cryptographic hash algo (which I am guessing has been peer reviewed by many experts all over the world) to Bitcoin?

Refute the facts in the prior post.

2011 attack breaks preimage resistance for 57 out of 80 rounds of SHA-512, and 52 out of 64 rounds for SHA-256.[1]
Pseudo-collision attack against up to 46 rounds of SHA-256.[2]

Now explain to the readers Mr. Know-It-All what happens when the hash is doubled.

[CIYAM]

Refute the facts in the prior post.

I don't take orders from the likes of you (i.e. a dick) - and we are still waiting to see your amazing cryptographic hash algorithm.



Please do show us your algorithm so that we can make sure that @gmaxwell can review it!

[CIYAM]

Cry to moma. You just got REKTED.

Priceless quote from the guy with the supposed huge IQ (sounding like a 4yo).

Now getting back to the topic - if CW has broken SHA256 it seems rather incredible that the collision he found just so happens to match some Sartre document (because he personally likes Sartre) and one of (or the) first Bitcoin transaction(s).

He also somehow generated an identical signature to one already in the blockchain (which would not happen even you are signing the same double hash value).

So we have either that scenario - or the scenario where he just copied and pasted the first (or one of the first) Bitcoin txs signature and then pretended the rest (i.e. a hoax as this topic is about).

Statistics would be very strongly on my side here.

[TPTB_need_war]

Now getting back to the topic - if CW has broken SHA256 it seems rather incredible that the collision he found just so happens to match some Sartre document (because he personally likes Sartre) and one of (or the) first Bitcoin transaction(s).

Oh my. You still haven't comprehended what I explained several times in the prior posts. How sad. Just get off my lawn. Ask a real programmer to explain it to you.

He also somehow generated an identical signature to one already in the blockchain (which would not happen even you are signing the same double hash value).

You really don't understand the math. I am not going to discuss it with you further. You can continue drooling.

[CIYAM]

You really don't understand the math. I am not going to discuss it with you further. You can continue drooling.

And yes - if you can't keep to the topic (which you keep on showing that you can't) then please stop posting your vitriolic nonsense as I don't think anyone else here is really that interested in your insatiable need to try and insult people (be it myself, @gmaxwell or whoever).

We all know that according to you "no-one understands anything as well as you".

So guess what - no-one is going to bother and try.

(you should consider just starting your own forum where you do all of the posting yourself)

[target]

i can imagine how fools bbc to believe his shitty statement and publishing it widely through their website,i hope only bbc who can be this easily getting lied by craig,the good thing, no one will believe this person and his mouth

really BBC published this fool? lol that's embarrassing.
probably because he explained all the technical details blowing the writers mind and instead of asking for proof they immediately dive into the news to publish it the first.

[spartacusrex]

Can someone explain how he signed the 'Satre' quote WITHOUT having to break SHA256 (finding a collision) ?

It's pretty important, as if he did do that, Bitcoin is broken.

He never used the hash of any Sartre quote (that was just misdirection) - the double hash that he used was simply that used in Satoshi's tx along with the signature that was used in the tx.

(basically he just copied and pasted from the blockchain then put together an elaborate pretense that he had somehow managed to sign something else using a private key known to belong to Satoshi)

Even the silly BBC report has been corrected once they finally worked out that they had been tricked.

Oh.. I see.. thanks.

How can 'big boys' like Gavin and Matonis have fallen for this.. !? That shows very poor skills..  ( ..too poor if you ask me.. )

Maybe he did show Gavin and Matonis something 'cool', Gavin said he saw something signed with the Genesis key, but for some reason couldn't share.. hmmm..

There is more to this story yet.. me thinks..

Has Gavin re-responded ?

[CIYAM]

Has Gavin re-responded ?

Gavin did respond and was apparently "surprised" at what had appeared in the guys blog (which supposedly was not the same as the demonstration he was given).

The fact that Gavin "wasn't allowed to keep the signature" from the personal demonstration is rather suspicious though in itself (and Gavin has admitted that it is possible that he was bamboozled).

Perhaps the key question was whether Gavin verified the double hash of the phrase that he had provided to CW (he has not commented about that AFAIA) because if he didn't then he could have been tricked in exactly the same manner (i.e. the hash not actually being correct).

[spartacusrex]

Has Gavin re-responded ?

Gavin did respond and was apparently "surprised" at what had appeared in the guys blog (which supposedly was not the same as the demonstration he was given).

The fact that Gavin "wasn't allowed to keep the signature" in itself is rather suspicious though in itself (and Gavin has admitted that it is possible that he was bamboozled).

Oh Gav.. out of the frying pan into the fire.. Not sure if you'll survive this..

You mean well I'm sure, and come across as sincere.. BUT..

If you want to show you can lead the Bitcoin community, you're going to need to be able to not be 'bamboozled' when it comes to a simple thing like a cryptographic signature.

Especially in the Bitcoin community..

[Fatman3001]

Maybe this is what you're talking about:

https://www.reddit.com/r/btc/comments/4hfyyo/gavin_can_you_please_detail_all_parts_of_the/d2plygg

[CIYAM]

Maybe this is what you're talking about:

https://www.reddit.com/r/btc/comments/4hfyyo/gavin_can_you_please_detail_all_parts_of_the/d2plygg

Yup - and what is important to point out is that Gavin doesn't say exactly how he verified the signature (i.e. did he type in the same message?).

And even if he did - surely we are not just supposed to "take his word for it" (as that is not how Bitcoin works is it).

[spartacusrex]

Maybe this is what you're talking about:

https://www.reddit.com/r/btc/comments/4hfyyo/gavin_can_you_please_detail_all_parts_of_the/d2plygg

Andresen says an administrative assistant working with Wright left to buy a computer from a nearby store, and returned with what Andresen describes as a Windows laptop in a “factory-sealed” box.

!? .. This is getting embarrassing.

..

The Art of the Con

Step 1 : Trick them into thinking it's a new laptop..

.. the rest..

[TPTB_need_war]

Can someone explain how he signed the 'Satre' quote WITHOUT having to break SHA256 (finding a collision) ?

It's pretty important, as if he did do that, Bitcoin is broken.

He never used the hash of any Sartre quote (that was just misdirection) - the double hash that he used was simply that used in Satoshi's tx along with the signature that was used in the tx.

(basically he just copied and pasted from the blockchain then put together an elaborate pretense that he had somehow managed to sign something else using a private key known to belong to Satoshi)

Even the silly BBC report has been corrected once they finally worked out that they had been tricked.

Oh.. I see.. thanks.

How can 'big boys' like Gavin and Matonis have fallen for this.. !? That shows very poor skills..   ( ..too poor if you ask me.. )

No one has presented a script which hashes all portions of the Sartre text to verify whether it does or does not hash to the correct value.

