Update (May 5, 2016): In a new post on his website, Wright has now tacitly admitted that he can't prove his identity as Bitcoin's creator. But rather than admitting the obvious — that he isn't actually Satoshi Nakamoto — Wright claims that "As the events of this week unfolded and I prepared to publish the proof of access to the earliest keys, I broke. I do not have the courage. I cannot."
For years, people have been trying to unmask Bitcoin's enigmatic creator, known only by the pseudonym Satoshi Nakamoto. Previous efforts have not panned out. But this morning three media organizations — the BBC, the Economist, and GQ — reported that an Australian man named Craig Wright was claiming to be Bitcoin's creator.
And this story is different from previous efforts to unmask Nakamoto in a crucial way: Wright claims he can offer cryptographic proof of his identity. As the BBC puts it, "Wright has provided technical proof to back up his claim using coins known to be owned by Bitcoin's creator."
Most convincing of all, a prominent Bitcoin developer named Gavin Andresen says he believes that Wright is Nakamoto. Andresen is the man Nakamoto chose to lead the Bitcoin project when he abruptly left the Bitcoin community in 2011, and he's still one of the most prominent figures in the Bitcoin world.
Yet something doesn't add up about Wright's claims. The real Nakamoto would be able to settle all doubt about his identity by publishing a mathematical proof called a digital signature. Instead, Wright seems to have orchestrated an elaborate smoke-and-mirrors campaign, offering private demonstrations to a handful of people — most of whom weren't in a position to fully verify the evidence he provided.
Security researcher Dan Kaminsky is particularly harsh. "This is a scam," he wrote in a Monday blog post. "Not maybe. Not possibly. Wright’s done classic misdirection by generating different scams for different audiences."
Earlier claims that Wright was Nakamoto didn't add up
The idea that Wright is Nakamoto isn't new. Wired and Gizmodo first reported the possible Wright-Nakamoto connection back in December. These publications were contacted by a man posing as a hacker with a grudge against Wright. He provided what appeared to be incontrovertible proof that Wright was, in fact, Satoshi Nakamoto.
But this evidence proved hard to authenticate. The documents included email discussions with computer forensics expert Dave Kleiman from 2008 — before Bitcoin was released to the public. Unfortunately, Kleiman died in 2013, so he can't confirm their authenticity. Other, more recent, documents merely proved that Wright had been telling various associates that he was Nakamoto — but of course that doesn't rule out the possibility that Wright could have been lying.
But the biggest red flag in these December stories was identified by Wired reporter Andy Greenberg. Early Wright blog posts appeared to link him to Bitcoin at a time when the cryptocurrency was still in its infancy. The problem is that these posts were modified in 2013 or later to add key references to Bitcoin.
Similarly, forensic examination of a cryptographic key purportedly belonging to Nakamoto — and linked to Wright — showed that it was likely created by a version of cryptographic software that didn't yet exist when the key was created in 2008.
In short, most of the evidence purportedly showing that Wright was connected to Bitcoin during its creation in 2008 and 2009 appears to have been manufactured years after the fact. We don't know who was perpetrating this apparent hoax, but some in the Bitcoin community started to suspect that the anonymous "hacker" was actually Wright himself.
Wright's new blog post is an elaborate effort at deception
Wright still insists that the December revelations occurred against his will. He says that those reports led to a swirl of rumors that have negatively affected his friends, family, and employees. And so, he claims, he decided to set the record straight by finally acknowledging that he is Bitcoin's creator.
This ought to be easy to do. Bitcoin is based on a cryptographic technology called digital signatures. Bitcoin users "sign" transactions before submitting them to the Bitcoin network, ensuring that only the owner of a particular Bitcoin account can spend money from it.
Some of the earliest Bitcoin transactions were signed with a private key belonging to Satoshi Nakamoto. So the easiest and most convincing way to show that you're Nakamoto is to sign something with this private key. Assuming Nakamoto has practiced good security, no one else should be able to do this. And once a signature is published, anyone in the world can use standard software tools to mathematically verify that it was signed with the same private key as Nakamoto's earliest Bitcoin transactions.
