Hoaxtoshi aka Craig Wright busted - collection of quality research posts

[TPTB_need_war]

Okay now we are starting to get some evidence that there might be a coordinated attack to hide the facts I have presented (note the following thread move to Meta is not the thread that Gmaxwell deleted)

People have refuted your theory but you just don't want to listen.

"If you sign the same message with the same key, you will get a different signature".

Your chances to get the same signature is ~1/2^256. Why? Because of the the 3rd step of the ECDSA algorithm. Quoting from https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm

Calculate e = \textrm{HASH}(m), where HASH is a cryptographic hash function, such as SHA-2.
Let z be the L_n leftmost bits of e, where L_n is the bit length of the group order n.
Select a cryptographically secure random integer k from [1, n-1].
Calculate the curve point (x_1, y_1) = k \times G.
Calculate r = x_1\,\bmod\,n. If r = 0, go back to step 3.
Calculate s = k^{-1}(z + r d_A)\,\bmod\,n. If s = 0, go back to step 3.
The signature is the pair (r, s).

Their emphasis, not mine.

Now, tell me. How did CW come up with the same signature as something from the blockchain if he was casually signing a message? Bear in mind that k is chosen by the signing software (openssl) and not an input from the user.

I refuted you 3 times in the thread that Gmaxwell deleted. So you can ask him to restore the thread so everyone can check if my refutations were correct.

I have not been able to read any other posts that might have been in that deleted thread, because it is deleted.

If you want to provide a link to any new refutations from others, I will be happy to respond to them directly. I am not going to have a conversation with someone who I don't even know who I am responding to. Provide a link.

Edit: the above pseudo-code does not refute my theory. 

[hhanh00]

Well you said - may be not in these exact terms because I don't have the thread either -

"afaics, you sign the same message - you get the same signature."

Besides, if you have a great refutal, why not repeat it here? Sounds like exactly what CW is doing - so maybe - you are Satoshi.

Edit to reply to your edit: LOL - That code is the description pulled from the Wikipedia.

[TPTB_need_war]

Edit to reply to your edit: LOL - That code is the description pulled from the Wikipedia.

It is irrelevant to my theory. I explained that to you 3 times already in the thread that Gregory Maxwell vaporized.

[Come-from-Beyond]

Well you said - may be not in these exact terms because I don't have the thread either -

"afaics, you sign the same message - you get the same signature."

Those who don't have a cryptographically secure random number generator might use SHA384(signedMessage) for that. In this case you'll be getting the same signature again and again and again...

PS: BTW, why people use random number generators for that? It's harder to generate a truly random number than to calculate hash(signedMessage).

PS2: Disregard "PS", more likely it's because some of these people might use a random number generator with NSA backdoor. This reminds me something... Yes, found it - http://arstechnica.com/security/2015/01/nsa-official-support-of-backdoored-dual_ec_drbg-was-regrettable/

[TPTB_need_war]

I understand it is only speculation at this point, and perhaps the other explanation you mentioned is more likely.

Yes it is much more likely he is a fraud. But one has to wonder why he has gone this far, if he can't follow through.

My theory was only to discuss a theory, but the Bitcoin maximalists can't tolerate freedom-of-speech. So this might tell you where Blockstream will lead Bitcoin. Their SegWit is arguably a scam where they will not have soft fork versioning control over Bitcoin after adding SegWit, as has been explained by Professor Stolfi for example.

The soft fork versioning is a Trojan Horse. Smooth and I challenged Gmaxwell on that point some weeks ago in the Bitcoin Technical Dicussion thread, and last time I checked he had never replied.

It is all politics.

Is there any other reason there is double hashing? I mean are there known benefits and thus reasons it was employed? It was simply a mystery addition that nobody could justify its existance?

Afaik, nobody can justify it. Apparently only Satoshi knows why.

I am now offering a theory as to why. And speculation could be perhaps some people already knew this and were covering it up perhaps, but that isn't necessary to make my theory worth discussing.

If there are no high level tech people here that can explain exactly why it is there then it does seem strange? why was it not questioned before and perhaps removed?