Until someone does that, they can't be sure that Craig won't reveal the Sartre text which does hash to the correct value, thus proving that he broke the cryptography. Since the SHA-256 was already broken to 46 - 52 rounds of the 64 rounds (for a single hash), then doubling the hash as Bitcoin does could potentially break it for all 64 rounds, because ostensibly collision resistance gets worse when doubling a hash (as I had explained in detail upthread). No one knows why Satoshi designed Bitcoin with a double hash. I am positing it might be a back door.

CIYAM is misleading you. Follow an idiot if you want to be one.

I'm sorry for my lack of technical understanding, but if there were a back door in btc.

1. Could this be fixed easily before it could be used in a way to hurt btc? i.e do you need a super computer to utilize this back door?
2. would this same issue be there in all alts that were essentially cloned from btc code or does using a different algo or POS help to nullify this backdoor?

I am not sure if you thread was deleted since you didn't receive a PM about it. Does one receive a personal message when a thread is moved?

No when a thread is moved they don't receive a PM, but there is no "Moved: ....." thread message remaining the Bitcoin Technical Discussion subforum. And I also checked Off-topic and it hasn't been moved there afaics. Also normally the link doesn't stop functioning even when it is moved. Clearly Gmaxwell is trying to hide it.

Gmaxwell might try to claim he banned me from that sub-forum, yet he had mentioned in our last communications that I am not banned from that forum. And also smooth and I recently posted in the thread in that sub-forum on one of the SegWit threads and afaik my post hadn't been deleted the last time I looked. He didn't just delete my posts in the thread but also posts from several other forum members who posted in that thread. The entire thread has been vaporized afaics. I presume Gmaxwell is formulating his plan now how to try to make me look like a fool. We know what happened the last time he tried to do that, I embarrassed him technically.

What I stated in that thread is that this is all presuming that Craig will be able to tell us which portion of the Sartre text hashes the hash output that was signed as proof on his blog. If Craig doesn't ever do that, then he is a fraud. But if he does it, then it means there is some cryptographic breakage in Bitcoin. And I am identifying the double hash as the greatest potential weakness.

1. The more I think about it, the more I realize that if it is true, then it means who ever can do this, could potentially spend other people's coins. So maybe this is how Craig will spend coins from an early block of Bitcoin (although he might have mined then also depending how early the block is he moves coins from). And the only fix I think would be to have everyone respend their coins with a fixed block chain and fixed wallets. And for lost or inactive coins, they would remain vulnerable. You may or may not need a super computer depending on the cryptographic breakage. I am not sure if an ASIC miner would help or if having access to a miner in China with 30% of Bitcoin's hashrate would help or be necessary. I can't really speculate on the exact metrics of any cryptographic breakage since this would have I assume required a lot of research on his part.

2. Yes it would apply to clones which copies the double hashing.

I repeat this is conjecture that hinges on two speculations:

a) That Craig can present the portion of the Sartre text which hashes correctly.

b) That the cryptographic breakage that allowed #a, is a break in the SHA256 presumably due to the double hashing.

Okay now we are starting to get some evidence that there might be a coordinated attack to hide the facts I have presented (note the following thread move to Meta is not the thread that Gmaxwell deleted):

Your thread was deleted because it was utterly moronic, even more so than your usual bullshit. Everyone who had the misfortune to read it is now dumber for having done so. Go ahead and sell your coins, and don't let the door hit you on your way out.

The Bitcoin maximalists are having a heart attack because they don't like the facts.

[Fatman3001]

A WO-thread buddy of mine shared an interesting point:

This is how Satoshi Nakamoto would have to reveal himself in order to not risk breaking Bitcoin or causing market disruptions.

* First you contact people you know you can prove it to, make them sign an NDA and keep 100% control of the process.

* Release the claim along with confirmations from these trusted parties.

* Provide confusing proof to the public to soften the blow.

* Let time pass.

* Gradually provide more convincing proof to the public.


With that in mind it would probably be wise to keep from going apeshit on forums before we know more.

[Come-from-Beyond]

Okay now we are starting to get some evidence that there might be a coordinated attack to hide the facts I have presented (note the following thread move to Meta is not the thread that Gmaxwell deleted)

It's likely not a coordinated attack but a manifestation of collective conscience of bitcoin holders who don't want a sell panic to start.

[TPTB_need_war]

Okay now we are starting to get some evidence that there might be a coordinated attack to hide the facts I have presented (note the following thread move to Meta is not the thread that Gmaxwell deleted)

It's likely not a coordinated attack but a manifestation of collective conscience of bitcoin holders who don't want a sell panic to start.

Well let them be the last one out the door. Much better they can trample each other on the way out.  

[hhanh00]

Okay now we are starting to get some evidence that there might be a coordinated attack to hide the facts I have presented (note the following thread move to Meta is not the thread that Gmaxwell deleted)

People have refuted your theory but you just don't want to listen.

"If you sign the same message with the same key, you will get a different signature".

Your chances to get the same signature is ~1/2^256. Why? Because of the the 3rd step of the ECDSA algorithm. Quoting from https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm

Calculate e = \textrm{HASH}(m), where HASH is a cryptographic hash function, such as SHA-2.
Let z be the L_n leftmost bits of e, where L_n is the bit length of the group order n.
Select a cryptographically secure random integer k from [1, n-1].
Calculate the curve point (x_1, y_1) = k \times G.
Calculate r = x_1\,\bmod\,n. If r = 0, go back to step 3.
Calculate s = k^{-1}(z + r d_A)\,\bmod\,n. If s = 0, go back to step 3.
The signature is the pair (r, s).

Their emphasis, not mine.

Now, tell me. How did CW come up with the same signature as something from the blockchain if he was casually signing a message? Bear in mind that k is chosen by the signing software (openssl) and not an input from the user.

[TPTB_need_war]

Who are you quoting? I never wrote that text.

Yes you did. Either that or you decided to take credit for someone else saying it. Maybe you should go to a doctor and ask for an Alzheimer's screening, considering you've already forgotten something you wrote today.

I did not write that text with bolded phrase and without the context of the caveats that I provided at the deleted thread which was quoted out-of-context and missing the link to the context, as explained already dufus:

It seems likely that Craig has identified the back door that was placed in Bitcoin as explained above, and used his supercomputer access to find a preimage of SHA256.

Who are you quoting? I never wrote that text.

Liars and spin masters rephrase the wording to present someone's argument out-of-context (and delete entire threads where the caveats where disclaimed by myself which you are failing to mention).

Is that the best you retards can do?

