Skip links

#333 Een historisch moment: COPA v Wright rechtszaak (Deel 1)

De ‘Original Gangsters’ van bitcoin hebben gesproken, en zelf verklaarde Satoshi kandidaat Craig Wright zag zijn getuige verklaringen en rechtbank verhoren in duigen vallen. Vandaag kijken we naar het begin van het einde van Craig Wright: de rechtszaak tussen de Australische fraudeur en de Crypto Open Patent Alliance.

Geschreven door: Arthur van Pelt


De originele cypherpunks: Tim May, Eric Hughes en John Gilmore

Intro

Om te beginnen wil ik de lezer meteen wijzen op een paar behoorlijk goede artikelen over de cypherpunks, de beweging waar Adam Back en Martti Malmi vroege deelnemers van waren.

The Trio that set free Cryptography” en “The Birth of CypherPunks” geven een prachtig inzicht in de spirit van een groep libertaire en computer/software technisch onderlegde mensen die uiteindelijk het bitcoinproject hebben voortgebracht.

The cypherpunks had some of the most thought-provoking discussions about global surveillance, the democratization of private technology, and many more. While many members on the list had deep expertise in computer science and cryptography, they also had a great understanding of economics. They knew centralized systems were not the right solution to process transactions safely and cost-effectively.

The most active member on the list was Adam Back. He truly wanted to be a part of the cypherpunk movement, as he believed code could create systems to change society for the greater good. Later that year, Hughes prepared the first Manifesto of the cypherpunk group.

[…]

In 1997, Adam announced Hashcash, an anti-spam concept that even Satoshi used in his whitepaper. Hashcash helped innovate a new way of mining monetary units like cryptocurrencies, making money more sound and fair.

However, Adam faced a major challenge with Hashcash. The system allowed users to hyperinflate the currency if they had superior computers. This not only makes it unfair for the rest of the network participants but also voids everything decentralization stands for. Satoshi also addresses this issue in his whitepaper. He introduces something called the “difficulty algorithm”, which resets the difficulty of mining every two weeks after considering the total power spent by the users.

Enfin, mocht je het nog niet weten: Adam Back is een echte bitcoin OG.

Adam Back

Op woensdag 21 februari 2024 werd deze Adam Back, getuige van Crypto Open Patent Alliance (COPA), live in de rechtszaal in Londen verhoord tijdens de zogenaamde Joint Trial van COPA tegen Craig Wright. Zoals de lezer wellicht zal weten, gaat deze rechtszaak feitelijk over drie pleidooien van COPA:

  • Craig Wright is niet Satoshi Nakamoto
  • Craig Wright bezit geen enkel bitcoin gerelateerd copyright
  • Craig Wright heeft fraude gepleegd, zowel voor als tijdens de rechtszaak

Maar wat was Adams rol in deze rechtszaak precies? Laten we eerst eens naar zijn twee getuigenverklaringen kijken voordat we ingaan op zijn rechtszitting.

Merk op dat ik de e-mails waar Adam Back het over heeft, heb toegevoegd aan de getuigenverklaringen, omdat de originele getuigenverklaringen alleen gecodeerde links ernaar bevatten, die ik heb weggelaten om een wat aangenamere leeservaring te creëren.

Fun Fact:

De eerste e-mail die Adam Back ontving van Satoshi Nakamoto dateert van 20 augustus 2008. Dit is momenteel het oudst bekende digitale document met Satoshi’s naam erop. Voorheen was de oudst bekende e-mail van Satoshi gedateerd op 22 augustus 2008, zie “Craig Wright: The Wei Dai Lies”.

