first response EITC Holdings Limited Analysis of GnuPG 1.4.7 functionality Authors Dr Nick Sharples BSc (Hons) DPhil & Dave Kilroy BSc (Hons) MSc 28 April 2016Introduction 4 Bitcoin is a digital currency and payment system that enables payments to be made pseudonymously online. A research paper describing its implementation was produced by ‘Satoshi Nakamoto’ in 2008, and he released it as open-source software in 2009, Satoshi Nakamoto is not the real name of the inventor of Bitcoin, their real identity has been shrouded in mystery. In December 2015 two news articles were published that presented evidence to suggest Dr Craig Wright is Satoshi Nakamoto, the inventor of Bitcoin and the blockchain technology on which it relies. A subsequent news article, published on Motherboard, was written to cast doubt on the findings in those papers, suggesting that the 2 PGP keys detailed in the initial articles must have been fabricated as they cannot have been created at the time in question, Based on that single unsupported claim, the Motherboard article concludes that Dr Craig Wright cannot be Satoshi Nakamoto. First Response has been provided with a paper entitled: “Appeal to authority: A failure of trust’, which is reported to have been authored by Satoshi Nakamoto. It rebuffs the claims made in the Motherboard article by describing a process for changing the default preferred hash algorithms of a PGP key created using GnuPG version 1.4.7 (released on 5' March 2007) from the default 2, 8, 3 to 8, 2,9, 10, 11 This report documents our independent assessment of the claims set out in “Appeal to authority: A failure of trust’, and confirms they are correct; in fact, we found their proofs trivial. Report of Dr Nick Sharples & David Kilroy - page 2The Authors Dr Nick Sharples BSc (Hons) DPhil Digital Forensic Specialist Nick has a DPhil (doctorate) in Computer Science and Artificial Intelligence, He has worked as a computer forensic investigator and expert witness since 2002, and provides computer forensics services to UK police forces, solicitors and businesses, ‘As well as producing software for use in histech crime investigations. Nick has examined computers and other digital devices as part of local and national investigations including: indecent images of children, murder, identity theft, fraud, money laundering, sham marriages and missing-persons. He has presented expert evidence in various criminal courts, including in R v O'Shea, the Operation Ore fresh- evidence appeal in the Court of Appeal. He has a special interest in Malware investigations, Nick specialises in the analysis of highly complex and technical systems, using sophisticated software extraction techniques to gather data and present it evidentially. He has travelled to the United States, Asia and Morocco, as well as throughout the UK, to assist in investigations, and provide advice and training in computer forensics techniques, He is an experienced programmer and has worked on diverse systems including City-trading financial database management (in JavaScript), evolutionary software for optimising network protocols (in Java), hard- disk imager and credit-card data scanner (in C and C++), database-backed web- services (Java). David Kilroy BSc (Hons) MSc Technical Architect and Mathematical Consultant Dave has a BSc in Pure Mathematics and an MSc in mathematical logic. He has had a 40 year career in the IT industry: initially programming in COBOL, FORTRAN, BASIC, RSX Assembler, Coral, Algol 60 and Algol 68, This was in a wide variety of organisations including JCC, Honeywell, Standard Telephones and Cables and Marks & Spencer's, Report of Dr Nick Sharples & David Kilroy - page 3‘The latter 10 years of his career was as a Technical Architect at Marks & Spencer's. ‘This carried significant responsibility judging proposed supplier IT products and their integrability within the M&S technical infrastructure, and assessing new or unfamiliar technology. The benefits (or otherwise) and concomitant costs had to be clearly articulated to the layman. Following agreement, feasible operational designs were produced. Dave retired from Marks & Spencer's in 2011 and has used the time to