P.S. the context at the deleted thread which LauraM didn't even link to, contained bolded and red caveats similar to my reexplanation as follows (which I was forced to repeat after your leader gmaxwell vaporized an entire thread):

What I stated in that thread is that this is all presuming that Craig will be able to tell us which portion of the Sartre text hashes the hash output that was signed as proof on his blog. If Craig doesn't ever do that, then he is a fraud. But if he does it, then it means there is some cryptographic breakage in Bitcoin. And I am identifying the double hash as the greatest potential weakness.

1. The more I think about it, the more I realize that if it is true, then it means who ever can do this, could potentially spend other people's coins. So maybe this is how Craig will spend coins from an early block of Bitcoin (although he might have mined then also depending how early the block is he moves coins from). And the only fix I think would be to have everyone respend their coins with a fixed block chain and fixed wallets. And for lost or inactive coins, they would remain vulnerable. You may or may not need a super computer depending on the cryptographic breakage. I am not sure if an ASIC miner would help or if having access to a miner in China with 30% of Bitcoin's hashrate would help or be necessary. I can't really speculate on the exact metrics of any cryptographic breakage since this would have I assume required a lot of research on his part.

2. Yes it would apply to clones which copies the double hashing.

I repeat this is conjecture that hinges on two speculations:

a) That Craig can present the portion of the Sartre text which hashes correctly.

b) That the cryptographic breakage that allowed #a, is a break in the SHA256 presumably due to the double hashing.

You continue following gmaxwell. He will lead you to failure.

I did not write that text with bolded phrase and without the context of the caveats that I provided at the deleted thread which was quoted out-of-context and missing the link to the context

Regardless of whether the context is provided, trying to deny you wrote the text is a lie. Granted the meaning changes somewhat when context is provided, however it doesn't change the fact.

I denied writing the text without the context. Where is the lie? Are you pulling my words out of my context again! Disingenuous fuckers you all are.

I don't understand what this thread's point is. Are you complaining that the staff deleted your post, or just trying to spread your 'facts' around the forum further to cause unnecessary panic?

Yeah you don't understand. Probably because you don't want to understand. Enjoy.

Your thread was deleted because it was utterly moronic, even more so than your usual bullshit. Everyone who had the misfortune to read it is now dumber for having done so. Go ahead and sell your coins, and don't let the door hit you on your way out.

The Bitcoin maximalists are having a heart attack because they don't like the facts.

While there are facts I don't like, I can accept them and I've never suffered a heart attack as a result. Though it's irrelevant since you've never said anything that even remotely resembles a fact.

You are free to present a refutation of anything I've written. So far, I've seen no technical argument from you.

Please do try, so I can REKT you.

[TPTB_need_war]

Okay now we are starting to get some evidence that there might be a coordinated attack to hide the facts I have presented (note the following thread move to Meta is not the thread that Gmaxwell deleted)

People have refuted your theory but you just don't want to listen.

"If you sign the same message with the same key, you will get a different signature".

Your chances to get the same signature is ~1/2^256. Why? Because of the the 3rd step of the ECDSA algorithm. Quoting from https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm

Calculate e = \textrm{HASH}(m), where HASH is a cryptographic hash function, such as SHA-2.
Let z be the L_n leftmost bits of e, where L_n is the bit length of the group order n.
Select a cryptographically secure random integer k from [1, n-1].
Calculate the curve point (x_1, y_1) = k \times G.
Calculate r = x_1\,\bmod\,n. If r = 0, go back to step 3.
Calculate s = k^{-1}(z + r d_A)\,\bmod\,n. If s = 0, go back to step 3.
The signature is the pair (r, s).

Their emphasis, not mine.

Now, tell me. How did CW come up with the same signature as something from the blockchain if he was casually signing a message? Bear in mind that k is chosen by the signing software (openssl) and not an input from the user.

I refuted you 3 times in the thread that Gmaxwell deleted. So you can ask him to restore the thread so everyone can check if my refutations were correct.

I have not been able to read any other posts that might have been in that deleted thread, because it is deleted.

If you want to provide a link to any new refutations from others, I will be happy to respond to them directly. I am not going to have a conversation with someone who I don't even know who I am responding to. Provide a link.

Edit: the above pseudo-code does not refute my theory. 

[hhanh00]

Well you said - may be not in these exact terms because I don't have the thread either -

"afaics, you sign the same message - you get the same signature."

Besides, if you have a great refutal, why not repeat it here? Sounds like exactly what CW is doing - so maybe - you are Satoshi.

Edit to reply to your edit: LOL - That code is the description pulled from the Wikipedia.

[TPTB_need_war]

Edit to reply to your edit: LOL - That code is the description pulled from the Wikipedia.

It is irrelevant to my theory. I explained that to you 3 times already in the thread that Gregory Maxwell vaporized.

[Come-from-Beyond]

Well you said - may be not in these exact terms because I don't have the thread either -

"afaics, you sign the same message - you get the same signature."

Those who don't have a cryptographically secure random number generator might use SHA384(signedMessage) for that. In this case you'll be getting the same signature again and again and again...

PS: BTW, why people use random number generators for that? It's harder to generate a truly random number than to calculate hash(signedMessage).

PS2: Disregard "PS", more likely it's because some of these people might use a random number generator with NSA backdoor. This reminds me something... Yes, found it - http://arstechnica.com/security/2015/01/nsa-official-support-of-backdoored-dual_ec_drbg-was-regrettable/

[TPTB_need_war]

I understand it is only speculation at this point, and perhaps the other explanation you mentioned is more likely.

Yes it is much more likely he is a fraud. But one has to wonder why he has gone this far, if he can't follow through.

My theory was only to discuss a theory, but the Bitcoin maximalists can't tolerate freedom-of-speech. So this might tell you where Blockstream will lead Bitcoin. Their SegWit is arguably a scam where they will not have soft fork versioning control over Bitcoin after adding SegWit, as has been explained by Professor Stolfi for example.

The soft fork versioning is a Trojan Horse. Smooth and I challenged Gmaxwell on that point some weeks ago in the Bitcoin Technical Dicussion thread, and last time I checked he had never replied.

It is all politics.

Is there any other reason there is double hashing? I mean are there known benefits and thus reasons it was employed? It was simply a mystery addition that nobody could justify its existance?

Afaik, nobody can justify it. Apparently only Satoshi knows why.

I am now offering a theory as to why. And speculation could be perhaps some people already knew this and were covering it up perhaps, but that isn't necessary to make my theory worth discussing.

If there are no high level tech people here that can explain exactly why it is there then it does seem strange? why was it not questioned before and perhaps removed?

Afair it has been questioned and brushed aside as, "only satoshi knows".

So specifically LTC/Doge would be effected too? the algo does not matter ie scrypt is just as vulnerable as sha256 because this same double hashing is present?

Transaction signing is not related to mining hash algorithm.

Are there any other high level programmers here who have looked at the double hashing and have any ideas about it? negative or positive?