Adam Back, Martti Malmi

I, ADAM BACK, will say as follows:

  1. I am a cryptographer and developer in the field of cryptography. As part of my work I am the inventor of the proof-of-work system known as “Hashcash”, which I described in a paper I published in 2002 under the name “Hashcash — a denial of service counter-measure”. That is the same paper that later came to be cited in the paper known as the “Bitcoin White Paper” by Satoshi Nakamoto. Hashcash was then used as the proof of work system in Bitcoin.
  2. I am also the CEO of Blockstream, a Bitcoin and blockchain technology company, although I do not make this statement in that capacity.
  3. This statement has been prepared by Bird & Bird following a video interview, though I am told by Bird & Bird that our exchanges are considered privileged. This statement uses my own words and sets out facts and matters that are within my own knowledge unless otherwise stated: Where I refer to facts within my own knowledge, I believe them to be true. Where I refer to information from other sources, I have identified my sources and the information it is true to the best of my knowledge and belief.
  4. On points that I understand to be important in the case, I have stated honestly (a) how well I recall matters and (b) whether my memory has been refreshed by considering documents, and if so how and when. Although I do not know all the issues that are important to the case, I am familiar in general terms with the dispute between Craig Wright and COPA, and I am also familiar with the factual history of Craig Wright’s claim to be Satoshi Nakamoto. I understand from Bird & Bird that the purpose of my evidence is to set out matters of fact and not to argue the case, and so I do not intend in this statement to address my opinion of that claim in this statement.

Hij vervolgt zijn bijdrage met een correspondentie die hij had met Satoshi Nakamoto.

  • Bird & Bird has asked me to explain about my correspondence with Satoshi Nakamoto. On 20 August 2008, I received an email from the email address [email protected] as follows:
  • I had not previously heard of Satoshi, but I had a few kind of academic and applied papers and I do get these sort of enquiries once in a while, so I didn’t think much of it then. The pre-release draft he referred to was not attached but there was a download link to it.

    I believe I did download the paper at the time but didn’t look at it immediately, though I did read the abstract from his email. I then went back to Satoshi on 21 August 2008 and confirmed that the citation there did seem to be right.
  • I also pointed him to another resource that I thought he would be interested in, called “B-money” by Wei Dai. He didn’t seem to be aware of that, which I believe because it was not mentioned in the pre-release draft he sent me, and because he later replied on 21 August 2008 saying he was not aware of it and that he would email Wei Dai to confirm how to credit him.
  • I sent him another email later to suggest another thing he might want to look at, another paper by Revest et al called “micromint”. I did not hear from Satoshi again until 10 January 2009, when he sent me an email shortly after releasing the software to say he had just released it.
  • And that was the extent of it. It was not an elaborate conversation and we didn’t get into a great deal of detail. I have never published this correspondence before.

Ondertekend, Adam Back.

Op 7 november 2023 volgde Adam Back op met een tweede getuigenverklaring, omdat hij bewust was worden gemaakt door de advocaten van COPA van een flink aantal schandalige verklaringen van Craig Wright, die rechtstreeks uit de lucht leken te zijn gegrepen.

Tweede verklaring

In deze tweede verklaring komt Back met nog meer inzichten:

  1. At paragraph 92 Dr Wright claims his thinking was profoundly influenced by Wei Dai, however it seemed to me (from Satoshi’s email’s to me which are exhibited to my first statement), that he was not previously aware of Wei Dai’s B-money proposal which would make it hard to be significantly influenced by it.

    I am aware that Wei Dai has said subsequently of the sequence of events that Satoshi had not even heard of B-money before so he (Wei) couldn’t have influenced Bitcoin. Wei’s email exchanges with Satoshi were shared and published on Gwern’ blog at blog.gwern.net. I am also aware that Satoshi later wrote on bitcointalk that he implemented bitcoin before writing the paper, so learning about Wei’s B-money after writing the paper would not affect the design.
  2. At 93 Dr Wright wrote about me that “His attitude was quite dismissive; he stated that digital cash had been attempted before and was bound to fail.” I did not say that in the emails exchanged with Satoshi. I did not say that at any time since that I recall.
  3. The claim that I would be dismissive of attempts to create digital cash is even more opposite — I was one of the applied researchers who continued to work on making p2p electronic cash a reality, after the failure of digicash in 1998. Hashcash was a building block used by others in their designs, including Wei Dai in 1998, Nick Szabo in 1998, and Hal Finney in 2004.
  4. At 94 Dr Wright cites a 2000 paper by Aura et al, and claims that Bitcoin uses this algorithm and not Hashcash. I don’t think that is correct:

    a. Hashcash is cited in the Bitcoin White Paper.
    b. The original, 1997, version of Hashcash (version 0) used a double hash. I modified it in 2002 with version 1. That used a single hash, based on an optimization suggestion made to me by Hal Finney, and also independently by Thomas Boschloo at around the same time March 2002 (which I cite in the 2002 Hashcash paper).
    c. Hashcash version 0 (1997) predates Auro’s 2000 paper, and Hashcash version 1 is a minor optimization of version 0.
    d. Hashcash and the Aura et al paper are different. Aura’s work is about an interactive client-server protocol, while Hashcash is a non-interactive proof. Bitcoin, being peer-to-peer, necessarily cannot involve a server.
    e. The Aura paper describes their work as an optimization of Juels & Brainard’s 1999 client-puzzles paper, which is also similar to Hashcash in some ways, but is different in that it is an interactive client-server protocol. Hashcash version 0 (1997) also predates the Juels & Brainard 1999 client-puzzles paper.

Wederom: ondertekend door Adam Back.

Als dit nog niet vernietigend genoeg was, laten we dan eens kijken naar wat er gebeurde tijdens het kruisverhoor van Adam Back op 21 februari 2024. Mijn collega Craig Wright-criticus “CryptoDevil” rapporteerdede sessie als volgt.

We gaan door..

And we’re back!

Dr Adam Back is being sworn in.
H: Asks him the usual questions about his witness statements being his and true. He confirms.

(What on earth is Craig Wright’s counsel even going to try here?)