renew a number of interests which include mathematics: specifically modulo arithmetic and encryption theory, vector analysis, and electromagnetic theory. He has attended the British Mathematical Colloquiums at QMC, Cambridge and Bristol, and is writing a short book “A-Level Maths Essential Formulae”. Report of Dr Nick Sharples & David Kilroy - page 4Background 5. The true inventor of Bitcoin has been a mystery since ‘Satoshi Nakamoto’ seemed to disappear in 2010, Members of the Bitcoin and wider scientific community have attempted to determine who Satoshi Nakamoto really is, and have critiqued evidence presented by individuals claiming to be him. On 8% December 2015 two articles were published which presented evidence to suggest that Dr Craig Wright is Satoshi Nakamoto. One article was published on Wired (www wired.com) the other was published on Gizmodo (gizmodo.com). The articles are reported to have been based on a cache of leaked documents. Each article presents details of a different PGP key that is said to have been used by Satoshi Nakamoto, The Wired PGP key, OF7BD4AD, cites its creation date as 30" October 2008 and is linked to the email address: satoshin@vistomail.com. The Gizmodo PGP key, C941 FEOD, cites its creation data as 16 December 2008 and is linked to the email address: satoshin@gmx.com. On 9% December 2015, an article was published on Motherboard (motherboard.vice.com) entitled: “Satoshi's PGP Keys Are Probably Backdated and Point to a Hoax”. That article is based on a post on Reddit (www.reddit.com) by ‘user/nullc’ which is attributed to Greg Maxwell, a Bitcoin core developer. The main thrust of the Motherboard article is that the PGP keys shown in the Wired and Gizmodo articles rely on hash algorithms 8, 2, 9, 10, 11 and that those algorithms were not available until the release of GnuPG version 2.0.13. GnuPG version 2.0.13 was not released until 4* September 2009; after the Wired and Gizmodo keys were created, so the article concludes that they must therefore have been manufactured as part of an elaborate hoax. The Reddit post is included as appendix A. Report of Dr Nick Sharples & David Kilroy - page 59, 10, 1. The list of available hashes and their corresponding IDs is available in RFC4880 (the proposed standard for OpenPGP), page 62: Wash Algorithms 1 = MDS [HAC] IA-1_[FTPS180] = RIPE-MD/160 [HAC = Reserved ~ Reserved ~ Reserved - Reserved A paper entitled “Appeal to authority: A failure of trust” was published on Reddit in early April 2016, that paper does not reveal the author’s name, It describes how the findings in the Motherboard article are flawed. We have been provided with a Microsoft Word version of this article; the version of the paper provided to us has the author's name: Satoshi Nakamoto, We note that there is a minor error on page 3 of the paper, which states that the key associated with the Vistomail account has the fingerprint 18CO9ES6SEC948A1, The PGP key with that fingerprint is actually associated with the: satoshin@gmx.com account, Instructions 12. 13, First Response has been instructed by EITC Holdings Ltd to determine whether it ‘would have been possible to a create a PGP key with the preferred hash algorithms 8, 2, 9, 10, 11 using GnuPG version 1.4.7, and to comment on when the facility to configure a PGP key to use those algorithms was added to the source code, We have been provided with a paper, entitled: “Appeal to authority: A failure of trust”, The document has been provided in Microsoft Word format, which includes properties that expose details of the document's creation, It is notable that the name Report of Dr Nick Sharples & David Kilroy - page 614, 15, of the author shown under the paper's title reads: “Satoshi Nakamoto” and the internal properties of the document include in the Author field: “Craig $ Wright”, In essence, the paper aims to disprove the assertions reported in the Motherboard article (and the Reddit post on which it is based) by demonstrating the capability of GnuPG version 1.4.7, that was released on 5** March 2007 and so would have been available in 2008. The paper takes the reader through the process of creating a PGP key using GnuPG version 14.7 and through changing the default preferred hash algorithms from 2, 8, 3 to 8, 2,9, 10, 11. The paper also documents the reasons why a person may choose to generate a PGP key using RSA-3072, rather than use the default DSA; RSA-3072 simply generates a more secure key. PGP Overview 16, a7. 