[cmatthias]

Can someone who knows more than me about the internals of bitcoin help me understand:

1) Is there a place on a blockchain explorer somewhere where I could find the signature that Shkreli has posted? I tried looking up the wallet address and found the transaction from Jan 2009, but I don't see that signature anywhere.

2) The reason I ask the first question is that I believe that if the private key is compromised, then whoever has it could have generated a new signature corresponding to that wallet address and any arbitrary message, correct? So if Shkreli is in possession of the private key, he could just be banking on people not actually verifying that the signature he posted appears on the blockchain?

[retrac]

At its core, a Bitcoin address is a public/private key pair used to sign data. One type of data you can sign is a Bitcoin transaction, which when signed and valid, gets processed by the Bitcoin network. "Send 0.01 BTC to xyz" -- signed retrac. But it's standard public key cryptography, and you can use that key to sign any kind of data.

The signature in question was not posted to the Bitcoin network. It's almost exactly like signing an email with a PGP signature. The message/signature pair alone are proof that the message was signed by the key in question.

2) Yes. Anyone with the private key could sign a message. And for clarity, such things are not date-stamped in a secure way, so there's no way to know when it was signed.

For me, one major incongruity is that, it is possible to post such data to the Bitcoin network. If you need a permanent record of when a key signed something, that's honestly about the only thing blockchains are good for! Hal Finney understood this very well. So when he allegedly signed that message 8+ years ago for future generations to finally know the truth, why didn't he take advantage of an architecture, that he helped create, that enables making such claims in a (more) verifiable manner?

[cmatthias]

This is great info, thank you! I agree that it’s strange that Finney wouldn’t have posted this message to the blockchain. Unfortunately I think most people superficially familiar with bitcoin don’t understand cryptography deeply enough to realize that the most likely explanation for all of this this is that Shkreli or an associate is in possession of Finney’s private key.

[TacticalCoder]

> 2) Yes. Anyone with the private key could sign a message. And for clarity, such things are not date-stamped in a secure way, so there's no way to know when it was signed.

Certainly if the message included a hash of the last Bitcoin block that'd be a very strong date-stamp.

[retrac]

I would consider that a strong date-stamp too, but it doesn't do what we would need here. It can only set an earliest possible date for the message. It does not bound it on the other end.

It's like using today's newspaper to prove when a photo was taken. If the front page of Dec 13 2022's New York Times is in the photo (and the photo is authentic) then the photograph must have been taken on or after Dec 13 2022. But I could use that same newspaper in 2025 to prove the same thing. The photo was taken on, or after, Dec 13 2022.

Bounding the other end -- to prove that this key was not used after a certain point in time -- is really quite a puzzle with no particularly elegant solution, as far as I know. Trusted central authority that date-stamps and signs messages when it receives them. Or a blockchain, ironically.

[ashpool37]

Is there a way to provably destroy a piece of information? The closest thing I heard of was the Z-Cash "ceremony" [1]. If there was, we could create messages that are provably and absolutely timestamped.

Another possible way would be crafting the message in a way that requires a low-entropy system, like a living human person, a sophisticated computer, or an immense power source. But, this would only be useful on extreme time scales, or within limited space.

[1]: https://z.cash/technology/paramgen/

[ashpool37]

Such a timestamp could only be interpreted as a "no-earlier-than" proof. You couldn't use it to prove that the message was created before a certain date, as all existing bitcoin blocks can easily be referenced in any future messages.

[tripplyons]

1) Not all signatures are on chain. All that is needed is to post the signature somewhere and verify it with the message and public key. 2) Whoever has the private key can produce the signature, and the signature can only be produced by someone who has the private key (assuming the cryptography is secure)

[cmatthias]

I realize not all signatures are on the chain, that’s obvious if you know what a signature is. That’s why I’m asking whether it appears on the chain. :)

If it appears somewhere associated with that transaction, that’s pretty strong evidence that Shkreli is correct.

If it does not appear on chain at all, then Shkreli is wrong and his post proves nothing about the identity of Satoshi.

[sillysaurusx]

Your reaction was my reaction, for what it’s worth. It seems like everyone more or less is suspecting the same thing. (Private key leaked, no way to backdate the hash, therefore this proof isn’t as newsworthy as it seems.)

On the other hand, if it does appear somewhere in the blockchain, it’s a pretty big scoop.