Crypto Open Patent Alliance v Craig Steven Wright

Here I introduce and make certain overall findings about the witnesses relied upon by Dr Wright, all of whom were cross-examined. I have to discuss the evidence given by Dr Wright, Stefan Matthews and Robert Jenkins in greater detail, later, since COPA challenge their honesty.

Dr Wright made 15 witness statements:

At Trial, Dr Wright was called for cross-examination in three separate sessions, being sworn on the first occasion and re-sworn on the second and third occasions:

During these sessions, we generally took a break after an hour of cross-examination, although on occasion, the period extended by 20-30 minutes or so to the conclusion of the morning or afternoon session. Particularly bearing in mind we were in an extremely hot courtroom for the first week of the trial, Dr Wright showed impressive stamina throughout. His wife was in court throughout to advise on whether he was showing signs of dysregulation. During his cross-examination on Day 15, Dr Wright appeared to me on occasion to be speaking more loudly than previously, but that may have been on account of the adjustment of the amplification system in Court on that day. However, at no point did there seem to be any sign of dysregulation, nor was any warning to that effect given by his wife or legal team. So, in my view, the set of agreed adjustments were adhered to and proved effective.

Lord Grabiner KC did intervene numerous times during Dr Wright’s cross-examination to warn Mr Hough KC about trespassing on matters which were privileged, interventions which also warned Dr Wright. In my judgment, Mr Hough was well aware when his question might encroach on privilege and frequently told Dr Wright that he did not want him to go into privileged matters. These warnings did not seem to deter Dr Wright. On numerous occasions he sought to blame an aspect of a forgery allegation on his previous lawyers. As the Trial progressed, Bird & Bird asserted in correspondence that privilege had been waived by Dr Wright over a number of matters, but in the result, COPA did not require me to decide their allegations of waiver. Nonetheless, Dr Wright’s own legal team evidently concluded that privilege had been waived over certain matters and further disclosure and information was provided as a result, which I discuss below.

In some of his interventions, Lord Grabiner KC made reference to the fact that Dr Wright was a vulnerable witness. However, I did not get any impression that his ASD prevented Dr Wright from understanding the concept of privilege or that his discussions with his lawyers were privileged, and no point was made in submissions to that effect. In fact, COPA submitted that Dr Wright used privilege as a refuge – referring to something involving his lawyers (at the relevant time) as a way of closing off a particular enquiry. This was, as COPA submitted, an abuse of privilege but one which demonstrated that Dr Wright understood exactly what he was doing.

When giving his evidence orally, it seemed to me that Dr Wright was extremely well-prepared. My assessment is that he suffered from no disability in giving his evidence due to his ASD (Dr Wright himself made occasional reference to being an ‘Aspie’ i.e. a reference to Asperger’s syndrome). COPA had a large number of allegations of forgery and inauthenticity to put to him and many of those involved considerable detail. He seemed to be well on top of all the detail. He gave crisp answers when asked whether he saw what appeared on the face of a document (‘I do’) and, in the vast majority of cases, when it came to the key point, he gave answers which indicated he had already considered the point and prepared for it.

Dr Wright proved to be an extremely slippery witness. In many answers he included some slight qualification. He rarely gave a complete answer and this was deliberate – he was giving himself an ‘out’ for later. On occasion he was extremely pedantic. Initially I was inclined to give him some leeway due to his ASD, but his pedantry was not consistent. He was pedantic when it suited him and not when it didn’t.

I address most of Dr Wright’s evidence in connection with the alleged forgeries in the Appendix. However, in their written Closing, COPA drew my attention to three specific topics (which are not directly related to any of the allegations of forgery) on which they submit that Dr Wright was lying. I address these here, along with two other more general allegations.

Dr Wright denied the authenticity of emails from him at the email address cwright@tyche.co.uk. His account can be seen from the following exchange {{Day7/109:9} - {Day7/110:3}}. From that point, every time he was taken to a Tyche email he denied it was from him}:

‘Q. {L11/54/1}, please. This is an email dated 25 November 2015, ostensibly from you, “cwright@tyche.co.uk", to Mr MacGregor and others. Do you say that this is another non-genuine email, something you didn't write?

A. I didn't write it, no. Tyche is a British company belonging to Rob that I never worked for.

Q. So all this content saying -- referring to the original White Paper being a good start and engaging with Mr MacGregor's ideas, that's all fake content, is it?

A. I've no idea what it is.

Q. Are you aware who supposedly created these non-genuine documents, Dr Wright?

A. Probably someone at Tyche.

Q. Who are you fingering for this?

A. I've no idea.’

Thus, Dr Wright denied that he had ever worked for Tyche Consulting Ltd. He blamed an unknown third party for faking his email, but could not say who that was or why they had done so. Furthermore, as with so many of the Tyche emails, it is implausible that this email was faked, since it is authentic to 2015 and it says precisely what one would have expected Dr Wright to say. As COPA submitted, it even includes his characteristic mistake of spelling Dr Back’s name as “Black”.

However, there are a number of apparently authentic documents which evidence that he did work for Tyche:

In total, Dr Wright disclosed around 20 emails from cwright@tyche.co.uk, without once mentioning that these were not his own emails. Furthermore, the DRD identifies this as one of his email addresses {K/2/25}.

In my judgment, the evidence shows that Dr Wright was lying when he said none of the emails sent from cwright@tyche.co.uk were sent by him.

On 10 June 2019 Dr Wright emailed Mr Nguyen referring to a credit card number, describing it as “my old credit card” and attaching some screenshots of supposed banking records {H/78/1}. COPA maintains that the screenshots are forgeries, and I deal with that in section 27 in the Appendix. This point concerns how Dr Wright described the card when asked about it. When Dr Wright was taken to this email, his immediate response was to say that it was in fact a debit card, then adding that the card had been cancelled in 2005 {{Day2/30:10} - {Day2/31:11}}.

He evidently made these points about the card in order to back up his wider story about the email, by saying that the email could not have been putting this card forward as the credit card he had previously claimed in interviews he had used to buy the Bitcoin.org domain.

His evidence is undermined by the contemporaneous documents:

The evidence establishes, in my judgment, that Dr Wright was lying when he said (a) this card was not a credit card and (b) that it had been cancelled in 2005 or that it was not to be used after 2005.

These are a series of emails from mid-March to early May 2016, the period of the signing sessions and the ‘Big Reveal’ (including the Sartre blog), in which Dr Wright was sending and receiving messages using his nCrypt email address {see e.g. {L13/67/1}, {L13/78/1} and {L13/123/1}}. As noted above, Dr Wright disclosed these emails, reviewed a number of them for the purposes of his statement (as shown by the CPR PD57AC list) and nominated one as a Primary Reliance Document which he now says he did not send.

However, when confronted with one which he found inconvenient from 2 May 2016, he claimed that it was not genuine and that his nCrypt email address had been taken over. He went on to claim that subsequent emails from him at that address were not genuine, and that emails from his wife at an equivalent address for her were likewise the work of an impostor.

There are two significant problems with Dr Wright’s account:

This was put to Dr Wright, and he gave the following incoherent explanation {the full exchange is at {Day8/23:1} - {Day8/26:25}:

‘Q. Next question. It would be pretty strange, wouldn't it, for Mr MacGregor to deliver a real message, aimed at you, to an email address that wasn't you?

A. No. This is part of what I was explaining before, Mr MacGregor came up with the idea that if he's saying that I'm sending and telling everyone that it's mine, that that's going to be evidence that I'm on board with this and thus I need to follow what he's saying. So, part of the -- the whole thing with Tyche running all of the IT and other systems for nChain was that as soon as I didn't agree, they could cut me off my own email. That was probably one of my stupidest mistakes. By deciding just to be chief science officer, I handed over the control, the CEO or CIO, of all of the IT systems to Robert, and while I wanted just to be the research guy, the problem is, as soon as I did that, other people get to control what I do.

…

Q. Mr Matthews was spending time with you those days, including in your home in Wimbledon, wasn't he?

A. That was after this, not on the 2nd, so –

Q. But on the 3rd and the 4th?

A. He came over on those days, yes. I don't recall much of it, but he did.

Q. And Mr [MacGregor], you say, was simultaneously sending him fake messages about what you were up to even though he was spending time with you?

A. Well, this isn't when Mr Matthews was with me. I'd only just come back from Paris on the 2nd. Next, what Mr Matthews did after that is a different thing.

Q. But it was an incredibly high risk strategy, on your account, wasn't it, Dr Wright, for Mr MacGregor to be sending fake emails about what you were up to to somebody who was going to be spending time with you over the following days?

A. No, he didn't actually realise Stefan would. I talked to Stefan and had him come over. I mean, I called him and said, "Please, I need to talk to you", so I don't think Robert actually wanted him to be there, and I know Rob was incredibly angry later.

In short, Dr Wright’s story is that, at the time when he was in fact taking the position that he would not provide public proof before further steps had been taken, Mr MacGregor was sending emails to Mr Matthews and others in Dr Wright’s name taking the opposite position (i.e. that he would try straight away to provide public proof in various forms). His account is Mr MacGregor was doing this over at least several days in a series of emails while he (Dr Wright) was speaking to and spending time with Mr Matthews, all without anyone finding out. I agree with COPA that the notion is absurd. Again, I am satisfied that Dr Wright was lying about these nCrypt emails.

On 23 February 2024, as I mentioned, Dr Wright was re-sworn for a further day of cross-examination in relation to matters which had only just been revealed prior to his first spell in the witness box. Once again, I was left with a clear impression that Dr Wright was not a witness of truth. He lied repeatedly throughout the day. I discuss these further below, but, by way of example, I mention the cross-examination on his use of Aspose to create files in LaTeX. It is clear that on the Aspose files, he sensed that he was trapped and had no answer. It was at that point he reverted to blaming Mr Ager-Hanssen for, it would seem, creating files in LaTeX using Aspose.

In Wright11, [269-297], Dr Wright set out an elaborate story which included him having received emails from Denis Mayaka on 10 and 29 September 2023. Mr Mayaka was a company formation agent who was involved in Dr Wright’s acquisition of Tulip Trading Limited as a company incorporated in the Seychelles. Dr Wright claimed that Mr Mayaka had used, not his professional email address, but a Gmail one: papa.neema@gmail.com. Dr Wright said that, on 10 September 2023, “Papa Neema” sent files said to be tied to Dr Wright’s companies in 2009 to 2012 {CSW/25/1}. These included alleged invoices from Abacus Seychelles and a version of the “Timecoin” paper (which I address in the next section). He also said that “Papa Neema” separately sent photographs of a computer monitor with images of the invoices on them.

There are a series of indications that these emails were sent by Dr Wright to himself, as further detailed in Madden5, from [87] onwards {G/9/29}.

I am well aware that COPA did not include the Papa Neema emails in their supplemental Schedules of Dr Wright’s forgeries, although Mr Sherrell’s Twentieth Witness Statement set out in detail COPA’s reasons for alleging they were. COPA faced a constantly moving target of forged documents produced by Dr Wright which continued up to the start of trial and, indeed, during it. COPA made their position very clear and Dr Wright was given every opportunity to rebut their allegations. Accordingly, I do not consider that I am disqualified from making findings on these emails and their contents.

For all the reasons set out in Madden5 in his analysis of the Papa Neema emails, I find they were not genuine and were sent by Dr Wright to himself.

By way of background, in his original reliance documents, Dr Wright included many supposed versions of the Bitcoin White Paper, including a purported precursor draft with the title “Timecoin” {ID_000254}, supposedly dating from 2008. In section 24 of the Appendix, I have found that document to be forged by Dr Wright.

During his evidence at trial, Dr Wright repeatedly sought to use the “Timecoin” moniker in relation to his work developing Bitcoin. Part of the motivation appears to have been to explain away his witnesses’ inability to remember being given a document referencing “Bitcoin”.

One feature of Dr Wright’s account concerning the Papa Neema emails was that Dr Wright claimed that Mr Mayaka had responded to his request for documents relating to the formation of two Seychelles companies by sending him on 10 September 2023: (a) some invoices relating to those companies; and (b) a “Timecoin” paper, “TimeDoc2.pdf” {CSW/31/1} ({ID_006565}), which supposedly dated from April 2009 and presented a development of Bitcoin on behalf of Information Defense (one of Dr Wright’s companies).

This was remarkable for a number of reasons. First, no reason was ever identified as to why Mr Mayaka (a company formation agent) would have had a copy of the Timecoin paper. Secondly, Dr Wright had not asked for this document or anything like it. Thirdly, by a striking coincidence, this document (which was not in his original disclosure) came to Dr Wright by two means in mid-September 2023; once from “Papa Neema” on 10 September 2023 and a second time through his discovery of the Samsung Drive on 15 September 2023 (which, as Mr Madden found, contained a hash-identical document). Dr Wright had no good explanation for that coincidence {{Day15/57:16} and following}.

In Wright11 [289], Dr Wright claimed that he had sent this document to a series of individuals, including Mr Bridges, Mr Jenkins, Mr Matthews and various unnamed others at QSCU (a bank), Centrebet and Hoyts. In a direct contradiction of his evidence in Wright4, he said that he had not sent the original Bitcoin White Paper to Mr Bridges or Mr Jenkins. The only person who gave any support to this account was Mr Jenkins, who said that he had been shown (not sent) a copy of such a document. Mr Jenkins had never mentioned this in his Granath evidence or his witness statement, and it became clear that he had been primed to add the reference to his evidence. I must return to these points in more detail below when I consider a key aspect of Mr Jenkins’ evidence.

The Timecoin paper supposedly supplied by Papa Neema (and on the Samsung Drive) was light on metadata but contained features that led Mr Madden to doubt its authenticity, including (a) the fact that diagrams had been embedded as low resolution picture images, consistent with having been copied in as screenshots from a public source; and (b) irregular metadata timestamps which were of a date (31 October 2017) associated with the 2023 editing process that created BDOPC.raw {Madden5 [104-126] {G/9/34} and following}. Furthermore, the content of the Timecoin paper is very odd. It has an abstract which is very similar to that of the Bitcoin White Paper, including detailing proof-of-work and outpacing, but the body of the paper then includes a mix of copied and paraphrased sections of the Bitcoin White Paper while missing out the sections on proof-of-work and outpacing. Some incongruous IT security features (including Tripwire) are then bolted on to tie the document to Dr Wright’s areas of expertise {see the cross-examination at {Day15/63:16} - {Day15/91:8}}. I agree that it bears all the signs of a forgery prepared in haste to suggest Dr Wright was developing the Bitcoin project in early 2009.

It is sometimes said that a good lie contains a kernel of truth. In my judgment, on many and frequent occasions, Dr Wright adhered to this proposition. I sensed there was often something in his answer which was true, but the answer as a whole was a plain lie or not an answer to the question put. There are several consequences from his use of this tactic. First, it would either be impossible to pin down every lie and/or it would take weeks to do so. Second, Dr Wright would simply invent further lies in his attempts to cover up existing lies.

I have reminded myself that just because a witness lies on one point, it does not mean that s/he is lying on other points. However, on the basis of all the evidence, I am unable to place any reliance on what Dr Wright has said unless it is self-evidently correct or is corroborated by some other piece of evidence on which I consider I can place reliance.

Although Mr Matthews was the last of Dr Wright’s fact witnesses to be called, he was the next most significant fact witness after Dr Wright, for two main reasons. First, because he said Dr Wright gave him a copy of a draft Bitcoin White Paper in August 2008. Second, because he was closely involved in the events which occurred from 2014-2016, including the planned sessions to prove that Dr Wright was Satoshi. I discuss both these topics in much greater detail below. Mr Matthews was a cagey witness at times. I can accept much of his evidence with a few notable exceptions which I discuss below.

COPA submitted that Mr Matthews gave dishonest evidence that (i) he knew of Dr Wright’s work on developing Bitcoin in 2008; (ii) that he received a draft of the Bitcoin White Paper from Dr Wright in August 2008; (iii) that Dr Wright offered him Bitcoin in exchange for money in early 2009; and (iv) that Dr Wright pitched a blockchain-based project to him in early 2009. In addition, COPA submitted that his account of the “Big Reveal” is heavily skewed by his desire to cast Mr MacGregor as a bully and so divert attention from Dr Wright’s failure to provide the proof everyone expected. COPA relied on several points.

First, in his WhatsApp exchange with Mr Ager-Hanssen on 25 September 2023 {L20/183/1}, Mr Matthews clearly expressed the view that Dr Wright was a fake. Responding to a message describing Dr Wright as the “Biggest fake ever”, Mr Matthews replied: “Fuck. WTF is wrong with him. Well, at least we have NCH [nChain] to focus on, that’s not fake.” This is a message which ordinarily would not have come to light. Under cross-examination, he attempted (without success) to deny the plain meaning of these words {Day11/73:15} - {Day11/79:15}. He also attempted to explain the message by saying that it was intended to divert Mr Ager-Hanssen, who was threatening to “destroy” him {Day11/79:16} - {Day11/83:23}. I found this an odd allegation, so I raised the point (at the end of his evidence, see {Day12/100:1}) that the balance of power lay with Mr Matthews, who in the event was able to fire Mr Ager-Hanssen and have him injuncted. In my judgment, the plain meaning of Mr Matthews’ WhatsApp message is clear from the words he used. This has an impact on other aspects of his evidence which I consider below. Further, I do not accept his evidence that he was just trying to humour or fob off Mr Ager-Hanssen.

Second, COPA submit that Mr Matthews’ account of receiving the Bitcoin White Paper from Dr Wright was in any event not plausible. They point out it is not supported by any documentary evidence, or evidence from any other witnesses. This account did not emerge until after 2015, when doing so served Mr Matthews’ financial interests. Furthermore, the accounts from Dr Wright and Mr Matthews conflict, with Mr Matthews saying that the paper was provided in a USB stick containing a single file, which he printed, while Dr Wright claims that he handed over a paper copy. Mr Matthews’ account in his statement also conflicted with the account Mr O’Hagan took from him and recorded in “the Satoshi Affair”. See generally {Day11/89:22} - {Day11/103:20}.

The second point I raised with Mr Matthews at the conclusion of his evidence is how he dated his receipt of the White Paper to August 2008 and whether he had any anchor points for that date. He responded by saying that his anchor point in time was that the White Paper was released publicly on 31 October 2008 and he received the paper before that time. He then tried to say that he would have been aware of that anchor point because the release was public, but when pressed he admitted that the release was not well-known at the time (and on his own evidence, he took no interest in Bitcoin after reading the paper). In the end, he could only say “that’s my understanding of how to place it in the 2008 calendar” {Day12/97:16} - {Day12/98:11}. I found this utterly unconvincing.

Third, it is apparent that Mr Matthews had no idea that Dr Wright was claiming to be the inventor of Bitcoin when they were reconnecting in early 2014. That is evident from his email introducing Dr Wright to Mr MacGregor in February 2014 {L8/340/2}. In that email, he put Dr Wright forward as a potential partner for a business venture concerned with cryptocurrencies but did not mention his supposed best and singular qualification as the actual creator of the original cryptocurrency. The following exchange {at {Day11/118/4} - {Day11/118/16}} highlighted how ridiculous that would have been:

‘Q. But you were introducing two people in the context of a project about cryptocurrencies and you're saying it doesn't occur to you to mention that one of them is the inventor of the whole Bitcoin cryptocurrency blockchain system?

A. I didn't want to go to that level of detail, I wanted to introduce two people and let them find out if they had a way of working together.

Q. It's not a level of detail; it's one sentence on something which you've told us had not been a matter of secrecy.

A. I did not disclose that at the time to MacGregor. Obviously MacGregor found out later.’

Overall, I am satisfied that Mr Matthews did not receive a copy of the Bitcoin White Paper in 2008 and his evidence about receiving a copy of it before it was made public was made up. Mr Matthews’ WhatsApp message tends to confirm that this evidence was false.

Mr Matthews was considerably more careful in his lies than Dr Wright, only lying where he had to do so to sustain Dr Wright’s position. As I discuss in greater detail below, in relation to the events of 2015-16, Mr Matthews’ evidence was far more consistent than Dr Wright’s with the contemporaneous documents. COPA drew my attention to a number of significant differences between Mr Matthews’ evidence and Dr Wright’s. I agree that it does not follow from these differences that Mr Matthews was telling the truth on all the points concerned, but it is of value on some topics where it is consistent with contemporaneous documents that Dr Wright has tried to disown.