As far as I know, I am the first to present the potential for decreased collision resistance. I googled and didn't find anything.

Hopefully this is not the case and even if it were it is fixable before someone and their super computer or large hash farm can cause any issues.

What about ETH is that vulnerable.

I don't know if ETH uses a double hash on signing.

Also there is another detail which I am not sure about, which I was hoping to ask in that other thread that got deleted. I want to know if Bitcoin is signing a double hash of the transaction, or if the double-hash is only on the public key? That makes a big difference. If only the latter, then perhaps my theory is incorrect. As I wrote in the OP of the thread that got deleted, I didn't spend a lot of time checking all the details and hoped to receive peer review from other experts. but the thread was deleted.

I mean hopefully even worst case there would be a rush to other non vulnerable cryptos and not everyone bailing on the entire cryto scene.

This is why it is always good to have a few different currencies. Some which share practically no similaries so if a whole is found it one then capital can flow to another.

The most likely outcomes are:

1. Craig is a fraud and this issue dies.
2. I misunderstood some detail about where the double-hashing is in Bitcoin's transaction system, thus my theory is invalid.

However, there is also a chance my theory is correct. In that case, I don't know if altcoins without the vulnerability would benefit or suffer.

I just wanted to have a discussion. The Bitcoin maximalists turned it into a war. Bastards.

[hhanh00]

Well you said - may be not in these exact terms because I don't have the thread either -

"afaics, you sign the same message - you get the same signature."

Those who don't have a cryptographically secure random number generator might use SHA384(signedMessage) for that. In this case you'll be getting the same signature again and again and again...

PS: BTW, why people use random number generators for that? It's harder to generate a truly random number than to calculate hash(signedMessage).

PS2: Disregard "PS", more likely it's because some of these people might use a random number generator with NSA backdoor. This reminds me something...

Bitcoin core was using a random k,  therefore the signature from the blockchain is using one. It's not going to match one produced by a deterministic hash of the message.

[Come-from-Beyond]

Bitcoin core was using a random k,  therefore the signature from the blockchain is using one. It's not going to match one produced by a deterministic hash of the message.

What a weird design increasing vulnerability of users' BTCs.

[mindrust]

LoL what a dork.

Why would any person with self respect would try such scam? I guess having a PhD don't do any good nowadays. Loser.

[TPTB_need_war]

http://drcraigwright.net/ 

It appears that the entire fiasco was crafted to destroy Matonis and Andresen.

He has apparently taken the fall in order to hand more power to those who are not Matonis and Andresen.

But the saga may not be fully played out yet...

[klee]

No idea if Anonymint is right or wrong but ENOUGH OF THIS BASTARDOCRACY!.

[TPTB_need_war]

You got your answer, satoshi my ass... lol

http://www.drcraigwright.net/

LOL, back to work

We don't know yet for sure who Craig is working for.

This obviously was not done without a purpose.

You don't take these huge risk (e.g. of being sued, etc) without a sufficient reason.

Is Matonis a large blocker like Gavin?

Not?

https://www.reddit.com/r/Bitcoin/comments/3yupa6/philosophy_jon_matonis_extending_transaction_fee/

But they both are key members (control?) the Bitcoin Foundation?

What were their positions on Blockstream's SegWit?

Matonis is against block chain soft forks that are in SegWit:

https://www.cryptocoinsnews.com/jon-matonis-believes-block-size-debate-precursor-block-reward-debate/

http://bitcoinist.net/bitcoin-industry-leaders-block-size/

I guess there goes your Bitcoin is broken fud theory.

It might still be technically valid even if Craig isn't availing of such a vulnerability. And I am not yet sure if Craig has quit. He would place himself in greater legal burden by not following through.

Asking to have a technical discussion with a question mark and asking readers to please wait for the replies from other experts, hardly constitutes FUD. Please re-read the quote where I specifically stated those caveats from the very start (of course Gmaxwell deleted the thread but we still have my quote of the OP).

Remember Monero (not smooth) ignored for a year or more my points about combinatorial unmasking and IP address correlation. Finally now they admit it.

[jacko0088]

look --> http://www.drcraigwright.net/

[TPTB_need_war]

Your thread was deleted because it was utterly moronic, even more so than your usual bullshit. Everyone who had the misfortune to read it is now dumber for having done so. Go ahead and sell your coins, and don't let the door hit you on your way out.

The Bitcoin maximalists are having a heart attack because they don't like the facts.

While there are facts I don't like, I can accept them and I've never suffered a heart attack as a result. Though it's irrelevant since you've never said anything that even remotely resembles a fact.

You are free to present a refutation of anything I've written. So far, I've seen no technical argument from you.

How can I? One can only make a technical argument against disputed facts, and as I said, nothing you've ever said resembles a fact, disputed or otherwise.

I presented a technical argument. Regardless of the actions of Craig, that technical argument remains.

A technical argument by definition is not a fact. It is a technical position that stands to be debated. So if you are unwilling to respond technically to my technical points, then obviously you have nothing technical to say.

Here are some positions I made which you and no one else has refuted:

1. Craig said he signed a hash of some Sartre document but did not disclose which portion of the text. No one has written a script to prove that no portion or combination of portions of that Sartre text will not hash to the value that was signed. Thus I stated until someone has proven that it is impossible for Craig to later show that some portion of the Sartre text will hash to the sign hash value, then you can't claim with certainty that he can't do that. At the bare minimum, those who were checking Craig's proof, should have at least run a simple script to try every contiguous portion (no permutations) of the Sartre text (which is a tractable computation).

2. I have stated that no one seems to know why Bitcoin employs double hashing, and I have stated a theory that double hashing may weaken the collision resistance of the SHA256. I gave my logic for why that may be the case. I also note that SHA256 is documented to be reasonably close to being broken with 46 - 52 of the 64 rounds already broken. Thus I presented the theory that perhaps the double-hashing might push the vulnerability over the edge of breakage of 64 rounds. I didn't present that as a likely theory. I presented it as a point of discussion. If you have no way to refute this technical possibility because you don't know a damn thing about cryptographic hash function construction then that means you are not expert enough to comment about the quality of my theory. Do you for example even understand why two SHA256 hash function applications in series is not equivalent to 2 x 64 rounds? I ask you a specific question and I expect a specific answer.

I understand you don't like me, but that is your personal problem. Only a technical reply from you is relevant. Of course you can't make one.

Also how do you know that Craig didn't withdraw his plan because I just explained how he may of accomplished the feat he claimed he can do? I mean if someone could even explain the rational justification for the double-hashing, then we wouldn't be wondering as much.

[spartacusrex]

look --> http://www.drcraigwright.net/

Weird HTML page..

just has..

<img src="homepage.jpg"> and no other tags.

..

More Importantly - what a dickhead. He is still not denying he is Satoshi. Just some BS about being a little crybaby girl.

