[Cryptography] Proof-of-Satoshi fails Proof-of-Proof.
iang at iang.org
Wed May 4 18:44:46 EDT 2016
On 3/05/2016 04:43 am, Robert Hettinga wrote:
>> On May 2, 2016, at 2:17 PM, Erik Granger <erikgranger at gmail.com> wrote:
>> I'll believe it when he signs arbitrary messages with satoshis key. No signature, no story.
> Spend the coins.
> Pics or it didn’t happen.
That ain't gonna happen, sorry folks! Not to rag at RAH, I'm just
picking up his perfect foil, and for reasons he'll wryly smile to:
Physics. Humanity. Frailty. Complexity. Of the sort that we've all being
talking about since forever on this list and many others.
Let's break it down.
Firstly, we all on this list know that cryptographic keys prove that a
private key did a maths transform that a public key can confirm. Full Stop.
What cryptographic proofs do not confirm is that a human said something
meaningful to another human. Indeed, the more that the Bitcoin community
and the tabloid press demand a proof-of-spend and examine the results
they're given, the more it demonstrates how humans seem to be isolated
by cryptography not joined.
In theory, keys are mathware, humans are wetware and the two do not
How does this play out in real life? We know that the human experiment
known as cryptographic signing has failed. We know that there is at
least one tiny little country - Estonia - clinging to the European dream
of using smart cards to identify humans, but statistically the world has
failed to make human signing with public key cryptography work. People
write books about this, I simply point it out as a significant data
point of where many thousands of people really really tried to use keys
to prove meaningful human things. And failed.
Let's get more topical. There are strident, demanding calls for people
who make statements concerning the identity of one said Satoshi Nakamoto
to back those statements up with cryptographic proof. Yet these demands
are .. unfounded, and that is the kindest thing that could be said about
Anyone offering information to the world has no necessary call to offer
more information. When I say that Craig Wright was the leader of the
team known as Satoshi Nakamoto, I do not contract to say more. Nor did
Gavin or Jon or others in any sense contract to say more than they did.
They don't owe anyone anything. Even if they made errors, it is not on
them to correct them. "Extraordinary claims calls for extraordinary
proof" is only a standard for academia, it has little place in human
affairs, especially in that democratic tradition known as open
discourse, nor in the human standards of proof that have been honed over
a thousand years of legal history.
In fact, I contracted to say less - as well all do, when we join the
encryption business, we covenant to keep peoples' privacy. When I
started what became Project Prometheus a few years ago, I promoted their
privacy as a goal - because the team known as Satoshi Nakamoto asked for
their privacy by posting here in 2008 and disappearing entirely 2 years
later. Now, when I come out and say that Craig Wright was the leader of
Satoshi Nakamoto, it is only because he himself finally announced it. I
remain committed to privacy even if the community Satoshi wrought is
revealing themselves to be a pack of rabid statist wolves looking to rip
the wool off of the backs of the sheep that they call their customers
and future users.
Sorry, guys, it gets worse, and I hope the Bitcoin community dissolves
itself in collective shame as to their inability to even contemplate
protecting their own.
As we know in cryptographic affairs, key management is hard. Keys can be
lost. Misplaced. Traded. Breached and stolen. Keys can be spoofed - we
have an entire cryptographic security system called SSL/HTTPS which is
blighted by phishing, based on misuse of cryptographic proof of
identity. Let's not go into the details, but I shall revise here FTR the
claim of secure browsing: the identities are cryptographically proven.
Which apparent claim does not reveal itself to the humans in sufficient
reliability in order to defeat basic common or garden social
engineering. If the IETF's biggest, bravest and most educated can fail
to protect the browsing public from the obvious, known and counted
threat, what hope the rest?
Even if the above were not sufficient, let me get precise and particular
as to why the Proof-of-Satoshi is dead-on-arrival. There are several
facts which apply in this case.
Firstly, Satoshi Nakamoto is not one human being. It is or was a team.
Craig Wright named one person in his recent communications, being the
late Dave Kleinman. Craig did not name others, nor should I. While he
was the quintessential genius who had the original idea for Bitcoin and
wrote the lion's share of the code, Craig could not have done it alone.
Satoshi Nakamoto was a team effort.
Indeed, a sort of proof is right there in front of you - when you look
at Craig Wright, you do not see Satoshi. When you look at Satoshi
Nakamoto, you're seeing some measure of the influence of Dave Kleinman,
and it isn't possible for Dave to prove anything anymore to anyone.
Team Satoshi is ephemeral, and no cryptographic multisig can now capture
those that aren't around any more.
This team effort was one of a most severe cost to all members of that
team, and only privacy is holding us back from recognising it.
Further, the keys that controlled critical parts were moved several
times between various persons. Which is to say that control of the keys
does not indicate more than the holder being trustworthy to the goals of
the team at a point in time. Even if Craig manages to sign over a coin,
it does not and cannot prove he is "the one," only that he was at one
point in time a trusted member of the team. Albeit, the team that he
founded, but a wise leader controls for all risks, including those risks
posed by the leader himself.
More: control at any time does not necessarily indicate ownership,
either in the minds of the team nor in the eyes of the law. Recalling
the reports of late 2015, can you rule out that the keys haven't been
Finally, as has been reported, the headline bulk of the value is
controlled by a trust. Any movement of those coins needs to operate
according to trust rules; if not, then we are in a state of sin. What
that means is not something that can be described in mathematical terms,
but it can certainly be described in hysterical terms - the logic de
jure of the Bitcoin community. As an aside, I really strongly suggest
that the Bitcoin community not press for the breaking of the trust. If
unsure on this point, ask your miners to explain that old curse "be
careful what you wish for." Breaking the trust is way off the scale of
what anyone will desire.
I suggest that it is therefore impossible for any reasonable person to
conclude that a "spend" of a Bitcoin coin proves anything beyond that
the erstwhile signer was at some point in some way related to a key. A
host of factors make the 'proof' too impractical to describe at a press
or media level. And, if we have to call in opposing experts to argue the
case, what's the point of the "proof"?
It is with incredible sadness that I watch an entire community
misunderstand the lesson that Satoshi originally taught - trust in
mathematics to prove accountancy. Yes, cryptography can prove that a
coin is available and disposable pending an attempt to further dispose
it. But the Bitcoin design was deliberately weak when it came to proof
of persons. Especially, when it comes to known and now revealed
weaknesses in the persona once known as Satoshi Nakamoto, there is no
proof in mathematics that can satisfy that community's yearning for yet
By all means, take that lamb for yet another feast of slaughter, but do
not soil the good name of mathematics for your Pavlovian hunger.
ps; after writing this, I stumbled across:
pps; This post reflects no commercial agenda or position of myself or
any person related to me. I have no position in BTC and have never had
any BTC other than a few pence lost in some test wallet somewhere.
More information about the cryptography