Pages:
Author

Topic: Hoaxtoshi aka Craig Wright busted - collection of quality research posts (Read 5449 times)

legendary
Activity: 4410
Merit: 4766
Find a quote where he said that. You won't. He has always said it was his colleague.

https://youtu.be/5DCAC1j2HTY?t=22s

"interviewer: so you are going to show my that satoshi nakamoto is you?
craig: yes"

"interviewer: so you can say hand on heart to me 'i am satoshi nakamoto'?
craig: i was the main part of it other people helped me"

hero member
Activity: 770
Merit: 500

"On The Conversation, Wright was pro-capitalist, anti-hacktivist and was pro-corporate. This contrasted starkly with the voice of the Nakamoto who originally posted about Bitcoin on the cryptography mailing list. That Nakamoto had an entirely different voice that was largely patient and respectful and sought feedback not absolute submission.


Senescence. Gonna get us all in the end.

Not, btw, that I'm "ratifying" the above quote re. the conversation with Craig Wright.
But if he had, perhaps, come across as pro free market then that would be no great shocker all things considered.

legendary
Activity: 1148
Merit: 1014
In Satoshi I Trust
legendary
Activity: 1148
Merit: 1014
In Satoshi I Trust

This is from Dec. and has nothing to do with the recent claims by CW.

Are you posting this for historical perspective for those that either missed the first round of CW or have forgotten it?



i forgot about this article and how ridiculous this "Satoshi" is and made that repost.

quote:

"On The Conversation, Wright was pro-capitalist, anti-hacktivist and was pro-corporate. This contrasted starkly with the voice of the Nakamoto who originally posted about Bitcoin on the cryptography mailing list. That Nakamoto had an entirely different voice that was largely patient and respectful and sought feedback not absolute submission.

That Nakamoto would have known how to spell Bitcoin (he rarely made spelling mistakes in his writing unlike Wright’s writing that was plagued with them), would have suggested Bitcoin as the first alternative to PayPal and was not a supporter of financial third parties mediating financial transactions."
legendary
Activity: 1624
Merit: 1008

This is from Dec. and has nothing to do with the recent claims by CW.

Are you posting this for historical perspective for those that either missed the first round of CW or have forgotten it?

legendary
Activity: 1456
Merit: 1000
How many more threads are people going to open on this subject?

I wonder if Gavin's commit access will be permanently revoked? Do people honestly believe he wasn't in cahoots with Wright?
It should be. This is one strike too many; it is time to say farewell to GA.

Agree, enough is enough.

The man simply can not be trusted to have bitcoin's best interests at heart.

That's simply divisive bollocks that should have no place in Bitcoin.
legendary
Activity: 3556
Merit: 9709
#1 VIP Crypto Casino
How many more threads are people going to open on this subject?

I wonder if Gavin's commit access will be permanently revoked? Do people honestly believe he wasn't in cahoots with Wright?
It should be. This is one strike too many; it is time to say farewell to GA.

Agree, enough is enough.

The man simply can not be trusted to have bitcoin's best interests at heart.
legendary
Activity: 1442
Merit: 1016
I think that an important piece in this puzzle is Wright's trouble with Australian tax authorities. Would he pretend to be satoshi if it weren't for him trying to justify those $54m R&D funds? I think not.

I think this is the key question here.
He has stolen australian governments money by pretending to have a trust with 1 million bitcoins locked in it until 2020.
After a while the aussies' found out they got fooled pretty bad and now Craig needed some verification that he indeed is satoshi and therefore has access to the coins. That's why imo he was going for GA and Matonis and present them via msm as proof that he is Satoshi.Verified by known and "respected" members of the Bitcoin community.This way he thought he could escape aussie authorities.At least for a while. In 2020 shit would have hit the fan at the latest if he wouldn't have found a place in some country which does not extradite.
legendary
Activity: 2422
Merit: 1451
Leading Crypto Sports Betting & Casino Platform
I think that an important piece in this puzzle is Wright's trouble with Australian tax authorities. Would he pretend to be satoshi if it weren't for him trying to justify those $54m R&D funds? I think not.
full member
Activity: 159
Merit: 100
I'm Satoshi Nakamoto,now its out.  Grin
legendary
Activity: 1456
Merit: 1000
Cross posting...

