Debunking Craig Wright's Sartre Message

39. The Sartre Message (Particulars of Claim at [23]-[25] {A/2/8}) The First Pleaded Example

761. On 2 May 2016, the various press outlets with whom Dr Wright had collaborated to try to demonstrate he was Satoshi published their articles on the ‘proof’ that Dr Wright had given. Dr Wright had sought to show that he was Satoshi to BBC and Economist journalists by demonstrating current possession of one of Satoshi’s private keys. Dr Wright sought to demonstrate his possession of such a private key by signing a message with the private key.

762. Dr Wright claimed to present a message, a hash of the message, and a signature of the hash in the form of the text of a speech by Jean-Paul Sartre (the “Sartre Message”). The signature was purported to correspond to a private key associated with Bitcoins mined in Block 9 of the Bitcoin blockchain (which are believed to be Bitcoins mined by Satoshi).

(a) COPA’s Reasons for Alleging Forgery

763. The Sartre Message offered no such proof. COPA allege that Dr Wright took a signature from a transaction on the public Bitcoin blockchain published first in 2009 and republished it. Dr Wright presented a fragment of the Sartre Message and claimed that the signature corresponded to the Sartre Message. However, the provided signature was that of a 2009-era Bitcoin transaction that was publicly available in the blockchain and not one that was contemporaneously generated with regard to the Sartre Message (or one that corresponded to the Sartre Message).

(b) Dr Wright’s Explanations and COPA’s Rebuttal

764. Dr Wright has accepted that the digital signature in the Sartre Message was one relating to a pre-existing transaction which was and remained publicly available on the Bitcoin Blockchain (Defence, [42] {A/3/15}). As his expert in cryptocurrency technology, Mr Gao, agreed, the signature was the same information as in the signature used in the Satoshi Nakamoto / Hal Finney transaction, but presented in base 64 rather than base 16 {Day18/42:22}.

765. Dr Wright claimed that, as would have been obvious from the text of the Sartre Message, it was never intended to provide proof of his possession of the private key associated with the Block 9 coinbase transaction. COPA submitted that that claim should be rejected for the following reasons:

765.1. Multiple emails setting out arrangements for the “big reveal” of Dr Wright as Satoshi (which were sent to Dr Wright among others) made clear that this message was supposed to present a genuine digital signature of a new message using this private key: see for instance {L13/40/1}.

765.2. Dr Wright and his representatives had led the journalists with whom they had dealt to believe that the Sartre Message would present such a genuine digital signature of a new message, as can be seen from the articles they published on 2 May 2016: {L13/205/11} (the Economist); {L18/330/4} (GQ).

765.3. When Dr Wright’s own group of supporters (including Stefan Matthews and Calvin Ayre) became aware that online commentators had demonstrated that the Sartre Message had not contained a genuine digital signature of a new message, they reacted with surprise and great disappointment: see email chain of 2 May 2016 at {L13/97/1}.

765.4. Mr Matonis and Mr Andresen (one of the Bitcoin developers) with whom he had conducted private “signing sessions”, reacted in the same way: see their emails at {L12/213} and {L13/166} and Mr Andresen’s evidence in the Kleiman proceedings at {E/17/132} and {E/17/154} (Dr Wright “certainly deceived me about what kind of blog post he was going to publish, and that gobbledygook proof that he published was certainly deception”).

765.5. Dr Wright did not respond to the concerns of his own supporters by saying what he now says; viz, that the Sartre Message had never been intended to present a genuine digital signature. Rather, he claimed that the problem was that the wrong copy had been uploaded: see {L13/97/1}, {L13/169/1}. That was false: the Sartre Message had been discredited because it did not include the promised genuine digital signature.

765.6. Dr Wright told the Court that it was easy to tell that the signature presented in the Sartre Message was a representation of an existing signature {Day7/164:22}. That was false. As his own expert (Mr Gao) told the Court, it had taken “extraordinary internet detective work to connect the signature with one of the early bitcoin addresses”: see {I/2/62}; {Day19/43:23} to {Day18/44:6}.

765.7. In the Sartre Message, Dr Wright claimed that he would explain the process of verifying a cryptographic signature {L18/257/3}. He also claimed that the signature would be of a new message relating to Sartre (i.e. a new text not previously used for a signature) {L18/257/6-7}. In the Sartre Message, he presented a single digital signature for verification {L18/257/11}. The clear indication was that this was a signature of the new message. Further, he drew a direct link between his supposed signing of messages in private sessions (with journalists, Mr Matonis and Mr Andresen), by saying that he “could have simply signed a message in electrum as [he] did in private sessions” rather than adopting the more complex Open SSL method of signature verification used in the Sartre Message. Overall, while it was written in a complex and occasionally obscure manner, the Sartre Message represented that a new message was being signed with a key associated with Satoshi Nakamoto (as had supposedly happened in the private signing sessions).

(c) Conclusion

766. Dr Wright’s forgery in the Sartre message was particularly clumsy, which is why the true nature of the message was quickly identified by many in the Bitcoin community. Dr Wright’s excuse – that he never intended to provide a genuine digital signature of a new message – was plainly false and dreamt up, in my judgment, after the event.