Mr Robert Jenkins {E/6/1-9} made a single witness statement at {E/6/1-9} dated 28 July 2023, in which he set out in 37 paragraphs a fairly detailed account of their relationship over many years from their first meeting in 1998/1999, when Dr Wright worked on security measures for Vodafone in Australia, until around 2010/2011. He says that he discussed concepts of electronic ledgers involving linked blocks of data which in hindsight he relates to the Bitcoin blockchain.

His witness statement includes a section dealing with the time he was employed at the Commonwealth Bank of Australia (CBA) from late 2002 until January 2008 and he said:

‘During the time I was at CBA, which was from October 2022 [sc.2002] until January 2008, Craig and I talked about a whole range of things over that five or six year period: we had a common interest around some stuff that in hindsight related to Blockchain and Bitcoin (I first heard the word Blockchain in late 2008, after I left CBA; I don't remember precisely when I first heard the word Bitcoin, but it was later than that).’

In the following six paragraphs, it is clear that Mr Jenkins had taken care to mention any aspect of their discussions which might possibly relate to Bitcoin. The next section of his witness statement, which is concerned with his next period of employment at BT, follows the same pattern, in which Mr Jenkins mentioned discussions with Dr Wright of a ‘white paper’, distributed computing, mining and bitcoin.

At the conclusion of his (first) cross-examination, the evidence Mr Jenkins had given was not controversial: he had discussed E-Gold with Dr Wright because it was an interest of his own; that there had been some discussion of buying Bitcoin (i.e. tokens) from Dr Wright in early 2011; that he had not received a copy of the Bitcoin White Paper from Dr Wright; and that he first discovered that Dr Wright was claiming to have invented Bitcoin at the time of the public “outing” in December 2015. When it was put to him that he could only speculate on Dr Wright being Satoshi Nakamoto based on hindsight, Mr Jenkins agreed and gave a vague answer about Dr Wright being unique and shy {{Day9/91:24} and following}.

However, Mr Jenkins’ re-examination revealed that he had been prepared to answer questions in a certain way, but had not been given the chance to do so during cross-examination. The issue arose because Mr Jenkins had confirmed in Granath that he had not been sent the Bitcoin White Paper – contrary to what Dr Wright claimed. In re-examination he was asked: ‘Did he show you anything?’ He answered, after looking down at notes in front of him, as follows:

‘96:19 Did he show you anything?

20 A. I do. I do remember seeing a couple of things, besides

21 what Craig drew on the napkin. At a -- at a subsequent

22 meeting, I was shown a paper. It didn't make mention of

23 Bitcoin but it did make mention of -- of something

24 called Timecoin, and that was something that -- as

25 a White Paper that he -- he showed me at that time.

97: 1 Q. You said a bit later. When was that?

2 A. It would have been in that time window I was saying. It

3 was before I joined Westpac and -- and after those

4 series of lunches where he drew on the -- on the napkin.

5 So, around, again, 2009/2010.’

The re-examination continued a few lines further down in the transcript:

‘Q. I'm going to show you a document and I want to ask you

17 if you recognise the document. Could you be shown -- or

18 could we look at {CSW/31/1}. That's a Timecoin paper,

19 "A peer-to-peer electronic cash system", with

20 Craig Wright's name at the top of it. Do you recognise

21 that document?

22 A. As far as I can recollect that far back, because this

23 isn't something that was discussed in the -- in

24 the Granath court case, but, yes, it does look certainly

25 similar to the document I saw, yes.’

Since that evidence had not featured in Mr Jenkins’ statement or in his testimony in the Granath proceedings, I permitted further cross-examination. COPA submit that Mr Jenkins’ new evidence then unravelled. He admitted that he had referred to a note when giving the evidence I quoted in [178], and that the note had the word “Timecoin” written on it. At first, he agreed that he “wrote Timecoin down on that piece of paper before [his] evidence started”. However, when it was then put to him that this was a sign of him having been primed by others to mention Timecoin, he contradicted the evidence he had given just moments before, saying: “these were notes I took during the course of this interaction rather than anything I wrote down before the interaction”. When pressed with the contradiction, he replied that he had written some of the notes on the piece of paper before his evidence began, but insisted that Timecoin and two other notes (each of several words) were written during his cross-examination. Even when it was put to him that he had not been seen to write anything during cross-examination, he insisted that he had {{Day9/99:16} - {Day9/105:13}}.

Thus, within the space of about a minute, Mr Jenkins contradicted himself about whether the word “Timecoin” was a note written before his evidence. COPA submitted that he lied about his having written notes during his cross-examination, when it was obvious to all in court that he had not done so.

Before I make any findings about Mr Jenkins and this aspect of his evidence, there are some prior issues I have to address which concern {ID_006565} and Dr Wright’s evidence about that document. So I return to this issue later.

Dr Wright produced in his disclosure a number of “Timecoin” White Papers. One of them, {ID_000254}, was one of COPA’s pleaded forgeries which I have found, in section 24 of the Appendix, to have been forged by Dr Wright.

The document Mr Jenkins was shown in re-examination was {ID_006565}, ‘TimeDoc 2.pdf’. This was one of three documents attached to {ID_006564}, which is one of the Papa Neema emails to which I have referred above. Mr Madden identified {ID_006565} as hash identical to a file within the zip file of similar name. As he said, the email had attached to it both the pdf file itself and an encrypted zip of the same pdf. I have already touched on {ID_006565} above when considering Dr Wright’s credibility but I must consider it in more detail in order to make findings about Mr Jenkins’ evidence.

As the ID number indicates, it was one of the last documents disclosed by Dr Wright. It was one of the set of documents referred to in Wright11 which had not previously been disclosed and which were the subject of the application on Day 1 of the Trial for permission to rely upon them.

The chain of custody information {M3/16/3} shows only that the document was sent by email from Craig Wright to Shoosmiths on 25 January 2024. Shoosmiths’ letter dated 9 February 2024 refers to the difficulty in giving further chain of custody information since Dr Wright was in the witness box.

In Madden5, Mr Madden was unable to undertake a full analysis of this document. He concluded at [126] that the document should be considered as ‘unreliable’ without further supporting evidence. He also said:

‘It may be possible to come to a more concluded view if I was provided access to the computing systems used to author and store this document and the emails associated with it.’

The document is dated to 9 April 2009 (i.e. after the publication of the 2008 and 2009 versions of the Bitcoin White Paper) and has several of the metadata property fields populated, whereas the control copy of the Bitcoin White Paper did not. The title is ‘TimeChain – Logging System Built on Bitcoin to Extend and Deliver Blacknet’.

It has 5 diagrams which appear identical to those in the Bitcoin White Paper. They are embedded as picture items and not as vector diagrams. Mr Madden also found the pictures to be of low resolution and pixelated compared with the equivalents in {ID_000865} (a control copy of the Bitcoin White Paper).

Although there are differences in the text between {ID_006565} and {ID_000254} there remains significant similarity. As with {ID_000254}, it is clear that there is such a degree of similarity with the text of the Bitcoin White Paper that the only possible conclusion is that {ID_006565} was derived from the Bitcoin White Paper.

Indeed, that was Dr Wright’s evidence in Wright11 at [289]:

‘The TimeDoc 2 pdf is a document I created after I had founded Information Defence Pty Ltd (“IDPL”) in January 2009. It has similarities to the Bitcoin White Paper because it is an extended version of the time stamping service included in bitcoin that I was using commercially. It deals with my plan to exploit the technology underlying Bitcoin for other purposes. My recollection is that I sent it or a similar document to Qantas Staff Credit Union (now QDOS Bank), David Bridges, Rob Jenkins, Stefan Matthews at Centrebet, Hoyts, and a number of other people. I believe that these individuals would recognise this document. I had not sent the original bitcoin White Paper to either David Bridges or Rob Jenkins. However, I would likely have sent the commercialised version to each of them.’ (my emphasis).

One curiosity is that although {ID_006565} includes a few references, there is no reference to the Bitcoin White Paper, from which it has clearly been very substantially derived.

The bulk of Mr Madden’s ‘Summary’ on {ID_006565} reads as follows:

‘120. Other than the visual observations I make above, I do not comment on or consider the content of the document of as this is outside of my expertise, though I have seen the comments made in the Twentieth Witness Statement of Philip Nathan Sherrell.

121.

While I have found no anachronistic metadata characteristics within this document itself in the time available to me, I have made several observations that bring it into contrast with the Bitcoin White Paper control copy {ID_000865}. This is to say that the document has been assembled in a different manner to {ID_000865} and does not appear to have been produced from the OpenOffice document used to create {ID_000865} (and it also does not appear to come from {ID_000254}, a document which I understand is said to be related).

122.

The same OpenOffice document could not have been used without undergoing significant changes to the formatting and style of the document as well as its content, and the diagrams have been replaced with relatively low-quality static pictures instead of flowchart-style graphic drawings.

123.

I also note that the OpenOffice software version 3.0 that was used to author {ID_006565} is still available for download today from Internet resources, and it would have been possible to create a document identical to ID_006565 by downloading and running that software on a computer (or virtual computer) with a backdated clock. The manner in which the email message to which the document was attached has been disclosed is less than ideal and does not allow me a full picture for forensic analysis.

124.

The copy of the ZIP file that was created on the Samsung drive has been attributed with timestamps of 31 October 2017, a date I have attributed with significant backdating behaviour on the Samsung drive {G/6/13}.’

I regret to say I found Mr Jenkins’ evidence about having seen a Timecoin paper deeply unconvincing. If he really had been shown a Timecoin paper at any point in the period 2007-2009, I am sure that Dr Wright would have told his lawyers and Mr Jenkins would have been certain to have mentioned it in his witness statement. Furthermore, I found the way in which this potentially important piece of evidence was elicited in re-examination was also deeply unconvincing. If it was known about in advance (as appears to have been the case), it should have been included in a supplementary witness statement or, at the very least, elicited in examination in chief. Instead, it seems to have been left as a bomb to go off in cross-examination, except the cross-examiner did not trigger the bomb, so it had to be dealt with in re-examination.

It is also revealing that the first time Dr Wright made his claim to have shown Mr Jenkins a copy of the “Timecoin” paper was only in Wright11 at [289] {CSW/1/53, 12 January 2024}.

In the circumstances, I agree that the natural inference to be drawn from this sequence of events is that Mr Jenkins had been primed by Dr Wright to bring up a “Timecoin” White Paper, something he had not mentioned in his witness statement in these proceedings nor in his Granath testimony.

In these circumstances, I make the following findings: (a) Mr Jenkins was prepared by Dr Wright to slip “Timecoin” into his evidence, and his denial of that was a lie; (b) he had written a note of “Timecoin” before he gave evidence to remind him to insert it; and (c) his claim to have written it and other notes during cross-examination was a lie. Furthermore, in view of my finding in section 24 of the Appendix that the Timecoin ODT Whitepaper was forged by Dr Wright and the evidence summarised above, I am compelled to find that {ID_006565}, ‘TimeDoc 2.pdf’ was also forged by Dr Wright. In relation to finding (a) above, I wish to make clear that I do not believe Dr Wright’s legal team had anything to do with this, particularly in view of their exemplary conduct of his difficult case.

As noted above, there is nothing material in the balance of Mr Jenkins’ evidence which advances Dr Wright’s case on the Identity Issue. However, given the lies he was prepared to tell, COPA submits that in general his evidence cannot be believed except to the extent that it is supported by contemporaneous documents.

The final curiosity with Mr Jenkins’ evidence was his repeated insistence that he had been explicitly told he should not consult any documents to aid his memory. It was not clear who might have told him that, but COPA presumes it cannot have been the lawyers who took his statement. As such, it appears either that Dr Wright (or someone else associated with him) told Mr Jenkins not to go looking for documents, or alternatively that this was another story invented by or fed to Mr Jenkins to justify why he had no documents to back up his assertions.

Overall, in my judgment there is no probative evidence given by Mr Jenkins that in any way assists Dr Wright’s case on the Identity Issue.

All the remaining witnesses of fact called by Dr Wright gave their opinion that Dr Wright was Satoshi, with varying degrees of support. They divide into three broad categories: family members (Max Lynam and Danielle DeMorgan), people who worked for Dr Wright (Dr Pang and Shoaib Yousuf) and people who encountered Dr Wright in a variety of work environments (Mark Archbold, Dr Jones and David Bridges).

Ms Danielle DeMorgan {E/8/1} – Ms DeMorgan is Dr Wright’s youngest sister. She gave evidence that Dr Wright was interested in Japanese culture and sometimes used nicknames for himself. Her evidence was to the effect that, when she was 16, she and some of her school friends encountered in the local park someone dressed in black as a ninja with a Samurai sword, and this person turned out to be her brother, Craig Wright.

In both her statement and the blog post on which she based it, the key reason she drew a connection between her brother and Satoshi Nakamoto was that as a teenager he had dressed as a ninja in the local park. Nothing in her evidence gave any credence to Dr Wright’s claim to be Satoshi, and she did not support his assertion that he shared a pre-release copy of the Bitcoin White Paper with her. Ms DeMorgan was plainly an honest witness but her evidence was of no probative value.

Mr Max Lynam {E/13/1} – Mr Max Lynam is Dr Wright’s cousin. He gave evidence that he and his father ran some computer code for Dr Wright at their farm in Australia at some time in or after 2009, and that Dr Wright later (in 2013) told them that it had been mining Bitcoin.

I should make it clear that I assessed Mr Max Lynam’s evidence in conjunction with the CEA evidence from his father, Mr Don Lynam, summarised below.

COPA submitted that Max Lynam’s evidence gave no support to Dr Wright’s claim. They pointed out that the communications he actually had with Dr Wright in 2008 which are in disclosure say nothing about a digital currency project or anything like it {{Day11/25:14} - {Day11/27:24}}. Mr Lynam agreed that the only work or projects about which those communications spoke concerned IT security and digital forensics {Day11/27:24}. As for the code run for Dr Wright by Don Lynam in 2009, Max Lynam acknowledged that it was an “unknown bit of code”; that he did not know what it was doing; and that at the time he connected it to Dr Wright’s “White Hat” ethical hacking work (i.e. IT security work, which is quite different from the Bitcoin system) {Day11/28:11} - {Day11/33:3}.

In my judgment, the notion that Max Lynam and his father were heavily involved in mining Bitcoin from the very start does not ring true. If Dr Wright, as Satoshi, had involved these relatively close family members in that activity then, in my judgment:

It is also telling that Mr Lynam had no knowledge of documents Dr Wright later produced which suggested that he and his family had a stake in Bitcoin mined at an early stage {see {Day11/42:20} - {Day11/45:11}}.

Overall, I formed two related conclusions: first, that Mr Max Lynam’s evidence provided no support for Dr Wright’s case; and second, that Mr Max Lynam for the most part, tried to tell the truth. One possible exception is the paragraph in his witness statement which I quote at [630]. Due to the fact that Dr Wright’s lies have been so extensive, I am unable to reach a conclusion as to whether he did mention the topics mentioned in that paragraph. There are reasons to doubt that he did, but it is unnecessary for me to reach a concluded view.

Dr Ignatius Pang {E/10/1} – Dr Pang has known Dr Wright since 2007 and he recounted doing some analysis with Dr Wright on social network predatory behaviour. He claimed that, in the summer of 2008, Dr Wright used the word “blockchain” in a very odd conversation about a Lego Batman set (The Tumbler Joker’s Ice Cream Surprise). He also says that Dr Wright asked people in the office if they knew someone with a Japanese name which he now thinks was probably Satoshi Nakamoto. He says that this happened sometime after he had had whooping cough, which was in October 2008. Mr Pang accepted that his memory of both conversations from 15 years previously was “hazy” and had been improved by discussions with lawyers which had involved Dr Wright {Day9/25:11}; {Day9/28:10}; {Day9/32:5} and following; {Day9/37:2} and following}.

COPA submitted that the account of the Lego conversation is so strange and implausible that it cannot be right, and that Dr Pang could only explain it by saying that Dr Wright had a tendency to “say things that are nonsensical or funny”, such as that he had eaten “Babe” from the engaging family film about a charismatic pig. Furthermore, the real Satoshi did not use the word “blockchain” in the White Paper (although it was a term that had been mentioned in relation to HashCash).

Dr Pang’s account that Dr Wright went around the BDO office asking whether they knew someone with a Japanese name which he now thinks was probably Satoshi Nakamoto, is intriguing for two reasons:

Finally, in closing, Counsel for Dr Wright placed emphasis on the fact that Dr Pang was not challenged on his evidence relating to Dr Wright’s improvement to the ‘Diffie-Hellman equation’ which he says he was shown when Dr Wright was still at BDO. The submission was that this is ‘relevant to Bitcoin’. That is not what Dr Pang said. He said when he saw the paper, he did not know how the revised equation could be applied. Only later in 2014-15, when he worked as casual staff at Hotwire, ‘supporting the writing of blockchain related patents and/or white papers’, and came across the paper again, did he understand that ‘it is to do with hierarchical key encryption and has very important applications in how to structure ownership of data and how things can be structured hierarchically in data storage, which is very important in any computer security setting, including Bitcoin.’ The high level of generality in his link to Bitcoin is also confirmed by the fact that the Bitcoin system never used ECDH or Diffie-Hellman at all, but ECDSA on secp256k1 (see [315] below).

Overall, in my judgment, Dr Pang’s evidence provided no support for Dr Wright’s claim to be Satoshi. At best, his evidence shows that Dr Wright took an early interest in the Bitcoin White Paper, but no more than that.

Mr Shoaib Yousuf {E/7/1} – Mr Yousuf is a cyber security expert who has known Dr Wright since 2006. He says that in the late 2000s they discussed some general digital security topics and digital currency (as a broad concept). I agree with COPA that Mr Yousuf gave no useful evidence on the Identity Issue. All he could say was that he had rated Dr Wright highly as an expert in IT security and that he had spoken with Dr Wright about digital payment systems such as the use of Visa and Mastercard over the internet {{Day9/111:1} - {Day9/112:21}}. He gave no support to Dr Wright’s claim to have shared a pre-issue copy of the Bitcoin White Paper with him {{E/4/21} at [49i.]}. Even after Dr Wright’s claim to be Satoshi became public, Mr Yousuf was not sufficiently interested to discuss it with him {{Day9/123:7} and following}.

Mr Mark Archbold {E/11/1} – Mr Archbold has known Dr Wright since 1999 when they both worked for the online casino, Lasseter’s Online. He gave evidence that Dr Wright was a capable IT security professional who had a lot of computers at his home and at one point expressed an interest in digital currency. Mr Archbold gave honest evidence, but I agree with COPA’s submission that his recollections were simply of Dr Wright being a competent IT security professional. He was candid that he only believed that Dr Wright could “possibly” be Satoshi and that this belief was based on hindsight {{Day10/29:6} and following}. He did not support Dr Wright’s claim {{E/4/21}, [49n]} to have shared a pre-release copy of the Bitcoin White Paper with him.

Dr Cerian Jones {E/14/1} – Dr Jones is a consultant (but not a patent attorney) who has filed patents on behalf of nChain and Dr Wright since February 2016. She spends most of her time working for nChain on their patents. She accepted that she was not a patent attorney but had never objected to being given that title in a series of marketing events she attended on behalf of nChain.

She gave evidence about some of Dr Wright’s patent applications and claimed to have been convinced that he is Satoshi by a combination of “his academic knowledge, his professional background and [his] previous employment experiences”.

Her evidence was that Dr Wright could be Satoshi due to him having made three particular inventions recorded in three patents. Even if I assume this evidence might be relevant, she omitted to mention that Dr Wright was not the sole inventor. Indeed, for the first patent, all the internal documents show that the inventive work was done by Dr Savannah. She has personally and professionally associated herself with Dr Wright, nChain and the entire Satoshi story, so it is clear that her evidence was in no way independent. Overall, I agree that Dr Jones’ evidence gave no support to Dr Wright’s case, as Lord Grabiner KC appeared to accept when objecting that questioning her about the patents which were the subject of her statement was irrelevant to the Identity Issue.

Mr David Bridges {E/9/1} – Mr Bridges is a personal friend of Dr Wright who worked at Qudos Bank and worked with Dr Wright from 2006. He described what he perceived as Dr Wright’s skill in computer security and also talked about his interest in Japanese culture. Mr Bridges gave honest evidence, but it was of no probative value. Although his statement drew parallels between the Bitcoin system and Dr Wright’s work with him, on examination these were of no significance:

He did not support Dr Wright’s claim {{E/4/21}, [49.p]} to have shared a pre-release copy of the Bitcoin White Paper with him.