Jesus, bloody, hell...



If true, these guys have millions of BTC between them.

Not millions of $$ in BTC. Millions OF BTC.

If they've been telling the tax authorities little lies, they'll go to jail for a long time.

So, basically...I believe this guy is almost the real deal. Not Satoshi, but bloody hell he's been mining Bitcoin since practically day 1, difficulty 1.

Props.

he is not satoshi ...

he has a lot of btc - and so do many others - but he certainly is not satoshi ...

craig is nothing more than an opportunist that has found his time in the limelight - and is using it to his advantage ... nothing more ...

#crysx

This guy is no common opportunist. Without knowing if he has the various degrees and qualifications he claims to have; he is as smart as they come.

I'd put him in the cunning camp.  He has a plan and he is executing it.

My current guess is that he is positioning himself to take control of 1.1m BTC.

......

Getting closer to figuring this out?
sr. member
Activity: 420
Merit: 262
TPTB_need_war, you cannot prove nor disprove that the Sartre text Craig Wright supposedly hashed is a collision for SHA256.

I asked you to not do what you just did above:

Don't cherry pick my context to make inane non-rebuttals which side-step my holistic set of points.



You also pointed out that he supposedly has access to a supercomputer. Even with access to a supercomputer, he would not be able to find a collision as other researchers have already tried. Simply having a lot of computing power does not mean that he can find a collision.

Alternatively, Craig could have found a vulnerability in sha256, in which case a lot more things than just Bitcoin is screwed. If Craig did not responsibly disclose such a vulnerability and instead exploited it, this would be incredibly sketchy and dishonest behavior.

The point is that with a supercomputer together with a new cryptoanalysis break, the two together might be required to accomplish the attack. I want you to know that if China's pools see nearly all the mining shares, then they are viewing about 268 of SHA-256 hashing power per annum which may or may not be fulcrum. Don't presume you know all the theoretical attacks that are possible.

The theory that the sha256 double hash is weaker than sha256 is false. It has been proven that performing multiple iterations of a hash is more secure than just one iteration. Specifically, many websites will store users passwords in the form of a multiple iteration hash.

You've made at least two mathematically illiterate errors in that quoted text:

1. Testing that double-hashing fulfills some criteria you have prechosen, says nothing about security against cryptoanalysis which your criteria has not considered.
2. Securing a password by iterated hashing (because it requires the dictionary attacker to perform the iteration cost on each dictionary trial) says nothing about the increased vulnerability of collision cryptanalysis. You are conflating two separate issues of security.  Roll Eyes

I am done speaking to these amateurs. Waste of my time.
sr. member
Activity: 420
Merit: 262
I will proceed to explain once you confirm that do not understand why Merkle–Damgård construction is relevant? Either explain or admit you don't know. So I can proceed to teach you something. You are wasting my scarce time with your stalling/deception tactics and trolling.

No, you're the one wasting my time. I don't have to explain anything. You do. And you're not. I can only assume by your lack of explanation that you can't produce one.

Next time you will realize not to fuck with me, because I know a lot more than you assume.

I assume you know nothing, so knowing more than that isn't much of an accomplishment. But please go ahead and demonstrate your accomplishment. We're all waiting.

I'll interpret your reply as an ostensibly intentional veiled admission that you could not answer the question. So I will proceed to explain the sort of theoretical analysis that I was interested in discussing in the thread that the "forum-Hitler" Gmaxwell nuked.


Tangentially note the disclaimer that I wrote in the OP of the thread which was nuked:

Does anyone know what black hole Bitcoin core (Blockstream) developer Gmaxwell moved the quoted thread to?