18, 19, PGP is an encryption process model first defined by Phil Zimmermann, and released as Open Source software in the 1980's. It provides message encryption and digital signatures using a mix of asymmetric RSA, and symmetric encryption to provide security for public interaction and commerce. GnuPG 1.4.7 is an implementation of the PGP model, Symmetric encryption requires the sender and the recipient to know the cypher key. This makes symmetric cyphers highly vulnerable to the key being compromised. However, the encryption is efficient on processing resource. Asymmetric encryption establishes two different keys: one for encryption, and one for decryption, These are colloquially known as the Public key and the Private key. RSA is an asymmetric encryption method based on modulo arithmetic and the fact that it takes a long time to factorise the product of two large prime numbers. RSA is highly secure but is a heavy user of processing resource. To encrypt a message using RSA, the Public key is used, then only the owner of the private key can decrypt the message, But note that this method can also be used to confirm a sender's identity: the sender encrypts using his Private key so when decrypted with the corresponding public key it can only have come from the sender. Report of Dr Nick Sharples & David Kilroy - page 720. 21. 22. 23, 24, 25, 26. Hashing Algorithms Hashing algorithms are used to ensure the integrity of a message. They work by applying a sequence of arithmetic and Boolean operations to the values of the characters of the message. The result is a single number ~ the message digest. If the message has been altered in transit then when the receiver calculates the message digest, it will not match the sender's digest and the tampering is detected. Hashing algorithms have to make it difficult to create a new message with the same message digest, and different algorithms have differing strengths of this difficulty. Again, there is a trade-off between this strength and the processing resource required. Note that the Hashing algorithms at issue (SHA-224, SHA-256, SHA-384 and SHA- 512) are all algorithms which in purely mathematical terms are straightforward, in PGP Process In order to see how the Hashing algorithms at issue are used, the PGP process: The sender selects a Hashing algorithm depending on how strong he wants the hashing to be. The message is processed using the selected Hashing algorithm resulting in the message digest. The message digest is then encrypted using the sender's private RSA key and the encrypted digest appended to the message, The whole message + digest is then encrypted using a symmetric cypher and its key encoded using the recipient's public RSA key. The encrypted message + digest plus the encrypted symmetric key is then transmitted, The recipient decrypts the symmetric key and then decrypts the message + digest. Using the sender's public key to decrypt the digest, the recipient knows that the digest can only have come from the sender (since it was encrypted using the sender's private RSA key), Report of Dr Nick Sharples & David Kilroy - page 827. 28, He then applies the selected Hashing algorithm to the message. If the result matches the received digest, he knows that it is unlikely that the message has been tampered with, The combination of the hashing process and the encryption of the digest using the sender's private key constitutes the digital signature. Download and install GnuPG 1.4.7 29, 30, 31, 32, 33, 34, 35, ‘We now describe our own investigations and tests. On 22" April 2016, the gnupg-w32cli-1.4.7.exe binary file was downloaded from the address: ftp://ftp gnupg.org/gerypt/binary /gnupg-w32cli-1.4.7.exe, along with the accompanying gnupg-w32cli-1.4.7.exe sig signature file. The SHA1 and MDS hash of the gnupg-w32cli-1.4,7.exe file were calculated, producing the values: a, SHA1: b806e8789c93dc6d08b129170d6beb9e1aSac6sF