Furthermore, as COPA submitted, although disclosure has been given of nearly 100 emails and papers sent by Dr Wright to Mr Bridges ({ID_006367} - {ID_006463}), none of them addresses Bitcoin or prior digital currency systems: {Day11/6:22} and following. It is also notable that, when Dr Wright spoke to Mr Bridges about the Bitcoin pizza payment of 2010, Dr Wright did not mention having created the Bitcoin system, even though he now says that he had shared the Bitcoin White Paper with Mr Bridges before its release: {{Day11/15:7} and following}.

In addition to the written and live evidence of those witnesses, Dr Wright relied on certain statements by way of CEA Notice. The Witness Statement of Mr Jenkin, a partner in Travers Smith LLP, provided further explanation. He set out the reasons why the individuals in question could not or should not be called to give oral evidence.

In his witness statement, Mr Jenkin did not identify particular parts of those transcripts which were relied upon and, indeed, the CEA Notice itself makes it clear that the entirety of each transcript was relied upon. Notwithstanding this, very limited extracts in each transcript were highlighted, as I understand matters, as being the principal parts relied upon. Although I read each transcript, it was clear that the highlighted passages were the only parts of any real relevance, and it would have been better if the CEA Notice had been appropriately limited.

Mr Don Lynam is Dr Wright’s maternal uncle. He served for nearly 30 years in the Royal Australian Air Force, rising to the rank of Wing Commander in the Engineering branch and received an award for his work in IT in logistics management. He was just verging on age 80 when he gave evidence in deposition for the Kleiman v Wright case in Florida.

The only passages highlighted in the transcript of the deposition are in his evidence in chief. Indeed, the full transcript of his evidence did not form part of the CEA notice.

In Dr Wright’s Opening Skeleton Argument, the deposition is described as supplying evidence of Don Lynam’s “knowledge of, and involvement in, early work on Bitcoin, including their review of precursors or drafts of the White Paper and running nodes for initial testing of the Bitcoin software and code”.

Very little of the deposition of Mr Don Lynam is relevant to this Identity Issue which I have to decide. That is largely because Ira Kleiman brought his claim on the premise that Dr Wright had been involved in creating the Bitcoin system (as Dr Wright had told the Kleiman family in 2014). As a result, nobody in that case had any wish or incentive to test Mr Lynam’s statement that he saw a copy of the Bitcoin White Paper. Much of the questioning was directed to whether Dave Kleiman was involved in the creation of Bitcoin.

In his evidence in chief in his deposition, he gave some evidence of the familial influences on Dr Wright as he was growing up. Mr Don Lynam gave an account of being close to Dr Wright and regularly discussing his work in the mid-2000s. He spoke of Dr Wright’s interests in mathematics, cryptography and internet security, describing him as one of the top three in the world in terms of his cryptography qualifications. Mr Don Lynam described Dr Wright’s work for Centrebet as security, but for Lasseter’s Casino he said Dr Wright developed what he understood to be the world’s first token system enabling global gambling, internet gambling, using all fiat currencies ‘so basically doing the same type of thing as Bitcoin’. Mr Don Lynam said he believed the Lasseter’s system ‘was the precursor of Bitcoin’.

He was asked by Dr Wright’s lawyer if he was familiar with the Bitcoin White Paper, to which he answered that he had “received the advance and pretty rough copy of it in 2008”. He said ‘Craig sent me a copy for my review but it was far too technical for me and also was poorly written’. He said it was ‘way above me technically’. He didn’t think the draft paper was headed Bitcoin but said it was ‘clearly to be a digital monetary system’. He said he had ‘no doubt in his mind that that was the precursor because it had the same content as the paper that came out or very similar content.’ He thought it was the natural flow-on from some of the work that Dr Wright been doing over the years, the mathematics and the cryptography and he had been playing about with other digital currency systems which existed earlier than that and the fact that he was working with banks and large accounting systems.

In response to a leading question from Dr Wright’s lawyer, he confirmed that he had run a node for Dr Wright after the release of the Bitcoin system and that doing so had caused his brand-new computer to become very hot and noisy, adding to his electricity bill. When cross-examined by Mr Kleiman’s lawyer, Mr Don Lynam said that he could not remember how he had received the paper. He said that he had not attempted to edit it.

The contemporaneous material in disclosure paints a different picture. An email in May 2008 provides a family update about Dr Wright’s LLM qualification. Another, from December 2008, is titled “Pop’s Service Records” and provides another update about Dr Wright’s newest qualifications with a note that “the farm is going well”. Neither of these mentions anything relating to Bitcoin at all. The emails do not suggest any relationship of regular contact and sharing research, but a distant relationship of occasional updates.

There is nothing further until 2019, when Mr Don Lynam was being asked to supply an account for the Kleiman case. Mr Lynam wrote to Dr Wright {L15/209/2}, making clear that Dr Wright had “advised” Mr Lynam of what the evidence was to be: “Memory is a bit foggy of my playing to link as part of the network in the way that you advised”. Mr Lynam at that stage was unsure of the year Dr Wright supposedly told him of his invention (“since you emailed me in 2007/8/9 about your new currency invention”).

Dr Wright responded to the effect that he may be able to assist Mr Lynam to trace the coins represented by any early Bitcoin mining. Shortly afterwards, Dr Wright’s lawyers evidently suggested the same thing, because Mr Lynam later wrote: “The lady lawyer said that they were valuable now as motivation to search” {L15/322/3}.

Following this prompting and the promise of value, Mr Lynam appears gradually to have improved his account to prepare for his deposition. By 10 September 2019, he began describing more detail in an email, offering a narrative to Dr Wright for comment (“Is this all some sort of fantasy in my mind or did this really happen? My recollection (or dream??) is that you set me up to mine Bitcoin...”) {L15/322/3}. According to what he later said in his deposition, he “went back researching” for references to Mr Kleiman on the internet {{E/16/32-33} at 33 line 21}; he bought books about Satoshi Nakamoto {{E/16/79} at line 11}; he discussed his deposition with Dr Wright’s mother and joined Twitter for the first time specifically to follow what was happening with Dr Wright {E/16/81}. He continued researching even up to the week before his deposition {E/16/75} - {E/16/76}.

By the time of his deposition, Mr Don Lynam (then aged nearly 80 years) no longer had difficulty recalling the dates and events. And he was no longer unsure as to whether the year of Dr Wright discussing his supposed invention was 2007, 2008 or 2009.

Had Mr Lynam been called to give evidence in this case, it would have been possible to investigate why his memory worked in reverse, becoming clearer as the weeks progressed even though months earlier the details had seemed “foggy”, a “dream”, “some sort of fantasy”. As COPA submitted, there is good reason to doubt the accuracy of what he had come to believe, having been “advised” by Dr Wright of the facts he was required to state, “motivated” to search for what could be “valuable” to him, and pointed by Dr Wright’s mother to follow the social media narrative that Dr Wright was posting during that time.

As for the one point on which Dr Wright really seeks to place heavy reliance (i.e. Mr Don Lynam’s supposed sight of a draft of the Bitcoin White Paper), Mr Don Lynam and Dr Wright diverge on the detail.  In particular, Dr Wright has insisted at various times that his uncle actively edited the draft, as a result of which he (Dr Wright) considered his uncle a central contributor to Bitcoin. By contrast, in his Kleiman deposition, Mr Don Lynam said that it was “way above [him] technically” and that he had not edited it, stressing that he had actively decided not to edit it {E/16/61 and the following pages}. In summary, and with the relevant quotations:

It is also difficult to reconcile Mr Don Lynam’s evidence of being made fully aware of Dr Wright’s digital currency project and the evidence given by his son Max Lynam, which (as discussed above) was that he first became aware of the project several years later and that he was only aware of the family running an “unknown bit of code” for Dr Wright (which he said was not unusual in their family).

Finally, the detail given by Mr Don Lynam of his new computer becoming hot and noisy (and costing more in electricity) as a result of running the Bitcoin code is not plausible, given the expert evidence about the early Bitcoin mining. However, it does chime with Dr Wright’s false understanding of early Bitcoin mining.

I have little doubt that Mr Don Lynam wanted to believe the best of his nephew but also that he had been carefully prepared for his evidence in his Kleiman deposition. In all the circumstances, I conclude that his account was made up. Accordingly, the extracts from his Kleiman deposition carry no weight at all.

The transcript of Mr Gavin Andresen’s deposition in the Kleiman case covers some 440 pages (including the indices) with only very few passages highlighted. He considered Satoshi to be in the top 10% of all the programmers he had interacted with (he put himself in the same category) and believed him to be a brilliant programmer. He had looked at the original Bitcoin code (in C++) and gained the impression that a small number of people, possibly one, wrote it because it was dense with few comments – i.e. the code did not include much explanation as to what the code was doing, unlike in a large programming project where it is necessary to co-ordinate among multiple people.

Mr Neville Sinclair worked with Dr Wright at BDO from 2006. He was the audit partner in charge of signing off on financial statements. He described Dr Wright as a senior manager in the IT division of BDO and worked with a team in that division to support the general audit area in relation to IT, security and controls. He described Dr Wright’s technical skills as extraordinary, particularly in identifying potential threats for clients but in terms of his personal skills, he was very direct which sometimes caused a little bit of friction.

Mr Sinclair said Dr Wright was very keen on how clients could better improve their security systems, by better logging of transactions and the holding of data. He recalled something drawn by Dr Wright as ‘somewhat similar to what we’d currently look at in terms of the description of the blockchain’ but added it wasn’t referred to in that context in that sense.

Mr Sinclair had further occasional contact with Dr Wright after Dr Wright had left BDO at the end of 2008. One contact seems to have been related to possible support for unspecified systems which Dr Wright was developing. Somewhat later in 2011, Dr Wright told him a bit more about what he was doing with some of our (i.e. BDO) clients, and gave him a circular coin with the Bitcoin symbol on it – that was the first time Dr Wright had mentioned Bitcoin to Mr Sinclair.

Ultimately his evidence was that having seen Dr Wright work in IT systems and from a couple of occasions where he was able to ‘oversight’ what he was doing, Mr Sinclair said there was ‘a high probability’ that he would be able to do what he was claiming to do with Bitcoin and the blockchain technology. Mr Sinclair also spoke of a conference on 23^rd November 2017 on IT security and banking systems. He said the day before an article had been published about Dr Wright being involved with Bitcoin and being the author of that system. He said quite a few of the people there who knew him were in agreement that most likely he would be the likely candidate to have developed the Bitcoin system.

COPA sought to call Mr Sinclair for cross-examination but he is out of the jurisdiction and would not agree to be cross-examined. I agree with COPA that his account as recorded in the transcript provides no support to Dr Wright’s claim to be Satoshi.

Overall, I am able to place very little or no weight on the beliefs expressed by these witnesses (whether individually or collectively) that Dr Wright is Satoshi, principally because none of them had specific enough information to be able to express anything like a persuasive or definitive view. Further, none of them had access to the wealth of detailed information which was presented to me in this Trial. So, although I do not discount their evidence entirely, I must weigh their subjective opinions against the considerable quantity of evidence of objective fact which I heard.

I will deal with COPA’s witnesses in the order in which they gave their evidence i.e. these are the witnesses who gave live evidence and were cross-examined. In their closing submissions, Counsel for Dr Wright challenged aspects of the evidence of fact given by Mr Michael Hearn, Mr Zooko Wilcox-O’Hearn, Dr Adam Back and Mr Martti Malmi. I address these challenges below.

It will be seen below that COPA called a number of witnesses to address certain claims made by Dr Wright, both in his written statements but also in the course of his cross-examination. Many of these witnesses are third parties and I am grateful to them for their evidence and (for those who were cross-examined), making themselves available. Although a number of these witnesses were not required for cross-examination by Dr Wright’s legal team, there remained several where there was an acute conflict between their evidence and that of Dr Wright. Where it is necessary to do so, I have resolved all these conflicts but it is important to point out that I did not resolve each conflict in its own little silo. I could not help but be influenced, to varying degrees, by all the evidence I have heard.

Mr Steven Lee is an independent board member of COPA, who gave evidence in person. In cross-examination, Lord Grabiner KC was keen to explore the concept of independence in this context and Mr Lee’s other mentions of independence in his witness statement. This went nowhere.

Mr Lee was a good witness. He answered all questions clearly and was plainly an entirely honest witness. He was asked questions about the Bitcoin Legal Defence Fund and whether it was funding the legal costs of the Developers in this litigation. Mr Lee said he did not know but said it was likely.

Mr Martti Malmi is a computer scientist who corresponded with Satoshi from shortly after the release of Bitcoin in January 2009 until early 2011, during which time he helped set up website content and worked on the Bitcoin Code, as well as the Linux port of the Bitcoin Software. In his first witness statement, Mr Malmi rejected various claims that Dr Wright had made about him and denied that he wrote a Satoshi post describing Bitcoin as a “cryptocurrency” (an allegation made by Dr Wright to explain away that post in circumstances where he disputes that label). He also exhibited emails he exchanged with Satoshi that previously were not public (correspondence never mentioned by Dr Wright). Mr Malmi also provided a short reply statement correcting statements made by Dr Wright about him.

Mr Malmi gave evidence by videolink from Finland. He gave his evidence carefully and precisely. I was entirely satisfied he was telling the truth. His evidence was consistent with the contemporaneous documents. Furthermore, I agree with COPA’s submission that the attempts in his cross-examination to suggest that Mr Malmi had had contact with Dr Wright beyond what Mr Malmi had already acknowledged failed miserably. I discuss this in greater detail below.

Dr Adam Back is a cryptographer and inventor of “Hashcash”, which was cited in the White Paper. He gave evidence of some email communications with Satoshi which had not previously been made public. They undermine Dr Wright’s accounts of his work on the White Paper before its release (as largely reiterated in Wright1). For instance, Dr Wright said that Wei Dai’s work profoundly influenced his development of Bitcoin for years, whereas Dr Back’s emails show that he told Satoshi about Wei Dai’s work on 21 August 2008 and that Satoshi had not previously known of it. Dr Back also provided a short second statement rebutting some of the claims Dr Wright makes about Dr Back’s attitude and interactions with Satoshi.

Dr Back gave evidence in person. He gave his evidence in a careful and considered manner. He is plainly highly knowledgeable. The attack on his independence failed, in my view, an issue which again I discuss in greater detail below. Again, I was entirely satisfied he was telling the truth. Accordingly, I feel able to have confidence in his evidence.

Mr Mike Hearn also gave his evidence in person. Mr Hearn is a software developer who worked on Bitcoin at the beginning and corresponded with Satoshi over email. He had dinner with Dr Wright and Mr Matthews in July 2016, when Mr Hearn asked Dr Wright questions about Bitcoin that he believed Satoshi would be able to answer. He said his impression was that Dr Wright could not answer his questions and that Mr Matthews shut down the conversation when Dr Wright got into difficulties. In cross-examination, he was the subject of robust challenge by Lord Grabiner KC on three points: first, whether he requested to meet Dr Wright in 2016, or whether the initiative came from Jon Matonis; second, whether he was aware that the business for which he worked in 2016, R3, was a competitor of nChain; and third, what occurred at the dinner. These challenges were developed in some detail in Dr Wright’s closing, and it is more appropriate to address them in chronological context below (see [897] and following, below).

Mr Howard Hinnant gave his evidence by videolink from the USA. He is a software developer. Between 2005-2010 he was Chairman of the Library Working Group for the C++ Standards Committee. In his first witness statement, he stated that he was the lead designer and author of various standard features of C++ including the <chrono> time utilities, among others. Bird & Bird asked him whether it would have been possible to use <chrono> or “sleep_for” in C++ code in October 2007. He gave various reasons why he said that would not have been possible including (a) that <chrono> or “sleep_for” were first standardised in C++11, i.e. in 2011; (b) the paper which first proposed both <chrono> or “sleep_for”, N2661, was published on 11^th June 2008; (c) prior to that date, implementations of <chrono> were limited to his own PC. He also considered various other possibilities, namely that, somehow <chrono> escaped into the wild and was picked up as early as October 2007. He was able to dismiss that possibility by reference to the previous iteration of N2661, namely N2498, on which he was also the lead author. N2498 is dated 19^th January 2008 but does not contain any mention of the word ‘chrono’, and ‘sleep_for’ is called ‘sleep’ in this iteration. Mr Hinnant also said that when N2498 was published, <chrono> and ‘sleep_for’ did not even exist on his computer.

After he had explained those matters to COPA’s solicitors, they provided him with three documents containing C++ source code disclosed by Dr Wright, each of which had the following metadata: Date Created 8^th October 2007, Date Last Modified: 31^st October 2007; Date Last Accessed: 15^th October 2007

In his cross-examination on Day 5, Dr Wright made a number of claims relevant to Mr Hinnant’s evidence, so COPA’s solicitors provided relevant extracts from the transcript to Mr Hinnant for any further comment. That resulted in Mr Hinnant’s second witness statement in which he addressed Dr Wright’s further claims and in particular, Dr Wright’s claim that he developed his own library using the header file <chrono>, based on an existing library called Project Chrono. Mr Hinnant explained:

‘Project Chrono is not a time library as std::chrono is. It is a physics simulation library. One would not modify a physics simulation library to come up with a time library. The similarities between Project Chrono and the C++ standard header <chrono> end with the name “chrono”.’

Mr Hinnant said that Dr Wright’s claims gave rise to no less than three remarkable coincidences:

Mr Hinnant was cross-examined with great care by Mr Orr KC. Mr Orr sought to establish that what Dr Wright had claimed was technically possible in theory. However, in any practical environment, Mr Hinnant explained why Dr Wright’s claims were, in his succinct summary, ‘absurd’. Mr Hinnant also said Dr Wright’s story was ‘technically so outrageous that it’s… literally unbelievable’. It presupposed Dr Wright having gone to great effort to create a time library out of a package with an entirely different function, with the practical results that the code might well not compile at all or might not work as intended, as Mr Hinnant explained. Although Counsel for Dr Wright objected to any reliance being placed on these answers because they represented Mr Hinnant giving expert evidence, both answers were given in response to questions which plainly elicited those responses. I consider I am entitled to rely upon them. Furthermore, I formed the view that those answers were plainly true.

In my judgment, Mr Hinnant gave clear and honest evidence. Dr Wright’s claims concerning <chrono> were a prime example where he had been caught out in his first account, but then sought to talk his way out by way of a technical explanation which turned out to be without basis. Mr Hinnant’s clear evidence showed that Dr Wright was lying.

Mr Zooko Wilcox-O’Hearn is a computer scientist in the field of cryptography and cryptocurrency. He wrote early blogposts about Bitcoin and stated that he never received any Bitcoin from Satoshi, as Dr Wright has claimed he did. He also gave his evidence by videolink from the USA.

He has been involved in cryptography for many years, including from well before the development of Bitcoin. He worked on DigiCash in the 1990s and described himself as being ‘good friends’ with some well-known participants in the field including Hal Finney, Nick Szabo, Adam Back and Greg Maxwell, via interactions on Internet Relay Chat (‘IRC’) channels. He said that later on, he met others involved in Bitcoin after Satoshi, including Gavin Andresen and Peter Todd and ‘was active with those folks for years’.

He first became aware of Bitcoin when it was announced by Satoshi in 2008. He does not recall any occasion when he had any private discussions with Satoshi. On 26 January 2009, he published a post on his blog entitled ‘Decentralized Money’ which mentioned Bitcoin and included a link to bitcoin.org. He said that blog has been called the first blog post about Bitcoin, but he makes it clear that he never actually ran and used Bitcoin then. He recalled he first started using Bitcoin when using a matchmaking service where people traded Bitcoin and that one of his first transactions was with druidian.

Having stated those recollections to COPA’s solicitors, they provided him with a link in the web archive to the relevant records of the matchmaking service, which show his transaction with druidian in July 2012 and his earliest transaction in May 2012. On that basis, he said he believed that May 2012 was around or shortly after the time when he first started using Bitcoin.

Mr Wilcox-O’Hearn was asked whether Satoshi Nakamoto transferred Bitcoins to him in 2009-2011 and responded (in his witness statement) as follows:

‘He did not transfer any bitcoin to me at any time. As I have explained above, he could not have done because I didn’t use Bitcoin until years later than it was launched.’