And YES - '..their honour and credibility has been irreparably tainted by your actions..'

[Fatman3001]

look --> http://www.drcraigwright.net/

Weird HTML page..

just has..

<img src="homepage.jpg"> and no other tags.

..

More Importantly - what a dickhead. He is still not denying he is Satoshi. Just some BS about being a little crybaby girl.

And YES - '..their honour and credibility has been irreparably tainted by your actions..'

Well, he's either Satoshi, in which case that would make little sense; or he's a con man, in which case it would still make little sense.

[JaneEverycunt]

look --> http://www.drcraigwright.net/

Weird HTML page..

just has..

<img src="homepage.jpg"> and no other tags.

..

More Importantly - what a dickhead. He is still not denying he is Satoshi. Just some BS about being a little crybaby girl.

And YES - '..their honour and credibility has been irreparably tainted by your actions..'

Well, he's either Satoshi, in which case that would make little sense; or he's a con man, in which case it would still make little sense.

Or it's not him. Domain creation date for http://drcraigwright.net/  is 02/15/2016

[TPTB_need_war]

More Importantly - what a dickhead. He is still not denying he is Satoshi. Just some BS about being a little crybaby girl.

And YES - '..their honour and credibility has been irreparably tainted by your actions..'

Well, he's either Satoshi, in which case that would make little sense; or he's a con man, in which case it would still make little sense.

Finally someone with a brain stem.

But he may be playing a different genre of con.

BCX pretended he would attack Monero, ostensibly because he shorted it. Craig is up to something.

[TPTB_need_war]

The plot thickens. 

Think about it - if you were purchasing a domain with your name in the title, why would you register it using an anonymous registrant to hide your name?

Forgot to tick-off default option "Protect my privacy for 5.99$ per year" maybe?

That's one perfectly plausible explanation
It couldn't possibly be anything like

My guess is wishful thinking. Never change, bitcointalk, never change...

not really sure where you're going with this. so you're saying that craig can deny his ties to the domain? what would that do? his claims on satoshi's identity were recorded in a video.

Not suggesting that he did not claim to be Satoshi. Merely that not everything posted on the internet can be taken at face value. If he needed to claim that he is not the author of that apology, he easily could.
And, of course,

< >The BBC understands that this tweet signifies that Mr Matonis still believes Dr Wright is indeed Satoshi.

"A lot more people in the Bitcoin community are going to be unconvinced of Dr Wright's claims than will believe he is Satoshi, based upon what's happened to date," commented Dr Garrick Hileman, an economic historian at the Cambridge Centre for Alternative Finance.

"But many of the doubters don't want to be convinced. Satoshi has been mythologised and if you pull back the curtain, you shatter a lot of people's fantasies.

[TPTB_need_war]

The thread likely got deleted because of your repeated insults leveled against other posters there

I do not remember making any such insult. Please quote them and don't allege something you can't demonstrate, for that is a very slimy tactic.

, why you never got a notification could be because it was a whole thread that was deleted rather then a single post.  I'm not sure if a notification is sent out if a whole thread is deleted, never had one deleted myself.

Even when threads are moved to the Trashcan, we get a link showing they have been. Gmaxwell has some sort of super powers as a mod. I have no idea what kind of incestuous relationship is going on between theymos and Gmaxwell, but it doesn't really matter since Bitcoin is basically destroyed now with 70% of the mining controlled by China, soon to be 98+%, and with Blockstream implementing their SegWit soft fork Trojan Horse so as Matonis admits can end up increasing the 21 million coins limit.

The entire ecosystem is headed for a clusterfuck.

This certainly makes GA (chief bitcoin scientist?) look pretty gullible.  Not sure who that Jon guy is and how he backed CWs claim.

Not at all. If the drcraigwright.com is a farce, then nothing has been shown to be untrue about what Wright allegedly proved in private.

This is a masterful chess game being played.

And it is making everyone look like a fool, including those who said Craig was confirmed to be a fraud.

And including yourself for alleging that I speak FUD.

Those who have disingenuous intentions and attitudes eventually get what they deserve and that will include yourself.

[klee]

Even when threads are moved to the Trashcan, we get a link showing they have been. Gmaxwell has some sort of super powers as a mod. I have no idea what kind of incestuous relationship is going on between theymos and Gmaxwell, but it doesn't really matter since Bitcoin is basically destroyed now with 70% of the mining controlled by China, soon to be 98+%, and with Blockstream implementing their SegWit soft fork Trojan Horse so as Matonis admits can end up increasing the 21 million coins limit.

The entire ecosystem is headed for a clusterfuck.

This should be pinned everywhere.

Just to add that with completely non transparent Chinese exchanges we will never know what the real price of BTC is (they are the Market Makers even after Interactive Brokers + XBT ETN).

[tyz]

Not only BBC, almost all media has reported about the revelation of Satoshis identity. They all get catched by this hoax.
The motto of "quality media" today is to copy and paste without question it.

i can imagine how fools bbc to believe his shitty statement and publishing it widely through their website,i hope only bbc who can be this easily getting lied by craig,the good thing, no one will believe this person and his mouth

[LiteCoinGuy]

Dr. Wrong and the Art of Digital Misdirection

http://jere.in/dr-wrong-and-the-art-of-digital-misdirection

[2dogs]

Even when threads are moved to the Trashcan, we get a link showing they have been. Gmaxwell has some sort of super powers as a mod. I have no idea what kind of incestuous relationship is going on between theymos and Gmaxwell, but it doesn't really matter since Bitcoin is basically destroyed now with 70% of the mining controlled by China, soon to be 98+%, and with Blockstream implementing their SegWit soft fork Trojan Horse so as Matonis admits can end up increasing the 21 million coins limit.

The entire ecosystem is headed for a clusterfuck.

This should be pinned everywhere.

Just to add that with completely non transparent Chinese exchanges we will never know what the real price of BTC is (they are the Market Makers even after Interactive Brokers + XBT ETN).

Time will tell on this, g-d help us if you are right.

[TPTB_need_war]

Even when threads are moved to the Trashcan, we get a link showing they have been. Gmaxwell has some sort of super powers as a mod. I have no idea what kind of incestuous relationship is going on between theymos and Gmaxwell, but it doesn't really matter since Bitcoin is basically destroyed now with 70% of the mining controlled by China, soon to be 98+%, and with Blockstream implementing their SegWit soft fork Trojan Horse so as Matonis admits can end up increasing the 21 million coins limit.

The entire ecosystem is headed for a clusterfuck.

This should be pinned everywhere.

Just to add that with completely non transparent Chinese exchanges we will never know what the real price of BTC is (they are the Market Makers even after Interactive Brokers + XBT ETN).

Time will tell on this, g-d help us if you are right.

