Did Craig Wright use ‘staged laptop’ at Satoshi key signing ceremony?

Day 18 of the Crypto Open Patent Alliance (COPA) v. Craig Wright trial saw, for the first time, an entire day’s worth of questions focused on Satoshi’s private keys. Wright claims that they’re his but COPA says he’s not Satoshi.

As Bitcoin’s creator and first miner, Satoshi earned over 1 million bitcoin via Bitcoin’s coinbase mining reward. 

Those wallets hold over $60 billion worth of bitcoin today meaning that, unless Satoshi destroyed, gave away, or died with those private keys, they might be the 25th richest person on Forbes’ billionaire leaderboard.

The court welcomes two cryptographers

Two witnesses took the stand in London’s High Court of Justice on Wednesday to discuss exactly who owns Satoshi’s private keys.

First up was Zeming Gao, who describes himself as a ‘student of truth’ and an intellectual property attorney-turned ‘company-as-a-product” consultant. He also authored Bit & Coin: Merging Digitality and Physicality: Volume I.

Gao also previously commented on a loophole-filled settlement offer that Wright offered to COPA and Bitcoin Core developers before the trial began. Gao hinted that BSV — a hard fork of Bitcoin that Wright supports —  could “make centralized exchanges obsolete.” However, he didn’t fully explain that argument.

Next to take the stand was Sarah Meiklejohn, professor of cryptography and security at University College London and a staff research scientist at Google. She’s taught or worked with Ph.D. students who later took positions at Chainalysis, Protocol Labs, and the Ethereum Foundation.

Read more: COPA v. Craig Wright trial analyzes newly published Satoshi emails

Just sign a transaction as Satoshi

Much of Gao’s and Meiklejohn’s testimonies discussed the technical feasibility of Wright proving himself Bitcoin’s creator simply by signing a message using one of Satoshi Nakamoto’s private keys.

Indeed, these two witnesses finally addressed the elephant in the room: Could Wright simply sign a Satoshi wallet transaction?

Their testimonies primarily focused on Wright’s one-on-one meeting with Gavin Andresen, the second person to ever hold the keys to Bitcoin’s code repository.

Wright claims that he, as Satoshi, gave those code repository keys to Andresen. When they met face-to-face years ago, Wright supposedly signed a message using one of Satoshi’s private keys.

Andresen initially believed Wright and publicly pronounced Wright as Satoshi. He later recanted.

Witness #1: Zeming Gao

Gao started by requesting to delete a paragraph in a joint statement submitted by himself and Professor Meiklejohn. He confirmed his disagreement with a point made in that joint statement.

He agreed with COPA attorney Jonathan Hough’s description of Bitcoin’s verification of transactions, which uses an elliptic curve digital signature algorithm (ECDSA). However, he disagreed with Hough’s statement that anyone could prove that they controlled a private key by using it to sign an agreed-upon message.

Hough referenced the possibility that Andressen brought a USB stick containing public keys to the meeting where Wright had offered to prove he was Satoshi Nakamoto. However, Gao confirmed that Bitocin’s cryptography made it “practically not possible” to derive private keys from those public keys.

Wright briefly convinced Andressen that he was Satoshi Nakamoto, but Andresen soon backtracked, saying that he “could have been fooled.”

Gao admitted that he had enough expertise to discuss the feasibility of Wright signing a Satoshi transaction during that face-to-face meeting with Andresen, but his expertise didn’t reach a higher level.

Craig Wright’s curious signing ceremony

Next, Gao went over concerns about Wright’s attempt to sign such a message during his meeting with Andresen. 

For example, Gao confirmed Meiklejohn’s statement that Andresen’s laptop hadn’t been present during the meeting.

H: "she says CSW signed a message on his laptop, transferred it to a new laptop and verified it there"
Z: "That's what I saw in the writings but I do not know for sure"
H: "She then says that Andresen had brought his own laptop for the session but it was not used"
Z: "Yes"

— CryptoDevil (@CryptoDevil) February 28, 2024

Read more: Craig Wright hits COPA trial with 164,000 pages of evidence

It was also unclear who installed the Bitcoin software used for the signing ceremony. It could have been either Craig Wright or Gavin Andresen or someone else. Wright said he could have done it but apparently didn’t accurately recall whether he used Electrum or another download from GitHub. Professor Meiklejohn, for example, mentioned in her statement that it was Electrum.

The statement also mentioned a concern about a ‘man-in-the-middle’ attack since steps were not taken to prevent that type of vulnerability. 

Man-in-the-middle attacks occur when an attacker injects a device between two devices on a network to intercept and possibly modify traffic traveling between the target devices. This happens most often when one of the target devices is on a public Wi-Fi connection, like the one in the hotel where Wright and Andresen held their meeting.

Encrypted connections using protocols like HTTPS can help reduce the risk of a man-in-the-middle attack by making the data more difficult to decode. However, an encrypted connection doesn’t entirely remove the risk that an attacker could relay false data, which introduces the possibility that Andressen could have been fooled by a remote third party.