Afair it has been questioned and brushed aside as, "only satoshi knows".

So specifically LTC/Doge would be effected too? the algo does not matter ie scrypt is just as vulnerable as sha256 because this same double hashing is present?

Transaction signing is not related to mining hash algorithm.

Are there any other high level programmers here who have looked at the double hashing and have any ideas about it? negative or positive?

As far as I know, I am the first to present the potential for decreased collision resistance. I googled and didn't find anything.

Hopefully this is not the case and even if it were it is fixable before someone and their super computer or large hash farm can cause any issues.

What about ETH is that vulnerable.

I don't know if ETH uses a double hash on signing.

Also there is another detail which I am not sure about, which I was hoping to ask in that other thread that got deleted. I want to know if Bitcoin is signing a double hash of the transaction, or if the double-hash is only on the public key? That makes a big difference. If only the latter, then perhaps my theory is incorrect. As I wrote in the OP of the thread that got deleted, I didn't spend a lot of time checking all the details and hoped to receive peer review from other experts. but the thread was deleted.

I mean hopefully even worst case there would be a rush to other non vulnerable cryptos and not everyone bailing on the entire cryto scene.

This is why it is always good to have a few different currencies. Some which share practically no similaries so if a whole is found it one then capital can flow to another.

The most likely outcomes are:

1. Craig is a fraud and this issue dies.
2. I misunderstood some detail about where the double-hashing is in Bitcoin's transaction system, thus my theory is invalid.

However, there is also a chance my theory is correct. In that case, I don't know if altcoins without the vulnerability would benefit or suffer.

I just wanted to have a discussion. The Bitcoin maximalists turned it into a war. Bastards.

[hhanh00]

Well you said - may be not in these exact terms because I don't have the thread either -

"afaics, you sign the same message - you get the same signature."

Those who don't have a cryptographically secure random number generator might use SHA384(signedMessage) for that. In this case you'll be getting the same signature again and again and again...

PS: BTW, why people use random number generators for that? It's harder to generate a truly random number than to calculate hash(signedMessage).

PS2: Disregard "PS", more likely it's because some of these people might use a random number generator with NSA backdoor. This reminds me something...

Bitcoin core was using a random k,  therefore the signature from the blockchain is using one. It's not going to match one produced by a deterministic hash of the message.

[Come-from-Beyond]

Bitcoin core was using a random k,  therefore the signature from the blockchain is using one. It's not going to match one produced by a deterministic hash of the message.

What a weird design increasing vulnerability of users' BTCs.

[mindrust]

LoL what a dork.

Why would any person with self respect would try such scam? I guess having a PhD don't do any good nowadays. Loser.

[TPTB_need_war]

http://drcraigwright.net/ 

It appears that the entire fiasco was crafted to destroy Matonis and Andresen.

He has apparently taken the fall in order to hand more power to those who are not Matonis and Andresen.

But the saga may not be fully played out yet...

[klee]

No idea if Anonymint is right or wrong but ENOUGH OF THIS BASTARDOCRACY!.

[TPTB_need_war]

You got your answer, satoshi my ass... lol

http://www.drcraigwright.net/

LOL, back to work

We don't know yet for sure who Craig is working for.

This obviously was not done without a purpose.

You don't take these huge risk (e.g. of being sued, etc) without a sufficient reason.

Is Matonis a large blocker like Gavin?

Not?

https://www.reddit.com/r/Bitcoin/comments/3yupa6/philosophy_jon_matonis_extending_transaction_fee/

But they both are key members (control?) the Bitcoin Foundation?

What were their positions on Blockstream's SegWit?

Matonis is against block chain soft forks that are in SegWit:

https://www.cryptocoinsnews.com/jon-matonis-believes-block-size-debate-precursor-block-reward-debate/

http://bitcoinist.net/bitcoin-industry-leaders-block-size/

I guess there goes your Bitcoin is broken fud theory.

It might still be technically valid even if Craig isn't availing of such a vulnerability. And I am not yet sure if Craig has quit. He would place himself in greater legal burden by not following through.

