The latest Bitcoin saga surrounding Craig Wright is a meta-modernist masterpiece.
Meta-modernism, made famous by its most famous practitioner Shia Labeouf, is an intellectual movement that bridges the vast chasm between the genuine, trustworthy authenticity we all seek and the lies we constantly face from cynical corporate PR departments and the misleading breadcrumbs planted by guerilla marketers. It is "the mercurial condition between and beyond irony and sincerity, naivety and knowingness, relativism and truth, optimism and doubt, in pursuit of a plurality of disparate and elusive horizons." After a good meta-modernist performance, you should be left at the edge of your seat, not knowing whether you should voice the strong feelings someone evoked in the deepest recesses of your soul, or whether you were thoroughly had.
Let me provide a theater guide to the saga that has been unfolding so far, because we're all being manipulated. And the current manipulation has us lowering our standard of proof for Satoshi. On our current trajectory, we might find ourselves watching the Satoshi coins move, yet be unable to tell who exactly Satoshi is.
So, let's approach the topic as a scientist. I met Craig Wright online and had various interactions with both him and people who work for him. I have also exchanged messages with Gavin Andresen about how he vetted Craig Wright. While I make use of these sources below, what follows is simple logic, a rational person's approach from first principles.
We do not know if Craig Wright is or is not Satoshi. Pieces like this one, and expert reports like this one are deeply flawed. They are clearly overreaching and violating the most essential rules of logic.
If you have no evidence that some statement S is true, it doesn't mean that the opposite of S is the truth. You have no idea if the person writing these words is Sirer; that does not mean I am not Sirer. A negative statement is harder to follow but leads to a more stark result: Ted Cruz has provided no proof that he is not the Zodiac Killer; that doesn't mean that he is the Zodiac Killer.
Craig Wright has certainly not furnished proof of being Satoshi. I characterized the error behind Craig Wright's latest claims carefully, and so have others, but the media coverage has focused on more sensational titles that say "Craig Wright Is Not Satoshi." If you bought into that argument, you've made the first illogical conclusion, and you are exactly where Craig wants you to be in his metamodernist play.
Be wary of an emotional reaction which lowers your standard of proof. If your reaction to the preceding point is "but it is so easy to provide proof of Satoshi, just sign with the key from the genesis block, or move a Satoshi from the first mined block" then you have been had. You just lowered your standard of proof.
Let's look at Craig's behavior so far, and get back to this point.
Craig Wright's latest post was deliberately misleading. Craig Wright's blog post had three errors in it. And it was clear as day to me that two of the errors in Craig's scripts were planted on purpose.
The error where he used an "&" instead of "&&" was an elementary one, and it may not have affected the correctness of the script anyway, as the first command might have finished executing by the time the shell set up and executed the second one.
The second error, where an environment variable named "signiture" could have been used to replace the signature file was also misleading, but it, too, could not have caused a problem. No matter which signature file is provided, it was being verified against the correct public key, most likely owned by Satoshi.
Misdirection is a standard trick of the stage magician -- you move your left hand in a suggestive way to direct the audience while you pawn the coin (yes, the coin) with your right. And I thought he inserted those two errors purposefully, in order to take attention away from two other, much bigger problems (1) he was signing an incorrect hash, and (2) he was using a key from block 9, which does not as definitively identify Satoshi as block 1.
I now believe I was wrong.
Craig Wright's entire first post was an exercise in misdirection. Craig is playing a far better game than most realize. He has had at least 6 months, perhaps years, to prepare for it.
The steady stream of posts, carefully prepared in advance, indicate that he is in command of the performance so far. In order to not fall prey to further manipulation that is sure to come, we need to be on top of our game.
Authentication requires multiple factors. Some people have said that moving an early coin from the first few blocks is sufficient proof of Satoshi. These people do not understand the basics of user authentication, something taught to every undergraduate in any semi-competent computer science program. Such people certainly cannot be trusted with "persona authentication," a much harder problem that we face when identifying Satoshi.
Among such people is Dan Kaminsky, who is a special case because, for reasons no one understands that possibly have to do with the sheer volume of low value content he produces, has built up a large following. When his name came up at a dinner table at the Financial Cryptography conference, the entire table of practicing cryptographers agreed that the one word to describe him was daft. When we came up with Selfish Mining, he had an extended Twitter conversation with me where he not only failed to understand the fundamental result that relates to consensus or even the superficial attack, he even failed to write a correct 30-line program that simulated Bitcoin mining. His advice is absolutely terrible, and there is evidence that it leads to mental fog.
No sane professional would advise a single method for authenticating high-value users. We all log into our measly bank accounts using a password and a second PIN, yet a single key is supposed to vet Satoshi? No, the burden of proof is much higher.