No God help me. Because I have the solution and it won't be fixing Bitcoin. Why do you think Gmaxwell hates me do much! He is ostensibly afraid and he should be.

[TPTB_need_war]

I was sleeping. Now the REKTing will ensue.

I am an innocent Noob, and not a sock puppet.

I believe you are a liar. Prove it by revealing your identity. My identity is known to everyone. I have revealed my full name, where I live, my history, my LinkedIn account, my public non-anonymous writings published over the internet, etc..

If you believe that, you are dumber than I thought.

Yes, I do believe I explained it.

If you feed the script a plain ASCII text file, you'll just claim he might have used UTF16. Or a PDF file, which can altered in infinitely many ways without affecting the text content. Or a JPEG of a photograph of a printout of the document. Or something else entirely.

Perhaps you're illiterate?

Yes of course there is a combinatorial explosion of possibilities which was my point that you all can't conclude with 100% certainty that Craig can't produce a preimage of the hash, unless you can be sure he can't second preimage SHA-256 or otherwise find a collision. And I had stated that double hashing with SHA-256 might possibility have a cryptoanalysis hole that isn't known to exist in the cryptoanalysis of a single hashing. Again this was just a theory I wanted to discuss. Perhaps you don't like theories. Perhaps you would have preferred that Einstein didn't ponder riding in elevators. Well small, closed minds aren't very creative and thus don't achieve greatness. More on that with follow in a subsequent post.

However, in spite of the fact that you can't disprove any possible means of representation or permutation of the Sartre text, I wrote several times upthread that at the bare minimum, those protagonists who were claiming 100% certainty that Craig could not do something (btw a very strong claim), it would behove them to at least show that using typical representations of the Sartre text (e.g. ASCII text and perhaps UTF8/UTF16), that no contiguous portion of the text could hash to the signed hash. Moreover and more saliently, I pointed out that the protagonists were disingenuous or derelict by not pointing out the possibility that Craig might still be able to match the hash with some revealed content, Iff (if and only if) Craig had found a way to second preimage or otherwise find the necessary collision on the SHA256 hash. That the protagonists were too lazy to do this and were also too lazy to even verify if the website drcraigwright.com is Craig Wright's official communication vehicle (which apparently it is not and is now for sale here on bitcointalk.org according to a screen capture I quoted upthread), points to the lack of diligence and/or disingenuity in this tribe of Bitcoin maximalists including apparently yourself, who think they are holier than thou.

Do not disingenously quote my above two paragraphs out-of-context again. Don't cherry pick my context to make inane non-rebuttals which side-step my holistic set of points.

Note when I am done REKTing you on the technical points (again more is to follow below after this post), I never again want to waste my precious time with a useless and disingenuous turd. So this will be your last interaction with me.

We do have fairly convincing evidence that the signature Wright posted is not a signature of any subset of the Sartre document.

Specifically, it matches an early public signature from Satoshi lifted from a Bitcoin transaction. The chance against any portion of the Sartre document generating an identical signature are astronomical. Hence, it's pretty clearly an attempt at fraud or at the very least intentional misdirection.

You are apparently mathematically illiterate. If Craig can't find the second preimage or necessary collision, then he can't find a text that matches. Period. If he can find the second preimage or necessary collision, then he can find a text that matches. Period. When we analyze the probability, we don't start only with the Sartre text document. He could have chosen from any document on earth.

Thus his ability to use only contiguous portions of the Sartre document is mathematical plausible (again assuming he has the necessary cryptographic breakage), and thus it behoves the protagonists to explain this and even to write a quick script to prove that the contiguous portions possibilities in the common encoding formats does not hash to the signature he provided. The derelicts didn't do this. My necessary mathematical assumption in this paragraph (not impacting the prior paragraph) is that the hash function would be subject to a multi-collision attack. Thus if the breakage is not multi-collision, then Craig could not have reasonably limited himself to contiguous portions because the search for document matches in itself would probably be an intractable computational problem. My point remains that we see none of this sophisticated explanation from the protagonists. Instead they do a little bit of half-ass analysis and then everyone proclaims Craig is a fraud. This is Craig's point! I simply wanted to have a theoretical discussion in the Bitcoin Technical Discussion subforum and instead had my legitimate inquiry vaporized by the Bitcoin maximalist "forum-Hitler" moderator who uses the moniker Gmaxwell or in real life Gregory Maxwell. And we have all his underlings here who promulgate his shitty attitude and actions.

[TPTB_need_war]

I will proceed to explain once you confirm that do not understand why Merkle–Damgård construction is relevant? Either explain or admit you don't know. So I can proceed to teach you something. You are wasting my scarce time with your stalling/deception tactics and trolling.

No, you're the one wasting my time. I don't have to explain anything. You do. And you're not. I can only assume by your lack of explanation that you can't produce one.

Next time you will realize not to fuck with me, because I know a lot more than you assume.

I assume you know nothing, so knowing more than that isn't much of an accomplishment. But please go ahead and demonstrate your accomplishment. We're all waiting.

I'll interpret your reply as an ostensibly intentional veiled admission that you could not answer the question. So I will proceed to explain the sort of theoretical analysis that I was interested in discussing in the thread that the "forum-Hitler" Gmaxwell nuked.

Tangentially note the disclaimer that I wrote in the OP of the thread which was nuked:

Does anyone know what black hole Bitcoin core (Blockstream) developer Gmaxwell moved the quoted thread to?

[...]

I urge immediately peer review of my statements by other experts. I have not really thought deeply about this. This is just written very quickly off the top of my head. I am busy working on other things and can't put much time into this.

I had written in that nuked and vaporized thread a post (my last or nearly last post in that nuked thread) which explained that at the moment I wrote that quoted OP, I had been mislead by sloppy writing on the news sites (and also the linked sites of the protagonists) into thinking that the hash of the Sartre text was already confirmed. For example, I provided this quote:

Craig Wright’s chosen source material (an article in which Jean-Paul Sartre explains his refusal of the Nobel Prize), surprisingly, generates the exact same signature as can be found in a bitcoin transaction associated with Satoshi Nakamoto.

Being at is was by that time late in the evening for my timezone and I had been awake roughly 18 hours already, and I was skimming in an attempt to make some quick feedback on this potentially important event, so I could return to my work asap. In the nuked thread, I quickly realized that the Sartre text hadn't been verified to match the hash, so I actually stopped posting in the nuked thread for a few hours. Then when I came back to thread, it didn't exist so I could no longer follow up or read what had been elucidated. Thus note my original focus was on how the hell could Craig have achieved that match, so he must have broken the hash. I had recalled that I had theoretically doubts about the double hashing which I had never bothered to discuss with anyone. It had been 2+ years since I did that research on cryptographic hash functions, so I had to decide if I was going to go dig back into that research or not. I figured I'd sleep on it and then be able to think with a clearer, rested mind about the implications of the revelation (to me) that the hash had not been verified to match the text because the portion of the text had not been sufficiently specified (again the "undisclosed" term didn't make sense to me in quick skimming because I had read on the blog that the Sartre text was referred to).