Another unresolved question is why only Wright’s laptop was used for the meeting. Andresen could have checked using any other computer but — for unknown reasons — didn’t bring extra laptops. Hough mentioned that the whole thing could have been staged using executable files on Wright’s laptop, including man-in-the-middle attacks, malware, or emulators.

H: "Now you say that all of the steps described to spoof a session are not infeasible"
Z: "Yes but if the verifier [properly checked the signature it would be valid]"
H: "But if there were other elements involved in the process as we have discussed the verification would be false

— CryptoDevil (@CryptoDevil) February 28, 2024

Read more: COPA witness says LEGO was ‘an inspiration’ for Craig Wright

Zeming Gao gives final remarks in Day 18 testimony

Gao seemed to conclude that Wright just wanted to mess with people. Hough held up a blog post in which Gao described Wright as “the most misunderstood person in the world for the past 100 years.” The blog post is apparently now behind a paywall in the form of Gao’s book.

According to Hough, Gao claimed Wright had created a valid signature from a known Satoshi wallet, but “only privately.”

Gao’s final words of testimony went into some semantics about Wright’s apparent refusal to create a valid signature publicly. In another blog post, Gao alleged that COPA would use the lack of a signature to trick the court into thinking Wright wasn’t Satoshi Nakamoto.

Wright had previously complained that he wasn’t aware of journalists familiar with the matter reporting on such a signing event. Gao seemed to echo the sentiment by saying that the lack of Wright’s valid public signature was getting too much attention.

Witness #2: Sarah Meiklejohn

Sarah Meiklejohn began her testimony by going over some ‘errata points’ and confirming the accuracy, for her part, of the joint statement she made with Gao. 

Wright’s legal team then asked about the sources for a report she had submitted. These sources included an unspecified ‘instruction section,’ witness statements from Craig Wright, and statements from Stefan Matthews and Gavin Andressen. Meiklejohn confirmed having used all of these as sources and clarified the unspecified sections.

Meiklejohn denied recalling whether she had seen additional requests for information about signing early blocks presumably mined by Satoshi. 

Wright’s attorney opined that she was being “overly technical,” especially considering Wright’s supposed interactions with so-called non-technical journalists. She retorted that she was “a very technical person.” 

In general, other witnesses during the trial have been so technical that Judge Mellor has made jokes about it. A considerable amount of each side’s case does involve technicalities.

Meiklejohn acknowledged that there had been “disagreements in terminology” between herself and Gao. She also said that Gao had edited part of his contribution to the joint statement after she had submitted Annexe B.

Meiklejohn analyzes signing ceremony

Like Gao, Meiklejohn closely studied Andresen’s face-to-face meeting with Wright, acknowledging that she was going off Andresen’s witness statements about that meeting. According to Meiklejohn, Andresen had obtained a laptop that “seemed new,” although she didn’t consider its unboxing important.

Like Gao, Meiklejohn admitted that it was unfortunate that Andresen didn’t bring extra laptops to that all-important signing ceremony.

On the topic of a possible man-in-the-middle attack, she called one possible attack vector in which someone could mistype a URL and be directed to an infected website “crude but surprisingly effective.” When asked whether she had found possibly infected spoof websites for Electrum.org, for example, she admitted, “Yes.” 

The potential for ‘crude but effective’ man-in-the-middle attacks like ‘typosquatting’ could have affected the Wright-Andresen meeting.

Meiklejohn maintained that Andresen could have been fooled if he wasn’t alert enough to notice the lack of a web browser indicator that a security certificate was being used on the website, for example. Andresen had previously admitted to being jet-lagged during the meeting, which likely impacted his attentiveness.

During a separate Kleiman lawsuit, for example, Andresen admitted that “I have my doubts” about the truthfulness of Wright’s statements during that meeting.

An unconvincing proof-of-keys day

In short, the 18th day of the COPA v. Craig Wright case revolved around the meeting between Gavin Andressen and Craig Wright. It was supposed to be the day that Wright proved he was Satoshi by signing a Satoshi wallet transaction. Instead, it left most people confused.

In particular, the High Court of Justice spent nearly an entire day focusing on the possibility that Wright possessed Satoshi Nakamoto’s keys that day and signed a transaction from a known Satoshi wallet during that meeting.

There were several questions about the software used for the test, including the odd choice to use just one computer, not to mention risks of man-in-the-middle or typosquatting attacks. In addition to other abnormalities and unfortunate blunders of cybersecurity best practices, the entire signing ceremony is now under judicial review during this month’s most important lawsuit of Wright’s life.

Proceedings continue tomorrow, including a return of Wright himself to answer additional questions before the business week closes.

Got a tip? Send us an email or ProtonMail. For more informed news, follow us on X, Instagram, Bluesky, and Google News, or subscribe to our YouTube channel.