[...]

I urge immediately peer review of my statements by other experts. I have not really thought deeply about this. This is just written very quickly off the top of my head. I am busy working on other things and can't put much time into this.

I had written in that nuked and vaporized thread a post (my last or nearly last post in that nuked thread) which explained that at the moment I wrote that quoted OP, I had been mislead by sloppy writing on the news sites (and also the linked sites of the protagonists) into thinking that the hash of the Sartre text was already confirmed. For example, I provided this quote:

Craig Wright’s chosen source material (an article in which Jean-Paul Sartre explains his refusal of the Nobel Prize), surprisingly, generates the exact same signature as can be found in a bitcoin transaction associated with Satoshi Nakamoto.

Being at is was by that time late in the evening for my timezone and I had been awake roughly 18 hours already, and I was skimming in an attempt to make some quick feedback on this potentially important event, so I could return to my work asap. In the nuked thread, I quickly realized that the Sartre text hadn't been verified to match the hash, so I actually stopped posting in the nuked thread for a few hours. Then when I came back to thread, it didn't exist so I could no longer follow up or read what had been elucidated. Thus note my original focus was on how the hell could Craig have achieved that match, so he must have broken the hash. I had recalled that I had theoretically doubts about the double hashing which I had never bothered to discuss with anyone. It had been 2+ years since I did that research on cryptographic hash functions, so I had to decide if I was going to go dig back into that research or not. I figured I'd sleep on it and then be able to think with a clearer, rested mind about the implications of the revelation (to me) that the hash had not been verified to match the text because the portion of the text had not been sufficiently specified (again the "undisclosed" term didn't make sense to me in quick skimming because I had read on the blog that the Sartre text was referred to).

But instead of being able to sleep on it and then decide whether to let it go or dig back into my past research, my thread was nuked and I was under attack. Remember I don't back down from anyone when I think I am justified. When I think I am wrong, I mea culpa.



So now back to the subject matter of whether double hashing could theoretically lead to any weakening of the second preimage and/or collision security of the SHA-256 cryptographic hash function.

Afaik, there is no research on this question. If anyone is aware of any, please kindly inform me.

First I will note the Merkle–Damgård construction (which SHA-256 employs) is subject to numerous generic attacks and even though afaik none of these are currently known to be a practical threat against a single hash of SHA-256, we can perhaps look to those generic attacks for potential clues as to what a double-hashing might enable which a single-hash application perhaps might not.

Note in the pseudo-code for SHA-256 that what distinguishes a double-hashing from doubling rounds (i.e. "Compression function main loop:") or repeating the input text in double the block chunks (i.e. "Process the message in successive 512-bit chunks:"), is that the h0 - h8 compression function state which is normally orthogonal to the input block chunks instead gets transmitted as input to a block chunk in the second hash application (i.e. "Produce the final hash value (big-endian):") after being added to the output of the compression function (i.e. "Add the compressed chunk to the current hash value:"). And the h0 - h8 compression function state is reset to a constant (i.e. "Initialize hash values:").

The reason I think this might be theoretically significant is because we should note that the way cryptographic hash functions are typically broken is by applying differential cryptanalysis. Differential cryptanalysis is attempting to find some occurrence of (even higher order) differences between inputs that occurs with more frequent probability than a perfectly uniform distribution. In essence, differential cryptanalysis is leveraging some recurrent structure of the confusion and diffusion and avalanche effect of the algorithm.