b, MDS: £73fd0d4792be0f2b385d38214474866 Tt was noted that the SHA1 hash value calculated from the file we downloaded was the same value as that reported at the bottom of page 2 of the paper; this confirms that the install file we used and the install file noted in the paper are the same. Instructions available on the GnuPG website were followed to verify the authenticity of the gnupg-w32cli-1.4.7.exe file, using the accompanying signature. Using GnuPG version 1.4.16 (a separate instance of GnuPG) the key 1CE0C630 (which is reported to be the key used to sign GnuPG releases between 1996 and 2010) was downloaded from the key server pool.sks-keyservers.net and added to the local keyring. For the sake of completeness, the following command was used: gpg ~~keyserver ol. sks-keyservers.net --search 1C50 Verification was performed using the command, gpg --verify gnupg-w32Zcli-1.4.7.exe.sig gnupg-w32cli-1.4.7.exe Report of Dr Nick Sharples & David Kilroy - page 936, This generated the following output, which confirms that the gnupg-w32cli- binary is authentic. gpg: Signature made Mon 05 Mar 2007 11 ID 1cE0C630 4:08 GMT using RSA key gpg: Good signature from "Werner Koch (dist sig) " gpg: Note: This key has expired! Primary key fingerprint: 7896 D396 2647 1601 7548 E4D8 5386 2000 1CEO C630 37. The verified gnupg-w32cli-1.4.7.exe install file was used to commence installation of GnuPG on an analysis computer (running the Windows 10 operating system). 38, The first install screen displayed details of when the program was built: 10:53 UTC on 5 March 2007, and the file version: 1.4.7.6410. This is the first install screen: @ GNU Privacy Guard Setup = x Welcome to the GNU Privacy Guard | Setup Wizard ‘GnuPG is GNU tool for secure communication and data | storage. Itcan be used to encrypt data and to ceate digtal signaures. induces en advanced key management fecity tendia complant with the proposed OperPGP Internet andard as descrbed in REC2S. | ick Next to conte, This is GPG version 1.4.7 butt on 2007-05-05 10:53 UTC fie version 1.4.7.6410 39. The second install screen displayed the GNU general public license: “Version 2, June 1991", Report of Dr Nick Sharples & David Kilroy - page 1040. 41 42. 43. 44. 45. 46. ‘The third screen asked for selection of components to install. No changes were made to the list of components and the button labelled "Next" was clicked. ‘The fourth screen confirmed which language should be used and presented the default option “en - English”, That choice was accepted. ‘The fifth screen asked where the program should be installed. The default option was left unchanged, so the program would be installed in the folder “C:\Program Files (x86)\GNU\GnuPG\" ‘The sixth screen asked to confirm the name that should be used on the Windows start menu, which was left unchanged. GnuPG was then installed and configured itself on the analysis computer. In order to confirm that GnuPG version 1.4.7 was installed the following command ‘was issued (from the install folder): gpg version ‘The following screen-capture shows the results of running that command. BEE CAWINDOWS\systems2\cmd.exe - ao x s\Program Files (x86)\GMU\GnuPG>gpg version pg (GnuPG) 1.4.7 ‘opyrignt (C) 2006 Free Software Foundation, Inc. his program comes with ABSOLUTELY NO WARRANTY. his is free software, and you are welcone to redistribute it inder certain conditions. See the file COPYING for details. fone: C: /Users /Nick/AppData/Roaming/gnupg, supported algorithms: ubkey: RSA, RSA-E, RSA-S, ELG-E, DSA ipher: SUES, CASI5, BLOWFISH, AES, AESIYZ, AESZ56, INUFISH lash: MDS, SHAL, RIPEMD160, SHA2S6, SHA384, SHASI2, SHA224 ‘ompression: Uncompressed, ZIP, ZLIB, BZIP2 £ Program Files (x86)\GNU\GnuPG> Report of Dr Nick Sharples & David Kilroy - page 1147, It was noted that the supported hash algorithms includes SHA256 SHA1 SHA384 SHAS12 and SHA224 (the five hash algorithms, set as a preference using the numbered list: 8, 2, 9,10, 11). Creation of the PGP key 48, Using GnuPG version 1.4.7, which had just been installed on the analysis computer, the steps documented in the paper to create a PGP key and alter its default hash algorithms from 2, 8, 3 to 8, 2, 9, 10, 11 were rehearsed. The following paragraphs document the steps taken, 49, APGP key was created a using the command: gpg -gen-key 50. A key was created that had the same configuration as that detailed in the paper. A PGP key configured: a, Asa “DSA and Elgamal” key b, With the default key size of 2048 So thatit does not expire. 