Mr Wilcox-O’Hearn was a very engaging and careful witness. In my judgment he was transparently honest, willing to correct himself on reflection. Although Mr Orr KC made a manful effort in his cross-examination to suggest that Mr Wilcox-O’Hearn was mistaken about when he first dealt in Bitcoin and therefore he did receive some Bitcoin from Satoshi Nakamoto, I am entirely satisfied that Mr Wilcox-O’Hearn did not start his dealing in Bitcoin until around May 2012 and that he was not in any position to receive any Bitcoin from Satoshi at any time in the period when Satoshi was actively involved in the running of Bitcoin. He also revealed how passionate he was about Satoshi Nakamoto, referring to him as his “hero” and saying with some force that if, as alleged by Dr Wright, he had received bitcoin from his hero, he would certainly have remembered it. When it was put to him that he must have become more actively involved earlier, he replied disarmingly: “You underestimate my laziness and procrastination.” {Day14/81:2}. It is thus clear that Dr Wright’s claims (made initially in an interview with GQ in June 2017, and then in the McCormack and Granath cases) to have sent Bitcoin to Mr Wilcox-O’Hearn were failed guesswork, based on the public information that he was the first person to have blogged about bitcoin, shortly after its release. On this issue, I unhesitatingly prefer the evidence of Mr Wilcox-O’Hearn.

A large number of the witnesses relied upon by COPA and the Developers were not, in the end, required for cross-examination. Furthermore, due to certain allegations made by Dr Wright in the course of his cross-examination which related to certain witnesses, the parties also agreed terms on which their evidence was accepted, thereby avoiding the need to call them to address those allegations.

Here I will briefly summarise their evidence, all of which I entirely accept.

Finally, Professor Bjarne Stroustrup, who gave a witness statement in response to certain features of the evidence of Dr Wright. Professor Stroustrup was originally scheduled to be cross-examined, but Dr Wright’s team indicated they had decided not to challenge his evidence.

Professor Stroustrup is a professor of Computer Science and the designer of the C++ programming language. In his witness statement, Professor Stroustrup explained that he is the designer and original implementer of the C++ programming language and remains involved in the standardisation of C++, having received many international honours for his work.

Professor Stroustrup was asked to address a particular issue relating to the libraries <chrono>, <thread> and <random> and when they were first in use in C++. His evidence was that those libraries were part of C++11 (released in 2011) and were unlikely to be in use in 2007-2008, even though these appear in some of Dr Wright’s documents said to have been from that period. He said that before C++11, these libraries were called differently: chrono.h, thread.h and random.h. Naturally I accept Professor Stroustrup’s evidence in its entirety and I am very grateful to him (and all the third party witnesses) for providing it.

COPA adduced the following documents under a CEA Notice:

The Developers served evidence of fact from a single witness – the Fourth Defendant in the BTC Core Claim, Dr Pieter Wuille. He provided two witness statements. He discovered Bitcoin in around December 2010 and started contributing to the project in early 2011, joining the maintainer team for Bitcoin in late April 2011. He left the maintainer team in July 2022 but continues to be an active contributor to the Bitcoin project. Although he undertook his initial contributions to the project in his spare time, he said that since September 2014, contributing to Bitcoin has been part of his job, first for Blockstream and since 2020 for Chaincode Labs.

Having summarised his involvement, he went on in his first witness statement to discuss certain concepts related to Bitcoin and the Bitcoin Software. Some of these were used in a short but effective cross-examination conducted by Mr Gunning KC of Dr Wright and I discuss these points later. In the final paragraphs of his first witness statement, Dr Wuille refers to the first time he became aware of Dr Wright which was around the time Dr Wright posted a screenshot in a blog ‘that was supposed to be a message signed with one of Satoshi’s keys’. He continued:

‘I remember reading this blog post when it first came out, and reading articles responding to it which argued that it was not a genuine signature, and instead reused an existing, public signature by Satoshi from the bitcoin blockchain. I remember that I looked at the blog post and myself verified that it took an existing signature by Satoshi and converted it into OpenSSL format rather than the Bitcoin format so it didn’t look the same as the original. The most obvious tell is that the signature could not be identical to one that was already used. In short, the signature in the blog post proves nothing; I formed the view that it was a deliberate attempt at making an old signature look like it was a recent one.’

‘… I remember that when I reviewed the blog, it convinced me Craig Wright was not Satoshi…’

Dr Wuille’s short second witness statement was made in response to certain points made in Wright11. Those triggered certain recollections which Dr Wuille followed up by reviewing some contemporaneous records of particular developments in Bitcoin namely the introduction of the 520 byte limit on stack elements in the Bitcoin Source Code and the disabling of certain opcodes. Again, some of this material was used in the cross-examination of Dr Wright.

Overall, page for page, Dr Wuille’s first witness statement (dated 13 October 2023), as supplemented by his second (26 January 2024), turned out to be the most significant document in this Trial because his ability to detail when certain features of the Bitcoin system were introduced were used to devastating effect in cross-examination of Dr Wright, as I explain below. Each topic was explained in his witness statement clearly, so Dr Wright had more than fair warning of these topics. On some of them, Dr Wright’s prior deductions as to what happened turned out to be wrong. On other topics, unusually (bearing in mind that generally Dr Wright appeared very well prepared for cross-examination), Dr Wright was caught out. It does not matter why that was the case, but it may have been because Dr Wright had to concentrate so hard on keeping so many forgery plates spinning.

Counsel for the Developers offered to call Dr Wuille to address any questions I might have for him. Whilst it would, I am sure, have been interesting to discuss some of the technicalities with Dr Wuille, I decided it was not necessary to take up that invitation since none of his evidence was being challenged. Dr Wuille presented very clear and well-explained written evidence. Since, as I have said, none of it was challenged, I accept it in its entirety.

I have already referred to the expert evidence on ASD, above. Here I introduce the expert evidence which related directly to the Identity Issue. I will deal with challenges later.

As is often said in the Patent field, it is the reasons which an expert gives for holding an opinion which matter, not so much the fact s/he has expressed the opinion. In this case, I am very grateful to all the experts who have provided expert evidence. They more than sufficiently educated me so that I was able to make all necessary findings in this Judgment and Appendix.

The cryptocurrency experts addressed two topics: (a) basic facts of the technology underpinning Bitcoin and other cryptocurrencies; and (b) the signing sessions. COPA’s evidence was from Prof Meiklejohn, and Dr Wright’s from Mr ZeMing Gao.

Most of Mr Gao’s report addressed the first topic. Rather than simply addressing the basic facts of the technology, he pursued an argument that BSV, the cryptocurrency created by a hard fork in the Bitcoin blockchain, is superior to Bitcoin Core and Bitcoin Cash and better reflects the philosophy underlying the White Paper. Following my Order at the PTR, Dr Wright was not permitted to rely on those parts of Mr Gao’s report which deal with his assertion that BSV is the superior implementation of Bitcoin and/or the alleged fidelity of BSV to the suggested intentions of Satoshi. COPA identified these as [65-89], [102-154], [180-197] and [217-225], without demur from Dr Wright’s team. In any event, all this argument that BSV is the “true version” of Bitcoin as envisioned in the Bitcoin White Paper seemed to me to have nothing to do with the Identity Issue, which is why I ruled it inadmissible. It does not advance Dr Wright’s case because, even if BSV were somehow more faithful to Satoshi’s original conception of Bitcoin, that would not support Dr Wright’s claim to be Satoshi. Nothing would stop anyone creating a fork of the Bitcoin blockchain that could be said to be the most faithful to its original conception.

Following without prejudice discussions, the two experts produced a joint report in which Mr Gao agreed with most aspects of Prof Meiklejohn’s evidence. On the topic of the signing sessions, as COPA submitted, they both agreed that the sessions could have been faked and on how that could have been done. The two experts produced short reply reports explaining the rationale for their disagreements (each explained in an annex to their Joint Statement) which are actually of quite limited importance to the issues in the case.

In their Written Closing Submissions, Counsel for Dr Wright and Counsel for COPA levelled various criticisms at the opposing expert. Those levelled at Professor Meiklejohn were directly related to her evidence regarding the signing sessions. These are best addressed in the context of my assessment of the signing sessions, in a later section of this Judgment. Those levelled at Mr Gao were more general and I can deal with those here.

I should say, however, that most of the evidence given by Professor Meiklejohn and Mr Gao was uncontroversial. In particular I am grateful to them for conducting a productive joint meeting and producing their useful Joint Statement (which also identified where they differed).

COPA submitted that Mr Gao’s articles and posts demonstrate an extraordinary lack of independence and objectivity, citing the following examples. In his recent self-published book, he treats Dr Wright as a messianic figure, misunderstood by the world {L20/121/67}:

“Being the world’s most highly certificated cybersecurity expert, Wright knew how to secure the system.

Having a Master of Laws, Wright understood how the system he created would interact with real society, including the legal and political systems.

It all bears the marks of a deliberate Divine preparation for this creation, for where in the world can you find another person with all these necessary qualifications?”

In his blog posts and articles, Mr Gao committed his personal credibility to the position that Dr Wright is Satoshi Nakamoto and made clear his strong desire to see Dr Wright prevail in this litigation. Under cross-examination, he admitted that attitude {Day18/67:10}:

Q. And you were saying that you cared that Dr Wright should win, didn't you?

A. Yeah, because the result would affect the kind of Bitcoin I believe should be advanced.

Mr Gao also accepted that he had staked his personal reputation on the case {Day18/74:16}:

Q. But through these articles, and through your book, you have staked your personal credibility on this position, haven't you?

A. Yes.

His lack of independence extended to a personal hostility to COPA, claiming that its approach in these proceedings is to trick the court {{Day18/66:10} and blog at {L19/264/1}}, and disputing its stated motivation for bringing this claim. Finally, and tellingly, he maintained in that there was no error of judgment in him continuing to post such articles after he had been instructed as an expert, and even in the run-up to trial {Day18/75:20}.

I agree that certain aspects of Mr Gao’s report lacked independence and objectivity and, in view of his publicly stated view of Dr Wright, I would be very cautious about relying on any of his evidence which conflicted with that given by Professor Meiklejohn. However, on the important matters – the signing sessions and the technical aspects of cryptographic proof, he did not dispute Professor Meiklejohn’s evidence.

However, COPA submitted that one feature of his evidence demonstrated his lack of independence. This was where he attempted to make arguments about the meaning of the Sartre blog post. While accepting that it was not the cryptographic proof which Dr Wright’s backers, the journalists, Mr Andresen and Mr Matonis expected it to be, Mr Gao sought to argue that it was apparent from the words of the post that it was not offering such proof. Since the matters of technical content are not in dispute, the meaning of the blog post is not a matter for expert evidence. So I give no weight at all to Mr Gao’s efforts to argue for a particular interpretation of the post.

Notwithstanding the trenchant attack on Mr Gao’s independence, I am not sure his lack of independence really affected anything I have to decide. As COPA submitted, during his cross-examination Mr Gao accepted the following points (which were all the points which COPA needed):

Mr Patrick Madden was the principal expert witness called by COPA on matters of forensic document analysis.

Mr Madden made six expert reports for this Trial:

Mr Madden’s evidence underpins almost all of COPA’s allegations of forgery. In their Closing Submissions, Counsel for Dr Wright attacked Mr Madden’s evidence, his qualifications and his independence. These were developed in Lord Grabiner KC’s oral closing and led to his submission, (which he accepted was a fairly drastic conclusion) that the safest course for me to take would be to disregard Mr Madden’s evidence ‘because of the serious doubts about his independence’.

This was a bold submission to make in view of the fact that Dr Wright’s experts (Dr Placks & Mr Lynch) had agreed with most of Mr Madden’s findings in his first to fourth reports, but it was at least consistent with the position taken in cross-examination by Dr Wright where he dismissed all the expert evidence on the basis that none of the experts were properly qualified, the sub-text being that only Dr Wright was.

I deal with all the attacks on Mr Madden and his evidence below.

The principal expert relied on by Dr Wright was Dr Simon Placks, at least until Dr Wright decided to dispense with his evidence:

Mr Spencer Lynch was brought in to address the Additional Documents, the Samsung Drive and the BDO Image. He served his report on 18 January 2024 and agreed a Joint Statement with Mr Madden which was served on 22 January 2024.

COPA’s expert on LaTeX was Mr Arthur Rosendahl, and Dr Wright’s expert was Mr Lynch.

In their Joint Statement (served 22 January 2024), they agreed that:

After their Joint Statement, Mr Rosendahl served his second report (on 12 February 2024) to address two sets of metadata information and their associated files, which related to the project editing history of the LaTeX files he had analysed in his first report.

As I have related, Dr Wright did not rely on Mr Lynch’s evidence. Mr Rosendahl came to London to be cross-examined in person. He is obviously extremely knowledgeable about LaTeX and he gave his evidence carefully, precisely and with obvious honesty. He was an ideal expert witness.

Although Dr Wright jettisoned Dr Placks and Mr Lynch as witnesses, I am grateful to them for their work. I should add I have no reason to conclude that they acted other than entirely in accordance with their duties as experts to be objective and independent. Both made and agreed findings adverse to Dr Wright and (although it does not matter for any of my conclusions) it is likely that their objective and independent approaches were the very reason why Dr Wright jettisoned their evidence.

These Bitcoin cases were originally docketed to me due to a concern that they might involve issues of some technical complexity. It turned out that the issues relating to Bitcoin technology are not particularly complex, and in this section I set out an overview of cryptocurrency technology by way of relevant technical background. In addition, some of the evidence relied upon to indicate forgery (or not) raised some technical issues, but those points are best discussed in the context of the forgery allegations.

This section is based on Professor Meiklejohn’s account of the technology, which was largely agreed by Dr Wright’s expert, Mr ZeMing Gao.

Bitcoin was the first cryptocurrency, originating in 2009. Bitcoin is known as a cryptocurrency because it is a cryptographic system, in that it relies on principles of cryptography and uses cryptographic algorithms to form and verify transactions and blocks. The two cryptographic primitives that Bitcoin relies on are hash functions and digital signatures.

It is a peer-to-peer system, meaning users can transfer payments between themselves without an intermediary or central authority. Transactions between users are incorporated into blocks by a process called mining. These blocks are in turn distributed among and verified by peers on the network, who store them by adding them to a ledger. Each block added to the ledger includes information in the form of a hash, which is affected by the blocks added before it. This ledger is therefore created by linking the blocks together to form the blockchain. The contents of one block thus cannot be changed without changing the contents of all subsequent blocks.

A cryptographic hash function is a function, which can be denoted as H, that has the following properties:

The most used hash function today is SHA256, and this is what Bitcoin uses. SHA256 hashes are usually encoded and expressed as a string containing 64 alphanumeric characters, such as the string 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824 (the hex encoding of the SHA256 hash of “hello”).

The Bitcoin White Paper defines a coin as “a chain of digital signatures”. An owner transfers a coin by “digitally signing” a “hash” of the previous transaction involving the coin and the public key of the next owner. Because the hash used in a transaction includes both the previous transaction involving the coin and the public key of the next owner, the hash embeds the history of expenditure of that coin.

A digital signature is an example of an asymmetric or public-key cryptographic primitive. It operates using two related keys, a public and a private one. The public one can be given to anyone, and the pair is known as a keypair. A digital signature acts to verify the signing of a given message and involves three algorithms: KeyGen, Sign and Verify. Their interaction was illustrated by Professor Meiklejohn in her Figure 1:

There are several standardised digital signature schemes, with the one being used in Bitcoin known as ECDSA (Elliptic Curve Digital Signature Algorithm). The curve used in Bitcoin is secp256k1, and ECDSA signatures are usually encoded and expressed as 64 alphanumeric characters.

So, digital signature is a process designed to provide confidence that an entity has signed a given message. A randomised algorithm (Sign) allows the holder of a private key (one of the outputs of KeyGen) to produce a signature (σ) on a message (m). The recipient of a digital signature uses a deterministic verification algorithm (Verify) to check whether the signature conforms to the public key of the sender. The digital signature of a transaction involving bitcoins enables the recipient (R) to be satisfied that the sender was entitled to transfer the relevant sum.

However, if the transaction process ended at that point, the ‘double-spending problem’ would remain and the solution to this problem in the Bitcoin White Paper was the use of a peer-to-peer distributed timestamp server to generate computational proof of the chronological order of transactions using a ‘proof-of-work’ system.

Section 4 of the Bitcoin White Paper is headed ‘Proof-of-Work’ and it explained:

‘To implement a distributed timestamp server on a peer-to-peer basis, we will need to use a proof-of-work system similar to Adam Back's Hashcash [6], rather than newspaper or Usenet posts. The proof-of-work involves scanning for a value that when hashed, such as with SHA-256, the hash begins with a number of zero bits. The average work required is exponential in the number of zero bits required and can be verified by executing a single hash.

For our timestamp network, we implement the proof-of-work by incrementing a nonce in the block until a value is found that gives the block's hash the required zero bits. Once the CPU effort has been expended to make it satisfy the proof-of-work, the block cannot be changed without redoing the work. …’

However, when it came to the Bitcoin Source Code, Satoshi implemented an improved proof-of-work function which departed from the system described in the Bitcoin White Paper, which contemplated that the target value would be set with leading zeros – as in Dr Adam Back’s ‘Hashcash’ paper. Instead, the code used a numerical comparison (whether the hash of a Block Header is equal to or below a set target number). It is true that being equal to or below a long target number implies there will be a number of leading zeros in the target number, whether in binary or hex or any other base. However, the improvement meant that the target number could be set precisely, which in turn allowed the difficulty to be very precisely adjusted. This improvement is relevant to an issue raised in the cross-examination of Dr Back which I address later.

Having cited an extract from the Bitcoin White Paper, I should mention that, perhaps not surprisingly, there were several ‘versions’ of it in disclosure. Mr Madden addressed this issue at an early stage. His analysis shows there were 68 documents in disclosure which were either versions or relations of the Bitcoin White Paper, but 24 unique documents. After significant scrutiny and verification via third party sources, he identified {ID_000226} and {ID_000865} as suitable ‘control’ copies of versions of the Bitcoin White Paper {see PM3 {H/20/14}}. {ID_000226} has a creation date of 3 October 2008. {ID_000865} bears a creation date of 24 March 2009 and is hash identical to a file ‘Bitcoin.pdf’ from a web archive capture dating to 28 November 2009 from the sourceforge.net project.

Bitcoin users can identify themselves using, for example, their public key or (more commonly) addresses, which are alphanumeric identifiers that are different from, but often related to the public key. Prior to 2012, the only type of address used in Bitcoin transactions was a pay-to-public-key-hash (P2PKH), whereas sending to a public key was referred to as pay-to-public key (P2PK).

When addresses are derived from public keys, each address has its associated private key that can be used to sign messages. Accordingly, given an address, a public key, a signature and a message, anyone can verify whether or not (a) the address was derived from the public key and (b) the signature and signed message are valid for that public key. It is these properties that allow Bitcoin users to transfer ownership of bitcoins they possess such that they can be independently verified, but without disclosing the real world identity of the individual with the private key.

In Bitcoin, a transaction can have multiple senders and recipients. Senders and recipients are identified using addresses, and the value being sent or received by each party is identified in bitcoins. Bitcoins are divisible, and can be divided to the eighth decimal place; i.e., the smallest amount it is possible to send is 1 x 10^-8 bitcoin (0.00000001).

A transaction contains, in its simplest form, an input corresponding to the sender and one output corresponding to the recipient. The transaction output (TXO) consists of the recipient’s address and the value of bitcoin sent to that address. A Bitcoin transaction also contains a digital signature from the sender, where the message being signed contains the rest of the information detailing the transaction. This allows peers on the network to verify the transaction, as they can look at the address, public key and signature to check that the public key aligns with the address and the signature verifies it.

As transactions are public, it is possible to check to see if the address was used before, to confirm that the address did in fact receive the number of bitcoin it is now spending. To prevent double spending, Bitcoin tracks which transaction outputs are unspent and allows only those unspent outputs to spend the coins they receive. Sometime in about 2011 or 2012, the term UTXO was introduced to refer to an unspent transaction output.

Moving beyond the simple example with one input and one output, transactions with multiple inputs function in the same way: each transaction input needs to specify its own distinct UTXO and valid signature on the transaction data. Transactions with multiple inputs do not necessarily have multiple senders, as they could just represent one sender spending the contents of multiple UTXOs associated with the same address.

