Not Satoshi, Again

bbcfail

There is a lengthy offering of proof of Satoshi on Dr. Wright’s blog. The narrative is mostly tutorial, but also the following.

Proof of the ability to base64 encode a phrase.

IFdyaWdodCwgaXQgaXMgbm90IHRoZSBzYW1lIGFzIGlmIEkgc2lnbiBDcmFpZyBXcmlnaHQsIFNh 
dG9zaGkuCgo=
$ bx base64-decode IFdyaWdodCwgaXQgaXMgbm90IHRoZSBzYW1lIGFzIGlmIEkgc2lnbiBDcmFpZyBXcmlnaHQsIFNhdG9zaGkuCgo=
Wright, it is not the same as if I sign Craig Wright, Satoshi.

Proof of the ability to base64 encode old blockchain data.

------------------------- Signature File -------------------------
MEUCIQDBKn1Uly8m0UyzETObUSL4wYdBfd4ejvtoQfVcNCIK4AIgZmMsXNQWHvo6KDd2Tu6euEl1
3VTC3ihl6XUlhcU+fM4=
------------------------- End Signature --------------------------
$ bx base64-decode MEUCIQDBKn1Uly8m0UyzETObUSL4wYdBfd4ejvtoQfVcNCIK4AIgZmMsXNQWHvo6KDd2Tu6euEl13VTC3ihl6XUlhcU+fM4= | bx base16-encode
3045022100c12a7d54972f26d14cb311339b5122f8c187417dde1e8efb6841f55c34220ae0022066632c5cd4161efa3a2837764eee9eb84975dd54c2de2865e9752585c53e7cce

The data is extracted from the following transaction.

$ bx fetch-tx 828ef3b079f9c23829c56fe86e85b4a69d9e06e5b54ea597eef5fb3ffef509fe

Notice transaction.inputs.input.script matches decoding above (excluding the trailing 01signature hash type byte). Credit to jouke in #bitcoin for discovering this link.

transaction
{
    hash 828ef3b079f9c23829c56fe86e85b4a69d9e06e5b54ea597eef5fb3ffef509fe
    inputs
    {
        input
        {
            previous_output
            {
                hash 12b5633bad1f9c167d523ad1aa1947b2732a865bf5414eab2f9e5ae5d5c191ba
                index 1
            }
            script "[ 3045022100c12a7d54972f26d14cb311339b5122f8c187417dde1e8efb6841f55c34220ae0022066632c5cd4161efa3a2837764eee9eb84975dd54c2de2865e9752585c53e7cce01 ]"
            sequence 4294967295
        }
    }
    lock_time 0
    outputs
    {
        output
        {
            address 1ByLSV2gLRcuqUmfdYcpPQH8Npm8cccsFg
            script "[ 04bed827d37474beffb37efe533701ac1f7c600957a4487be8b371346f016826ee6f57ba30d88a472a0e4ecd2f07599a795f1f01de78d791b382e65ee1c58b4508 ] checksig"
            value 1000000000
        }
        output
        {
            address 12cbQLTFMXRnSzktFkuoG3eHoMeFtpTu3S
            script "[ 0411db93e1dcdb8a016b49840f8c53bc1eb68a382e97b1482ecad7b148a6909a5cb2e0eaddfb84ccf9744464f82e160bfa9b8b64f9d4c03f999b8643f656b412a3 ] checksig"
            value 1800000000
        }
    }
    version 1
}

Proof of possession of a public key.

The command to export our public key is given below.
openssl ec -in sn-pub.pem -pubin -text -noout
        0411db93e1dcdb8a016b49840f8c53
        bc1eb68a382e97b1482ecad7b148a6
        909a5cb2e0eaddfb84ccf9744464f8
        2e160bfa9b8b64f9d4c03f999b8643
        f656b412a3
$ bx ec-to-address 0411db93e1dcdb8a016b49840f8c53bc1eb68a382e97b1482ecad7b148a6909a5cb2e0eaddfb84ccf9744464f82e160bfa9b8b64f9d4c03f999b8643f656b412a3
12cbQLTFMXRnSzktFkuoG3eHoMeFtpTu3S

The address of the public key has been used in 9 transactions to date.

