6 comments

[ 3.3 ms ] story [ 19.6 ms ] thread
> Oh, and also claimed to be Satoshi, which implies he owns half a million dollars in BTC

I think you mean half a million BTC, which is about 446 times more right now.

Yes, it was a pretty bad typo. One I didn't catch after half a dozen rereads because I wrote the article from 4am-8am this morning after little sleep.
Of your three possibilities, I don't think either of the first two make sense when you consider that Gavin was using Electrum to verify the signature:

1. electrum's signature verification dialog takes a message, address, and signature and doesn't the hashing for you; there's no option to provide a pre-hashed input so the hashing couldn't have only happened on CSW's machine

2. the electrum download includes the code used to do the hashing, so if the hashing code was corrupted, it implies the electrum download itself was compromised

So that leaves 3. The electrum developer has said that their .sig file wasn't downloaded from a UK IP address on the day the demo took place, so we know Gavin didn't verify that the electrum download was correct. I expect your 3rd possibility is the most likely one.

>1. electrum's signature verification dialog takes a message, address, and signature and doesn't the hashing for you; there's no option to provide a pre-hashed input so the hashing couldn't have only happened on CSW's machine

>2. the electrum download includes the code used to do the hashing, so if the hashing code was corrupted, it implies the electrum download itself was compromised

The part I didn't explain thoroughly (because I thought it would be confusing) is that there are two hashes involved. The signature/verification only does one hashing internally. BUT Wright performs (or claims to perform) an additional one beforehand.

Why 2 hashes? Because it matches the transaction signing process of bitcoin, where he is copying his inputs/outputs from.

It's described in more (technical) detail here: http://blog.erratasec.com/2016/05/satoshi-how-craig-wrights-...

Holy moly! The oddly curious decision to add 'CSW' to a message that was otherwise chosen by the 'audience', had been bothering me all along! Thank you for drawing attention and offering insight on that!

I think it's purpose may be even a little more devious than just ensuring the outcome wasn't always success (VERIFIED) in the off-chance the audience chose to test with other inputs.

I think the first failure that happened was intentional, planned, and part of the setup -- intended precisely to register into the audience's mind that they had witnessed a negative test case (failure) and a positive test case (success) in normal operation.

It’s easy for someone in hindsight to ponder if the software was compromised to always say VERIFIED. But they would recall having witnessed a negative test case and a positive test case, and it would quickly squash such a doubt and take away focus from the possibility of corrupted software!

And similarly, during the demonstration itself, it would remove the need for the audience to request additional tests with incorrect input, because they had already witnessed a failure -- which when corrected, led to success!

The Wired article says “At first, the Electrum software's verification of the signature mysteriously failed. But then Andresen noticed that they'd accidentally left off Wright's initials from the message they were testing, and checked again”

Note it says "they'd accidentally left off" -- it doesn't say "he'd accidentally left off", which to me suggests Craig was participating in the verification. It’s interesting that it was precisely the addition of the CSW that was ‘accidentally’ left out. It wasn’t a typo or extra space or incorrect upper/lower case that was the mismatch.

If that is indeed the case, that is frighteningly shrewd.