4, With the real name: Test Account e. With the email address: test@pgp.com f With the comment: this is a 1.4.7 key Report of Dr Nick Sharples & David Kilroy - page 1251, The following is a screen-capture showing that process: is 1s free software, ard you are welcone to redistribute it fan crtain conaitiong Soe tne file COPIMG for sete ee select wht Kind of hay ou wats fea aed gwen (aneae) 2 bse (stan ool) (8) Bt ls en) ft kevise do veu nat? (248) Requested keysize is 2008 bits Plesse specify how tong the key shuld be valle |e TAG Sotees nn ors ‘ow = key eolres nm weeks ‘ion key expires i months py = hey elves Inn ears wy a0 vas For (0 i sae carts GA fou need» user 1D to Adentify your key; the softare constructs the user ID “eric eine (Der Otter) shetnridagwvesseider oe” Free secure (Qe 36 81.4.7 hy) cessépp. com>” rarer (ane, (ommnt, (Flatt oe (09k HQDat 0 fou nee a Patsnace to protect your secret ty te nea to generate 10 of rand Dyes. 1 15a got ea to petorn fitter ctr tyres ube trveray mre tients te [ict artng rs pce gonocanions ttc ste the ria mah Fevertar a beter chance to eain veut ene. Peers eeeisetesstetteresteen eet eate reeset ieee ttf eno Gn Ce ga i etm |BGke) inser ee ordne goneations this glee the randon manor fetertor» Better chance to gain eneugh enroy. ey 2OFSFECS marked as ultimately trusted ceonletes) ob “oawaorsrecs 26.04: PP ay elngerorinc = ESC BBL? NSF EXF2 B16 C781 173 12682068 FECS bas Test coun (this 8 4 18.7 hey) 52, The details of the key that had just been created were reviewed using the command: gpg export 20F8FHC5 | gpg —list-packets —verbose Report of Dr Nick Sharples & David Kilroy - page 13,53. 54, 55. 56. ‘This provided the following details: 1 CmBovoeceniBomdon - 0 x [erprotran Files S5NGHNGP>eo.ene --exort 2FSECS | ear -List-oackets ~verote al ois ty peat ‘otlon ty algo 1, crsces sasueszes, empire @ ov) fae nie) Sov): (ie eta) Bley): ez sts) poy): (ua ets) sae 1paaets est hecont (IM $8 14.7 key) cestpe. com” ‘lear psig 3, phe Oa “la ceated 216-08-2) 1 ey Fas 5 tore a bet 2 en }{pet-uohaigons 282) shes Spee 22 Ian 3 (wet-ripaigs: 223) fed saat 38 an {fester 8) ed stece 23 ten 1 hay aeren oefeenes: 8) Ib en (asur ey 19 BUSINES). tw ve), ‘tee: [5s wierd otic Sib bey pocket, erst Ubigo 1, costes 16105285, expres © sete. fae vas SOM: tie a): (ie bes) ace! ie 9 alas ‘igst alge 2, apn of eiest 76 fathesspe’2 en (og eestd 2096.06.29) shes Sapte 27 on Gy Fag 0) Sine 36 en (Soter hey 1D SUSE) roe) fre: [se axes] Lexvromnn ites s)ounenre> a It was noted that the preferred hash algorithms are 2, 8, 3. As shown i subpkt 21 len 3 (pref-hash-algos: 2 8 3)", ‘The properties of the key were edited using the command: gpg ~edit-key 29°8FECS At the edit key command-prompt the following configuration changes were set: setpref SHA2S6 SHAL SHA3B4 SHASI2 SHA224 AES256 AESI92 AES CASTS ZLIB BZTP2 ZIP Uncompressed Report of Dr Nick Sharples & David Kilroy - page 1487. 58. ‘This is the response displayed on-screen: 1 cao eeemdee — 0 x Kevotrn Files NGM Guan -edlt-hey 28S al le (outa) 1.875 Cnytan (0) 20 Free Safar Foto, Ie oe sens crated 2016.06.25 ‘Sot uleinte (tetaate} (1). Test Account (this te a 1.8.7 hay) ctect@ngn-com Digest: Sse, Sui, susie, usta, stand ears: Cy kajerver no-eeahty peony dnt the Seternces? GD os eda psstrane to umoce the sect ay for [eat ott Ob toy, Dares, Cate eae Saat aleimte, ality: ciate luo outgatereoue Strtod! Sole'Ge23 Mepees ener wage: € fsteiaee (). ove Soeur (Qn te # ok? hay) coerce keegan rites eyvcnnenser ‘After entering the passphrase for the key and typing save, the changes to the key configuration were in place, Report of Dr Nick Sharples & David Kilroy - page 15,59, 60. Using the same command as used previously showed the changes to the key’s configuration: cmaovoecentemdo - ox kexprosne Fes (es) \ounonPorgg.exe expert 25SEC | gg ~List packets —verbose et