Similarly, transactions can have multiple transaction outputs, where again there can be multiple distinct addresses (representing different recipients) or not. This latter type of transaction is needed to divide bitcoins, as again any bitcoins received in a transaction must be spent all at once. For example, if a user has 10 BTC associated with a UTXO and wants to send two bitcoins to another user, they can form a transaction with one input representing their 10 BTC UTXO (and a valid associated signature) and two outputs: one containing the address of the other user and receiving 2 BTC, and the other containing an address they control and receiving 8 BTC. In this way, a user can make change, just as happens when spending physical cash.

As different peers on the network will see transactions at different times, transaction ordering is essential to ensure that there is no instance of bitcoins being recorded as being sent to two different users. This is the role of the Bitcoin blockchain, which acts as a ledger of all valid transactions propagated through the network.

The first block in the Bitcoin blockchain was Block 0 (the Genesis Block) which was hardcoded into the Bitcoin Software. It was produced on 3 January 2009 at 18:15:05 UTC and contains a single coin generation transaction. The script used to input this transaction contains an encoded message which when decoded reads “The Times 03/Jan/2009 Chancellor on brink of second bailout for banks”. The purpose of using this Times headline message was apparently to show that the Genesis Block could not have been created before that date.

The initial block reward was 50 bitcoin, but that halves with every 210,000 blocks. At the time of the Trial it was 6.25 bitcoin. It is presently 3.125 bitcoin. The total number of bitcoin capable of being generated as rewards is capped at 21 million bitcoins in total. Bitcoin is configured to have a new block produced every 10 minutes on average. This means that the target hash needs to change according to the collective computing power of the peers competing in the mining process. The difficulty level itself changes according to the expected time to produce blocks divided by the actual time, meaning that difficulty increases or decreases depending on the collective computation power.

If Bitcoin participants want to change parameters of the system, this can be done by consensus of those on the network. Any rule change which is backwards-compatible is known as a soft fork. A backwards-incompatible change is known as a hard fork, which creates two different blockchains diverging at a single block. The most popular cryptocurrency based on the White Paper and Genesis Block is Bitcoin (BTC). Further hard forks have created the cryptocurrencies Bitcoin Cash (BCH), and Bitcoin Satoshi Vision (BSV).

Typically, users store bitcoins in an electronic wallet, a piece of software that stores private keys and keeps track of any associated transactions. This can be run on a computer or mobile device. Wallets often provide users with a recovery phrase, so that if the device containing the wallet is corrupted or lost, it can still be downloaded again and reused. Solutions to the risks entailed in storing bitcoin on one’s own device include storing on an exchange and cold storage (on an offline computer or written down).

It is also possible to use multi-signature addresses, whereby any participant who produces a valid signature completes and validates the transaction. A related concept is that of Secret Sharing, with the most common version being known as Shamir Secret Sharing. This concept involves the user splitting a private key using a cryptographic primitive and giving “slices” to different users. Then, depending on how the sharing has been performed, a certain number of individuals in a group (sometimes all, but in other cases only a lesser number of the set) can reconstruct the private key.

The extent of security provided by a digital signature depends on the nature of the exercise undertaken to prove access to or control of a private key. Signing a message with a private key produces an output such that the Verify algorithm can be run to ensure that this message was signed by the person with the private key. The message must be a new one, since otherwise the recipient could simply copy a signed message and later hold it out as proof of ownership of the underlying private key (a process known as a “replay attack”). It is for this reason that a user must be asked to sign a new message. This explanation is significant for the topic of the Sartre message.

As with any validation process, there are certain steps in the digital signature process which require trust and verification, so that a party can be as sure as possible that what is being demonstrated is what it purports to be. If a user controls the software performing the signature verification or the software contains a bug, then the signature can appear to be verified when it is not truly verified. Trust in the software that is being used is therefore important. In a section of her report agreed by Mr Gao, Prof Meiklejohn set out several requirements which must be fulfilled to establish possession of a private key:

There is only one key that could have belonged only to the creator of the system (Satoshi), which is that associated with the Genesis Block. However, the coinbase reward associated with the block cannot be spent, as the Bitcoin Software does not allow that. So, while there is a public / private key pair for the Genesis Block, it is not certain that anyone has ever known the private key. Whilst early blocks are associated with Satoshi, they could theoretically have been mined by other early individuals right after launch. The Bitcoin community, however, does associate block 9 with Satoshi, because this block was the one involved in the first transaction from Satoshi to Hal Finney.

I have addressed the detail of COPA’s allegations of forgery in the Appendix. I have also addressed certain other documents (e.g. the Papa Neema emails and their enclosures) in the body of this Judgment.

As I have related above, at various stages of my management of this case, I had to limit the number of forgery allegations which COPA was permitted to pursue, to keep the case within manageable proportions and on track. This resulted in all or the vast majority of the documents disclosed or relied upon by Dr Wright falling into one of the following categories:

Thus, the documents I deal with in the Appendix are (i) the original forgeries alleged in the Particulars of Claim (ii) the ‘top 20’ from the first set of forgery allegations, plus (iii) a further 20 selected from the ‘Additional Documents’.

I should briefly mention some of the consequences of my case management which gave rise to the documents in the second category. The point is that the choices made by COPA when deciding on their original 50 additional allegations of forgery were disrupted. I mention two main effects of this:

I was addressed by the Developers on the status of a number of documents relating to the establishment and acquisition of Tulip Trading Limited, but I was not otherwise addressed on the documents in the second and third categories. As far as I am aware, no such document was relied upon by Dr Wright in his Closing Submissions. However, due to my confidence in the reliability of the analysis carried out by Mr Madden (most of which was agreed by Dr Placks or Mr Lynch in their respective Joint Statements) and in so far as is necessary I make a general finding that none of the documents in the second and third categories are authentic.

For the most part, Dr Wright’s positive case (as set out in sections II-IV of his Written Closing) did not pay any attention to COPA’s numerous forgery allegations, no doubt because his position is that they were unfounded. For that reason, in their Written Closing, Counsel for Dr Wright turned to COPA’s forgery allegations in section V and they raised a series of important general points which I address here. I emphasise that I have taken these points into consideration when making my findings in the Appendix.

First, I was reminded that COPA’s forgery allegations are not a freestanding part of COPA’s claim and they are ultimately sub-issues to the broader Identity Issue. I agree with that submission. Counsel for Dr Wright held out the beguiling prospect that, ‘if the Court considers itself able to determine the Identity Issue without having regard to Dr Wright’s Reliance Documents, it will not need to trouble itself with the complex and lengthy detail of COPA’s forgery allegations.’

In my judgment, it would have been a denial of my responsibility as the Judge if I were to decline to decide the forgery allegations. Anticipating that, Counsel for Dr Wright provided me with their responses to all the forgery allegations, in three parts. The original forgery allegations are dealt with in their Appendix 1 to their Closing; the Additional Forgery allegations are addressed in section V.B. at [220]-[222] and the Ontier Email allegation in section V.C. at [223]-[234]. In what follows I address the submissions in these three sections, which must be combined with the detailed submissions from COPA and the Developers.

The forgery allegations concerned with Dr Wright’s original disclosure.

Before descending into the detail, Counsel for Dr Wright submitted I should be cautious about making any forgery findings against Dr Wright, for the following reasons:

This third reason was developed in the following way. First, I was reminded of the procedural history of the development of the forgery allegations following the service of Madden1. I have been acutely aware of this procedural history throughout my case management of this litigation down to and including this Trial. I have summarised it above. Second, attention was drawn to Dr Wright’s reply evidence in Wright9, 10 & 11 and in particular to his evidence that ‘a number of the anomalies identified by Mr Madden and relied on by COPA as evidence of forgery were the innocent result of his complex computer environment and collaborative working practices.’ Then, this submission was made:

‘Ideally, this evidence should have formed the factual background to Mr Madden’s analysis from the outset. Instead, this case has involved the reversal of the orthodox sequencing of factual and expert evidence, where the former comes first and forms the factual basis for the latter. As a result, the very lengthy detail of Dr Wright’s complex computer environment has received only cursory treatment by Mr Madden, across just over 2 pages of his fourth report.’

That last sentence is a travesty of the true position, as Counsel for COPA demonstrated when responding to it. In summary:

Furthermore, the complaint about reversing the orthodox sequencing of factual and expert evidence has very little substance, bearing in mind (a) this was done at the explicit request of Dr Wright’s then Counsel and (b) Dr Wright’s late and very late disclosure of documents said to be critical to his case. In any event, I am entirely satisfied that all matters relating to Dr Wright’s ‘complex computer environment and collaborative working practices’ were fully considered by the experts and fully explored in evidence. It should also be noted that (a) Dr Wright’s own experts did not support his position and (b) the ‘innocent explanation’ came from Dr Wright himself. When considering the allegations of forgery, I have taken into account some of Dr Wright’s points regarding persistence (as the experts did) and also differences between Windows and Unix systems as regards certain aspects of metadata. It is, however, clear that the experts did not rely on metadata anomalies alone. Furthermore, as explained in the Appendix, for each document alleged to have been forged, there were numerous pieces of supportive evidence, which are only reinforced by the overall scale of Dr Wright’s forgery. In short, those matters do not provide an innocent explanation for all or even some of the alleged forgeries.

The next point taken is that, particularly in relation to the allegations concerning Dr Wright’s original disclosure, Dr Wright never suggested that his original Primary Reliance Documents were not accessed or edited by anyone since the publication of the Bitcoin White Paper, such that they could be treated as a ‘time capsule’. It is further contended that ‘Indeed, the opposite was clear from Dr Wright’s own Chain of Custody of Reliance Documents schedule’ along with a footnote: ‘13 October 2023 {K/11/1}. Although the custody details provided by Dr Wright in this document were provided after service of Madden 1, COPA is not understood to have challenged them and they are consistent with Dr Wright’s original 11 May 2023 Chain of Custody schedule at {M/1/778}, which also explained that the documents had been stored on third party devices.’ It is also said that Dr Wright re-emphasised this point during his oral evidence at {Day 3/16/5} to {Day 3/16/21} and {Day 3/53/4}. On this basis, the submission is made that ‘evidence that his documents were accessed or even edited after the publication of the Bitcoin White Paper should not, by itself, lead the Court to conclude that they have been deliberately forged by Dr Wright.’ (emphasis added).

It is true that Dr Wright did emphasise this point in his oral evidence. However, by that point, Dr Wright was looking for ways to explain away the anomalies identified by the experts as indicative of forgery. Indeed, this point involves a certain amount of re-writing of history. I have reviewed his original Chain of Custody Schedule {M/1/778-799, letter of 11 May 2023 from Ontier} and it is true that Dr Wright repeatedly says that he was not the owner of a particular hard drive or laptop. Instead, (most frequently) Lynn Wright or one of the companies which he owned (DeMorgan) is identified as the owner. The vast majority of the documents are identified as ‘Drafted by Dr Wright’ or ‘Drafted by Dr Wright, typed by Lynn Wright’. If these were ‘third party devices’, they were third parties very closely associated with Dr Wright, and he is identified as the author and custodian for most of the documents. Furthermore, at that stage I understand that requests for intermediate custodian information were rejected as disproportionate.

The Chain of Custody information related to documents which Dr Wright had identified as his Primary Reliance Documents {K/5, Ontier letter of 4 April 2023} i.e. the documents on which he primarily relied to substantiate his claim to be Satoshi. Against that backdrop, it is in my view clear that, in the original Chain of Custody information, Dr Wright was representing each of these documents to be genuine and authentic, a representation also made by way of his production of these documents on disclosure, and his signed Disclosure Certificate. No qualification was hinted at, either on disclosure or in the Chain of Custody information.

It might be said that, at that stage, Dr Wright had no reason to investigate whether any changes had been made to his documents dating from 2007/2008/2009, especially since many of the changes relied upon by COPA and their experts as indicating forgery lay in metadata, changes which one would not see if simply opening a document to review its content (e.g. to confirm it was a draft of the Bitcoin White Paper).

Almost all of his Primary Reliance Documents were the subject of COPA’s List of Challenged Documents {K/8, 30 May 2023}, along with almost all of the documents he produced on disclosure. Many documents were alleged to have been altered. For others, COPA clearly reserved their position on the basis that ‘Context unknown to the Claimant, pending chain of custody and provision of further explanation.’

From that point, at the very least, Dr Wright must have been well aware that the authenticity of a large number of his documents, including nearly all of his Primary Reliance Documents, was challenged.

The second set of Chain of Custody information {Schedule at K/11, 13 October 2023} was long and confusing. Much fuller information was provided. Overall this document represented a significant change in tack. Now it was suggested that numerous unnamed staff members might have altered documents. With the benefit of hindsight, it can be seen that Dr Wright laid the foundations for a number of his answers to the forgery allegations which were introduced later. These include: (i) identifying others as the owner of or responsible for particular data sources, including Lynn Wright, Ramona Ang, DeMorgan, Hotwire etc. and nChain; (ii) documents said to be drafted in Open Office and LaTeX, (iii) his inability to comment on the authenticity of a document because e.g. ‘many parties had access to it or copied it from the shared servers from 2002 onwards’ and ‘upwards of 70 staff members from the various companies would have had access to this document on the respective companies’ ‘shared server’.

Overall, the Chain of Custody Schedule is internally inconsistent and unreliable, as demonstrated by Madden2 and Appendices PM43 and PM44. It also adopts a position which is at odds with previous chain of custody information (which simply presented Dr Wright as author and custodian).

Overall, the possibility of documents being accessed by other staff members cannot, in my judgment, account for all the indicia of forgery identified by the experts and which are set out in the various sections in the Appendix. However, this point has been taken into account in my assessments in the Appendix, to the extent appropriate.

More generally, the service of Madden1 can be seen as a watershed date in the procedural history of this case. It was Mr Madden’s exhaustive and detailed unpicking of Dr Wright’s Reliance Documents which gave rise to so many of Dr Wright’s changes in story. In addition to the second set of Chain of Custody information, this also led to (a) the Schedule of White Paper versions (CSW5), which suggested that many of the original Reliance Documents could have been changed by others; (b) his “discovery” of the new documents on the BDO Drive and on his Overleaf account; and (c) the complex explanation of his operating systems in Wright9 (Appendix A) and Wright10, which suggested that features of those systems could account for apparent signs of document alteration and tampering.

Counsel for Dr Wright submitted there were two main problems with Mr Madden’s reliability as an expert witness which they suggested may have been the cause of three fundamental flaws in his analysis.

The first main suggested problem was that, although acknowledging that Mr Madden has worked as a computer forensic examiner for some years, it is suggested that he is not suitably qualified, on the basis it was alleged he had only a single formal relevant qualification (as an EnCase Certified Examiner) and no specific formal qualifications relevant to Citrix networks, VMware virtual machines or SANs, all of which are said to be particularly relevant.

I reject this suggestion. I very much doubt that formal qualifications are an adequate substitute for years of practical experience in forensic analysis, which Mr Madden undoubtedly has. So I was entirely satisfied that Mr Madden was suitably qualified to make the findings which he did in his various reports. As I said above, I formed the view he was a precise and careful witness and one who did not stray outside his area of expertise. Above all, this submission fails to recognise that most of Mr Madden’s findings were agreed to by the experts instructed on behalf of Dr Wright. As for Dr Wright’s contention that none of the experts were properly qualified (and only he was), it is notable that neither he in his evidence nor his Counsel in any submission provided any concrete example to substantiate this.

The second main problem was said to be more important: it was that Mr Madden’s independence was undermined due to the way in which his expert reports were prepared. On this point, I have already set out, in paragraph 121 above, the applicable legal principles.

Lord Grabiner KC pointed to Mr Madden’s explanation of the process (e.g. Madden1 at [33]) but submitted that under cross-examination, a rather different picture emerged. He drew attention to the following points:

As I think Dr Wright’s submissions on these points acknowledged, their validity is closely entwined with the alleged three fundamental flaws in his analysis. Before I address these alleged fundamental flaws, I should say something about the allegation that there was something inappropriate in the way Mr Madden’s reports were prepared.

Based on my experience in Patent cases (conducting and trying them) and in view of the scale of the work required of Mr Madden (particular in preparing his enormous first report), I saw nothing at all wrong in the way his reports were prepared. Experts in Patent cases often work closely with solicitors, who guide and assist the expert, based on a recognition that, without such guidance and assistance, a suitable report would either not get written or would take an inordinate amount of effort and time. In particular, having a solicitor prepare a first draft of a section is not considered objectionable provided, of course, (a) it is based on matters already expressed by the expert (usually in a meeting) and (b) the expert reviews the wording carefully and makes any changes necessary so that it properly represents his considered evidence and opinion in the text adopted in the report which is served. Depending on the complexity of the technology and the issues, the preparation of a long expert report (albeit not as long as Madden1) may well involve more meetings than Mr Madden was involved in.

Having made those observations, I reserve my conclusion until after I have considered the three fundamental flaws alleged by Counsel for Dr Wright. These were explained as follows, and I identify them as the ‘unjustified haste’, the ‘content’ and the ‘gap’ allegations:

On the first point ‘unjustified haste’, I will deal first with the three specific examples cited and then make some more general observations.

In relation to the BDO Minutes {ID_004013}, his 10-page analysis of the document is in PM5 {H/31/1-10}. From that analysis it is clear that Mr Madden reached his finding of manipulation in relation to this supposedly 2007 handwritten document after:

There are two further points to note:

The second example is the JSTOR article {ID_004019}, analysed with {ID_003830}, in Appendix PM6, {H/40/1-31}}. Mr Madden only made his finding of manipulation after:

A review of PM6 shows a painstaking analysis, all very clearly explained in minute detail.

In their Second Joint Statement, Dr Placks agreed that {ID_004019} was unreliable but did not go as far as to agree it was manipulated because (it seems) he thought the footer style in use in 2008 should be verified with JSTOR.

The third example is Dr Wright’s MSTAT assignment {ID_000073}, which Mr Madden analysed in his Appendix PM38 {H/145/1-17}. As I found in section 6 of the Appendix, I found Mr Madden’s analysis of this document entirely convincing. Furthermore I found no indication that it was done hastily or without due care.

On top of my consideration of these three examples, I add my consideration of the entirety of Mr Madden’s work, explained in his six reports. I acknowledge that Mr Madden was put under time pressure to prepare his later reports, his Sixth Report in particular, and I noticed a slight unease on his part giving evidence about the MYOB Ontier Email allegations because there were indications he did not feel entirely on top of all the detail. Having said that, I concluded that his unease was not a reflection that his evidence was flawed in any respect, but a reflection of the care he wishes to take when presenting his analysis and when answering questions about it in the witness box.

Overall, I find the accusation levelled against Mr Madden that he reached conclusions with ‘unjustified haste’ to be absurd. I reject the first point.

The second point, regarding ‘content’, is, in my view, misplaced. Mr Madden did not need to be an expert in ‘any of the multiple academic fields covered by Dr Wright’s disclosed documents’. As a forensic document expert, he was and is entitled to rely on passages of identical text and/or evidence of text edited away from the apparent original. I saw nothing inappropriate in his analysis of text/content.

The third ‘gap’ point was developed further and requires further discussion:

The first and second submissions presuppose that there was a relevant ‘gap’ in COPA’s evidence. For the reasons explained in this Judgment, I do not believe there was.

The second submission arises out of a point put to Mr Madden at the very start of his cross-examination to the effect that he would have been able to produce more extensive or decisive conclusions if he had had access to the computing environment on which electronic documents were produced (as well as the documents themselves). There are three main points to make in response:

However, all these points beg the question as to whether the complexity of Dr Wright’s IT environment is capable of explaining all of the apparent anomalies of any or all of the documents considered either in the body of this Judgment or in the Appendix.

To address this question, I must first set out the most important complexities relied upon. Although there is much more detail set out in Dr Wright’s witness statements, the key elements were conveniently summarised in his Written Closing as follows (and I quote):

Counsel for Dr Wright stressed that there was no challenge to his evidence on these points and that Mr Madden accepted they were technically plausible arrangements. This was said to be important ‘because, as Mr Madden also accepted, many of the alleged indicia of forgery that he and COPA have relied on in this case could just as readily have been caused by that environment, or those working practices (or a combination of both).’ (my emphasis – ‘many’ is an exaggeration, ‘one or two’ is nearer the mark).

