Craig signed a message that I chose ("Gavin's favorite number is eleven. CSW" if I recall correctly) using the private key from block number 1.
That signature was copied on to a clean usb stick I brought with me to London, and then validated on a brand-new laptop with a freshly downloaded copy of electrum.
I was not allowed to keep the message or laptop (fear it would leak before Official Announcement).
I don't have an explanation for the funky OpenSSL procedure in his blog post.
brand-new laptop
I was not allowed to keep the message or laptop
so the laptop was provided by him? and he took your usb stick?
edit: from the wired story:
Andresen says an administrative assistant working with Wright left to buy a computer from a nearby store, and returned with what Andresen describes as a Windows laptop in a “factory-sealed” box.
I'm sad. I'm really really sad.
For future reference, here's a safer way to give proof without the possibility of leak: First, on your own system separate from anything that has ever been near the claimant, generate a private key. Encrypt that private key with the key the claimant says they are in possession of. Then send it to them. Request that they sign a specific message (i.e. yours above is fine) with the private key. Done. You now have nothing that you can leak but have been completely convinced. Once you tell them you are satisfied, they can even just publish the key to ensure you can't prove your story cryptographically.
Why not just publish the signature? There is no need for any doubt in this case. If it were not safe to publish signatures, Bitcoin wouldn't even work!
Actually, if you look at the 'bug' people are pointing out, it looks like his shell script was intentionally designed to mislead people.
The way his script is witten, it looks like it verifies the data the file path "$signature" which is the second command line parameter.
But in fact, it reads from a file referenced in the variable"$signiture"
So, if you were demoing this to someone you could do
cat whatever.txt
EcDSA.verify output whatever.txt pub.key
the contents of "whatever.txt" would be output to the screen when you run cat, but openssl would actually read a completely different file, whatever you'd set the $signiture environment variable too
I was not allowed to keep the message or laptop (fear it would leak before Official Announcement).
That's crazy.
Hey Gavin,
Thanks for providing the details. Some questions:
Did you suggest using electrum or did they?
Did you check the pgp signature of the "freshly downloaded copy of electrum"?
Did you verify the signature using the electrum command-line or the GUI?
Did you get to examine the electrum source code in any way?
Did you connect the laptop over wifi or 4g?
Thank you.
This sounds interesting but (if it's even really you) it lacks details. Please provide specific and detailed steps, how verification was performed.
Some questions for you:
did you buy the laptop?
did you install the operating system? (which OS, BTW?)
did you connect to secure, trusted Wi-Fi?
did you type the address of electrum, checked spelling and certificate?
did you perform downloading and installing?
did you copy and verify the signature?
are you sure that you used correct verification tool?
did you try to change the signature or the message and check that it would be considered invalid?
did you verify the source code of electrum? (It's Python, BTW)
If you did this procedure with me, then I'm almost sure I could trick you into thinking I'm Satoshi if you violated any of those things (some of them may be hard). (BTW, if I provided the laptop, there are so many ways I could do it, that I can't even count them.)
I was not allowed to keep the message or laptop (fear it would leak before Official Announcement).
This is simply inexcusable. You claim you had proof that Wright was able to produce chosen-plaintext signatures with a private key that is very intimately tied to the "Satoshi Nakamoto" identity.
This isn't something you delete out of fear of it leaking before Wright's pretentious blog post. This is a matter of historic significance.
Cryptography wasn't created so that people have to take your word for this. It was made specifically so that we don't.
Ok ... so is there an announcement of a message verifiable by anyone to be expected?
Why do you say "if I recall correctly"?
You surely must see the significance of this identity proof?
Also: What does brand new mean? Did you buy one? As in: Craig, you pick the suburb the we buy in, and I pick the store that we buy it from?
VB: I will explain why I think he's probably not Satoshi. ((applause)) He had the opportunity to take two different paths of proving this. One path would have been to make this exact proof, make a signature from the first bitcoin block, put the signature out in public, make a simple 10 line blog post, so that Dan Boneh would be convinced and verified.... he would let the crypto community verify this. But instead he has written a huge blog post that is long and confusing and it has bugs in the software and he also says he wont release the evidence. Signaling theory says that if you have a good way to prove something and you have a noisy way to do it, then the reaosn why you picked the noisy way was because you couldn't do it the good way in the first place.
Dude, I mean this with the utmost respect. I would suggest pulling up stumps today, and just get to the bottom of this whole thing, and leave the forums alone until you're sure what's happened.
He said, she said, it said, they said... it all means nothing. Until you have that evidence in your hands, I think you've got more to lose in this exchange than most. It's alright being duped. Perhaps that's not the case. But I would want to be very clear in my head what has happened, before I continued commenting on this subject.
My 2.2c (10% AUD GST Incl.)
Well, now that it's announced, how about he share the signed message?
This is supposed to be trustless.
Readers
Online Now