W: “In your statement you explain you are the inventor of HashCash. This was first proposed in 1997. That is your original proposal [shows on screen]”
A: “Yes that is the proposal”
W: “That was on the cypherpunk mailing list, you were part of that community, yes?”
A: “Yes”
W: “Would it be fair to say the cypherpunk community were libertarians who believed in cryptography to bring about social change. It includes Zooko Wilcoz and Hal Finney. Were you good friends?”
A: “I don’t know if I’d say that, we shared common interest”
W: “Zooko says ‘I was involved in [community] and I was good friends with Adam, Hal and Greg Maxwell”
M: “I wasn’t really that familiar with them. I never met any of them in person”
W: “Is Zooko overstating the connection between you two?”
A: “I wouldn’t say that, it might be”
W: “Are you still on good terms?”
A: “No he blocked me because he started an altcoin I had things to say about”
*laughter*
W: “So this HashCash was something for remailers and things of that description”
A: “Well electronic cash, too”
W: “But the intention at the time was for HashCash to throttle spam abuse of email remailers”
A: “Well at that time it was originally thought of for that”
W: “And you can see there’s nothing in its description about digital currency”
A: “Well it says about stamps there which could also be used in society for monetary value”
W: “Is it fair to say your proposal to solve a computation puzzle to be allowed to send an email. That the first stage of the idea required the computation of puzzle”
A: “Yes”
W: “And the second stage would be for the receiver to check the signature of the incoming message for that proof in order to accept it. “
A: “It was like a stamp”
W: “So the rationale would be that the average user would not have much of a barrier for sending emails”
A: “Correct”
W: “The point was that a spammer would be prevented from sending thousands of emails. The computation puzzle required users to compute a hash on a target string of the senders name. Calculate a 17-bit collision on string… flame… dead remailer. The target included the word flame”
A: “Yes”
W: “You weren’t aware of previous published work on this [Dworkin and Noor?]”
A: “Correct”
W: “This article by Mikeljohn ‘Bitcoins Academic Pedigree, Are you familiar with it?”
A: “Some of it”
W: “This heading ‘Proof of Work The Origins’ the author says In Dwork and Orrs design [describes something similar to HashCash computation]. It is a similar proposal to your HashCash”
A: “The rationale is the same the mechanism is quite different”
W: “Do you recognise Dalia Meliie and Matt Franklin produced a paper in 1997?”
A: “Yes I cited their work”
W: “Jackobson [etc] produced on in 1998. Jules produced one in 1999 and they produced on together”
A: “Yes Jules became a colleague later”
W: “Further in this article ‘meanwhile in the academic scene’”
*asks Adam to read paragraph to himself*
W: “Is that a fair description of the kind of work on POW in the late 90’s and 2000s?”
A: “Yes it is the kind of work being done then”
A: Explains that this research generally all had different mechanisms for acheiving POW designs and that Academic would produce theory where he worked in applied sector to build
W: “Early 2000’s there was a rich source of academic POW systems”
A: “Yes there’s a lot of [theory] papers discussing potential uses [applied not so much activity]”
W: “The final comment is not accepted, I think you’ll agree there was a lot of activity”
A: “Yes”
W: “This paper ‘DoS resistent auth and puzzles’ you see a formula, above it says ‘client solves x and y which will be discarded and the solution sent to the server’ below that we see a formula after the equal sign the notation say ‘the k first bits of the hash’ refers to 0 sequence. The target hash here depends on the first string in the hash being a string of 0’s”
A: “Yes the first stage generally relies on a challenge hash where there is a transform where the person can choose their own challend and HashCash version 0 is doing its own transform”
A: “But here this paper has the server doing the transform. The point of the challenge is the person doing the proof afterwards have to be convinced the challenge is fair. This paper and Hal said that 0 was a fair choice and it is a simpler choice”
W: “This particular target hash is looking for a specified number of 0’s in the target hash. In bitcoin the POW also looks for a number of leading 0’s”
A: “In the bitcoin case the precision is much higher, to find a hash that is less than the target”
W: “I’m not quite sure. What I’ve put to you is precisely how the WP describes the POW”
A: “When I wrote the HashCash paper it is slightly different, bitcoin looks for more than just leading 0’s. There is a lot of work done in both but bitcoin POW can have the right number of 0’s but not the integer”
W: “Under heading POW ‘when scanning for a value when hashed the has begins with a number of zero bits. Is that an inaccurate description?”
A: “I am. It is a simplification”
W: “I put it to you that you are seeking to escape from what is clear that the bitcoin POW is similar to the [earlier than HashCash paper]”
A: “The diff is a floating point number, so it is more nuanced. Satoshi has simplified it and that is why he has introduced this floating point concept into it. Something I considered as an optimisation. The Orra paper & bitcoin differ.”
W: “It is clear that your original HashCash proposal was NOT based on leading 0 bits”
A: “Yes that’s right”
W: “Your 2002 paper under ‘HashCash improvements’ you recognise improvements proposed by Hal Finney”
A: “Yes”
W: “You write that Finney and Bosch propose finding a collision between hash and string which you said is fair. Going from earlier you wanted to find something that was a fair result”
A: “Yes if the work was not fair you could cheat the selection of the challenge”
W: “Your saying about the challenge parameter, that is an important part of the protocol”
A: “If your choosing one it has to be fair, so it cannot be repurposed subsequently. Setting part of the protocol to 0’s the verification is the same, you are skipping the first step”
W: “In terms of setting the verification 0’s that is what you refer to in your paper”
A: “Yes”

Steun Focus met een donatie!

Laat een berichtje achter en kom in ons donatie-dashboard.