Not only does the double-hashing introduce a constant  h0 - h8 midstream thus introducing a known recurrent structure into the middle of the unified algorithm of a double-hashing, but it shifts the normally orthogonal compression function state to the input that it is designed supposed to be orthogonal to. On top of that, the additions of the h0 - h8 state at the midpoint, can possibly mean the starting state of the midpoint is known to have a higher probability of zeros in the least significant bits (LSBs). This last sentence observation comes from some research I did when I created a much higher bandwidth design variant of Berstein's ChaCha by fully exploiting AVX2 SIMD, that was for a specific purpose of creating a faster memory hard proof-of-work function. In that research, I had noted the following quote of an excerpt in my unfinished, rough draft, unpublished white paper written in late 2013 or early 2014 (and kindly note that the following might have errors because it was not reviewed for publishing and was merely notes for myself on my research understanding at that time 2+ years ago):

Quote from: shazam.rtf
Security

Addition and multiplication modulo (2^n - 1) diffuse through high bits but set low bits to 0. Without shuffles or rotation permutation to diffuse changes from high to low bits, addition and multiplication modulo (2^n - 1) can be broken with low complexity working from the low to the high bits [5].

The overflow carry bit, i.e. addition modulo minus addition modulo (2^n - 1), obtains the value 0 or 1 with equal probability, thus addition modulo (2^n - 1) is discontinuous i.e. defeats linearity over the ring Z/(2^n) [6] because the carry is 1 in half of the instances [7] and defeats linearity over the ring Z/2 [8] because the low bit of both operands is 1 in one-fourth of the instances.

The number of overflow high bits in multiplication modulo ∞ minus multiplication modulo (2^n - 1) depends on the highest set bits of the operands, thus multiplication modulo (2^n - 1) defeats linearity over the range of rings Z/2 to Z/(2^n).

Logical exclusive-or defeats linearity over the ring Z/(2^n) always [8] because it is not a linear function operator.

Each multiplication modulo ∞ amplifies the amount diffusion and confusion provided by each addition. For example, multiplying any number by 23 is equivalent to the number multiplied by 16 added to the number multiplied by 4 added to the number multiplied by 2 added to the number. This is recursive since multiplying the number by 4 is equivalent to the number multiplied by 2 added to the number multiplied by 2. Addition of a number with itself is equivalent to a 1 bit left shift or multiplication by 2. Multiplying any variable number by another variable number creates additional confusion.

Multiplication defeats rotational cryptoanalysis [9] because unlike for addition, rotation of the multiplication of two operands never distributes over the operands i.e. is not equal to the multiplication of the rotated operands. A proof is that rotation is equivalent to the exclusive-or of left and right shifts. Left and right shifts are equivalent to multiplication and division by a factor of 2, which don't distribute over multiplication e.g. (8 × 8 ) × 2 ≠ (8 × 2) × (8 × 2) and (8 × 8 ) ÷ 2 ≠ (8 ÷ 2) × (8 ÷ 2). Addition modulo ∞ is always distributive over rotation [9] because addition distributes over multiplication and division e.g. (8 + 8 ) ÷ 2 = (8 ÷ 2) + (8 ÷ 2). Due to the aforementioned non-linearity over Z/(2^n) due to carry, addition modulo (2^n - 1) is only distributive over rotation with a probability 1/4 up to 3/8 depending on the relative number of bits of rotation [9][10].

However, multiplication modulo (2^n - 1) sets all low bits to 0 orders-of-magnitude more frequently than addition modulo (2^n - 1)—a degenerate result that squashes diffusion and confusion.

[5] Khovratovich, Nikolic. Rotational Cryptanalysis of ARX. 2 Related Work.
[6] Daum. Cryptanalysis of Hash Functions of the MD4-Family.
     4.1 Links between Different Kinds of Operations.
[7] Khovratovich, Nikolic. Rotational Cryptanalysis of ARX.
     6 Cryptanalysis of generic AR systems.
[8] Berstein. Salsa20 design. 2 Operations.
[9] Khovratovich, Nikolic. Rotational Cryptanalysis of ARX.
     3 Review of Rotational Cryptanalysis.
[10] Daum. Cryptanalysis of Hash Functions of the MD4-Family.
    4.1.3 Modular Additions and Bit Rotations. Corollary 4.12.