Asking to have a technical discussion with a question mark and asking readers to please wait for the replies from other experts, hardly constitutes FUD. Please re-read the quote where I specifically stated those caveats from the very start (of course Gmaxwell deleted the thread but we still have my quote of the OP).

Remember Monero (not smooth) ignored for a year or more my points about combinatorial unmasking and IP address correlation. Finally now they admit it.

[jacko0088]

look --> http://www.drcraigwright.net/

[TPTB_need_war]

Your thread was deleted because it was utterly moronic, even more so than your usual bullshit. Everyone who had the misfortune to read it is now dumber for having done so. Go ahead and sell your coins, and don't let the door hit you on your way out.

The Bitcoin maximalists are having a heart attack because they don't like the facts.

While there are facts I don't like, I can accept them and I've never suffered a heart attack as a result. Though it's irrelevant since you've never said anything that even remotely resembles a fact.

You are free to present a refutation of anything I've written. So far, I've seen no technical argument from you.

How can I? One can only make a technical argument against disputed facts, and as I said, nothing you've ever said resembles a fact, disputed or otherwise.

I presented a technical argument. Regardless of the actions of Craig, that technical argument remains.

A technical argument by definition is not a fact. It is a technical position that stands to be debated. So if you are unwilling to respond technically to my technical points, then obviously you have nothing technical to say.

Here are some positions I made which you and no one else has refuted:

1. Craig said he signed a hash of some Sartre document but did not disclose which portion of the text. No one has written a script to prove that no portion or combination of portions of that Sartre text will not hash to the value that was signed. Thus I stated until someone has proven that it is impossible for Craig to later show that some portion of the Sartre text will hash to the sign hash value, then you can't claim with certainty that he can't do that. At the bare minimum, those who were checking Craig's proof, should have at least run a simple script to try every contiguous portion (no permutations) of the Sartre text (which is a tractable computation).

2. I have stated that no one seems to know why Bitcoin employs double hashing, and I have stated a theory that double hashing may weaken the collision resistance of the SHA256. I gave my logic for why that may be the case. I also note that SHA256 is documented to be reasonably close to being broken with 46 - 52 of the 64 rounds already broken. Thus I presented the theory that perhaps the double-hashing might push the vulnerability over the edge of breakage of 64 rounds. I didn't present that as a likely theory. I presented it as a point of discussion. If you have no way to refute this technical possibility because you don't know a damn thing about cryptographic hash function construction then that means you are not expert enough to comment about the quality of my theory. Do you for example even understand why two SHA256 hash function applications in series is not equivalent to 2 x 64 rounds? I ask you a specific question and I expect a specific answer.

I understand you don't like me, but that is your personal problem. Only a technical reply from you is relevant. Of course you can't make one.

Also how do you know that Craig didn't withdraw his plan because I just explained how he may of accomplished the feat he claimed he can do? I mean if someone could even explain the rational justification for the double-hashing, then we wouldn't be wondering as much.

[spartacusrex]

look --> http://www.drcraigwright.net/

Weird HTML page..

just has..

<img src="homepage.jpg"> and no other tags.

..

More Importantly - what a dickhead. He is still not denying he is Satoshi. Just some BS about being a little crybaby girl.

And YES - '..their honour and credibility has been irreparably tainted by your actions..'

[Fatman3001]

look --> http://www.drcraigwright.net/

Weird HTML page..

just has..

<img src="homepage.jpg"> and no other tags.

..

More Importantly - what a dickhead. He is still not denying he is Satoshi. Just some BS about being a little crybaby girl.

And YES - '..their honour and credibility has been irreparably tainted by your actions..'

Well, he's either Satoshi, in which case that would make little sense; or he's a con man, in which case it would still make little sense.

[JaneEverycunt]

look --> http://www.drcraigwright.net/

Weird HTML page..

just has..

<img src="homepage.jpg"> and no other tags.

..

More Importantly - what a dickhead. He is still not denying he is Satoshi. Just some BS about being a little crybaby girl.