But instead of being able to sleep on it and then decide whether to let it go or dig back into my past research, my thread was nuked and I was under attack. Remember I don't back down from anyone when I think I am justified. When I think I am wrong, I mea culpa.

So now back to the subject matter of whether double hashing could theoretically lead to any weakening of the second preimage and/or collision security of the SHA-256 cryptographic hash function.

Afaik, there is no research on this question. If anyone is aware of any, please kindly inform me.

First I will note the Merkle–Damgård construction (which SHA-256 employs) is subject to numerous generic attacks and even though afaik none of these are currently known to be a practical threat against a single hash of SHA-256, we can perhaps look to those generic attacks for potential clues as to what a double-hashing might enable which a single-hash application perhaps might not.

Note in the pseudo-code for SHA-256 that what distinguishes a double-hashing from doubling rounds (i.e. "Compression function main loop:") or repeating the input text in double the block chunks (i.e. "Process the message in successive 512-bit chunks:"), is that the h0 - h8 compression function state which is normally orthogonal to the input block chunks instead gets transmitted as input to a block chunk in the second hash application (i.e. "Produce the final hash value (big-endian):") after being added to the output of the compression function (i.e. "Add the compressed chunk to the current hash value:"). And the h0 - h8 compression function state is reset to a constant (i.e. "Initialize hash values:").

The reason I think this might be theoretically significant is because we should note that the way cryptographic hash functions are typically broken is by applying differential cryptanalysis. Differential cryptanalysis is attempting to find some occurrence of (even higher order) differences between inputs that occurs with more frequent probability than a perfectly uniform distribution. In essence, differential cryptanalysis is leveraging some recurrent structure of the confusion and diffusion and avalanche effect of the algorithm.

Not only does the double-hashing introduce a constant  h0 - h8 midstream thus introducing a known recurrent structure into the middle of the unified algorithm of a double-hashing, but it shifts the normally orthogonal compression function state to the input that it is designed supposed to be orthogonal to. On top of that, the additions of the h0 - h8 state at the midpoint, can possibly mean the starting state of the midpoint is known to have a higher probability of zeros in the least significant bits (LSBs). This last sentence observation comes from some research I did when I created a much higher bandwidth design variant of Berstein's ChaCha by fully exploiting AVX2 SIMD, that was for a specific purpose of creating a faster memory hard proof-of-work function. In that research, I had noted the following quote of an excerpt in my unfinished, rough draft, unpublished white paper written in late 2013 or early 2014 (and kindly note that the following might have errors because it was not reviewed for publishing and was merely notes for myself on my research understanding at that time 2+ years ago):

Security

Addition and multiplication modulo (2^n - 1) diffuse through high bits but set low bits to 0. Without shuffles or rotation permutation to diffuse changes from high to low bits, addition and multiplication modulo (2^n - 1) can be broken with low complexity working from the low to the high bits [5].

The overflow carry bit, i.e. addition modulo ∞ minus addition modulo (2^n - 1), obtains the value 0 or 1 with equal probability, thus addition modulo (2^n - 1) is discontinuous i.e. defeats linearity over the ring Z/(2^n) [6] because the carry is 1 in half of the instances [7] and defeats linearity over the ring Z/2 [8] because the low bit of both operands is 1 in one-fourth of the instances.

The number of overflow high bits in multiplication modulo ∞ minus multiplication modulo (2^n - 1) depends on the highest set bits of the operands, thus multiplication modulo (2^n - 1) defeats linearity over the range of rings Z/2 to Z/(2^n).

Logical exclusive-or defeats linearity over the ring Z/(2^n) always [8] because it is not a linear function operator.

Each multiplication modulo ∞ amplifies the amount diffusion and confusion provided by each addition. For example, multiplying any number by 23 is equivalent to the number multiplied by 16 added to the number multiplied by 4 added to the number multiplied by 2 added to the number. This is recursive since multiplying the number by 4 is equivalent to the number multiplied by 2 added to the number multiplied by 2. Addition of a number with itself is equivalent to a 1 bit left shift or multiplication by 2. Multiplying any variable number by another variable number creates additional confusion.

Multiplication defeats rotational cryptoanalysis [9] because unlike for addition, rotation of the multiplication of two operands never distributes over the operands i.e. is not equal to the multiplication of the rotated operands. A proof is that rotation is equivalent to the exclusive-or of left and right shifts. Left and right shifts are equivalent to multiplication and division by a factor of 2, which don't distribute over multiplication e.g. (8 × 8 ) × 2 ≠ (8 × 2) × (8 × 2) and (8 × 8 ) ÷ 2 ≠ (8 ÷ 2) × (8 ÷ 2). Addition modulo ∞ is always distributive over rotation [9] because addition distributes over multiplication and division e.g. (8 + 8 ) ÷ 2 = (8 ÷ 2) + (8 ÷ 2). Due to the aforementioned non-linearity over Z/(2^n) due to carry, addition modulo (2^n - 1) is only distributive over rotation with a probability 1/4 up to 3/8 depending on the relative number of bits of rotation [9][10].

However, multiplication modulo (2^n - 1) sets all low bits to 0 orders-of-magnitude more frequently than addition modulo (2^n - 1)—a degenerate result that squashes diffusion and confusion.

[5] Khovratovich, Nikolic. Rotational Cryptanalysis of ARX. 2 Related Work.
[6] Daum. Cryptanalysis of Hash Functions of the MD4-Family.
     4.1 Links between Different Kinds of Operations.
[7] Khovratovich, Nikolic. Rotational Cryptanalysis of ARX.
     6 Cryptanalysis of generic AR systems.
[8] Berstein. Salsa20 design. 2 Operations.
[9] Khovratovich, Nikolic. Rotational Cryptanalysis of ARX.
     3 Review of Rotational Cryptanalysis.
[10] Daum. Cryptanalysis of Hash Functions of the MD4-Family.
    4.1.3 Modular Additions and Bit Rotations. Corollary 4.12.

So now put those aforementioned insights about potential recurrent structure at the midpoint of the double-hashing, together with the reality that a Boomerang attack is a differential cryptoanalysis that employs a midpoint in a cipher to form new attacks that weren't plausible on the full cipher. Bingo!

I'll refrain from providing my further insights on specifics beyond this initial sharing. Why? Because I've been treated like shit by Gmaxwell and you all here grant him too much Hitler-esque control over the Bitcoin Technical Discussion subforum where these sort of discussions are supposed to occur, so I will take my toys else where. Enjoy your echo chamber.