So now put those aforementioned insights about potential recurrent structure at the midpoint of the double-hashing, together with the reality that a Boomerang attack is a differential cryptoanalysis that employs a midpoint in a cipher to form new attacks that weren't plausible on the full cipher. Bingo!

I'll refrain from providing my further insights on specifics beyond this initial sharing. Why? Because I've been treated like shit by Gmaxwell and you all here grant him too much Hitler-esque control over the Bitcoin Technical Discussion subforum where these sort of discussions are supposed to occur, so I will take my toys else where. Enjoy your echo chamber.

Do I have an attack against Bitcoin's double-hashing? I leave that for you to ponder.
sr. member
Activity: 420
Merit: 262
I was sleeping. Now the REKTing will ensue.

I am an innocent Noob, and not a sock puppet. Grin

I believe you are a liar. Prove it by revealing your identity. My identity is known to everyone. I have revealed my full name, where I live, my history, my LinkedIn account, my public non-anonymous writings published over the internet, etc..

If you believe that, you are dumber than I thought.

Yes, I do believe I explained it.

If you feed the script a plain ASCII text file, you'll just claim he might have used UTF16. Or a PDF file, which can altered in infinitely many ways without affecting the text content. Or a JPEG of a photograph of a printout of the document. Or something else entirely.

Perhaps you're illiterate?

Yes of course there is a combinatorial explosion of possibilities which was my point that you all can't conclude with 100% certainty that Craig can't produce a preimage of the hash, unless you can be sure he can't second preimage SHA-256 or otherwise find a collision. And I had stated that double hashing with SHA-256 might possibility have a cryptoanalysis hole that isn't known to exist in the cryptoanalysis of a single hashing. Again this was just a theory I wanted to discuss. Perhaps you don't like theories. Perhaps you would have preferred that Einstein didn't ponder riding in elevators. Well small, closed minds aren't very creative and thus don't achieve greatness. More on that with follow in a subsequent post.

However, in spite of the fact that you can't disprove any possible means of representation or permutation of the Sartre text, I wrote several times upthread that at the bare minimum, those protagonists who were claiming 100% certainty that Craig could not do something (btw a very strong claim), it would behove them to at least show that using typical representations of the Sartre text (e.g. ASCII text and perhaps UTF8/UTF16), that no contiguous portion of the text could hash to the signed hash. Moreover and more saliently, I pointed out that the protagonists were disingenuous or derelict by not pointing out the possibility that Craig might still be able to match the hash with some revealed content, Iff (if and only if) Craig had found a way to second preimage or otherwise find the necessary collision on the SHA256 hash. That the protagonists were too lazy to do this and were also too lazy to even verify if the website drcraigwright.com is Craig Wright's official communication vehicle (which apparently it is not and is now for sale here on bitcointalk.org according to a screen capture I quoted upthread), points to the lack of diligence and/or disingenuity in this tribe of Bitcoin maximalists including apparently yourself, who think they are holier than thou.

Do not disingenously quote my above two paragraphs out-of-context again. Don't cherry pick my context to make inane non-rebuttals which side-step my holistic set of points.

Note when I am done REKTing you on the technical points (again more is to follow below after this post), I never again want to waste my precious time with a useless and disingenuous turd. So this will be your last interaction with me.

We do have fairly convincing evidence that the signature Wright posted is not a signature of any subset of the Sartre document.

Specifically, it matches an early public signature from Satoshi lifted from a Bitcoin transaction. The chance against any portion of the Sartre document generating an identical signature are astronomical. Hence, it's pretty clearly an attempt at fraud or at the very least intentional misdirection.

You are apparently mathematically illiterate. If Craig can't find the second preimage or necessary collision, then he can't find a text that matches. Period. If he can find the second preimage or necessary collision, then he can find a text that matches. Period. When we analyze the probability, we don't start only with the Sartre text document. He could have chosen from any document on earth.