And YES - '..their honour and credibility has been irreparably tainted by your actions..'

Well, he's either Satoshi, in which case that would make little sense; or he's a con man, in which case it would still make little sense.

Or it's not him. Domain creation date for http://drcraigwright.net/  is 02/15/2016

[TPTB_need_war]

More Importantly - what a dickhead. He is still not denying he is Satoshi. Just some BS about being a little crybaby girl.

And YES - '..their honour and credibility has been irreparably tainted by your actions..'

Well, he's either Satoshi, in which case that would make little sense; or he's a con man, in which case it would still make little sense.

Finally someone with a brain stem.

But he may be playing a different genre of con.

BCX pretended he would attack Monero, ostensibly because he shorted it. Craig is up to something.

[TPTB_need_war]

The plot thickens. 

Think about it - if you were purchasing a domain with your name in the title, why would you register it using an anonymous registrant to hide your name?

Forgot to tick-off default option "Protect my privacy for 5.99$ per year" maybe?

That's one perfectly plausible explanation
It couldn't possibly be anything like

My guess is wishful thinking. Never change, bitcointalk, never change...

not really sure where you're going with this. so you're saying that craig can deny his ties to the domain? what would that do? his claims on satoshi's identity were recorded in a video.

Not suggesting that he did not claim to be Satoshi. Merely that not everything posted on the internet can be taken at face value. If he needed to claim that he is not the author of that apology, he easily could.
And, of course,

< >The BBC understands that this tweet signifies that Mr Matonis still believes Dr Wright is indeed Satoshi.

"A lot more people in the Bitcoin community are going to be unconvinced of Dr Wright's claims than will believe he is Satoshi, based upon what's happened to date," commented Dr Garrick Hileman, an economic historian at the Cambridge Centre for Alternative Finance.

"But many of the doubters don't want to be convinced. Satoshi has been mythologised and if you pull back the curtain, you shatter a lot of people's fantasies.

[TPTB_need_war]

The thread likely got deleted because of your repeated insults leveled against other posters there

I do not remember making any such insult. Please quote them and don't allege something you can't demonstrate, for that is a very slimy tactic.

, why you never got a notification could be because it was a whole thread that was deleted rather then a single post.  I'm not sure if a notification is sent out if a whole thread is deleted, never had one deleted myself.

Even when threads are moved to the Trashcan, we get a link showing they have been. Gmaxwell has some sort of super powers as a mod. I have no idea what kind of incestuous relationship is going on between theymos and Gmaxwell, but it doesn't really matter since Bitcoin is basically destroyed now with 70% of the mining controlled by China, soon to be 98+%, and with Blockstream implementing their SegWit soft fork Trojan Horse so as Matonis admits can end up increasing the 21 million coins limit.

The entire ecosystem is headed for a clusterfuck.

This certainly makes GA (chief bitcoin scientist?) look pretty gullible.  Not sure who that Jon guy is and how he backed CWs claim.

Not at all. If the drcraigwright.com is a farce, then nothing has been shown to be untrue about what Wright allegedly proved in private.

This is a masterful chess game being played.

And it is making everyone look like a fool, including those who said Craig was confirmed to be a fraud.

And including yourself for alleging that I speak FUD.

Those who have disingenuous intentions and attitudes eventually get what they deserve and that will include yourself.

[klee]

Even when threads are moved to the Trashcan, we get a link showing they have been. Gmaxwell has some sort of super powers as a mod. I have no idea what kind of incestuous relationship is going on between theymos and Gmaxwell, but it doesn't really matter since Bitcoin is basically destroyed now with 70% of the mining controlled by China, soon to be 98+%, and with Blockstream implementing their SegWit soft fork Trojan Horse so as Matonis admits can end up increasing the 21 million coins limit.

The entire ecosystem is headed for a clusterfuck.

This should be pinned everywhere.

Just to add that with completely non transparent Chinese exchanges we will never know what the real price of BTC is (they are the Market Makers even after Interactive Brokers + XBT ETN).