Do I have an attack against Bitcoin's double-hashing? I leave that for you to ponder.

[TPTB_need_war]

TPTB_need_war, you cannot prove nor disprove that the Sartre text Craig Wright supposedly hashed is a collision for SHA256.

I asked you to not do what you just did above:

Don't cherry pick my context to make inane non-rebuttals which side-step my holistic set of points.

You also pointed out that he supposedly has access to a supercomputer. Even with access to a supercomputer, he would not be able to find a collision as other researchers have already tried. Simply having a lot of computing power does not mean that he can find a collision.

Alternatively, Craig could have found a vulnerability in sha256, in which case a lot more things than just Bitcoin is screwed. If Craig did not responsibly disclose such a vulnerability and instead exploited it, this would be incredibly sketchy and dishonest behavior.

The point is that with a supercomputer together with a new cryptoanalysis break, the two together might be required to accomplish the attack. I want you to know that if China's pools see nearly all the mining shares, then they are viewing about 2⁶⁸ of SHA-256 hashing power per annum which may or may not be fulcrum. Don't presume you know all the theoretical attacks that are possible.

The theory that the sha256 double hash is weaker than sha256 is false. It has been proven that performing multiple iterations of a hash is more secure than just one iteration. Specifically, many websites will store users passwords in the form of a multiple iteration hash.

You've made at least two mathematically illiterate errors in that quoted text:

1. Testing that double-hashing fulfills some criteria you have prechosen, says nothing about security against cryptoanalysis which your criteria has not considered.
2. Securing a password by iterated hashing (because it requires the dictionary attacker to perform the iteration cost on each dictionary trial) says nothing about the increased vulnerability of collision cryptanalysis. You are conflating two separate issues of security. 

I am done speaking to these amateurs. Waste of my time.

[coins101]

Cross posting...

Jesus, bloody, hell...



If true, these guys have millions of BTC between them.

Not millions of $$ in BTC. Millions OF BTC.

If they've been telling the tax authorities little lies, they'll go to jail for a long time.

So, basically...I believe this guy is almost the real deal. Not Satoshi, but bloody hell he's been mining Bitcoin since practically day 1, difficulty 1.

Props.

he is not satoshi ...

he has a lot of btc - and so do many others - but he certainly is not satoshi ...

craig is nothing more than an opportunist that has found his time in the limelight - and is using it to his advantage ... nothing more ...

#crysx

This guy is no common opportunist. Without knowing if he has the various degrees and qualifications he claims to have; he is as smart as they come.

I'd put him in the cunning camp.  He has a plan and he is executing it.

My current guess is that he is positioning himself to take control of 1.1m BTC.

......

Getting closer to figuring this out?

[gabenewell]

I'm Satoshi Nakamoto,now its out. 

[alani123]

I think that an important piece in this puzzle is Wright's trouble with Australian tax authorities. Would he pretend to be satoshi if it weren't for him trying to justify those $54m R&D funds? I think not.

[Denker]

I think that an important piece in this puzzle is Wright's trouble with Australian tax authorities. Would he pretend to be satoshi if it weren't for him trying to justify those $54m R&D funds? I think not.

I think this is the key question here.
He has stolen australian governments money by pretending to have a trust with 1 million bitcoins locked in it until 2020.
After a while the aussies' found out they got fooled pretty bad and now Craig needed some verification that he indeed is satoshi and therefore has access to the coins. That's why imo he was going for GA and Matonis and present them via msm as proof that he is Satoshi.Verified by known and "respected" members of the Bitcoin community.This way he thought he could escape aussie authorities.At least for a while. In 2020 shit would have hit the fan at the latest if he wouldn't have found a place in some country which does not extradite.

[LFC_Bitcoin]

How many more threads are people going to open on this subject?

I wonder if Gavin's commit access will be permanently revoked? Do people honestly believe he wasn't in cahoots with Wright?

It should be. This is one strike too many; it is time to say farewell to GA.

Agree, enough is enough.

The man simply can not be trusted to have bitcoin's best interests at heart.

[coins101]

How many more threads are people going to open on this subject?

I wonder if Gavin's commit access will be permanently revoked? Do people honestly believe he wasn't in cahoots with Wright?

It should be. This is one strike too many; it is time to say farewell to GA.

Agree, enough is enough.

The man simply can not be trusted to have bitcoin's best interests at heart.

That's simply divisive bollocks that should have no place in Bitcoin.

[LiteCoinGuy]

http://www.computerworld.com.au/article/590543/journalists-found-inventor-bitcoin-simply-been-duped/

[nioc]

http://www.computerworld.com.au/article/590543/journalists-found-inventor-bitcoin-simply-been-duped/

This is from Dec. and has nothing to do with the recent claims by CW.

Are you posting this for historical perspective for those that either missed the first round of CW or have forgotten it?

[LiteCoinGuy]

http://www.computerworld.com.au/article/590543/journalists-found-inventor-bitcoin-simply-been-duped/

This is from Dec. and has nothing to do with the recent claims by CW.

Are you posting this for historical perspective for those that either missed the first round of CW or have forgotten it?

i forgot about this article and how ridiculous this "Satoshi" is and made that repost.

quote:

"On The Conversation, Wright was pro-capitalist, anti-hacktivist and was pro-corporate. This contrasted starkly with the voice of the Nakamoto who originally posted about Bitcoin on the cryptography mailing list. That Nakamoto had an entirely different voice that was largely patient and respectful and sought feedback not absolute submission.

That Nakamoto would have known how to spell Bitcoin (he rarely made spelling mistakes in his writing unlike Wright’s writing that was plagued with them), would have suggested Bitcoin as the first alternative to PayPal and was not a supporter of financial third parties mediating financial transactions."

[LiteCoinGuy]

Deniable proof of Satoshi

http://tpbit.blogspot.de/2016/05/deniable-proof-of-satoshi.html

[practicaldreamer]

"On The Conversation, Wright was pro-capitalist, anti-hacktivist and was pro-corporate. This contrasted starkly with the voice of the Nakamoto who originally posted about Bitcoin on the cryptography mailing list. That Nakamoto had an entirely different voice that was largely patient and respectful and sought feedback not absolute submission.

Senescence. Gonna get us all in the end.

Not, btw, that I'm "ratifying" the above quote re. the conversation with Craig Wright.
But if he had, perhaps, come across as pro free market then that would be no great shocker all things considered.

[franky1]

Find a quote where he said that. You won't. He has always said it was his colleague.

https://youtu.be/5DCAC1j2HTY?t=22s

"interviewer: so you are going to show my that satoshi nakamoto is you?
craig: yes"

"interviewer: so you can say hand on heart to me 'i am satoshi nakamoto'?
craig: i was the main part of it other people helped me"