Martti Malmi, Adam Back

W: “When you describe the k bit string compared to the hash output size, are you referring to a string of a set number of 0’s or just a string of 0’s at the beginning”
A: “The beginning…”
W: “You indentify additional applications [for HashCash]”
A: “This paper came give years later, which people often confuse”
W: “The paper described HashCash and B-Money as a way to interface [digital currency]
A: “Yes”
W: “You see there the announcement in 1998 of Wei Dai’s proposal [b-money]”
A: “Yes”
W: “Do you think he might have posted it to the cypherpunk mailing list earlier?”
A: “He might have done, yes”
W: “Wei Dai’s proposal discusses the proposal of creating [digital currency] through a computation process. He gives example and upon the broadcast of the solution everyone credits the broadcaster with 3 credits. So solving a computation puzzle is the method the money is created”
A: “Yes”
W: “In bitcoin the POW process secures the ledger rather than creating the money”
A: “Yes but it is also the work which brings new coin into creation”
W: “Yes but the creation of the new coins is removed a number of steps from the solving of the puzzle itself”
A: “Well I think only superficially different [process] The formatting in bitcoin [POW] creates the coins for the economic game-theory which makes it robust”
W: “It is used in the process which leads to the creation of the coins but it is not the process which creates them”
A: “It is all bound together as an atomic operation. Everything is hashed together to decide which coins, addresses, transactions, it is all one thing”
W: “It is all bound together but bitcoin contrasts with B-Money where the solving of the computational puzzle led to coins”
W: *reading” “In bitcoin the hash is merely used to secure the ledger”
A: “It’s true the puzzles are not solely the cash but it’s not true the POW is only to secure the ledger because then you’d have 2 sets of work, one for secure the ledger one for issuing coins”
W: “I’m well aware that your position is that bitcoin is a mere development of HashCash”
A: *laughs* “Err no”
W: *reads description about POW purpose*
A: “The way people express themselves depends on their focus, [they will describe things differently]
W: “As for Satoshi’s genius it say B-Money and HashCash did not incorporate double-spend protection as Bitcoin does”
A: “I didn’t include such a thing because HashCash wasn’t spendable. B-Money did have something similar though”
*goes on to talk about Szabo’s Bit-Gold being closer to Bitcoin
W: “And that was after your HashCash paper?”
A: “Correct”
W: “I don’t think it is controversial to say that Szabos’ proposal helped to inspire Bitcoin. Satoshi stood on the shoulders of giants and one of them would have been Szabo”
A: “I don’t think Satoshi knew about Bit-Gold”
W: “That’s not what CSW says. Here in your email with Satoshi 20th August Satoshi says to you ‘I am getting ready to release this paper [citing HashCash] and I want to check it is ok] you say citation is fine and you reference Wei-Dei”
W: “The B-Money paper is described precisely on his [Wei’s] web-page”
A: “Yes”
W: “Satoshi says ‘thanks I wasn’t aware of the B-Money page. What he was saying is that he wasn’t aware of the page.”
A: “Shortly after this Satoshi did contact Wei Dai and told him he was unaware of B-Money, which confirms my interpretation that he was not aware of B-Money”
W: “I put it to you that Satoshi just said he was not aware of B-Money page, not that he was not aware of B-Money”
A: “Well it was only after I told him this that he included the B-Money citation in the paper (I forgot to include BitGold, too, I was remiss). Later in 2013 when I was asked about it I gave this explanation to show that Satoshi was not aware of B-Money itself”
W: “This is just your interpretation”
A: “Well this is also Wei Dai’s interpretation too. People like to say they were involved in Bitcoin’s creation, due to the [kudos] but Wei Dai specifically says he was not involved in it”
W: “It would be surprising that the creator of Bitcoin wouldn’t know about B-Money and Bit-Gold?”
A: “No because he didn’t first post to the cypherpunk mailing list. Satoshi said he’d spent a lot of time drafting the design and the paper before this.”
A: “People started saying about how this [talk about digital currency] was like digital gold”
W: “It is CSW’s case that Satoshi was well aware of Wei Dai’s B-Money proposal”
A: “The first time CSW has said that is AFTER he had access to my unpublished emails”
W: “Did you also use chat forums after Bitcoin was launched?”
A: “Yes”
W: “Which other ones”
A: “The blue sky forum I think. Distributed storage discussions about the wayback machine etc”
W: “You used twitter also?”
A: “Yes but not until long afterwards, it was about 2013 when I got more interested in Bitcoin”
W: “You’re aware of ProfFaustus on twitter being CSW?”
A: “Kind of, I didn’t really pay much attention. @IanG was re-tweeting CSW’s statement about Bitcoin which were incorrect which I found annoying so I unfollowed @iang_fc I find CSW a bit like an Elvis impersonator. I don’t find anything he posts authentic”
W: “You are the CEO of @Blockstream
A: “Yes”
W: “Who were the other founders?”
A: *lists founder*
W: “You are also defendants in the other cases and members of @opencryptoorg too?”
A: “Yes we patented some bitcoin related work to protect it and make a patent pack to put the tech into the public domain. COPA expanded on that and could bring more companies in so we folded our defensive patent process and joined @opencryptoorg we were not aware of this case until it was announced”
W: “You describe @Blockstream as a Bitcoin and Technology company. One of its services as a scalable lightning service. It is a major part of its biz”
A: “It is not exclusive to @Blockstream there are other companies and people involved”
W: “But it is very important to you?”
A: “Yes it is hard to scale blockchain tech and this is a way to do it”
W: “You are aware that CSW says lightning betrays the Bitcoin protocol”
A: “I am aware that he has said that”
W: “In being connected to @blockstream you have a personal interest in seeing Satoshi Nakamoto defeated. It would promote your business”
A: “It wouldn’t really affect our business”
W: “There is a dispute between you and BSV and CSW on what is the direction for Bitcoin”
A: “Bitcoin is an open technology and if I wanted to get a new feature into bitcoin it isn’t going to happen unless there is widespread acceptance of that change. You need consensus”
A: “I put it to you that the various forks that have split off from Bitcoin, Bitcoin cash, BSV etc is because people did not want to adhere to the consensus rule and wanted to make their own changes by force”
W: “That is the view that [BTC] is not the same as original vision”
A: “I’d be reluctant to take the biblical view that Satoshi’s design had to remain unchanged. Some people have made forks, BSV is a fork of a fork”
“That is all my questions”