$ bx fetch-history 12cbQLTFMXRnSzktFkuoG3eHoMeFtpTu3S

Notice transfers.transfer[3].received.hash is the same as transaction.hash above.

transfers
{
    transfer
    {
        received
        {
            hash 5d607ae88c2caf1329e758ccb1eb8a359f6df434ee84e03b9e14cea300a85f97
            height 409857
            index 0
        }
        value 66600
    }
    transfer
    {
        received
        {
            hash 20fb69a94413637cb50f65e473f91d2599a04d5a0bf9bf6a5e9e843df2710ea4
            height 228208
            index 0
        }
        value 30000
    }
    transfer
    {
        received
        {
            hash 1554a02d4eb1c7a73e3736922ed99530e360784e709896c42e5756e65b2da341
            height 220151
            index 2
        }
        value 1
    }
    transfer
    {
        received
        {
            hash 828ef3b079f9c23829c56fe86e85b4a69d9e06e5b54ea597eef5fb3ffef509fe
            height 248
            index 1
        }
        value 1800000000
    }
    transfer
    {
        received
        {
            hash 12b5633bad1f9c167d523ad1aa1947b2732a865bf5414eab2f9e5ae5d5c191ba
            height 183
            index 1
        }
        value 2800000000
    }
    transfer
    {
        received
        {
            hash 591e91f809d716912ca1d4a9295e70c3e78bab077683f79350f101da64588073
            height 182
            index 1
        }
        value 2900000000
    }
    transfer
    {
        received
        {
            hash a16f3ce4dd5deb92d98ef5cf8afeaf0775ebca408f708b2146c4fb42b41e14be
            height 181
            index 1
        }
        value 3000000000
    }
    transfer
    {
        received
        {
            hash f4184fc596403b9d638783cf57adfe4c75c605f6356fbc91338530e9831e9e16
            height 170
            index 1
        }
        value 4000000000
    }
    transfer
    {
        received
        {
            hash 0437cd7f8525ceed2324359c2d0ba26006d92d856a9c20fa0241106ee5a597c9
            height 9
            index 0
        }
        value 5000000000
    }
}

Retrieving the transfers.transfer[8].received.hash from above returns the following.

$ bx fetch-tx 0437cd7f8525ceed2324359c2d0ba26006d92d856a9c20fa0241106ee5a597c9
transaction
{
    hash 0437cd7f8525ceed2324359c2d0ba26006d92d856a9c20fa0241106ee5a597c9
    inputs
    {
        input
        {
            previous_output
            {
                hash 0000000000000000000000000000000000000000000000000000000000000000
                index 4294967295
            }
            script "[ 04ffff001d0134 ]"
            sequence 4294967295
        }
    }
    lock_time 0
    outputs
    {
        output
        {
            address 12cbQLTFMXRnSzktFkuoG3eHoMeFtpTu3S
            script "[ 0411db93e1dcdb8a016b49840f8c53bc1eb68a382e97b1482ecad7b148a6909a5cb2e0eaddfb84ccf9744464f82e160bfa9b8b64f9d4c03f999b8643f656b412a3 ] checksig"
            value 5000000000
        }
    }
    version 1
}

In other words the public key represents the address that received payment of the full award for block 9.

In newer standard transactions the public key of an address is not exposed on the blockchain until coin spent to the address is subsequently spent. Furthermore the public key of an address cannot be obtained from the address without reversing the ripemd160 and sha256 hashes, which is infeasible.

However these are old transactions that use pay-to-public-key as opposed to pay-to-public-key-hash. The public key that Dr. Wright offered is actually exposed in transaction.outputs.output.script above (and incidentally transaction 828ef… also above).

No Proof

So everything he offered as proof of being Satoshi is actually public information.

What is Bitcoin Infrastructure?

Recently I was confronted with the idea that “Bitcoin infrastructure companies” consist of the following:

  • wallet companies (hosted or local apps)
  • APIs (block explorers or blockchain analysis)
  • payment processors

As Ryan X. Charles reported from Montreal, among this group apparently “everyone wants the block size to increase”.

Merriam-Webster defines infrastructure as follows:

the underlying foundation or basic framework (as of a system or organization)

Apart from “local apps” (wallets, presumably open source), the list above consists entirely of centralized services. These are not Bitcoin infrastructure by any definition. These are peripheral services that use Bitcoin.

Actual Bitcoin infrastructure (validating wallet, node, miner) developers should be extremely wary of pressure coming from this sector. The business model of each of these types of companies requires centralization. Each would prefer a substantial portion of activity relating to Bitcoin pass through their gateways. Ryan described the group as representing a:

large fraction, if not majority, of bitcoins held, bitcoins transacted and bitcoin API calls made

In other words, it may be that this small group of companies is a gateway for the majority of Bitcoin transactions and is acting as a bank for the majority of coins in existence. It may even be that a large portion of these so-called Bitcoin transactions are actually off chain. It may also be that these so-called Bitcoin wallets are actually custodial accounts.

fox-hen

But even the best of these services (i.e. those who claim you control your own keys and that only transact on chain), with the best of intentions, represent a dangerous centralization trend for Bitcoin. These are hardly the voices that Bitcoin developers should heed.

