Oddbean new post about | logout
waxwing | 1 years ago (raw) | export | reply | flag +9 
 It's time to come clean, everyone. I am Satoshi.

This signature:  'MEUCIQDOfh42gE4SqQHtp6SUZOaVaDRDrMpGXr7Yr6UOZu2USwIgMYHhyX+x7Vb+Elhba5sZaVJ6mTnlAkF85yK5fmlIrPY='
validates against this message hash:

'f888cabdf88abee1ee9369a91578c3efbde119959df18f4e46a3631929338251'

for Satoshi's key from block 1.

I will reveal the secret revelations behind that hidden hashed message in the coming months (or years).

---

This trick is not novel; it was used, IIRC, about 5 years ago by one of Craig Wright's hired PhDs, and used largely tongue in cheek according to my vague memroy, in a Twitter message. (better memories than me please correct the details if you can).

I've produced a gist for anyone who wants to repeat the trick, with some extended comments. Because no one reads code, I reproduce here the introductory comments:

# Steps of the algorithm:
# 1. Generate a random tweak alpha
# 2. Set the nonce point to R = P + alpha * G
# 3. Calculate the corresponding x coordinate R(x), call that t.
# 4. Set the signature value s = t.
# 5. Set the signature hash value h ("H(message)" supposedly) to h = s * alpha
# 6. Publish (t, s) as the signature, which validates against Satoshi's public key.
# 7. Promise that you will reveal the mysterious message later, and voila, you're Satoshi.

The gist is at: https://gist.github.com/AdamISZ/8dacbbab7525af07c0ca3f12e2262c72

Last point, as mentioned at the end of the code, you cannot "verify" this kind of signature with most available tools (Electrum say .. not sure about openssl), with very good reason! The signature is *not* verified unless the preimage of the hash is provided. One could even argue that exposing the other version in a API is wrong (looking at you libsecp256k1!), ie allowing a 'verify' function to take in a hash instead of a message.

Last point is that this way of doing it looks stupidly dubious because the 'r' and 's' in the signature are the same value, but you can pretty easily tweak it IIRC so they are randomly different. It's just one extra step of algebra.

Remember - we can all be Satoshi!
Cameri | 1 years ago (raw) | root | parent | reply | flag +1 
 My takeaway is that we are all Satoshi
octaviani | 1 years ago (raw) | root | parent | reply | flag 
 yang penting kalimat terakhirnya saja..

"we can all be Satoshi!"

nostr:note10l4s4q9eu3xd77lp05mhgllvmq9225d0u66s5tcmwme86a2kmzmqpklh9f
1b05b29c | 1 years ago (raw) | root | parent | reply | flag 
 Did the Internet forget?
waxwing | 1 years ago (raw) | root | parent | reply | flag 
 Did it forget that this trick is possible, you mean? It usually does forget things like that :)