Tyga itt ae Sel ag 2, ened A, es 4 sheyt): (ie ots) By): ton ate) port) este Sth ey pocket boy}: anes nee) Sond: (eee) oy}: 2a ses) ssgatte act! sign 1), ease Uy siabua as vy Sa linen as bet 2 en (ag tested 206.6.25 ‘Spee a7 fan Udy ages 2) SE iene) sea: (352 OHS) keoprvanen Fler Gen yonnenter ‘As can be seen the preferred hash algorithms for the key 2DF8FECS have been changed to 8, 2, 9, 10, 11. As shown in: “hashed subpkt 21 len 5 (pref-hash-algos: 8 2 91011)". Commit Code Repositories 61, 62. Repositories exist which contain copies of earlier versions of software code, including GnuPG. This has enabled us to review the functionality in successive versions of the code base. ‘The GnuPG source code repository is divided into a repository of code for the 1.4 releases (a portable and standalone version of GnuPG) and a repository of code for 2.0 releases (a more modern version that includes support for S/MIME and Secure Shell). Report of Dr Nick Sharples & David Kilroy - page 1663. 65. A “commit” is caused when a developer submits their changes to the source code repository. The GnuPG revision control system that manages all changes to the source code repository assigns a unique value to each commit. Commit ©50cacid848d332c4dbf49dsf70Sd3cbbf074bal_was made to the 2.0 repository not the 1.4 repository. So, the changes in that commit did not alter the 1.4 code base at all The comment for the commit reads “Changed default hash algorithm preferences’, which does not suggest that the implementation of hash algorithms 8, 2, 9, 10, 11 was added with this commit, The changes applied to the code base by the commit do not add functionality, they simply change the default hash preference from 2, 8, 3 to 8, 2, 9, 10, 11, This can be seen by reviewing the bulk of the changes that were committed to the repository at that time (when changes were made to the file keygen.c), which are shown below: 6 -345,15 +345,29 €@ keygen_set_std prefs (const char *string,int personal) if ( topenpgp_cipher_test_algo (CIPHER_ALGO_IDEA) } : yo shan “7 2 ‘erent (dummy_etring, 2 me be The default hash algo order is: SWie23b, SHacL, SHAASB, SHAADIZ, SHAAZza. Ordering SMA-1 before SHA-384 might be viewed as a bit strange; it is done because we expect that coon enough SHic3 will be available and at that point there should be no more need for SHA-384 etc. Anyway this order is just a default and can easily be changed by a config. option. */ penpep_nd_test_algo (DIGEST_ALGO_SHA2S6)) at (domy_string, “r8 7); streat (dumy_string, "H2"); /* SHA-L */ if (topenpgp_nd_test_algo (DISEST_ALGO_SHA384)) treat (duamy_string, “HS ") s penpgp_nd_test_algo (OIGEST_ALGO_SA5i2)) streat (aummy_string, "HIO *); 4 (lopenpen_nd_tect_alen (OIGEST_ALGO_SHA224)) streat (dummy_string, "HIL "); : 7 RIPENDIE® */ : $¢ (topenpgp_nd_test_aigo(DIGEST_ALGO_f"0160)) Strcot(dumy string, 13 7), Report of Dr Nick Sharples & David Kilroy - page 1766, 67, The above screen-capture shows the lines added by the commit (indicated in green and by the + character on the far left) and the lines removed (indicated in red and by the - character). The H2, H8 and H3 (short algorithm names appearing in ‘strcat(dummy.string, “H2 ");' for example) have been replaced by H8, H2, H9, H10 and H1, in the 2.0 code base. I note that a comment (shown in green between the /* and */ characters) describes the new default hash algorithms, In the 1.4 code base the file's cipher/sha256.c and cipher/shaS12.c contain the implementation of the SHA family of hash algorithms. Those two files were added to the code base in commit cefSbbd9 115048487321 ee5202ct00eacTa013a5 which was made at 19:28 on 4% February 2003, The implementation was included in version 1.3.2 that was released sometime around 27" May 2003. Summary and Conclusions 68, 69, 70. 