Gunning neemt het gesprek over

Gunning [King’s Counsel of Bitcoin developers takes over]!

G: “Dr Back do you recall the question about the POW involving scanning for value has leading 0’s?”
G: “You responded saying that was a simplification, saying the Bitcoin paper the diff is a floating number. If we pull up the main.cpp file from 10th Jan release 2009, we see the checkblock function and part of that function there is check POW matches claimed amount”
G: “How does that answer there deal with the answer you gave about leading 0’s”
A: “It’s related to the diff of the algorithm it was a fast check then a full check”
G: “Does it deal with leading 0’s?”
A: “No. It is a compact representation of the difficulty, checks the target”
A: “Superficially there is a leading group of 0’s but it is a floating point number so could be anything following”
G: “all my questions”
H: “Those are all the witnesses for today”
G: “One thing! M’Lord the White Paper ‘latex’ files have had some late developments. We’be made an animation about it [gives ref to location] you might want to take a look at.”
Mellor: “You’ve had the full unredacted record now?”
G: “Yes and we overlay it with the original WP”

[Noot auteur: deze timelapse-animatie gemaakt door de bitcoin-ontwikkelaars en laat zien hoe Craig Wright in november 2023 de Bitcoin LaTex whitepaper-vervalsing heeft gemaakt, wat hem 22 uur kostte verspreid over 4 dagen, bereikte de rechtszaal 2 dagen later, op 23 februari 2024. Het bekijken waard:

Bron: Twitter

Greg Maxwell (nullc) legt uit op Reddit hoe de bitcoin developers de data hadden verzameld om de animatie te kunnen maken

Dit even tussendoor. Terug nu naar de rechtszaal met “CryptoDevil”:

Mellor: “I did see it, the @Shoosmiths letter clarifying the case on the latex file”
G: “Well, we’ll see!”
W: “Could I just ask M’Lord to also read OUR letters as you view this content?”
Mellor: “I’ve already received them”
H: *talks about timings for US videolink witnesses, requests Hearn start later so all can be in afternoon (for US time)
W: “Grabiner is dealing with Hearn it is up to him, but we cannot bring the others forward”
Mellor: “Well if we have to have a long lunch we will”

DONE!

Het zal waarschijnlijk niemand verbazen dat Craig Wright zijn Bitcoin-incompetentie nogmaals liet zien nadat hij het kruisverhoor van Adam Back had gezien.

En ik kan persoonlijk bevestigen dat Craig Wright Adam Back zijn kruisverhoor heeft gevolgd op 21 februari 2024, aangezien Craig in dezelfde Zoom-videogroep “Opus 2 Hybrid Hearing” zat als ondergetekende op de dagen dat hij het proces niet persoonlijk bijwoonde in de rechtszaal.

Waar Craig Wright zich echter niet bewust van was, was dat developer Sylvester Hesp legde op Twitter gedetailleerd uit welke door Satoshi geschreven code Adam Back heeft moeten kennen, en hoe hij de innerlijke werking ervan uit zijn hoofd heeft moeten hebben geleerd.

This is the code in question in main.cpp in the original Bitcoin v0.1 client (top image below). On line 1182, it initializes a Bignum from nBits using the SetCompact() function. nBits is itself a property from a block header that encodes the difficulty. If we browse to bignum.h (second image below), we can see how this bignum is created from these bits.

So, looking at SetCompact(), we can see that it takes the top 8 bits from the number. This is essentially what is the exponent of the floating point number that @adam3us was talking about. They initialize a vector of bytes (unsigned char) with the length of the exponent plus 4. So the exponent is expressed in terms of bytes, not in bits (as if it were a base-256 number where each “digit” ranges from 0 to 255).

Now, this vector is eventually fed into BN_mpi2bn() of which I included a description on the bottomright image because of its format: the first 4 bytes are the length of the vector, and what follows is the number in big-endian format. Big-endian means that the most significant digit comes first, this corresponds to the way we naturally write numbers from left to right.

What follows is that the bottom 3 bytes of the input parameter are put at the front of the part in the vector that is essentially the byte representation of the number. So, in essense, we get a number that is the bottom 3 bytes of the input, followed by another nSize — 3 zeroes.

If we take the original difficulty from the first couple of blocks, it is 0x1d00ffff. 0x1d, which is 29 in decimal, is taken as the nSize, the number within the vector is 29 bytes long (first 4 bytes are reserved for encoding its size), and it consists of:

FFFF0000000000000000000000000000000000000000000000000000

If we go back to main.cpp, line 1182, we see that the block hash is compared this number. So Adam Back was correct in asserting that Bitcoin does indeed check the actual value for the hash, rather than just the initial digits.

(A note on line 1180, there Satoshi just checks whether the number is within the range for allowed difficulty, which is in fact slightly higher than the starting difficulty)

Drie plaatjes bij de tweet van Sylvester Hesp

Steun Focus!

Vind je deze open en gratis Focus-editie waardevol? Steun ons met een volledig vrijblijvende donatie, compleet value4value!

Klik op de QR-code met je lightning wallet (lnurl-compatible) of check onze donatiepagina voor standaardopties.

Steun Focus!

Vind je deze open en gratis Focus-editie waardevol? Steun ons met een volledig vrijblijvende donatie, compleet value4value!

Scan de QR-code met je lightning wallet (lnurl-compatible) of check onze donatiepagina met enkele standaardknoppen.

Proof-of-work en meer

Een andere developer legde uit:

“About the header format nbits, it’s not bits, it’s a floating point number in a weird custom format. But also that BN_mpi2bn has it’s own quirks so he [Craig Wright] got some details wrong. So the actual precision varies between 16 and 32 bits due to a quirk in that OpenSSL library function, and the way Satoshi used it.”

The behavior is partly driven by a library quirk rather than intent, and Satoshi didn’t bother tidying it up, he just jammed it in there. At all times, Craig Wright is still wrong even after listening to Adam Back’s testimony, and then Gunning KC verifying it with Adam Back in the code, and other people on social media confirming it. Craig Wright was doubling down against simple disprovable things.

A quality reflection could also be noted from WizSec Bitcoin Research.

I wasn’t going to bother explaining Bitcoin’s nBits PoW target, because it’s more nuanced than the slam dunk sound bites people want. But since Coingeek is now taking a moronic victory lap pretending that Adam Back was wildly wrong during cross-examination, I guess we have to.

At issue is Bitcoin’s proof-of-work target, the criteria for what constitutes a valid solution to the mining problem (specifically, which block hashes are valid).

The harder the difficulty, the “rarer” it is to find valid hashes, requiring more computing power to find one.

As the amount of mining power grows, Bitcoin automatically adjusts its difficulty target so that on average 2016 blocks are found per two weeks (1 block every 10 minutes).

For example, the current Bitcoin PoW difficulty is 80 trillion times harder than when Bitcoin was launched.

