Caught in the Net

Why Wright's proof is a fake

I explained in my previous post (in italian) that the signature that Wright provided as a public proof is in fact invalid. I want to explain briefly how you could check this claim. The key in Wright's post is this:

------------------------- Signature File -------------------------
MEUCIQDBKn1Uly8m0UyzETObUSL4wYdBfd4ejvtoQfVcNCIK4AIgZmMsXNQWHvo6KDd2Tu6euEl1
3VTC3ihl6XUlhcU+fM4=
------------------------- End Signature --------------------------

Now we can use some bash utilities:

base64 -d <<<'MEUCIQDBKn1Uly8m0UyzETObUSL4wYdBfd4ejvtoQfVcNCIK4AIgZmMsXNQWHvo6KDd2Tu6euEl13VTC3ihl6XUlhcU+fM4=' | hexdump -C| cut -b 11-60| tr -d ' \n'

3045022100c12a7d54972f26d14cb311339b5122f8c187417dde1e8efb6841f55c34220ae0022066632c5cd4161efa3a2837764eee9eb84975dd54c2de2865e9752585c53e7cce

Let's analyze the command one by one:

00000000  30 45 02 21 00 c1 2a 7d  54 97 2f 26 d1 4c b3 11  |0E.!..*}T./&.L..|
00000010  33 9b 51 22 f8 c1 87 41  7d de 1e 8e fb 68 41 f5  |3.Q"...A}....hA.|
00000020  5c 34 22 0a e0 02 20 66  63 2c 5c d4 16 1e fa 3a  |\4"... fc,\....:|
00000030  28 37 76 4e ee 9e b8 49  75 dd 54 c2 de 28 65 e9  |(7vN...Iu.T..(e.|
00000040  75 25 85 c5 3e 7c ce                              |u%..>|.|
30 45 02 21 00 c1 2a 7d  54 97 2f 26 d1 4c b3 11  
33 9b 51 22 f8 c1 87 41  7d de 1e 8e fb 68 41 f5  
5c 34 22 0a e0 02 20 66  63 2c 5c d4 16 1e fa 3a  
28 37 76 4e ee 9e b8 49  75 dd 54 c2 de 28 65 e9  
75 25 85 c5 3e 7c ce                            
3045022100c12a7d54972f26d14cb311339b5122f8c187417dde1e8efb6841f55c34220ae0022066632c5cd4161efa3a2837764eee9eb84975dd54c2de2865e9752585c53e7cce

There is also another cleartext string at the beginning of Wright's post:

$ base64 -d <<<'IFdyaWdodCwgaXQgaXMgbm90IHRoZSBzYW1lIGFzIGlmIEkgc2lnbiBDcmFpZyBXcmlnaHQsIFNhdG9zaGkuCgo='
Wright, it is not the same as if I sign Craig Wright, Satoshi.

Now let's head to blockchain.info. Blockchain.info has a little utility to get hexadecimal informations out of a transaction on the blockchain, so let's use it to get the related info about this transaction:

tx/828ef3b079f9c23829c56fe86e85b4a69d9e06e5b54ea597eef5fb3ffef509fe tx/828ef3b079f9... in hexadecimal

As you can see the entire output of the first bash command, that is 3045022100c12a7d54972f26d14cb311339b5122f8c187417dde1e8efb6841f55c34220ae0022066632c5cd4161efa3a2837764eee9eb84975dd54c2de2865e9752585c53e7cce is contained in: "script":"483045022100c12a7d54972f26d14cb311339b5122f8c187417dde1e8efb6841f55c34220ae0022066632c5cd4161efa3a2837764eee9eb84975dd54c2de2865e9752585c53e7cce01" except for the 48 at the beginning and the 01 at the end.

That is a signature hash: this page explains that the 48 is just a decimal prefix given to uncompressed transactions, and the 01 at the end is just a SIGHASH_ALL code that flags the end of the signature.

So, is it a fake?

Yes, indeed. At the end, I ask, why would you choose anything else than the easiest and most conclusive way to prove something?