December 2015, Gizmodo and Wired, May 2016 signing in private sessions with Jon and Gavin, then BBC, The Economist... You, probably, already know the story and there are many recourses online for you who don't.
After signing in private, it was expected that Dr Craig Steven Wright would provide cryptographic proof to the world in the form of a signature in a blog post. The post, titled "Jean-Paul Sartre, Signing and Significance", was published but was far from what was expected. At the moment, I only glanced through it. Soon it was "debunked" online by various experts. That intrigued me, and I decided to look at it more deeply.
Since Dr Wright broke the silence and started talking of inventing Bitcoin and using Satoshi character for bootstrapping the project, I decided to publish how I read the "Sartre post".
After the first reading, it was more than obvious that there is much more to it than what meets the eye. Someone pretending to be Satoshi Nakamoto would not do it like this, definitely. But, Satoshi not wanting to sign may do what Dr Wright has done. So the probability we are dealing with Satoshi here is much higher. With a man who invented Bitcoin. Geniuses are usually eccentrics, living in their world and doing things differently. But if he didn't want to deliver the proof, he knows how to say it, as he did in his later "I am sorry" post.
In an interview to BBC Dr Wright said that it was not his decision to go public (or something like that). So, trapped in this situation, not by his will, did he actually find an exit?

Signing and Significance

The post was deleted after a couple of days but is preserved on Wayback Machine. Let's try to read it in a bit different way than the others. I am not going to go through it line by line or paragraph by paragraph. I'll try to catch your attention on parts I find interesting, only.
Five images on the post are screenshots of a Rhino Terminal connection. There can be seen that Dr Wright connected to a machine named "wintermute-tuliptrading-net" as a user Craig. For this exercise, he worked in directory "SN.key.09" which suggests that the directory contains Satoshi Nakamoto key from block No 9. We can see the public part of it on the fourth image in the post. It’s known that this key belongs to Satoshi and it is used in first bitcoin transaction in which Satoshi sent 10 Bitcoin to Hal Finey.
Next we can see that the message which is signed in the example provided by Dr Wright is contained in the file "sn7-message.txt". If we look at (a part of) a Bitcoin transaction as a message than this means that this is the 7th message (transaction) signed by Satoshi Nakamoto. On Bitcoin blockchain we can see that this is actually the case. The seventh transaction was 828ef3b079f9c23829c56fe86e85b4a69d9e06e5b54ea597eef5fb3ffef509fe, wich locks 10 Bitcoin to a public key 04bed827d37474beffb37efe533701ac1f7c600957a4487be8b371346f016826ee6f57ba30d88a472a0e4ecd2f07599a795f1f01de78d791b382e65ee1c58b4508 and wallets and explorers display that public key in the form of an Bitcoin address 1ByLSV2gLRcuqUmfdYcpPQH8Npm8cccsFg.
The reason that it is known that "key 9" belongs to Satoshi explains using it in the post, but I couldn’t find an idea, if there is any, for choosing transaction number seven as a message.
I don’t see this as a fake signature as is suggested by some. It's clear, from the face of the post, that the keys are from block 9, transaction/message is No 7. Yes, the signature is on-chain and is public, but it doesn't matter for "OpenSSL signature exercise" as the author calls it. The exercise is to "explain the process of verifying a set of cryptographic keys", as the author suggests and describes the process we can follow if we find something more inside this post.
At first, I thought there must be something, some additional information on Bitcoin blockchain, but after reading the post again, I don’t believe that is the case: "All of the information that is required to import the public key, the message and the message signature used in this post is available on this post."

Sorry, not sharing images!