The technical factors for identifying Satoshi span bitcoin keys, PGP key, and account passwords. We need to cover multiple factors because any one factor may be compromised. Satoshi is not super-human, and we have already seen some people who ought to know better, such as DPR, exercise poor operational security.
It is entirely possible for Satoshi's machine(s) to be compromised.
It is entirely possible that the random number generator Satoshi used circa 2009 suffered from weaknesses and has been reverse engineered.
It is entirely possible that Craig Wright's "supercomputer," if it existed, was used on a monomaniacal quest to crack a Satoshi key.
It is entirely possible, perhaps even likely, that the real Satoshi gave some of his keys to Craig Wright.
This is why people use multi-factor authentication, where the different authentication modalities have different fates and different failure modes.
On the flipside, we cannot load onto the Satoshi persona our aspirational values. People expect a lot from their heroes. Bob Dylan was the voice of a generation, expected to play heartfelt protest songs on an acoustic guitar. When he went electric, people called him Judas.
The narrative around Satoshi has similarly unrealistic expectations. Marc Andreessen and others have repeatedly (and falsely) claimed that Satoshi did what computer scientists thought was impossible, so people expect a genius. Others expect a libertarian savior, a modern day John Galt. And many expect him to be a personal paragon of virtue.
So it is difficult to accept, on these grounds alone, that someone with a history of trouble with tax authorities, of forging support letters from SGI, of writing meandering, repetitive, confused papers could be the author of Bitcoin. I personally have worked very hard not to fall into this trap when I wrote about how to spot Satoshi.
And that is what Craig Wright is saying here, when he says he created Craig Wright, and that we created Satoshi. That he is firmly rooted in reality, and that we're living in a fantasy world. On this narrow topic, I have to admit that he is exactly right.
Social authentication is not the same as social acceptance. We need to apply strict, narrow criteria when performing social authentication. While we do need to perform persona authentication, and while this necessarily requires social authentication, we need to apply strict, narrow criteria to this process. Personal values, trouble with the law, likeability, and other unrelated issues must not creep into this process. Whether we like someone, whether we accept someone as fulfilling our image of a persona we created, has nothing to do with whether they are that persona.
The narrow questions are simple: (1) Did he have the knowledge, the background and the time to develop Bitcoin? (2) Does he remember unique details of his interactions with various early adopters?
Gavin Andresen's social authentication carries a lot of weight. And that is the implicit reason why Craig Wright's latest claim to Satoshi's crown caught public attention: people assumed Gavin had vetted Satoshi using multiple factors. Yet when I asked Gavin about how he certified Wright, he described the process he used:
It is possible I was tricked, but it wouldn't be an eclipse/hijack of the chain-- I brought a list of the first 100 block's keys with me and verified the public key against that list. That was the only connection to the chain.
A hijack of the wifi used to download Electrum is possible; if we were running an Electrum that reported 'verified' for any message ending with 'CSW' and not verified for anything else that would fit what happened. I didn't bring checksums of Electrum downloads with me.
First of all, this falsifies one potential hypothesis, that Craig Wright spent the last six months cranking away on producing an alternative, lower-difficulty blockchain, designed to fool anyone who would use an SPV client to check the keys. Gavin did the right thing by bringing in a printout of the required keys.
Second, it leaves open the possibility that the copy of the Electrum software he downloaded was doctored as he downloaded it. It certainly would have been possible to hijack the hotel wifi. I assume that Gavin checked the SSL certificate as he downloaded Electrum. But with a potentially lucrative Satoshi title at stake, it would not be impossible to obtain a fake SSL certificate from one of the numerous, non-descript, and corruptible companies that are trusted as certificate authorities. Nor would it be impossible to modify the "brand new" laptop that was used in the demonstration. Infiltrating the supply chain of a particular computer store in London to replace certain laptops with identical replacements carrying doctored operating systems is perfectly within the realm of possibility.
Third, Gavin has not mentioned if he performed any social authentication. So, I will not assume that Gavin has issued partial social proof until we hear an explicit confirmation from him on this point, and I will still insist on multifactor technical authentication.
Craig Wright's statements about the block size limit do not matter. These days, all Bitcoin discussion and engagement has been replaced by a polarized split over one of the many parameters in the Bitcoin source code, known as the maximum block size. Until Craig Wright is authenticated, technically and socially, he has no expertise with which to chime in on this issue. The fact that he did, I interpreted as a soft hint that he was perhaps appearing to be in the big block camp to gain Gavin Andresen's confidence. This is in line with the fact that he is quite convincing to audiences that he knows well, but cannot furnish independently verifiable proof. In short, a con-artist.
From an outsider's perspective, it matters none at all whether Wright prefers big or small blocks. It does not make him more or less likely to be Satoshi, or more or less acceptable as Satoshi.