Good intentions won’t stop these types of services from failing their customers when the shit hits the fan. And when Bitcoin starts to significantly challenge seigniorage revenues, the shit will be all over the room.

Many of the good people in these companies naively believe that Bitcoin is a super-efficient system. They see the core value as cheap and rapid transactions for the masses. Some are even interested in the benefits of sound money or even pseudonymity. They are right, these are ultimately the benefits to the user base (all humans).

What they fail to understand is that these benefits are a strictly consequence of the single innovation of Bitcoin – consensus without trust. This innovation allows Bitcoin users to resist censorship. This censorship resistance is only achieved through decentralization. Some may think that only applies to mining, which is not the case. These business models are themselves the primary threat. Each new user of a centralized service expands the attack surface.

Bitcoin BIP38 Security Advisory

You may use third party services (“printers”) to produce encrypted Bitcoin keys, based on an “intermediate code” that you (“owner”) create independently, and which starts with the letters “passphrase”, such as “passphraseouGLY8yjTZQ5Q2bTo8rtKfdbHz4tme7QuPheRgES8KnT6pX5yxFauYhv3SVPDD”.

If so you are using BIP38, also known as “passphrase-protected private keys”. Libbitcoin developers recently integrated this technology into the development kit.

The encrypted private key produced by the printer typically begins with the letters “6P”, such as “6PnQ4ihgH1pxeUWa1SDPZ4xToaTdLtjebd8Qw6KJf8xDCW67ssaAqWuJkw”.

This standard defines a “confirmation code”, which is another value the owner may receive from the printer, and begins with the letters “cfrm”, such as “cfrm38VUEdzHWKfUjdNjV22wyFNGgtRHYhXdBFT7fWw7cCJbCobryAYUThq4BbTPP15g4SeBsug”.

Payments can be made to the corresponding Bitcoin payment address, in this case “1AoLqsujagqD7NmbQKYBEuhRMnCfwJzGoy”. The owner, using the passphrase originally used to create the intermediate code is the only party who can spend money sent to this address, and is therefore protected from printer malfeasance and ineptitude.

However, I strongly recommend against reliance on the confirmation code. Validating this code with your original passphrase tells you nothing about your ability to spend money sent to its corresponding bitcoin payment address. In fact this code is not useful in any scenario where the printer cannot be trusted by the owner. This lack of trust is of course the reason for both the intermediate code and the confirmation code in the first place.

The only thing that the owner learns from validating the confirmation code is that only the owner could spend money sent to the corresponding address. But this assumes the owner has the corresponding private key. The encrypted private key provided by the printer may be entirely bogus. The only way to know whether you have the necessary private key is to validate the encrypted private key.

You are fine as long as you validate the encrypted private key, but don’t use the confirmation code for anything, even after you have validated the encrypted private key. This validation must include deriving the payment address from the encrypted private key. It is our recommendation that the confirmation code section be struck entirely from BIP38.

Clickypedia

204px-Wikipedia-logo-v2-en.svg

For many years my son and I have played a game we call “clickypedia.” He’s 14 now, so he can no longer sit on my shoulders, or behind me on my office chair, or even on my lap. But we still play once in a while.

We started out by just clicking around on Wikipedia, looking for interesting subjects, occasionally making an edit. At some point he suggested we try to get to another specific topic by following links. Later we would start at the Wikipedia main page and see how few links it would take to locate the topic of choice, alternating at the mouse.

Collaborative Clickypedia Rules

  • The players agree on a topic
  • A browser tab is opened to the Main Page
  • Players take turns clicking links to get to the topic
  • Six Clicks is considered success, fewer is better

More recently it’s become a competition…

Competitive Clickypedia Rules

  • The first player chooses a Random Article as the topic
  • The random button can be clicked no more than 5 times
  • Two additional browser tabs are opened to the Main Page
  • Each player controls one of the tabs
  • The second player clicks a link in his tab
  • The players alternate until the topic is located
  • The winner is the first to locate the topic (no ties)
  • Each click must be completed within 60 seconds
  • All clicks must land on a Wikipedia page
  • Clicks to locations withing a page are not counted
  • Text search within a page is allowed
  • Browser back and forward navigation buttons are counted
  • The reference target page can be viewed during a turn
  • No others sources are allowed for reference

In keeping with the original game, a “time out” is called when an interesting subject is discovered that requires exploration. The click clock is stopped and a new tab is opened to the topic. Once the tab is closed play resumes.

A variation on the collaborative game exists where one player tries to get to the topic and the other tries to move away from it. This was originally a bed time avoidance subterfuge, but is also good fun.

Dark Market : Trade is not a crime

Last night, while you were sleeping, three guys at a hackathon in Toronto created a free market. You are probably thinking, what does that even mean? Before one can fully grasp the importance of this event a little background is in order. The free market is any trade unregulated by the state. The term black market arises from the inability of the state to see and thereby control trade, but applies equally to trade over which the state asserts no control. In a free market each exchange is a voluntary agreement between two parties.

Recent research has shown that the size of the free market globally is roughly 23% of world GDP, down from 26% in the 1960’s. The free market has been in a free fall in Asia, currently at a level of 20%. Sub-Saharan Africa, Latin America and post-socialist regions enjoy free market levels of at least 36%.

shadow economy

Why is the free market declining in the more developed economies and holding its own those that are less developed? It stands to reason that the regulated market is “free enough” in more developed economies, causing more people to “come out of the dark” – accepting regulation as a cost of doing business. Another interpretation is that in the more developed economies trade is more easily controlled. World Bank research shows a strong correlation between “formal account penetration” and per-capita GDP. In other words, wealthier people rely more heavily on banks. A business without financial services in a developed economy is generally at a competitive disadvantage.

account penetration

Account penetration differs enormously between high-income and developing countries in the aggregate: 89 percent of adults in high-income countries, but only 24 percent in low-income countries, report that they have an account at a formal financial institution. – World Bank

Ultimately these are two sides of the same coin. People come out of the dark when their cost of doing business in the regulated economy becomes less than their cost of doing business in the free market. Economically this is a contradiction, since the aggregate cost of doing business in the free market should always be the lowest possible. The catch is that free markets do not exist on a large scale. The means of exchange itself is heavily regulated. In order to trade freely one must either accept unreasonable risk by lugging around piles of cash or join the heavily regulated financial system, with all of its various financial and privacy costs. Cryptocurrency is disrupting this model by enabling trade that does not rely on “formal accounts.” People can trade in cash on a larger scale.

Trading in cash is not illegal, but as we can clearly see in global financial trends, it is going away. It is being replaced by a very expensive and insecure system subject to onerous state-level controls. Developed markets may be “free enough” to sustain this presently, but this is a dangerous trend from a historical perspective. So if trading in cash is legal, and free market trading is legal, why are markets like the Silk Road under state-level attack? On the surface it’s pretty simple, free markets don’t differentiate between legal an illegal trades – that’s the “free” part. So the knee-jerk answer is to shut down the market.

It is not the case that all trades on Silk Road were illicit. Yet all accounts have been closed and 26,000 BTC seized. It only takes a small amount of paranoia to consider that the market itself might have been the target, not illegal trades or even the alleged dark motives of its original operator.

Shut down the black markets take away what little they have, then double the amount of floggings and executions put them on TV. Broadcast them live! Sow fear, more fear. – Plutarch Heavensbee

The beauty of Bitcoin is that nobody is trusted. There is no operator. The protocol cannot commit a crime. This makes it impossible to shut down the system. It’s important to remember however that this does not make it impossible to track down criminals and bring them to justice. It just preserves the rights of the innocent.

The Gift of Satoshi is consensus without trust – we no longer need to accept trust in order to trade. Amir Taaki (libbitcoin and Dark Wallet), William Swanson and Damian Cutillo (both of Airbitz) have in one night given us Dark Market – the first implementation of a Distributed Anonymous Marketplace. The world may never be the same.

In the interest of full disclosure, I work on libbitcoin.

Satoshi Finch

Reading the Newsweek story on Satoshi Nakamoto today I was struck with the same feeling I had when reading the Sports Illustrated story on Sidd Finch (see page 76) in 1985.

sdd_finch

Not because I believed it to be a hoax. When I read the SI story I believed it, we all did. It was crazy and exciting and kind of a bummer when we learned it was an monumental April Fools joke. The Satoshi story is equally enthralling because, like the SI story, it perfect. It’s a story that actually exceeds the expectations of the improbable legend that Satoshi has become.

In this clip he continues to deny any involvement. As the 400 millionaire locks his door he selects a reporter to talk with based on the fact that the reporter is offering him a free lunch. Maybe this is not him, maybe it’s a hoax (sure doesn’t seem like it). But we’re really enjoying it, so Mr. Nakamoto please just keep denying it (and here’s a little something for your trouble). Because as soon as you stop the hoax will have been revealed.