Now, let's move to the "cryptic" text near the beginning of the post. That is the thing that catches attention after only glancing the post.
Why is it there? I don't see the context. It somehow sticks out of the rest of the post. This is base64 encoded text and decoded it reads:
" Wright, it is not the same as if I sign Craig Wright, Satoshi.\n\n"
(without quotes and the "\n" means line feed character – 0x0A). There is a space character at the beginning of the decoded text. Decoded text is part of a longer version immediately above – the first paragraph of the post, copied together with two line feed characters at the end. The perfect message for signing! Unambiguous, containing "Craig Wright" and "Satoshi", and at the same time, it delivers the message.
"If even a single space or “.” was to be altered, the hash will be radically different to the value returned initially." writes Dr Wright later in the post.
To decode the above message, we need to copy it. Pressing the right button pops up the message: "Sorry, not sharing images!". By using developer tools in a browser, it’s easy to find javascript functions and circumvent the popup.
We can see Alt, Ctrl and Shift keys are disabled, too. It's clear that this is not a protection from copying, but Dr Wright is hinting that we should look at the text and the pictures of this post more deeply.
Since we already covered the text part, let's move to the images. That is to the most interesting part. Our focus is five screenshots of terminal connection.
Let’s look under the hood, at the source of the post. To serve different resolution of the same image <img srcset=""> attribute is used.
Now, concentrate on the first image – "1.png". There are three versions of it: 941x423, 940x423 and 300x135. There is a difference of only 1 pixel in the width of two versions of the image!
That makes no sense! If you serve three versions of an image for different resolutions of devices you, for example, serve images sized 100%, 66% and 33% of the original one. You definitely don’t provide two versions with such small difference in dimensions. Comparing them (941x423 and 940x423), we can see they are the same except for the last pixel column. There are borders in terminal screenshots and on 940 ones the right edge is missing. Besides that, images are the same. There was no scaling just cropping. At least human eye can’t see any difference. Odd! What about a machine? For comparing purposes, I have used Image Magick. Below is the result of "magick compare" command on two versions of the first picture. Differences are marked with red pixels.
There is a difference in the original image and cropped one, while there should not be any! Steganography comes to mind. And Dr Wright has papers in the subject (Detecting Hydan: Statistical Methods For Classifying The Use Of Hydan Based Stegonagraphy In Executable Files)
Similar conclusions can be derived for third and fifth images and below is the result of comparing 941 and 940 versions of "3.png".
We have a similar result like for "1.png". And below is a comparison of "5.png" versions.
Again, we can see differences in similar places.
The sizes of the fourth image are 941x683 and 940x682 where actual scaling happened, and the smaller one is the full-colour version.
The versions of the second image are the same, and both are full colour in BMP format.
Those images represent computer-generated graphic. Taking screenshots we are actually reading graphics memory, and icons, and similar resources are always rendered the same - there is no transparency or other visual effects in these screenshots. All this means that we can simulate the original environment (Vista, Centos, Rhino, virtual network with the same addresses, dpi settings...) and take similar screenshots. After doing it, we can confirm that "2.bmp", which is full colour with both versions the same, is the original, unaltered image. It’s known that Dr Wright is using Photoshop but not this time I guess since I couldn’t find right dithering settings while trying to resample simulated full-colour version to palette one.
We can cross-compare images, so to say, and ignore differences in the textual part. For example, in the following picture with red pixels are marked differences between "2.png" vs "5.png":
Well, it’s more than evident that we are dealing with steganography here and that there is hidden information in those pictures.
Cryptographic proof?

How to search?

Dr Wrights puzzles are hard and not for script kiddies so we can forget "zsteg" and similar tools. Pretty sure we are dealing with something novel here.
One possibility is that the information is hidden in palettes of images. About half of the colours differ among any two pictures. Some known methods of palette steganography were not used here. Actually there is a very low probability of palette steganography here, in my opinion.
Another possibility is that each pair of images (941 and 940 version) contains information which logically follows from the context of an image and description in the text. For example, above the fifth image was written: "In the figure below we display the signature file as it is stored on the computer that was used for this process and we see the result of the verification exercise. In saving this file, you could cut-and-paste the encoded signature and insert it into a saved file using an editor program such as vim."
If the same path is used we can try to "connect" pixels (their low significant bits) in the way which will reveal the message in one pair of images, the hash in the other pair, key in the adequate ones and finally signature in the last. And we know the 4 possibilities for the first four bytes of DER encoded ECDSA signature (and few first bytes when BASE64 encoded), too.
But the highest possibility is that the cryptographic proof is a combination of all of the images. The suspicious part is upper right corner around texts "Terminal" and "RTweak" where we have a range of pixels with values from #F0F0F0 to #F5F4F2 and those pixels are different on each one of images.
On the image below is shown a part of "1-940x423.png" image, for example, with pixels #F0F0F0 marked in red.
It’s similar to pixels of colour #F0F0F0 in the "1.png" (941x423 version), but not quite the same (you can see that this region is different on one of the previous pictures in this post).
This pattern is due to dithering while converting the image to 255 palette version, but there are methods of hiding information using dithering.
Or, maybe hidden information can be revealed by combining all of the images (1-941, 1-940, 2, 3-941, 3-940, 4-941, 5-941, 5-940), like XORing them.

Did you, actually, read the post?

I know Satoshi loves proof of work, but the logical question here is "Why?"
Why did you do it like this, Dr Wright?
And he is providing the answer in the post: "I could have simply signed a message in electrum as I did in private sessions. Loading such a message would have been far simpler. I am known for a long history of “being difficult” and disliking being told what “I need to do”. The consequence of all of this is that I will not make it simple."
The next time if Dr Wright, answering the question why didn’t he provide cryptographic proof in "Sartre post", asks "Did you, actually, read the post?" the answer could be a bit different.

L’enfer, c’est les autres - Jean-Paul Sartre
To be continued...


5 of 5 reviewers say it's worth paying for

0 of 5 reviewers say it's not worth paying for
  earned 0.0¢
Holy smokes.. Second time today I read about steganography. Check his forensic posts.
   1yr ago