Furthermore, Counsel for Dr Wright stressed that Mr Madden had accepted the following technical propositions. Here I quote the submissions made, with the footnote references inserted:

In relation to these points:

In Closing, Counsel for the Developers highlighted an example which involved Dr Wright’s allegation that Citrix persistence and his use of XCOPY accounted for (some of) the anomalies relied upon as indicating forgery. The document in question was {ID_000258}, Economic Security.doc which I have addressed in section 31 of the Appendix.

The detailed analysis in Mr Madden’s Appendix PM29 shows that Mr Madden analysed both external OS/file property metadata and the internal metadata. As he pointed out, the total time difference between the indicated Created Date and the Last Modified Date (both in 2008) was 2,594 minutes or 1 day, 19 hours 14 minutes. The MS Word total Edit Time was much longer, recorded as 83,165 minutes or 57 days 18 hours 5 minutes.

As Counsel pointed out:

To establish that persistence was not a valid excuse, Counsel turned to another example document: {ID_004516}, which was in COPA’s original list of additional 50 forgery allegations but which could not be pursued due to my PTR Order. It had been fully analysed by Mr Madden. Its internal metadata showed a difference between Created and Last Saved Dates of 1 day 17 hours, back in November 2002, but it had a recorded edit time encoded in the document. Mr Madden and Dr Placks were able to explain this. If the encoded edit time is treated as a positive number, it is 4,287,839,314 minutes i.e. an impossible edit time of over 8,000 years {H62.1}, whereas if it is treated as a negative number it decodes to -7,127,982 minutes or 13 years, 7 months and 4 days, albeit expressed in the negative indicating an unusual negative time shift {H/62/21}. Dr Placks agreed the ‘two’s complement conversion’ of the edit time {I/6/33}. He also agreed the presence of the Grammarly timestamp from 02.06.2016 identified by Mr Madden in PM9, [79] which was 7,127,922 minutes after the Last Modified Timestamp, an approximately 60-minute difference, which could be accounted for by the time which Dr Wright spent making his edits. Both experts agreed the Last Modified timestamp had been manipulated.

In practical terms, these data can be explained by the fact that the document was created with the computer clock set to 11 November 2002 and saved and closed. It is then opened with the clock set to 2 June 2016 and edits are made using Grammarly, but the user then realises the wrong clock date is in use, so re-sets the clock back to 11 November 2002. That process is responsible for creating the long negative edit time.

To conclude the points on {ID_000258}, the experts agreed the document had been manipulated in their first Joint Statement {Q/2/6} and maintained that view in their second Joint Statement {Q/4/6} on the basis that nothing said by Dr Wright had caused them to change their minds. As I point out in section 31 of the Appendix, there were other clear indicia of forgery, as there were for all the other documents in the Appendix.

Reverting to the submissions made by Counsel for Dr Wright, the ultimate end point of them was the submission that I should not conclude that a document has been forged simply on the basis that it contains timestamps, fonts and/or versions of software that post-date the date on the face of the document.

I have not done so.

Furthermore, if there had been just one or two allegedly forged documents in respect of which these were the only indicia, this case might look very different. However, these are not the only indicia, and furthermore, there are a large number of allegations of forgery. It seems to me that once my findings of forgery attain a critical mass (as I find they have done), those findings provide support for other allegations where there may be fewer indicia. The converse is also true: if I had found a number of Dr Wright’s documents did genuinely date from 2007/2008, his points about his computer environment might well have carried much greater weight. However, if I have found that Dr Wright has clearly forged a large number of documents which are said to pre-date the release of the Bitcoin White Paper in order to support his claim to be Satoshi, why should I be slow to find forgery in relation to other documents which have the same aim and which also share indicia of forgery? As I have said, the evaluation of all these allegations is an iterative process.

On these points, it may be noted that my answer to Dr Wright’s own submission (in paragraph 391 above) provides a negative answer to the question I posed at paragraph 380 above.

I can now return to the challenge made to Mr Madden’s reliability as an expert witness. This challenge was a bold submission in view of the following:

In conclusion, I reject any suggestion that Mr Madden was an unreliable witness. In my view, he plainly adhered to his duties as an expert witness and I have full confidence in the evidence he gave. Furthermore (and reverting to the point I discussed in [365] above), due to their extensive experience in Patent litigation, I acquit Bird & Bird of any charge that Mr Madden’s reports were prepared in an inappropriate manner. So too, Mr Madden. I am very grateful to him for all the work he did in this litigation.

I can now return to make some general points about the various explanations put forward by Dr Wright. In general terms, his explanations given for inauthentic or forged documents in his original disclosure largely rested on computing environment(s). By contrast, as can be seen from the Appendix, for most of the allegations of forgery relating to the Additional Documents, the explanation was that he was hacked by various third parties. In this section I concentrate on the explanations for documents in his original disclosure.

A notable feature of Dr Wright’s explanations in response to the allegations of forgery or inauthenticity was that his explanations were only produced after he had been found out. Given Dr Wright’s avowed expertise in forensic document examination and IT more generally, it is surprising that he repeatedly produced key Reliance Documents for a series of important legal cases without noticing serious anomalies in them. Examples of his professed expertise were as follows:

“So I used to work in digital forensics and I have written a textbook on the subject. I taught it with the New South Wales police college, and what I have to say is the KPMG methodology is not replicable. It is not scientific.” (Granath transcript for 14 September 2022, internal p71 {O2/11/19}.)

“As somebody who designed multiple forensic certifications, published several books and founded methodologies used within the industry, I believe that the number of people in the forensic environment who have experience with this type of IT environment and the issues it can give rise to is smaller again.” (Wright10, [6] {E/31/2})

Despite this supposedly unparalleled expertise, his case must be that either (a) he failed to notice any of the myriad problems with his documents pointed out in Madden1, or (b) he noticed some, but chose not to mention them.

In cross-examination, Dr Wright came up with a series of excuses for documents exhibiting signs of forgery. These are addressed in detail in the numbered sections in the Appendix, but the main responses can be classified as follows:

Despite the length of the statements and the elaborate account of Dr Wright’s past IT systems, I agree this was speculation on effects which might occur, without any supporting technical evidence. In general terms, the experts for both parties disputed that these effects would occur as suggested. If and insofar as Dr Wright wished to establish that features of his IT systems in fact accounted for particular signs of alteration, his Counsel would have needed to have put specific points to Mr Madden (although it is difficult to see this being done with any foundation, given the joint expert evidence). However, even if I assume Dr Wright did work in the way he asserted, I remain of the view that the features of his systems cannot account for all of the many and diverse signs of forgery I discuss in the Appendix. In addition, there are other non-technical indications of forgery which cannot be explained away by reference to Dr Wright’s IT set-up.

The related issue with Dr Wright blaming his system architecture now is that he never mentioned this topic before service of Madden1. This is surprising in view of his vaunted expertise. One would have expected him to say, when serving his list of Primary Reliance Documents, that certain features of his IT systems might give rise to metadata anomalies of particular kinds. He said no such thing. Indeed, when COPA asked in their Consolidated RFI for information on the operating system used for each of the Reliance Documents, part of Dr Wright’s response was that this was “in any event, irrelevant” {RFI Response 66 at {A/13/23}, 11 September 2023}.

That response was given after service of Madden1 and the week before Dr Wright’s supposed search which yielded the BDO Drive. Accordingly, it is apparent that Dr Wright had not at that stage come up with his excuse that his operating systems accounted for the defects identified in Madden1. If Dr Wright really did have the expertise in digital forensics which he claims, then even an initial read of Madden1 and its first few appendices would have alerted him to the findings which he now says are explained away by features of his computing environment. For example, Mr Madden’s first Appendix PM1 {H/1/1} is just 22 pages long and illustrates practically all the types of forensic findings which Dr Wright now seeks to attribute to his operating systems, and others besides.

There is, of course, a very stark contrast between his claim that the operating systems were irrelevant and what became a central theme in his attempts to deflect the allegations of forgery made in October 2023 (and as addressed in Appendix B to Wright11). COPA submitted that, in his oral evidence alone, Dr Wright invoked operating systems on no fewer than 102 occasions (referring variously to Windows, Linux, CentOS, Apple, Citrix, Virtual Machines and other “operating systems” in general), and I have no reason to doubt that submission.

COPA had further objections to Dr Wright’s attempts to attribute signs of document manipulation to the unusual effects of his operating systems.

In view of the general unreliability of Dr Wright as a witness, plus the fact that he had no independent expert evidence to support his assertions about the effects of the relevant computer environments, I agree that they carry very little weight. Furthermore, to the extent that any of his assertions had some validity, I am satisfied Mr Madden took account of them.

The Forgery Allegations in relation to the Additional Documents.

COPA’s Additional Forgery Allegations were made following the disclosure of, and my permission to Dr Wright to rely on, the Additional Documents. In relation to the LaTeX files, Dr Wright’s submissions were set out in section IV of his Written Closing. I consider those submissions below. In relation to the remainder (i.e. the BDO drive image and the 17 other documents in the Samsung drive alleged to be forgeries), Counsel for Dr Wright relied on the submissions made in relation to his original disclosure, and indeed, I took that into account when considering those submissions, above.

However, it is relevant to note that the BDO Drive image was relied upon as a time capsule dating from 31 October 2007.

Nevertheless, Counsel for Dr Wright relied on some additional points. First, the alleged hack by Mr Ager-Hanssen prior to his dismissal from nChain, which I discuss below. Second, they pointed out that Dr Wright took issue with the evidence of Mr Hinnant and Professor Stroustrup relating to {ID_004712} and {ID_004713}. I have considered these submissions in the Appendix, see section 33.

So far as the alleged hack by Mr Ager-Hanssen is concerned, Counsel for Dr Wright submitted the evidence was as follows, and I quote (although the underlining is my added emphasis):

I introduced Mr Ager-Hanssen earlier (see [63]-[67] above).

Although Dr Wright asserted in certain answers in cross-examination that there was a conspiracy against him involving COPA and Mr Ager-Hanssen, COPA emphasised in their Closing Submissions that they have had nothing to do with Mr Ager-Hanssen and merely relied on material publicly available due to his disclosures. For all the reasons set out in this Judgment (see the next section in particular), I am satisfied this alleged conspiracy was another lie from Dr Wright in his attempts to deflect responsibility from his own forgeries.

I should add, for the avoidance of any doubt, that I have not relied or placed any weight on the reported conclusions of either Mr Ager-Hanssen or Mr Ayre. I have reached my own conclusions based only on the evidence and submissions I received during the Trial, albeit, as indicated above, I have also had regard to events which occurred during my case management pre-Trial.

At this point it is appropriate to draw together the various allegations which Dr Wright made that various forged documents were planted by Mr Ager-Hanssen or some other ‘Bad Actor’. As I understand Dr Wright’s assertions, he makes them on the basis that the documents in questions are forgeries, because if they were not, he would continue to rely on them as supporting his claim to be Satoshi. So the issue is whether the person responsible for the forgeries in question was Dr Wright or some third party or parties, with, presumably, a grudge against him.

I address the allegations of planting by others in sections 1, 2, 13, 17, 35 and 40 in the Appendix, but undoubtedly the allegation has the greatest scope in section 2 concerning BDOPC.raw. In his oral closing submissions, Counsel for COPA addressed this principal allegation, submitting it was both absurd and incredible. He made the following six points:

The only other point I need address from Dr Wright’s submissions quoted at paragraph 410 above is the submission that COPA did not challenge Dr Wright’s account of being hacked. Counsel for COPA responded by submitting this was a bad point. I agree. As Counsel submitted, COPA did not have a positive basis to say what Mr Ager-Hanssen did or did not do, but what was put to Dr Wright repeatedly was that he was responsible for the editing and falsifying of the BDO materials.

The final point to make is that the notion that some Bad Actor was responsible for the forgeries of documents on the BDO Drive does not sit well with the clear positive evidence (which I address in the next section) that during September 2023, Dr Wright himself was creating the LaTeX documents. Indeed, in his answers on Day 5 when being cross-examined about two particular LaTeX files – LPA.tex and LP1.tex – Dr Wright asserted that these documents were planted by Mr Ager-Hanssen or someone associated with him {Day5/86:14}. I have addressed that assertion in the context of the detailed evidence on those two documents in section 17 of the Appendix. That detailed evidence demonstrated, as I found in section 17, that these two documents were forgeries, and I am entirely satisfied they were forged by Dr Wright himself.

Overall, the notion that a Bad Actor was responsible for the forgeries on the BDO Drive is literally incredible. It would depend on multiple bizarre coincidences, the combination of which is completely implausible.

The Ontier Email Forgery Allegation

I have addressed the points made by Counsel for Dr Wright in section 40 in the Appendix.

The LaTeX documents

I have already discussed how Dr Wright portrayed the critical importance of the LaTeX documents (and the other Additional Documents) in his evidence for the PTR (see [79] above). COPA’s evidence for the PTR suggested that Dr Wright’s case on these documents faced some difficulties which I concluded it was not appropriate to decide on that occasion. It is fair to say that the case on these documents has been going downhill ever since Field1 and Wright6 were served.

In marked contrast to the case put at the PTR about the critical importance of these documents, in closing Counsel for Dr Wright submitted they have proved to be far less important, for three reasons:

Accordingly, by the time of the written closings, Dr Wright’s case on the LaTeX documents had retreated to this:

On that third point, I disagree. In my judgment, the evidence is overwhelming that LaTeX was not used to create the Bitcoin White Paper. In particular, I reach the clear conclusion that the LaTeX files were a recent invention, created by Dr Wright in September 2023 as a key part of his response to Madden1. The detail which established that conclusion is set out in this section.

The Closing Submissions made by Counsel for Dr Wright on this point divide into two broad parts. The first part is a convoluted explanation which seeks to contend that, from the wreckage of what remains from the high point of the evidence in Field1 and Wright6, Dr Wright still has a point. It is not necessary to set out all of this convoluted explanation. It is adequately summarised in the proposition at sub-paragraph 422.1 above. The second part seeks to persuade me of the very fine point which remains which is that because Mr Rosendahl gave evidence that the Bitcoin White Paper could have been produced using LaTeX, I cannot safely reach the conclusion that LaTeX was not used in the creation of the Bitcoin White Paper.

As will be seen, a relatively succinct answer can be given to this point. However, it would be remiss of me to leave out of account the whole LaTeX story, because the story provides a prime example of what became a familiar sequence: (a) Dr Wright produces documents in respect of which it is suggested, either implicitly or explicitly (and as regards the LaTeX files, with certainty), that they prove he is Satoshi; (b) analysis of the documents suggests they cannot pre-date the Bitcoin White Paper; whereupon (c) Dr Wright maintains they are genuine but his story changes; and (d) when seeking to maintain his position under cross-examination, the story changes further and can only be supported by yet further lies from Dr Wright.

The development of the case based on the LaTeX files

This section is largely based on a section from the Written Closing Submissions from Counsel for the Developers, after I had checked the numerous references provided. It involves considerable detail, but in broad terms, the development proceeds through the following stages:

As Counsel for the Developers submitted, despite the fact that Dr Wright had either given evidence or an account of his authorship of the Bitcoin White Paper no less than four times, he did not mention LaTeX at all until after the service of Madden1 on 1 September 2023.

The four (or more) previous occasions on which one might have expected Dr Wright to have mentioned that he drafted the Bitcoin White Paper using LaTeX, yet no mention of LaTeX was made, are:

As far as I am aware, the first mention of LaTeX came in Dr Wright’s second Chain of Custody schedule, served on 13 October 2023, followed by a brief mention in Wright4, served 23 October 2023, where, at [6.c] {E/4/5}, he said that the development of the Bitcoin White Paper involved a “complex workflow utilising various software platforms, including LaTeX, OpenOffice and Microsoft Word”. No further detail was provided at that point.

These first mentions of LaTeX came after Madden1, in which Mr Madden had set out detailed evidence of Dr Wright’s manipulation of the metadata of many of the electronic documents on which he primarily relied in support of his claim to be Satoshi Nakamoto.

In his Eighteenth Witness Statement for the PTR, Mr Sherrell of Bird & Bird exhibited a Tweet on 30 September 2023 from Mr Ager-Hanssen in which he set out a screenshot from a report (which he tagged as #faketoshi) which indicated that:

As Counsel for the Developers observed, at best this would have been a bizarre question for Satoshi to have asked. Counsel also drew attention to the feature of PDF documents compiled from LaTeX code that the PDF file’s internal metadata properties may be defined by the document author. He suggested that would have appeared attractive to a person who wanted to avoid the metadata pitfalls exposed by Madden1.

On 27 November 2023, Shoosmiths wrote to COPA and the Developers (a) to reveal the existence of the White Paper LaTeX Files, said for the first time to be stored on Overleaf, (b) to seek to impose stringent limitations on their disclosure and (c) asking to adjourn the trial {AB/2/2}.

Neither COPA nor the Developers were prepared to accede to the proposals made by Dr Wright and so, on 1 December 2023, an application was made by Dr Wright for permission to rely on the so-called White Paper LaTeX Files (and other documents), for an adjournment of the trial and for revised directions to that adjourned trial. I heard and determined that application at the PTR.

Field1 and Wright6 repeated and amplified claims Shoosmiths had made (on instructions) in their 27 November 2023 letter. It was said that (and note that all references to Field1 were confirmed in Wright6 at [4]):

Dr Wright first provided a compilation of his version of the White Paper on 13 December 2023, a little over 24 hours before the PTR. It was self-evident from the content of the compilation {at {L20/248.2}}, when it came, that it was not “materially identical” to the Bitcoin White Paper, let alone an “exact replica”.

Shoosmiths sought to explain the dissimilarity on two footings, which they confirmed would be explained by Dr Wright in his reply witness evidence (see {AB/2/68} at [5]), namely:

The PTR took place on 15 December 2023. At the PTR Dr Wright presented the White Paper LaTeX files as containing a form of digital watermark that rendered them potentially determinative of the identity issue (see Dr Wright’s skeleton [57-57(1)] {R/2/19}), as impossible to reverse engineer (see Dr Wright’s skeleton [57(2)] {R/2/20}) and as uniquely coding for the published form of the Bitcoin White Paper (Dr Wright’s skeleton [57(3)] {R/2/20}).

In my Order from the PTR, I ordered Dr Wright:

On 18 December 2023 Shoosmiths wrote to COPA confirming that Ontier had informed them that, so far as it was aware:

“a.

At no stage during the course of its retainer with Dr Wright (across all litigation matters) did Dr Wright inform Ontier that (i) he had an Overleaf account; (ii) this account may contain documents or be capable of generating documents which may be relevant to the issues in dispute; and/or (iii) the Overleaf account hosted LaTeX code or files which would produce a copy of the Bitcoin White Paper;

b.

Ontier has never seen and/or received copies of any documents or material from Overleaf (whether LaTeX code or otherwise)”

As Counsel for the Developers submitted, Dr Wright’s account, as to why the White Paper LaTeX Files had not been disclosed previously, fell apart. Dr Wright hinted that Ontier might have some motivation for lying about his LaTeX files, but the truth is more simple. As explained below, it is highly likely that Dr Wright’s Overleaf account did not exist during the period of Ontier’s instruction.

After the PTR, Shoosmiths produced the so-called White Paper Latex Files on 20 December 2023, by way of a zip folder entitled ‘Bitcoin (3).zip’ {AB/2/31}. The ‘Bitcoin’ folder that was disclosed had been received by Shoosmiths on 24 November 2023 {Shoosmiths’ letter, 10 January 2024}. It was the same folder that had been used to produce the compilation that had been disclosed on 13 December 2023 {Shoosmiths’ letters of 29 December 2023 at [2] & 4 January 2024 at [2]}. The main document path that had been used to create the compilation was a file in the TC subfolder and called main.tex.

Counsel for the Developers submitted that Dr Wright provided only very limited information concerning his Overleaf account(s), and then only reluctantly. I agree that he appears to have believed that the Overleaf platform recorded little or no metadata or document editing history (see {Day15/148:4-9}). I also agree that, in the period between the disclosure of the so-called White Paper LaTeX Files and Dr Wright’s cross-examination about them on 23 February 2023, he appears to have made efforts to prevent the production of that information to the Developers and COPA.

However, acting entirely properly, Shoosmiths had to disclose certain matters on 16 February 2023, mid-way through the trial. Even after that disclosure, it remains the case that we only have a partial view of Dr Wright’s activity in relation to the LaTeX files. The data we have relate to a 7-day period between 17 November 2023 (the date of creation of a folder entitled “Maths (OLD)”) and 24 November 2023 (the date of export of the White Paper LaTeX Files from the ‘Bitcoin’ folder). Counsel for the Developers submitted that even those limited data comprehensively destroy any credibility that the so-called White Paper LaTeX Files might otherwise have had.

This submission is based on the history of Dr Wright’s Overleaf account, pieced together as best as one can in light of the fragmentary information Dr Wright provided. That is then contrasted with Dr Wright’s efforts to avoid the truth of the account coming out.

Dr Wright’s Overleaf account

Dr Wright professes to have held multiple Overleaf accounts associated with multiple (21) universities since 2020 {See Dr Wright’s ‘cookbook’ at {M/2/776} at section 7 (second para) and Shoosmiths’ letter of 4 January 2024 at [3] {M/2/802}. However, his relevant account for present purposes is that associated with his craig@rcjbr.org address {Shoosmiths’ letter to Overleaf of 10 January 2024 at {M1/2/39}}.

Although Shoosmiths stated that Dr Wright’s Overleaf account was created in June/July 2023, the account number incorporates a Unix timestamp in hex {64d1faf7} that can easily be converted to a precise date and time of 8 August 2023 at 8:21am. That probably explains why Ontier had never heard of it: they had been replaced by Travers Smith on 12 June 2023 {M/1/881}, two months before Dr Wright created the account.

It seems (from a letter dated 27 February 2024 – after Dr Wright’s cross-examination) that on 5 October 2023 (three days after Shoosmiths’ instruction) a former fee earner of Shoosmiths received some form of demonstration from Dr Wright relating to LaTeX. The demonstration was so inconsequential that the current fee earners do not recall it. Shoosmiths have not subsequently received any documents relating to that demonstration {M/3/48}. Dr Wright performed a further demonstration for Shoosmiths in relation to his Overleaf account on 17 November 2023 between approximately 12.00-12.30 and 14:00-14.30 {Shoosmiths’ letter of 16 February 2024 {M/3/15} at [8.a]}.

That same day, i.e. 17 November 2023, at 16:26 (after the demonstration to Shoosmiths) Dr Wright created a folder titled “Maths (OLD)” and copied the White Paper LaTeX Files into it {Shoosmiths’ letter of 20 February 2024 {M1/2/210}. No earlier folders have been disclosed. The main document used by Dr Wright was titled BitcoinSN.tex. He created that file at 17:29 on 17 November 2023 {L21/16.1/92} and copied into it the content of a file entitled TC8.tex that he had imported into the Maths (OLD) folder when that folder was set up {L21/17.1/2}. He appears to have then given another demonstration to Shoosmiths between 17:00 and 17:30 {Shoosmiths’ letter of 16 February 2024 {M/3/15} at [8.a]}.

Thereafter, Dr Wright made a series of changes to the BitcoinSN.tex file over the course of the next 22 hours, spread over three periods between 17 and 19 November 2023, as set out below and at {M1/2/157}.

On 19 November 2023 at 18:23 Dr Wright created a new project, ‘Bitcoin’. Around one minute later he copied the content of the final version of the BitcoinSN.tex file from the Maths (OLD) folder into the main.tex file of the ‘Bitcoin’ project, i.e. the main document path of the so-called White Paper LaTeX Files {L21/14.1/44}.

Dr Wright spent several hours making changes to the main.tex file in the morning of 20 November 2023. He then held further demonstrations with Shoosmiths between 15:00-15:30 and 16:30-17:00 {Shoosmiths’ letter of 16 February 2024 {M/3/15} at [8.b-8.c]}. Only four inconsequential changes were made during those demonstrations; and then only in the latter session i.e. no changes are shown between 15:00-15:30 at {L21/14.1/238}-{L21/14.1/239}; four changes were made between 16:30-17-00 at {L21/14.1/244}-{L21/14.1/245}.

Dr Wright sent downloads from Overleaf to Shoosmiths (including various compilations) on 20 November 2023 at 15:54, 16:22 and 16:57. Those downloads and the associated compilations were not produced to COPA and the Developers until 16 February 2024 (after the conclusion of Dr Wright’s first cross-examination) {Shoosmiths’ letter of 16 February 2024 {M/3/15}}. The covering emails {{L20/252.86}, {L20/252.87} and {L20/252.88}} made no reference to Dr Wright having made any changes, or to him planning to do so.

Dr Wright continued to make changes to the main.tex file between 20 November and 24 November 2023. He then downloaded and sent the ‘Bitcoin’ folder to Shoosmiths at 17:20. The covering email again made no reference to any changes that Dr Wright might have made – and described main.tex as “the one Ppl know”{L20/252.89}.

Dr Wright then went on to make yet further changes to the main.tex file. His activity on main.tex is illustrated below and at {M1/2/103}.

The efforts made to resist providing metadata

The preceding account of Dr Wright’s activity on his Overleaf account has only emerged as a result of documents and information provided by Shoosmiths during the trial.

Dr Wright had numerous opportunities to tell the truth – that the so-called Bitcoin White Paper LaTeX Files were the product of days of work done on Overleaf in November 2023 and not the processes described in his first and fourth witness statements but he failed to take them:

As an aside, Dr Wright did make reference to how the files had been stored on the QNAP server in Wright14. At one point it seemed that Dr Wright might place some emphasis on this server as a repository of relevant information. In Wright14 at {E/33/4} Dr Wright explained how Alix Partners came to copy the QNAP server and took it away. Dr Wright suggests that he copied the White Paper LaTeX Files onto an external drive from the QNAP server at that time. I agree that suggestion cannot be true. AlixPartners have confirmed that they collected the QNAP server on 4-5 February 2019: see Shoosmiths’ letter of 29 January 2024 at {M1/2/138}. AlixPartners inspected the QNAP server onsite, detected it was encrypted and took it away {M1/2/139}. They did not seek to image the QNAP server because it was encrypted, as Dr Wright has confirmed {M1/2/140}. Given that the QNAP server was “not accessible to them without valid credentials and keys” and “inaccessible whether by AlixPartners, [Dr Wright] or a third party” {M1/2/140}, Dr Wright cannot have accessed it to remove the White Paper LaTeX Files. In Tulip Trading, Dr Wright has suggested that the QNAP server is not even owned by him, but is instead owned by nChain {S1/1.36/2} at [5] and so the QNAP server faded from attention in the present proceedings.

Dr Wright dragged his feet in providing any useful metadata in compliance with my Order made at the PTR:

On 22 January 2024, Shoosmiths finally produced four zip files, including one containing a redacted version of the data that had been supplied by Overleaf. Even now it is not clear who had decided on the relevant redactions or why. The files included:

On 1 February 2024, after being pressed further in correspondence, Shoosmiths wrote to Macfarlanes about the Maths (OLD) project. They confirmed that Dr Wright had put the REDACTED_project.json file associated with the Maths (OLD) project into the Bitcoin folder that had been disclosed to COPA and the Developers “inadvertently”. As Counsel submitted, put another way, Dr Wright had never intended to reveal the existence of the Maths (OLD) project to the Developers.

However, the materials disclosed from the Maths (OLD) project were a revelation. They showed for the first time details of Dr Wright’s repeated tinkering with the White Paper LaTeX files between 17 and 19 November. Nevertheless, the Maths (OLD) files were defective in two respects:

On Day 5 of the trial, Mr Hough KC turned to the topic of the White Paper LaTeX Files in his first cross-examination of Dr Wright. In particular, he took Dr Wright to the chart set out at paragraph 455 above and suggested that Dr Wright was responsible for the edits shown in that document. Dr Wright admitted that he was, but then said that he had made all of the changes during demonstrations to Shoosmiths:

“153: 5 Q. You were responsible for those edits, weren't you,

6 Dr Wright?

7 A. I was.

8 Q. So the file was being edited right up to the day before

9 the LaTeX files were received by Stroz Friedberg?

10 A. Yes. I demonstrated to Shoosmiths, making a small

11 change, adding a full stop, adding a percentage. And

12 where you say there are extensive edits, that's actually

13 not true. Adding a full stop, removing that full stop,

14 is actually two edits. So, when I add a space, that's

15 an edit. If I go percent, comma, slash, etc, that's

16 three edits. So, at one stage, I typed in Matt's, one

17 of my solicitor's, name. That was probably 10 edits.

18 I then undid it and put the original name back. So

19 I was demonstrating how using that, you could change

20 the date and produce a new version, etc.

21 Q. Dr Wright, first of all, this was a document which you

22 were going to present as being a perfect digital

23 watermark of the Bitcoin White Paper. Didn't it occur

24 to you, as an IT security expert, that you shouldn't be

25 mucking with it extensively over the period of time

154: 1 before you produced it?

2 A. I downloaded a copy of the file and gave it to

3 Shoosmiths before I did any of this. So, the first

4 thing is, I downloaded the ZIP from Overleaf, sent it to

5 the solicitors. We did that right at the beginning of

6 this process. And as such, once I've given them a copy,

7 I'm saying that I can't change the copy they have,

8 therefore my making changes and undoing those changes is

9 not a material change.

10 Q. Do you say that all of those edits were done in

11 the presence of Shoosmiths?

12 A. They were on videos, on calls, I sent them some emails

13 while they weren't on there, I sent, like --

14 Q. You say that all these edits were done in their

15 presence?

16 A. Not in their presence. I emailed them. They weren't

17 there. And do you consider on a video call presence?”

Although Dr Wright’s Counsel then observed that issues of privilege were being traversed, Dr Wright’s answers put Shoosmiths in an impossible position. I agree that it plainly was not true that Dr Wright had made the changes in demonstrations to Shoosmiths. Indeed, as noted at paragraphs 453 to 454 above, he had not even mentioned any changes in his emails to Shoosmiths enclosing the Bitcoin folder.

In these circumstances, there had to be a waiver of privilege in relation to the Maths (OLD) and Bitcoin folders – and that occurred on Friday, 16 February 2024. For the first time, unredacted chunks.json files were produced by Dr Wright. That enabled the Developers to set about compiling each of the revisions that Dr Wright had made to the White Paper LaTeX Files between 17 November 2023 and 24 November 2023. The Developers presented that work to Shoosmiths on Monday 19 February 2024, together with the code that they had developed to compile the documents from the chunks.json files.

Before turning to the evidence which emerged from production of the metadata underlying the White Paper LaTeX Files, I mention four points which arise from the sequence of events set out above.

First, Dr Wright deleted the previous folders on Overleaf from which he derived the Bitcoin folder. In Shoosmiths’ letter dated 20 February 2024, they said:

“Dr Wright tells us that he cannot remember what those previous project folders were called or whether he copied them directly within Overleaf or copied them from local copies he had previously downloaded from Overleaf. In any event, Dr Wright says that he deleted the previous projects folders after copying their contents into Maths (OLD). As a result, Dr Wright says he no longer has the project folder used for the Overleaf demonstration to this firm earlier on 17 November 2023.”

I agree that there can have been no good reason for Dr Wright to have deleted those folders. From his own writings, Dr Wright is well aware of the adverse consequences attendant on the destruction of documents in this way: {L1/470/8}-{L1/470/9} and {Day15/114-117}.

Dr Wright was challenged on the deletion of the previous files in this passage of cross-examination:

“151:17 Q. So earlier, on 17 November, you had the so-called White

18 Paper LaTeX files in a different folder to Maths (OLD)

19 or the Bitcoin folder, right?

20 A. I copied it into my R drive and then uploaded into

21 multiple places for the demonstrations.

22 Q. And you have failed to produce the folder that held

23 those earlier files, haven't you?

24 A. Because I copied back and forwards between the others.

25 Q. You deleted it?

152: 1 A. No, I did not. I moved it.

2 Q. Can we go to {M1/2/210}.

3 This a letter from Shoosmiths, dated

4 20 February 2024, so very recently, and we can see in

5 paragraph 2.1:

6 "As you note in Your Letter, the Maths (OLD) project

7 was created on 17 November 2023 at 16:26 [pm] ..."

8 As I just put to you:

9 "Dr Wright instructs us that this project was

10 created by merging and/or copying files into Maths (OLD)

11 from previous Overleaf project folders. Dr Wright tells

12 us that he cannot remember what those previous project

13 folders were called or whether he copied them directly

14 within Overleaf or copied them from local copies he had

15 previously downloaded from Overleaf. In any event,

16 Dr Wright says that he deleted the previous projects

17 folders after copying their contents ..."

18 Why have you lied to me about that basic point,

19 Dr Wright?

20 A. I didn't. If you're talking about the previous things,

21 then, yes, I've deleted them multiple times. Overleaf

22 goes back quite a while, including multiple accounts.

23 And have I kept them? No. I've copied between

24 different Overleaf folders.

25 Q. I said specifically to you that you had deleted those

153: 1 previous folders, and you said, "No, I did not, I moved

2 it", is what you said.

3 A. When you're moving, it actually changes the folder

4 structure. So, we're talking about different things.

5 I'm talking about the earlier stuff that I had in

6 Overleaf here; you're talking about what I did on

7 the 17th. So, they're different things.

8 Q. Dr Wright, you deleted relevant and disclosable material

9 just a couple of weeks before your application for an

10 adjournment, didn't you?

11 A. No. I didn't want an adjournment, for a start. But

12 what I did was copy and paste these into different areas

13 for demonstrations. The files in total were kept.

14 Q. You must have known, Dr Wright, that that was improper?

15 A. No, at that stage, everyone was telling me that there

16 was no purpose of these and we wouldn't get them in.

17 That's why I did the demonstrations. I did

18 the demonstrations to show how little teeny weeny

19 changes and how important it was, so I structured

20 a whole lot of demonstrations to show just how critical

21 these little tiny tweaks were and that you couldn't

22 guess them.”

I agree with the Developers that in that passage of evidence, Dr Wright was doing his best to avoid the point and, in essence, not telling the truth.

The result of this deletion of data is that the Court has no information as to what Dr Wright did with the so-called White Paper LaTeX Files at any time before 17 November 2023.

Second, the Maths (OLD) folder itself was obviously relevant. However, Dr Wright had actively sought to hide it, saying that all folders other than the ‘Bitcoin’ folder related only to his personal and academic interests. Confronted with this point on Day 15, Dr Wright seemed to regret disclosing the Maths (OLD) folder at all and to pray in aid his deleted folders, before contending that he was demonstrating Overleaf to his solicitors (a point to which it is necessary to return later):

“149:15 Q. Can we go to page 8, please, at 19.2.5, which I know you

16 glanced at earlier {E/24/8}. We can see that, in

17 the second sentence:

18 "Dr Wright instructs me that the only relevant or

19 potentially relevant material hosted on his Overleaf

20 account is the material in a folder entitled 'Bitcoin'

21 did ... and that the other material hosted on

22 Dr Wright's Overleaf account relates to academic and

23 personal interests post-dating 2020 that are not

24 relevant to these proceedings."

25 Right? That's what you told her?

150: 1 A. Yes.

2 Q. And that wasn't true, was it?

3 A. No, I believe it's true. We've disclosed other

4 material, including stuff to do with CookBook, etc, but

5 my university stuff, the work on Teranode, etc, I don't

6 believe is relevant.

7 Q. The Maths (OLD) folder contained -- didn't only contain

8 material relating to your academic and personal

9 interests, did it?

10 A. Only because I copied into the wrong folder.

11 Q. It contained material that was directly relevant to your

12 creation of the White Paper LaTeX files, right?

13 A. No, it didn't. It had where I loaded, on the 17th,

14 files from a different directory so that I could

15 demonstrate the changes. That is directly loaded on

16 the 17th. As you already know, I had meetings with my

17 solicitors demonstrating Overleaf and those files, so

18 they had to exist before the 17th. They were there at

19 my house.”

Dr Wright was challenged on his inadvertent disclosure of the Maths (OLD) project:

“190: 5 Q. Now, we know that it was inserted inadvertently by you

6 because we see that at {M1/2/153}. This is a letter

7 from Shoosmiths of 1 February 2024. 2(c):

8 "We understand from our client that the content of

9 the 'Maths (OLD)' project was inadvertently put into

10 this folder by our client."

11 Do you see that?

12 A. That's not what it's saying. It was a copy of the --

13 the thing. If you're saying a redaction, that's

14 a different thing. So I'm --

15 Q. The only Maths (OLD) project-related file that we

16 received, when you produced materials to us on

17 22 January, was that json file that I've just taken you

18 to?

19 A. I've no idea. I didn't actually open the file. KLD

20 came out, I clicked the link, we downloaded it, I gave

21 it to them. That's all I know.

22 Q. "We understand from our client that the content of

23 the 'Maths (OLD)' project was inadvertently put into

24 this folder by our client."

25 Right? It was you?

191: 1 A. No, that's not the downloaded file. The Maths (OLD)

2 file, what we're talking about, is Overleaf.

3 I inadvertently copied the Bitcoin stuff into

4 the Maths (OLD). That's what that there is describing.

5 Q. It's talking about the opposite. It's about content of

6 the Maths (OLD) project inadvertently being put into

7 something, right?

8 A. No, not at all. The download was done by either Stroz

9 or KLD at my house when we clicked on the file, and they

10 captured it.

11 Q. Now, if we --

12 A. I had no interaction with that process.

13 Q. If we hadn't immediately spotted the existence of

14 the project json file in relation to the Maths (OLD)

15 project in your Bitcoin folder, we would never have

16 known of all of the changes that you had made to

17 the White Paper LaTeX files, would we?

18 A. As I said, they were all part of the demonstration

19 process, so all that happened was I clicked the download

20 and all that comes across.

21 Q. So when saying that you had inserted it inadvertently,

22 what that actually means is that you had intended to

23 suppress that file from disclosure to us, right?

24 A. Not at all.”

As Counsel for the Developers submitted, these were evasive answers but they do not detract from the points that (a) I had ordered these data to be disclosed; (b) either Dr Wright did not make any attempt to find out from Overleaf whether these data existed or, (c) he knew these data existed and did not mean to disclose them.

Third, these data show that Dr Wright’s four witness statements presented a profoundly misleading picture that all he had done was make “minor corrections to address typographical errors in the published form of the Bitcoin White Paper”.

Fourth, Dr Wright had lied about the reason why the White Paper LaTeX Files had not been included in his disclosure. He had not (indeed could not have) received the advice that he alleges from Ontier. Moreover, Dr Wright sought to abuse legal professional privilege as a way of avoiding disclosure of damaging information. Thus, Dr Wright’s BitcoinSN.tex file was first created by Dr Wright in a subfolder of Maths (OLD) entitled “ZZZ Notes” {L21/16.1/92}. It was then moved to a subfolder entitled “Test” {L21/16.1/101}, before being moved to the “TC” subfolder {L21/16.1/102}. Dr Wright subsequently claimed privilege over the content of the ZZZ Notes and Test folders. As a result the origin and initial content of BitcoinSN.tex was concealed from COPA and the Developers until 16 February 2024 (midway through the trial), when Shoosmiths recognised that a waiver/withdrawal of the alleged privilege was essential{M/3/15}.

In the circumstances (which include all the evidence about the LaTeX files), I agree with the Developers that the only reasonable inference is that Dr Wright lied about these matters (and sought to abuse legal professional privilege) to conceal the fact that the White Paper LaTeX Files were a recent creation.

The evidence of forgery of the LaTeX Bitcoin White Paper

Under this heading, it is necessary (a) to discuss the animations prepared by the Developers from the chunks.json data, (b) to address Dr Wright’s evidence about the metadata entry in the files, (c) to describe the nature of his revisions to the text formatting, (d) to discuss his use of Aspose in creating the images and (e) to discuss his evidence about the use of Apose.

The animations

Apparently unbeknownst to Dr Wright, the alterations he made to the White Paper LaTeX Files between 17:29 on 17 November 2023 and 17:07 on 24 November 2023 were recorded by Overleaf and are now available in the chunks.json files. From those data, the Developers created the two animations at {L21/12} and {L21/13}. The former is set against a blank background, the latter against the control version of the March 2009 Bitcoin White Paper.

I agree that the animations produced by the Developers illustrating the output of those alterations show the process by which Dr Wright forged the White Paper LaTeX Files in real time. They are the digital equivalent of a video capturing Dr Wright in the act of forgery.

The following information emerges from the animations themselves:

In short, the process was not one in which “minor corrections” were being made to put right known “typographical errors” in the Bitcoin White Paper (as had been stated twice by Shoosmiths on instructions from Dr Wright {Shoosmiths’ letter dated 13 December 2023 at [3.1] {AB-A/2/67} and Shoosmiths’ letter dated 29 December 2023 at [3] {AB-A/2/141}}).

Instead what the animations illustrate is that Dr Wright was trying to get his White Paper LaTeX files to fit the formatting of the Bitcoin White Paper. He was literally reverse-engineering the White Paper LaTeX Files from the Bitcoin White Paper. That was the very process that on 1 December 2023 he had sworn (in support of his application of that date) was “practically infeasible”.

Perhaps appreciating the impossibility of the “minor corrections” explanation formerly provided, when the unredacted chunks.json files were produced to COPA and the Developers on 16 February 2024, Dr Wright instructed Shoosmiths that {Shoosmiths’ letter dated 16 February 2024 at [14] {M/3/16}}:

“Dr Wright did edit the code in the intervening years for personal experimentation and to make corrections and improvements, and for the purposes of the demonstrations referred to above, and that Dr Wright then sought to undo the changes to the LaTeX code he had made since publication of the Bitcoin White Paper in order to put the code into the form that would compile the Bitcoin White Paper”.

That explanation is untenable in light of the changes recorded in the chunks.json and visible in the animations. It is absurd to suggest that the process of continual, iterative change and adjustment demonstrated through the animations represents the “undoing” of changes made previously. Still less is it tenable that the changes were made during demonstrations.

Dr Wright emphasised the “I was giving demonstrations” explanation in his oral evidence, as for example in the following passages on Day 15:

“125: 9 Q. We're going to come to the changes in a minute and we're

10 going to come to the demonstrations in a minute, but the

11 changes that you made to the BitcoinSN.tex file of

12 the Maths (OLD) project and then to the main tex file of

13 the Bitcoin project included changes which were designed

14 to make the text of your LaTeX file more closely

15 resemble the formatting of the Bitcoin White Paper;

16 correct?

17 A. No, not at all. The demonstrations were to show how

18 the differences were. I'd actually already told my

19 solicitors about it going back to October.

20 Q. We can see, and we're going to go through some of this

21 but hopefully fairly briskly, that you were adjusting

22 the size of the spaceskip commands; do you agree?

23 A. Yes. Like I was saying, you demonstrate how the thing

24 works and I put them in and out.

25 Q. And then you were adding and moving "/:"s, right?

126: 1 A. Yes.

2 Q. And that was to try to enable you to try to replicate

3 the line breaks and the spaces between words in

4 the Bitcoin White Paper, wasn't it?

5 A. Not at all. It was actually putting things back to

6 demonstrate what it is without it and how these things

7 work.”

“127: 5 Now, what that animation shows is that you were

6 moving and adjusting text, right?

7 A. Yes, that was part of capturing and what I was

8 demonstrating. The original was demonstrated to my

9 solicitors at my home before any of this happened.

10 Q. And we can see that, generally, the changes started on

11 page 1 and continued down the document, right?

12 A. Oh, as I made each of the change, it's not the whole

13 document changes. To demonstrate what the different

14 commands do, I had to actually put them in.”

“132:11 Q. Were you very familiar with LaTeX before you were doing

12 this?

13 A. I know LaTeX. I don't -- I'm not an academic, I don't

14 teach it, so I don't know all the terminology.

15 Q. Because there seemed to be a lot of faffing around with

16 LaTeX in your adjustments, which looked like somebody

17 learning how to do it on the go?

18 A. No, it's demonstrating the differences. Like I said, if

19 you make one small change in any of those values, it

20 significantly changes everything in the line and

21 the only way to demonstrate that is to show it.”

I agree that Dr Wright’s “demonstrations” excuse is demonstrably false. The period of the demonstrations to Shoosmiths is illustrated in the animations by changing the background colour to red. It occupies just 4 frames of the animations. Dr Wright was not otherwise demonstrating anything to anybody. He was trying to work out what adjustments he might make to the LaTeX code to get his text and images to fit the layout of the Bitcoin White Paper.

With that in mind it is useful to turn to Dr Wright’s evidence about the text, images and other commands in the LaTeX code.

Metadata command

On a number of occasions, when confronted with evidence of anachronistic metadata, Dr Wright sought to explain the anomaly by reference to his use of a metadata command in LaTeX. For present purposes, these points are only concerned with the relevant command used in the White Paper LaTeX Files.

Dr Wright provided evidence about that at Wright11 [358-367] {CSW/1/68}. In particular at Wright11 [365] {CSW/1/69} he suggested that he has used the following LaTeX command: pdfcreationdate={D:20090324103315-07:00}.

Counsel for the Developers suggested there were three problems with that evidence.

First, that command would not have produced the Created date that appears in the Bitcoin White Paper pdf. The CreateDate in the relevant version of the Bitcoin White Paper is 2009-03-24T11:33:15-06:00 {G/7/17}. Dr Wright had identified the wrong time zone in his supposed LaTeX code. As the Developers noted, Dr Wright may have been in a muddle arising from the fact that the October version of the Bitcoin White Paper used a -7 hours time zone: PM3 [22] {H/20/8}. When presented with that error on Day 15, I agree that Dr Wright dissembled, including in response to questions from me:

“167:18 Q. What is the point of putting in a witness statement

19 a description of a PDF creation date command if it

20 wasn't a PDF creation date command that Satoshi made?

21 What's the point of mentioning it?

22 A. One, I am Satoshi. Two, the command that I put in there

23 is going to change over time as I'm working on

24 the files.

25 Q. So if you're Satoshi, was that the PDF creation date

168: 1 that you put into the Bitcoin White Paper or not?

2 A. The original White Paper has changed many times and

3 there are multiples.

4 Q. Right.

5 A. So your problem is that you keep saying, "The paper".

6 One, there are multiple versions of the paper, and there

7 are multiple versions of what I've done.

8 Q. No, the problem isn't mine, it's yours.

9 A. No, it's not mine.

10 Q. And the reason the problem is yours is because

11 the relevant version of the Bitcoin White Paper that

12 you're talking about here had a minus six hours time

13 zone.

14 A. No, it had a minus six because of changes in location.

15 Q. We can see it at {H/20/11}.

16 A. Minus seven goes to minus six when you add summer time.

17 Q. Dr Wright, we can see here that the creation date was

18 20090324113315 minus 6, right?

19 A. Minus 7, in the statement, when you add summer time

20 becomes minus 6, plus one hour, so minus 7 plus one is

21 minus 6.

22 Q. Dr Wright, I perfectly well understand that if you were

23 trying to state the relevant time at a minus seven-hour

24 time zone that you would have put 103315, but actually,

25 Satoshi didn't use a minus 7-hour time zone for this

169: 1 version of the White Paper, did he?

2 A. No, you're incorrect once again. Time zones. If you

3 compile it and you change, like, that not to be that

4 part of the year, it will be different.

5 Q. Dr Wright, the whole point of this section of your

6 witness statement is for you to describe the -- is to

7 describe what you were saying was the way in which you

8 could configure the metadata properties, right?

9 A. Yes.

10 Q. But you put in duff metadata properties in your 11th

11 witness statement, didn't you?

12 A. Again, time zones. I know you seem not to understand it

13 on purpose, but when you have a plus one on a time zone,

14 it changes. So time zone plus one means negative 7 plus

15 one, which comes out on the final document as

16 negative 6.

17 Q. If you're manually configuring the Bitcoin White Paper

18 to identify -- and you're doing it in LaTeX, which

19 Satoshi did not do, if that's what he had done, he would

20 have had to put minus 6 to get the output that we're

21 seeing here as the creation --

22 A. No, if you did it on minus 6, because of plus 1, you'll

23 actually get negative 5. So again, it's like London

24 time. We keep adding an hour, subtracting an hour,

25 making people change clocks --

170: 1 MR JUSTICE MELLOR: Hang on, Dr Wright. As I understand

2 your evidence, in LaTeX, it's nothing to do with any

3 clock, you put in these numbers.

4 A. Ah, but the system will still use the timestamp

5 information. So you put in those numbers --

6 MR JUSTICE MELLOR: How? Which bit of this creation date

7 field does the system change then?

8 A. You still have to put in the time zone information if

9 you want it not to change naturally on the system clock,

10 my Lord. So the system clock, when it compiles, will

11 recognise if it's a plus one and add that and modify it.

12 So, when you do this, unless you do something like

13 specify GMT, or Eastern Standard Time specifically, then

14 it's going to take the natural sort of changes and

15 drifts.

16 MR JUSTICE MELLOR: Mm. I think I've previously asked you

17 about whether there was a default or whether you had to

18 put all this in manually.

19 A. If --

20 MR JUSTICE MELLOR: And I recall you answered it's manual.

21 A. Yes, but what I'm saying here is the difference between

22 the negative 7 and the time zone information, my Lord.

23 They're actually two different settings.

24 MR JUSTICE MELLOR: Yes, I mean, I'm afraid, Dr Wright,

25 I simply don't understand that answer. So if you want

171: 1 me to understand it, you're going to have to explain

2 precisely how this works.

3 A. Yes, my Lord.

4 All right, so what happens is you set a default, and

5 if you put negative 7 and the --

6 MR JUSTICE MELLOR: Where do you set the default in LaTeX?

7 A. In a command.

8 MR JUSTICE MELLOR: In this command?

9 A. Yes.

10 MR JUSTICE MELLOR: But I thought you said earlier it's just

11 what you type in?

12 A. The negative 7, though, is different to the time.

13 The time is what you type in. Now, you also either set

14 explicitly whether you have time zones changing for

15 summer time, etc, or not. If you don't, then it goes to

16 your clock time, as you're doing it.

17 MR JUSTICE MELLOR: Okay, but I don't understand why you

18 would be worrying about summer time, plus 1, minus 1,

19 etc.

20 A. That's why it comes out, if you put 7 in --

21 MR JUSTICE MELLOR: No, no, no, why wouldn't -- okay, we'll

22 assume Satoshi is putting in the creation date.

23 A. Yes.

24 MR JUSTICE MELLOR: Why would he worry about whether it was

25 summer time or not?

172: 1 A. No, it's a time zone negative 7. At the time, I was

2 doing a lot of work with American and Caribbean

3 companies, so my default when I printed things was

4 negative 7. The reason for that is, in Antigua, various

5 other islands, a lot of gaming happens. So when I was

6 doing, you know, documents, etc, I used standards for

7 either South American or Caribbean time. Now, that

8 comes with certain plus 1 minus or plus 10 type

9 adjustments. Now --

10 MR JUSTICE MELLOR: Adjustments from when?

11 A. I'm not exactly sure when summer time does or doesn't

12 start.

13 MR JUSTICE MELLOR: No, no, no, but if you're talking about

14 Antigua and Caribbean saying plus 1/minus 1, that's

15 adjusting relative to which time zone?

16 A. To the negative 7. So it will take negative 7 and add

17 one. So when it compiles, it becomes negative 6. So,

18 the document here says that date, but then it becomes

19 negative 6 in the PDF, because the PDF will display plus

20 summer time, etc.

21 MR GUNNING: Dr Wright, the last time I looked, the time

22 zone difference in the Caribbean was minus 5 hours,

23 but ...

24 A. As I said, also Belize, other places. I did

25 South American and the others.

173: 1 Q. You had a sort of travelling time zone then, did you?

2 A. I did. I had dealings with a variety of

3 Central American and Caribbean areas. I still do.”

The second problem with Dr Wright’s evidence was that the supposed pdfcreationdate command to which he referred was not present in the White Paper LaTeX Files at all at the time of the Maths (OLD) project. It was introduced into the main.tex file in the Bitcoin project in two stages. On 22 November 2023 at 18:58 he entered a pdfcreationdate of 20241122010000: see row 746 of {L21/4}. He then changed the date to 22 November 2006: see row 755 of {L21/4} (where the characters “06” were added at character 5525). Finally, he replaced the then resulting characters “61122010000” with the characters “90324173315”: see row 769 of {L21/4}. As a result, when the White Paper LaTeX Files were produced to the Developers on 20 December 2023, they showed a pdfcreationdate of “20090324173315”: see {L21/9.1/4}.

The third problem with Dr Wright’s evidence was that the command to which he referred had been entered by him, but only 1 December 2023, as part of the adjustments that he continued to make to the White Paper LaTeX files. The change was made in two rows. First he entered 20090324173315: see row 953 of {L21/4}. He then added the –06:00 time zone at row 955 of {L21/4}. When confronted with these changes, Dr Wright denied them:

“173:19 Q. …..

20 And we know how you came to put this command into

21 the White Paper LaTeX files; it was something that you

22 did not do until 1 December 2023.

23 A. No, that's incorrect. I'd already demonstrated files

24 set in the future, set in the past, and I've done that

25 multiple times.

174: 1 Q. It's a matter of record. There is no PDF creation date

2 command in the Maths (OLD) project, right?

3 A. I've no idea.

4 Q. It's the PDF creation date that's entered in the Bitcoin

5 project up to 24 November is not the -- doesn't include

6 the time and time zone that you've provided there.

7 A. The one that I demonstrated when they were over at my

8 house in October had all this, and when I demonstrated,

9 I demonstrated how that worked.

10 Q. And we can see where it comes in by looking at

11 the chunks file and this command goes in on 1 December,

12 right?

13 A. No, you can see the demonstrations I did after they'd

14 already come out to my house.

15 Q. Dr Wright, we can take that up in closing, but you're

16 lying.

17 A. No, I'm not.”

The conclusion is inescapable in my judgment. Dr Wright was lying.

Text formatting

In his witness evidence Dr Wright had contended that the formatting of the spaces between words in the White Paper LaTeX Files was a form of digital watermark. He implied during his evidence on Day 5 that this was a form of steganography intended to mark him out as the author. If that had been so, it was a surprising oversight for Dr Wright to have omitted to mention the White Paper LaTeX Files in his evidence in Kleiman, McCormack, Granath or prior to October 2023 in this litigation.

Counsel for the Developers suggested that Dr Wright probably happened upon the idea of saying that his attempts to adjust the spacing between words in his White Paper LaTeX files was a digital watermark in the evening of 17 November 2023 after making all of his formatting changes and that he was probably inspired to promote that theory by the fact that his repeated entry of \; and spaceskip commands would otherwise be an obvious sign of forgery. At that point he chose to post mysterious references to watermarking on his Slack channel {M1/2/156}. The times are in EST. Dr Wright suggested that someone else posted this on his behalf, but could not name the culprit: {Day15/122-123}, and then when he had completed his work on the Maths (OLD) project he inserted two comments into BitcoinSN.tex referring to watermarking and steganography {see {L21/16.1/696} and {L21/16.1/698}.

In reality, Dr Wright’s changes to the spaces between words were attempts by him to replicate the spacing of the Bitcoin White Paper, which (as explained below) was a consequence of the justification of the text in OpenOffice 2.4.

An example of Dr Wright’s attempt to fiddle with the formatting was explored in cross-examination, it concerned his use of the spaceskip command ahead of the initial line of text in the abstract of the Bitcoin White Paper. That command was introduced by Dr Wright in Row 345 of Maths (OLD)_chunks {L21/5} and can be seen at {L21/29.1/4}: see the command “\spaceskip=0.3em plus 3.4em minus 0.10em”.

Mr Rosendahl explained that spaceskip is a somewhat arcane LaTeX command {Day5/139-140}. Dr Wright did not seem entirely clear what the figures in its syntax meant {Day15/131-133}. However, he confirmed that the first number represented the base spacing, the second number reflected the amount by which the base spacing could be stretched and the third number represented the amount by which it could be reduced {Day15/133:8-25}.

Having inserted the spaceskip command described above, Dr Wright spent a little over half an hour on 17 November 2023 adjusting its parameters to try to get the spacing of the first line of the abstract to fit. During the course of those changes, he changed the position of the line-break in the text at the end of the first line (as shown by the first purple bar below). The changes (which resulted in the command reading “\spaceskip=0.30em plus 2.0em minus 0.16em”) can be shown as follows {X/61}:

Dr Wright initially resisted looking at these changes on the footing that there were prior commands that needed to be considered with those changes, namely “\vspace{5.40mm}” and “\begin{adjustwidth}{13.48mm}{14.81mm}” {see Day15/136:3-14}. It is not clear why Dr Wright saw fit to mention those commands save for the purposes of distraction. Those commands did not change at all during the course of the changes to the spaceskip command shown above (as can be seen if one examines page 4 of each of the compilations at {L21/29.1/4} to {L21/90.1/4}). The former command had set the vertical space above the abstract. The second had set the width of the abstract.

Dr Wright then sought to suggest that the entire process of adjustment illustrated by the above was a demonstration:

“136:18 If we look at the spaceskip command here, we can see

19 you start off having it at 0.3em, right?

20 A. Like I said, I did a demonstration where I was going

21 through each of these settings to show how much it

22 changes.

23 Q. And you then increased it to 0.6em, right?

24 A. I did.

25 Q. And you then reduced it to 0.2em in a bit below that?

137: 1 A. Yes, the best way of demonstrating how it works is to

2 make a large change.

3 Q. Yes, but none of this is being done on one of your

4 demonstrations to Shoosmiths?

5 A. This was actually part of what I was documenting at the

6 time.

7 Q. How were you documenting it?

8 A. I had files.

9 Q. What files?

10 A. I had screenshots, etc, for some of the --

11 Q. Sorry, you were taking screenshots every time you made

12 a change to your Overleaf files?

13 A. Some of these, yes. Not every single time, but when

14 I was making differences. I also had other

15 conversations even before this. Shoosmiths were at my

16 house --

17 Q. I'm not interested in your discussions with Shoosmiths.

18 What I'm going to explore is how spaceskip changes and

19 we've seen how the first parameter changed, right?

20 A. Mm-hm.

21 Q. The second parameter was the max stretch that LaTeX

22 would permit to that base spacing, right?

23 A. Yes.

24 Q. And it started at 3.4?

25 A. Mm-hm.

138: 1 Q. And we can see you then reduced that in a number of

2 stages, right?

3 A. Yes, to demonstrate --

4 Q. A minor tweak upwards we can see at around 370 or 371?

5 A. It's a bit more than that. You'll notice that there are

6 three values. So it was demonstrating, like a three

7 body problem, just how difficult it is to actually find

8 something that matches. But you can't just, like you're

9 suggesting, go, "Oh, I'm going to guess a value" and

10 it's going to match --

11 Q. The third --

12 A. -- because if you do that it's going to be way, way out.

13 Q. The third parameter was the shrinkage parameter, right?

14 A. Mm-hm.

15 Q. And that's depicted in blue and it starts at 0.1, yes?

16 A. I'm not sure where it starts, but ...

17 Q. Well, it's -- take it from me, it's at 0.1.

18 A. Yeah.

19 Q. You then increased it to 0.3?

20 A. Mm-hm. Yeah.

21 Q. Before reducing it?

22 A. Yes.

23 Q. And then increasing it, before finalising it at 0.16?

24 A. Mm-hm.

25 Q. Now, so you had in fact at one point set the shrinkage

139: 1 to a level that was lower than the base spacing?

2 A. Yes.

3 Q. Which doesn't make any sense, does it?

4 A. That's the whole point. By doing this, I'm

5 demonstrating just how sort of many changes can occur

6 from a simple little tweak.

7 Q. You're not showing it to anybody, Dr Wright. We know

8 the times when you're showing it to Shoosmiths. This

9 can only be something that you're doing for yourself?

10 A. No, actually, it's not, because I also created documents

11 and I also documented the changes I was doing in what

12 they wanted.

13 Q. We're going to come to the documents that were produced,

14 but standing back from this, we don't see that you were

15 making adjustments to reintroduce known parameters from

16 the Bitcoin White Paper, do we? That's not what you're

17 doing?

18 A. No, I'm actually adjusting it to show how different it

19 can be.

20 Q. What you're doing is tweaking parameters to try to get

21 them to fit the layout of the Bitcoin White Paper,

22 aren't you?

23 A. No, actually, you wouldn't do that. And what

24 you're actually -- you're saying --

25 Q. It's not a question of what I would do --

140: 1 A. Well --

2 Q. -- that's what you did.

3 A. No, I demonstrated how these changes worked. Now, what

4 you're saying in the thing you said, it would be

5 ridiculous, and yes, I noted so how ridiculous some of

6 these things could end up and how different. You notice

7 some of them, the whole structure changes just by

8 a small change.”