Some people used Gavin Andesen's endorsement of Craig Wright as an excuse to cut off his access to Bitcoin source. This was a normal initial reaction to an expectation that Gavin's credentials may have been hacked. Once it came out that Gavin was not hacked, his access should have been restored immediately. Gavin Andresen did not see or vet Craig Wright's confusing blog post -- he was faced with a very different scenario in the hotel room demo, had no control over Wright's subsequent actions, and cannot be held liable for them. Anyone who has seen a street magician, let alone a pro such as David Blaine, can empathize with how even technically competent experts can be misled or tricked in environments that they do not fully control.
It is shameful that the flimsiest excuse was used to cut off a core developer's access. This shows how deeply divided and deeply dysfunctional the Bitcoin community is over the maximum block size issue. Again from an impartial outsider's perspective, it reflects terribly on the people involved.
It is possible that Craig Wright is mentally ill. And that all of this will boil over, with no proof furnished. It is imperative that the community present a unified, rational, science-based front to the external world, given that so many people are now watching the spectacle unfold. It is more crucial now than ever to avoid logical fallacies, and worst of all, to not use the spectacle as a means to make short-term gains in a narrow political infighting battle. This is a time to pull together as an appealing, interesting community, in command of a new technology.
And it is essential to treat Craig Wright with basic human decency no matter what, but especially if he is mentally ill.
Craig Wright may actually be Satoshi. Many believe this is unlikely, including myself, though any rational person needs to admit that it is possible. Craig Wright has a long history of intentional deception. We saw his most recent attempt as well as his attempt in December. I have also seen one previous attempt in private. None of them were convincing.
And he has failed social authentication: no one who has read his papers would confuse his writing with Satoshi's, and his response to our work that showed the true limits of Satoshi's consensus protocol was abysmal. So, it will be hard for Craig Wright to pass social authentication, even if he moves the coins.
The needle is currently parked at "Craig Wright has shown no evidence of being Satoshi, and even if he did, will have difficulty passing social authentication." His burden of proof, given his history, is quite high.
It is possible that Craig Wright (or others) cracked some keys. It is possible that the pseudo-random number generator that Satoshi used was flawed.
It is possible that Craig Wright (or others) hacked some keys. It is possible that Craig Wright came to possess some of Satoshi's credentials via illegal means.
It is possible that Craig Wright (or others) obtained some keys. It is possible that some early adopters, such as Hal Finney's estate, may have had access to some early coins. It is possible for Satoshi to have sold the old computers he used to mine the initial blocks, and it's possible for someone down the line to have recovered the keys from the disks.
Most importantly, it is quite possible that the real Satoshi would provide his credentials to Craig Wright. This is why a narrow identity check can be misleading. This is why moving early coins is necessary but not sufficient.
Craig Wright first appeared in the public eye last December, with some forged, backdated PGP keys (though some of us knew him from before, and had encountered "irregularities" in who he purported to be). This was quickly debunked, but it established him as a willing patsy. The real Satoshi could easily have located Craig Wright, and provided him with a few credentials to take the heat and to divert the potential public attention. Craig Wright would be able to address his tax problems while the real Satoshi would gain his desperately sought anonymity.
Unless we perform multi-factor authentication, unless we perform persona authentication, we might find ourselves in the position of watching the coins move, and be none the wiser about who the real Satoshi is or was. Or if they were singular or plural, even.
Social Factors for Persona Authentication
The task of identifying Satoshi goes far beyond user authentication. Satoshi is not Anonymous#4356365 on a forum. He is not trying to edit an old post. And more importantly, we, the public at large, are not a computer system, narrowly tasked with making a simple access control decision. What is at stake is larger than the $500M in coins thought to belong to Satoshi: intellectual standing and social status far in excess of any figure that can be captured with a dollar sign.
Critically, having access to Satoshi's funds is not the same thing as being Satoshi. The problem here is broader, less like user authentication in a computer system, and more like unveiling the true identity of the pseudonymous author of a book. This problem of "persona authentication" is complicated, as it necessarily relies on human factors.
Can a Satoshi claimant recall unique facts about interactions he/she has had with others?
Can a Satoshi claimant accurately account for the time he/she spent developing Bitcoin?
Can a Satoshi claimant convince others that he/she possesses the technical know how to be Satoshi?
These are the real questions. Anyone who cannot answer them will have failed to resolve the Satoshi mystery, even if they collect the coins.
The bar is even higher for Craig Wright. He needs to answer one additional question that other people do not: why did he previously forge evidence of being Satoshi? Why did he use forged, backdated PGP keys? Surely, the real Satoshi would have had no need to do such a thing.
A satisfying return of Satoshi needs to also answer the question "Why Now?". While Satoshi is under no obligation to answer this question, everyone will be wondering why Satoshi wanted to be anonymous for so long, and why he decided to pierce the veil of anonymity that he cultivated. Recall that Satoshi did not sell a single coin even when his fortunes were in the $1B range. Why would someone who showed that kind of willpower now change his mind?