Thus his ability to use only contiguous portions of the Sartre document is mathematical plausible (again assuming he has the necessary cryptographic breakage), and thus it behoves the protagonists to explain this and even to write a quick script to prove that the contiguous portions possibilities in the common encoding formats does not hash to the signature he provided. The derelicts didn't do this. My necessary mathematical assumption in this paragraph (not impacting the prior paragraph) is that the hash function would be subject to a multi-collision attack. Thus if the breakage is not multi-collision, then Craig could not have reasonably limited himself to contiguous portions because the search for document matches in itself would probably be an intractable computational problem. My point remains that we see none of this sophisticated explanation from the protagonists. Instead they do a little bit of half-ass analysis and then everyone proclaims Craig is a fraud. This is Craig's point! I simply wanted to have a theoretical discussion in the Bitcoin Technical Discussion subforum and instead had my legitimate inquiry vaporized by the Bitcoin maximalist "forum-Hitler" moderator who uses the moniker Gmaxwell or in real life Gregory Maxwell. And we have all his underlings here who promulgate his shitty attitude and actions.
sr. member
Activity: 420
Merit: 262
Even when threads are moved to the Trashcan, we get a link showing they have been. Gmaxwell has some sort of super powers as a mod. I have no idea what kind of incestuous relationship is going on between theymos and Gmaxwell, but it doesn't really matter since Bitcoin is basically destroyed now with 70% of the mining controlled by China, soon to be 98+%, and with Blockstream implementing their SegWit soft fork Trojan Horse so as Matonis admits can end up increasing the 21 million coins limit.

The entire ecosystem is headed for a clusterfuck.

This should be pinned everywhere.

Just to add that with completely non transparent Chinese exchanges we will never know what the real price of BTC is (they are the Market Makers even after Interactive Brokers + XBT ETN).

Time will tell on this, g-d help us if you are right.

No God help me. Because I have the solution and it won't be fixing Bitcoin. Why do you think Gmaxwell hates me do much! He is ostensibly afraid and he should be.
legendary
Activity: 1267
Merit: 1000
Even when threads are moved to the Trashcan, we get a link showing they have been. Gmaxwell has some sort of super powers as a mod. I have no idea what kind of incestuous relationship is going on between theymos and Gmaxwell, but it doesn't really matter since Bitcoin is basically destroyed now with 70% of the mining controlled by China, soon to be 98+%, and with Blockstream implementing their SegWit soft fork Trojan Horse so as Matonis admits can end up increasing the 21 million coins limit.

The entire ecosystem is headed for a clusterfuck.

This should be pinned everywhere.

Just to add that with completely non transparent Chinese exchanges we will never know what the real price of BTC is (they are the Market Makers even after Interactive Brokers + XBT ETN).

Time will tell on this, g-d help us if you are right.
legendary
Activity: 1148
Merit: 1014
In Satoshi I Trust
tyz
legendary
Activity: 3360
Merit: 1533
Not only BBC, almost all media has reported about the revelation of Satoshis identity. They all get catched by this hoax.
The motto of "quality media" today is to copy and paste without question it.

i can imagine how fools bbc to believe his shitty statement and publishing it widely through their website,i hope only bbc who can be this easily getting lied by craig,the good thing, no one will believe this person and his mouth
legendary
Activity: 1498
Merit: 1000
Even when threads are moved to the Trashcan, we get a link showing they have been. Gmaxwell has some sort of super powers as a mod. I have no idea what kind of incestuous relationship is going on between theymos and Gmaxwell, but it doesn't really matter since Bitcoin is basically destroyed now with 70% of the mining controlled by China, soon to be 98+%, and with Blockstream implementing their SegWit soft fork Trojan Horse so as Matonis admits can end up increasing the 21 million coins limit.

The entire ecosystem is headed for a clusterfuck.

This should be pinned everywhere.

Just to add that with completely non transparent Chinese exchanges we will never know what the real price of BTC is (they are the Market Makers even after Interactive Brokers + XBT ETN).
Pages:
Jump to: