in ,

Proof-of-Satoshi fails Proof-of-Proof. by Ian Grigg

Ian Grigg
Ian Grigg

[Cryptography] Proof-of-Satoshi fails Proof-of-Proof.

ianG iang at
Wed May 4 18:44:46 EDT 2016

On 3/05/2016 04:43 am, Robert Hettinga wrote:
>> On May 2, 2016, at 2:17 PM, Erik Granger <erikgranger at> wrote:
>> I'll believe it when he signs arbitrary messages with satoshis key. No signature, no story.
> Spend the coins.
> Pics or it didn’t happen.
> Cheers,

That ain't gonna happen, sorry folks!  Not to rag at RAH, I'm just 
picking up his perfect foil, and for reasons he'll wryly smile to: 
Physics. Humanity. Frailty. Complexity. Of the sort that we've all being 
talking about since forever on this list and many others.

Let's break it down.

Firstly, we all on this list know that cryptographic keys prove that a 
private key did a maths transform that a public key can confirm.  Full Stop.

What cryptographic proofs do not confirm is that a human said something 
meaningful to another human. Indeed, the more that the Bitcoin community 
and the tabloid press demand a proof-of-spend and examine the results 
they're given, the more it demonstrates how humans seem to be isolated 
by cryptography not joined.

In theory, keys are mathware, humans are wetware and the two do not 
easily mix.

How does this play out in real life?  We know that the human experiment 
known as cryptographic signing has failed. We know that there is at 
least one tiny little country - Estonia - clinging to the European dream 
of using smart cards to identify humans, but statistically the world has 
failed to make human signing with public key cryptography work. People 
write books about this, I simply point it out as a significant data 
point of where many thousands of people really really tried to use keys 
to prove meaningful human things.  And failed.

Let's get more topical. There are strident, demanding calls for people 
who make statements concerning the identity of one said Satoshi Nakamoto 
to back those statements up with cryptographic proof. Yet these demands 
are .. unfounded, and that is the kindest thing that could be said about 
them. Why?

Anyone offering information to the world has no necessary call to offer 
more information. When I say that Craig Wright was the leader of the 
team known as Satoshi Nakamoto, I do not contract to say more. Nor did 
Gavin or Jon or others in any sense contract to say more than they did. 
They don't owe anyone anything. Even if they made errors, it is not on 
them to correct them. "Extraordinary claims calls for extraordinary 
proof" is only a standard for academia, it has little place in human 
affairs, especially in that democratic tradition known as open 
discourse, nor in the human standards of proof that have been honed over 
a thousand years of legal history.

In fact, I contracted to say less - as well all do, when we join the 
encryption business, we covenant to keep peoples' privacy. When I 
started what became Project Prometheus a few years ago, I promoted their 
privacy as a goal - because the team known as Satoshi Nakamoto asked for 
their privacy by posting here in 2008 and disappearing entirely 2 years 
later. Now, when I come out and say that Craig Wright was the leader of 
Satoshi Nakamoto, it is only because he himself finally announced it. I 
remain committed to privacy even if the community Satoshi wrought is 
revealing themselves to be a pack of rabid statist wolves looking to rip 
the wool off of the backs of the sheep that they call their customers 
and future users.

Sorry, guys, it gets worse, and I hope the Bitcoin community dissolves 
itself in collective shame as to their inability to even contemplate 
protecting their own.

As we know in cryptographic affairs, key management is hard. Keys can be 
lost. Misplaced. Traded.  Breached and stolen.  Keys can be spoofed - we 
have an entire cryptographic security system called SSL/HTTPS which is 
blighted by phishing, based on misuse of cryptographic proof of 
identity. Let's not go into the details, but I shall revise here FTR the 
claim of secure browsing: the identities are cryptographically proven. 
Which apparent claim does not reveal itself to the humans in sufficient 
reliability in order to defeat basic common or garden social 
engineering. If the IETF's biggest, bravest and most educated can fail 
to protect the browsing public from the obvious, known and counted 
threat, what hope the rest?

Even if the above were not sufficient, let me get precise and particular 
as to why the Proof-of-Satoshi is dead-on-arrival. There are several 
facts which apply in this case.

Firstly, Satoshi Nakamoto is not one human being. It is or was a team. 
Craig Wright named one person in his recent communications, being the 
late Dave Kleinman. Craig did not name others, nor should I. While he 
was the quintessential genius who had the original idea for Bitcoin and 
wrote the lion's share of the code, Craig could not have done it alone. 
Satoshi Nakamoto was a team effort.

Indeed, a sort of proof is right there in front of you - when you look 
at Craig Wright, you do not see Satoshi. When you look at Satoshi 
Nakamoto, you're seeing some measure of the influence of Dave Kleinman, 
and it isn't possible for Dave to prove anything anymore to anyone. 
Team Satoshi is ephemeral, and no cryptographic multisig can now capture 
those that aren't around any more.

This team effort was one of a most severe cost to all members of that 
team, and only privacy is holding us back from recognising it.

Further, the keys that controlled critical parts were moved several 
times between various persons. Which is to say that control of the keys 
does not indicate more than the holder being trustworthy to the goals of 
the team at a point in time.  Even if Craig manages to sign over a coin, 
it does not and cannot prove he is "the one," only that he was at one 
point in time a trusted member of the team. Albeit, the team that he 
founded, but a wise leader controls for all risks, including those risks 
posed by the leader himself.

More: control at any time does not necessarily indicate ownership, 
either in the minds of the team nor in the eyes of the law.  Recalling 
the reports of late 2015, can you rule out that the keys haven't been 

Finally, as has been reported, the headline bulk of the value is 
controlled by a trust. Any movement of those coins needs to operate 
according to trust rules; if not, then we are in a state of sin. What 
that means is not something that can be described in mathematical terms, 
but it can certainly be described in hysterical terms - the logic de 
jure of the Bitcoin community.  As an aside, I really strongly suggest 
that the Bitcoin community not press for the breaking of the trust.  If 
unsure on this point, ask your miners to explain that old curse "be 
careful what you wish for."  Breaking the trust is way off the scale of 
what anyone will desire.

I suggest that it is therefore impossible for any reasonable person to 
conclude that a "spend" of a Bitcoin coin proves anything beyond that 
the erstwhile signer was at some point in some way related to a key.  A 
host of factors make the 'proof' too impractical to describe at a press 
or media level. And, if we have to call in opposing experts to argue the 
case, what's the point of the "proof"?

It is with incredible sadness that I watch an entire community 
misunderstand the lesson that Satoshi originally taught - trust in 
mathematics to prove accountancy. Yes, cryptography can prove that a 
coin is available and disposable pending an attempt to further dispose 
it. But the Bitcoin design was deliberately weak when it came to proof 
of persons. Especially, when it comes to known and now revealed 
weaknesses in the persona once known as Satoshi Nakamoto, there is no 
proof in mathematics that can satisfy that community's yearning for yet 
another meal.

By all means, take that lamb for yet another feast of slaughter, but do 
not soil the good name of mathematics for your Pavlovian hunger.

iang, CARS.

ps; after writing this, I stumbled across:

pps; This post reflects no commercial agenda or position of myself or 
any person related to me.  I have no position in BTC and have never had 
any BTC other than a few pence lost in some test wallet somewhere.

More information about the cryptography mailing list

Ian Grigg
Ian Grigg



Who is Ian Grigg?

What do you think?

Written by Ramon Quesada

Passionate about Blockchain & Bitcoin technology since 2013, Co- Founder of, Team Manager in the CoinTelegraph Spain franchise (2016-2017 years) Co. Organizer of the Blockchain Boot camp Valencia 2018, Co. Organizer of the mini Hackathon BitcoinSV Barcelona, in August 2019, current coordinator of the BSV Valencia Meetup.


Leave a Reply

Your email address will not be published. Required fields are marked *


Unbounded Capital

WHY WE THINK CRAIG WRIGHT IS SATOSHI. By Jack Laskey and Dave Mullen-Muhr

Mark Twain Bank

Theory of Bitcoin – A serie from – Dr. Craig S. Wright & Ryan Charles