Satoshi Nakamoto took inspiration from Adam Back‘s Hashcash when creating the proof-of-work system for Bitcoin. In Hashcash, difficulty is defined as requiring a hash digest to start with a required number of zero bits. This is also how the Bitcoin whitepaper explains the idea.

However, Satoshi’s actual implementation in the first release of Bitcoin uses a more refined test: treat the hash digest as a 256-bit number and require that it doesn’t exceed a certain target number.

This allows more granular difficulty adjustments than leading zero bits would.

In a prototype version of the Bitcoin code (assuming the leaked prerelease is genuine), Bitcoin *did* use leading zero bits as the test, explaining the whitepaper’s phrasing as well as why the value is called “nBits” in the code.

Satoshi repurposed the nBits value to instead be a compact encoding of a 256-bit number (the difficulty target), against which the block’s hash digest is compared.

None of this is controversial or new, except maybe to certain impostors and their sycophant enablers.

During Adam Back’s cross examination in the COPA v Wright trial, Wright’s counsel put it to Back that Bitcoin uses leading zero bits as the difficulty target. Back pointed out this isn’t true, saying Bitcoin uses a “kind of floating point” instead.

Wright himself during recall cross-examination repeated this assertion (that Back had it wrong and that Bitcoin uses leading zero bits), clearly unaware of Satoshi’s actual implementation and going entirely by the whitepaper (which is out-of-date and/or a simplification).

Wright’s cheerleaders has since chimed in, jumping on Back’s “floating-point” comment and painting him as misinformed. BSV propaganda outlet Coingeek ran a piece saying “Back claims the Bitcoin code uses floating point in PoW. This is demonstrably false.”

Source: CoinGeek (on Archive Today)

The article actually provides a decent explanation of how the PoW check works and of the nBits compact encoding of the target value. It even explains that the “zero bits” reference in the whitepaper is just a simplification to more intuitively explain the concept.

But that’s not what Wright and his counsel said in court; they asserted Bitcoin literally uses leading zero bits! And the real Satoshi would definitely know better, having implemented it!

Funny how this clear error does not get a “demonstrably false” denouncement from Coingeek.

So what about Adam Back‘s “kind of floating point” comment then? His explanations on the stand weren’t always crystal clear, although keep in mind he was asked about technical minutiae about someone else’s invention. (Unlike Wright, Back has never claimed to be Satoshi.)

Floating point numbers consist of digits plus a scale, allowing you to express both very large and very small numbers with a certain relative precision.

Imagine having the number 12345 and being allowed to put a “floating” decimal point anywhere inside it: 1234.5, 1.2345, etc.

In computers, floating point numbers use some of their bits as an exponent (for a powers of two scale) and the rest as a significand/fraction/mantissa (the actual binary digits of the number, appearing at the point given by the exponent).

So if you wanted to express a large number like the Bitcoin difficulty target as a floating point number, the number would basically be encoded as “these bits appear at this position in the number”.

With that in mind, let’s look at how the Coingeek article (correctly) explains how Bitcoin’s difficulty target is encoded.

Exponent? Mantissa? Shifting given significant digits to a given position in the number?

Hey geniuses: that’s a floating point number.

It’s not one of the native C++ types, but it’s definitely a kind of floating point, manually implemented by Satoshi.

Adam Back may have misremembered some of the exact details, but he at least knew Bitcoin uses an arithmetic comparison with a “kind of floating point” expressing the target.

Wright meanwhile had no clue how Satoshi’s code worked; he’s just read the paper.

Einde van deel 1

Tot zover de nasleep van het kruisverhoor van Adam Back. Het verklaart waarschijnlijk waarom Craig Wright er niet al te blij uitzag toen hij op 23 februari 2024 de rechtbank verliet.

Eerst werd hij lezingen gegeven door Adam Back, daarna de LaTex-timelapse-timelapse-animatie van de bitcoinontwikkelaars…

Oef.

Dat is alles, mensen. Bedankt voor het lezen, tot volgende week met Deel 2!

Arthur van Pelt

Steun Focus met een donatie!

Laat een berichtje achter en kom in ons donatie-dashboard.

BITCOIN FOCUS

Word abonnee van dé bitcoin nieuwsbrief van Nederland.