Questions over the authenticity of PGP encryption keys and when they were created could mean that the Australian academic trumpeted as the real Satoshi Nakamoto, the illusive inventor of bitcoin, might not be him at all.
This week, both Gizmodo and Wired claimed to have unmasked the real Satoshi Nakamoto, pointing to a quiet but highly accomplished academic and bitcoin expert called Craig White as the bitcoin inventor, and a deceased computer forensics expert and bitcoin hoarder called Dave Kleiman as his sidekick.
According to Wired, the first piece of evidence pointing to Wright appeared in November when an anonymous source close to him began leaking documents to an independent security researcher and dark web analyst called Gwern Branwen.
This “evidence” includes a white paper Wright published on his personal website in 2008 outlining his plans to publish a cryptocurrency paper.
Is PGP evidence fake?
A second piece of evidence relates to a request to fellow enthusiasts to encrypt their messages to him using a PGP key linked to Satoshi Nakamoto.
However, Motherboard reveals that that latter piece of evidence appears to be fake – the Satoshi PGP keys associated with the Wired and Gizmodo stories were generated after 2009 and uploaded after 2011.
Motherboard points out that the two PGP keys cited by Gizmodo and Wired aren’t the Original Key created in 2008 that many point to as evidence of the existence of bitcoin’s inventor Satoshi Nakamoto.
While not discounting the Wired or Gizmodo stories entirely, Motherboard points out that the PGP evidence may not stack up.
“The Original Key was supposedly created in October 2008, using DSA-1024 encryption, which today is considered to be too weak for recommended use. At the time, DSA-1024 was the default in GnuPG, a free software implementation of Pretty Good Privacy that most people use to PGP-encrypt messages. The Original Key appears to have been generated on a Windows version of GnuPG that was already outdated at the time.”
As well as pointing out that email addresses associated with Nakamoto may have been compromised by hackers, Motherboard said that the PGP keys in both articles could have been faked.
“The age of a PGP key is tied to the date and time on the machine it was created on. All it would take to create a PGP key in 2015 that looked like it was created in 2008, would be to change the system settings on the local machine to the desired date.”
It was also pointed out that it is possible to create a PGP key with a fake date from an email account you don’t control.
Case closed? Certainly not.
There are lots of questions to be answered about the other pieces of evidence and there is still no explanation why Australian police raided the home of Craig Wright this week, even if it had nothing to do with bitcoin, as they claim.
Bitcoin key image via Shutterstock