Satoshi’s secret in the Genesis block

This post originally appeared on ZeMing M. Gao’s website, and we republished with permission from the author. Read the full piece here.

There is much fruitless thinking (especially my own) going on about the mysterious 26.9 BTC transferred to the address in the Genesis block.

It is largely due to the lack of clear and definite information.

Dr. Craig Wright has said something about it in the past. But in his typical fashion, he speaks in his own realm and at his own level, with little sympathy for how others are positioned.

For example, in one context, he says, “No key is associated with the Genesis block.” But in another, he says, “the keys vary between the genesis block that is public and the early code that was distributed,” suggesting the Genesis block has keys in it.

But it is not necessarily self-contradictory. Words can mean different things in different contexts. In a strict sense, a block does not have a key “associated” with it like a transaction or an address does. So, let’s not get into that kind of a debate over words. Most accusations thrown at Dr. Wright are based out of context and often multiplied by misinterpretation of the very words he spoke.

My conjecture

We all know Satoshi created the Genesis block manually instead of using mining software to mine it automatically. But how?

Based on the insufficient information, my best conjecture is as follows (and I want this to be my last guessing work until real revelation becomes available):

— Satoshi generated a self-signed ECDSA signature in the Genesis block. It essentially reverses the usual order of operations in ECDSA signature generation. Instead of starting with a private key and a message and then computing the signature, Satoshi started by choosing parts of the signature and an ephemeral key, from which he could derive (reverse-compute) a private key that would make the signature valid for a given message.

— At the same time, Satoshi intentionally linked the Genesis block’s only transaction to an invalid public key. This makes the real public key of the Genesis block a secret. And this is going to be critical for the purpose of proving identity.

The signature procedure

Here’s a breakdown of the steps of reverse-computing an unknown property key:

  1. Choose Random k and s: Instead of starting with a private key, you begin by selecting a random ephemeral key k and a random value for s, which is one part of the signature.
  2. Compute r: Calculate r by first computing the elliptic curve point [k]G (where G is the generator point of the elliptic curve) and then applying a function f (which takes the x-coordinate of the point and reduces it modulo q, the order of the curve).
  3. Construct the Message m containing the signature (r, s): The message m is created to include the signature components r and s.
  4. Compute e = H(m): Calculate the hash of the message m using the hash function H, resulting in e.
  5. Solve for Private Key x: Now, calculate the private key x using the equation x = (±sk – e) / r (mod q). This equation is derived from rearranging the standard ECDSA verification equations.

The use of an invalid public key

An additional important factor is that Satoshi may have intentionally linked the Genesis block’s one and only transaction to an invalid public key.

Why is this significant?

First, with the intentionally invalid public key, coins cannot be spent with the normal verification by the mining nodes. Even Satoshi, who could reverse-compute the private key, can’t spend it because a correct signature signed by the correct private key cannot be verified by an incorrect (invalid) public key. This is important because even if somebody else stole Satoshi’s information (including the ephemeral key and elliptic curve parameters, etc., see below), he still cannot spend the coins in the Genesis block, because the mining nodes will all automatically reject it.

It is in this sense the Genesis block is an anchor.

Second, Satoshi may use the Genesis block as unique evidence to prove his identity.

Even though Satoshi cannot spend the coins using a normal transaction, he, and only he, can provide strong evidence that he is Satoshi by showing that he has the secrets (specifically the ephemeral key k and the parameters of the elliptic curve he used). This is because, with the reverse-computed private key, Satoshi can further compute a corresponding public key, which is then used to verify the signature contained in the Genesis block uniquely.

In that sense, the public key is a secret. It can’t be used for making a normal spending transaction, but it can be used as evidence to show identity.

Such evidence for identity would be far stronger than simply signing a message using a property key that is associated with a supposed Satoshi address.

First, it is the Genesis block. There’s no ambiguity.

Second, it is not a known process of verification. The very knowledge of the process shown to work is uniquely Satoshi (even those who may have guessed the process cannot prove it by actually making it work).

Third, there is no normal private key to be stolen. The thief may not even know what to steal in the first place. One who might have stolen the Genesis block secret must not only steal the ephemeral key k, but also the specific parameters of elliptic curve used with it, in addition to the knowledge of how it is to be used.

If Satoshi himself demonstrates the entire process, however, it would be the strongest possible document evidence based on secret information.

Satoshi’s last resort

However, Satoshi seems to treat even the above form of strongest possible cryptographic evidence as the last resort. He prefers to prove it legally using human and social evidence.

If the 26.9 BTC coins were indeed deposited by Satoshi in the Genesis block as a security deposit, it will only be used if Satoshi loses the case in the courtroom. With identity and ownership of the coins deposited into the Genesis block, these coins can be moved by a court order. See The mystery of 26.9 BTC paid to the Genesis block.

Watch: How to use a digital signature to show control of a Bitcoin address

YouTube videoYouTube video

New to blockchain? Check out CoinGeek’s Blockchain for Beginners section, the ultimate resource guide to learn more about blockchain technology.

Source: https://coingeek.com/satoshi-secret-in-the-genesis-block/