71, On 8 December 2015 two online magazines, Wired and Gizmodo, published articles that presented evidence to suggest that Dr Craig Wright is Satoshi Nakamoto, the inventor of Bitcoin, ‘ach article presented details of a different PGP key, Wired published details of PGP key OF 7BD4AD and Gizmodo PGP key C941 FEOD. On 9 December 2015, an article was publish on Motherboard entitled: “Satoshi's PGP Keys Are Probably Backdated and Point to a Hoax", The article reports on a claim attributed to Greg Maxwell, a Bitcoin core developer, that the two PGP keys could not have been created in 2008 as the functionality to create them was not available until July 2009, Therefore, Dr Craig Wright was not Satoshi Nakamoto. We have been provided with a document, which is entitled “Appeal to authority: A failure of trust” and is reported to have been written by Satoshi Nakamoto, That document explains the process of creating a PGP key using GnuPG version 1.4.7 (a release that was available in 2008) and changing the default preferred hash algorithms from 2, 8, 3 to 8,2, 9, 10, 11. In this report we have considered the claim that GnuPG version 1.4.7 would have been unable to create a PGP key with the preferred hash algorithms of 8, 2, 9, 10, 11 and found it to be incorrect: it was and it still is possible to create a PGP key with the preferred hash algorithms 8, 2, 9, 10, 11 using GnuPG version 1.4.7. Report of Dr Nick Sharples & David Kilroy - page 1872, 73, 74, We have documented the download, verification, installation and use of GnuPG version 1.4.7 to create a PGP key that is configured to use the preferred hash algorithms 8, 2, 9, 10, 11. In doing so, we have verified the method set out in “Appeal to authority: A failure of trust” and presented evidence to support our findings. We have also considered the claim that the 8, 2, 9, 10, 11 list was not added to the GnuPG source code until 9 July 2009 and we found that it is also incorrect. ‘The commit eS0cacld848d332c4dbf49d5{70Sd3cbb{074bal was a change to the source code for the GnuPG 2.0 releases and not the 1.4 releases, The functionality was added to the 14 code base on 4th February 2003. In conclusion, the authors confirm as a result of testing that GnuPG version 1.4.7 was released on St March 2007 and was able to create a PGP key with the preferred hash algorithms 8, 2, 9, 10, 11. Therefore the claims made in the Motherboard article are wrong. Report of Dr Nick Sharples & David Kilroy - page 19Appendix A ‘The Motherboard article is based on the comments made in the following Reddit post: Blockchain Scale Tests by (alleged) Satoshi! 340 GB blocks, 568k transactions! (imauccom) ‘ submited 4 monthe ago by Chased : Lizcomments share save hide ghe gold report ele ‘you are viewing a single comment's thread. reese comms [lo 51 pint «nthe at | what we certainly know: he owned >200,000 coins in 2013. How do we now this? Nowhere in the liquidation report does it fix a value basis for the “hiteoins”. It hasically says that Wright previded "$30 million” in bitcoins, then used the bitcoins to buy software. As far as Ian tal, thay might have been valuing the bitcoine at ‘51m cach to distor the level of ovmership relative to other investors; or even claimed Litcins were involved wher ey weren't Sorry, bili leave n trace!" Incidentally; there is now more evidence that it's faked. The PGP key being used was clearly backdated: ite metadata containe cipher-cuites which were not widely uced until later software. $ gpg --export SEB7CB21 | apg -list-packets - | grep pref-hash hashed cubpht 21 len 5 (pref.nesh-sigest 6 2 9 10 12) ‘Compare to the well known ke $.9p9 export SECO4BA1 | gpg list packets | grep pref hash hashed subpkt 21 len 2 (oref-hash-algos: 2 6 3) The 8,2,9,10,11 list was added to the GNUPG code tree in commit, 50cacid848d332cadbF4od5t705d3cbbf074bal on July Ith, 2009, and not released until version 2.0.13 later. This is well after the 2008 date on the key. The 2,8,3 list was the prior list the would have been used in 2008. That they were different at all was surprising, considering that they claim to be generated less than a day apart. This key was also not on the keyservers in 2011 according to my logs; which doesn’t prove It was backdated, but there Is basically no evidence that it wasn't and non-trivial evidence that It was. Someone could check a public keyserver dump to see If It was even fon the key servers earlier this year: https://research.daylightpirates.org/sks- dumps/2015-07-09/ permetnk embed seve porect report pha gold root Report of Dr Nick Sharples & David Kilroy - page 20