On Monday, Wright published a long, rambling blog post purporting to do just that. But security experts say it does nothing to establish Wright's identity. What Wright appears to have done is to find an old digital signature generated by Nakamoto years ago, reformatted it, and then presented it as a new signature generated by Wright.
So the post doesn't just fall short of proving that Wright is Nakamoto. It suggests that Wright is willing to go to elaborate lengths to trick people into believing that he is Bitcoin's creator.
There's reason to be skeptical of key Wright backer Gavin Andresen's claims
Wright's strongest bit of evidence is the endorsement of Gavin Andresen. When Nakamoto stopped contributing to the Bitcoin project in 2011, he turned effective control over the project to Gavin Andresen, who was then a software developer in his 40s. Today, Andresen is the chief scientist for the Bitcoin Foundation and a member of Bitcoin's core development team.
So when Andresen wrote this morning that he believed Wright was the creator of Bitcoin, people paid attention.
"During our meeting, I saw the brilliant, opinionated, focused, generous – and privacy-seeking – person that matches the Satoshi I worked with six years ago," Andresen wrote. "And he cleared up a lot of mysteries, including why he disappeared when he did and what he's been busy with since 2011."
However, Andresen had never met Nakamoto face to face before, so this didn't mean a whole lot. The key question was whether Wright had Nakamoto's encryption keys. And Andresen claimed Wright did just that.
Andresen described the procedure he used to verify Wright's identity in a Reddit post. Wright cryptographically signed a message chosen by Andresen, transferred it to a new laptop, and then used software to verify that the signature was valid.
If taken at face value, this appears to show that Wright has Nakamoto's private keys. But this verification process leaves lots of room for a hoaxster to trick a gullible observer. The key question is whether Wright tampered with the software used to verify the digital signature — if he did, then obviously this verification is meaningless.
And crucially, Wright didn't allow Andresen to verify the signature on his own laptop, keep a copy of the signature, or (best of all) publish it so it could be verified by anyone in the world. So if there was something fishy about the software Wright used for his demonstration, Andresen didn't have any opportunity to confirm that.
The demonstration Wright provided to the Economist was similarly limited. The newspaper wrote that "information that allows us to go through the verification process independently was provided too late for us to do so fully." The Economist concluded that "as far as we can tell," Wright had control of Nakamoto's private key. But under the circumstances, that doesn't mean a whole lot.
So were Andresen, the Economist, and other observers tricked by the digital equivalent of a magic trick? No one other than Wright knows for sure. But given the elaborate lengths someone has gone to manufacture other evidence linking Wright to Nakamoto, it's worth being very skeptical.
This doesn't seem like how the real Satoshi Nakamoto would behave
But one thing we do know for sure is this: If Wright were really Bitcoin's creator, he could put all these doubts to rest very quickly. All it would take is for him to publish the digital signature he claimed to have generated for Gavin Andresen. In a matter of minutes, independent experts would be able to check the signature and verify that it was created using the same key as the earliest Bitcoin transactions.
But Wright hasn't done this. And it's hard to think of any plausible explanation other than the obvious one: that he hasn't done it because he can't do it.
Indeed, the way Wright has stage-managed the latest revelations about himself seem inconsistent with what we know about Nakamoto. Wright chose to give his scoop to the BBC, the Economist, and GQ. These are all excellent publications, but none of them are known for their in-depth coverage of computer security. The real Satoshi Nakamoto should have anticipated that no one would give much weight to a GQ scoop about his identity.
Bitcoin was Nakamoto's attempt to create a financial system that didn't require trusting the fallible human beings that run the banking system. Yet when Wright decided to reveal his identity as Nakamoto, he chose to do it via face-to-face meetings with a handful of journalists and Bitcoin insiders instead of providing mathematically rigorous proof that anyone could verify. It's hard to believe that's what Nakamoto would have done.