The Tulip Trust is fake.
Sep 5, 2019 · 5 min readHere are 3 reasons why.
Craig Wright’s story involves a Trust document between himself and David Kleiman created in June, 2011. This Trust was supposedly superseded by more formal Trusts, but this article will only focus on this first Trust document. This original Tulip Trust has recently been defended by Eli Afram as not sufficiently proven to be a fake. I will show that it is undeniably a fake, and Afram is either complicit in the lie or just a willing pawn.
The original documents are available at this link. The file called “requested_attached..rar” contains the same .msg file submitted by Wright’s team as part of discovery. That file includes three attachments: the original Tulip Trust PDF (Tulip Trust.pdf), a PGP signature for that file (Tulip Trust.pdf.asc) and a PGP-encrypted .tar file (Tulip Trust.pdf.tar.asc). The PDF’s signature correctly validates the PDF file against “David A Kleiman”’s public key. While there are no obvious errors with dates and times, there are several undeniable mistakes that prove this is a forgery.
The Tulip Trust PDF was actually signed by “David A Kleiman”’s PGP key, but not actually in 2011.Reason Number 1: the GnuPG version headers indicate the document was signed after 2013
Dr. Matthew Edman described how the GnuPG software would include the full version number during the time period when the Tulip Trust was supposedly signed. For example: “Version: GnuPG v2.0.22”
The change to emit only the major version was made in late November, 2013, and released in mid-2014.
Change to only emit major version (eg — Version: GnuPG v2)The armor version in both .asc files contains only the major version.
GnuPG v2 would have been emitted after late 2013While the version number itself is not signed, it is unbelievable that someone would manually edit the number to remove the minor version. This shows that the signature was not actually made until at least late 2013, and the key did not belong to David Kleiman.
Reason Number 2: three of the PGP keys referenced in the Trust document are backdated
Wright’s keys were not updated.This argument has been around for a while. However, the rebuttal given by Craig Wright has been thoroughly debunked. In a nutshell, the evidence is that the keys referenced in the Tulip Trust have certain algorithms in a certain order that were incredibly unlikely to have been present at the time they were created. Wright’s paper argued that the keys could have been updated at a later time. However, updating a PGP key to include a different set of those algorithms would re-sign the key, and update the timestamp to match when they were updated and re-signed. This did not happen with Wright’s key, so we know they were not updated. They were just backdated to 2008.
Additionally, Wright’s key includes a signed User ID Packet:
Email with domain integyrs.com supposedly signed in January 2008.The signature was supposedly created on January 17, 2008 using an email address of [email protected].
However, the domain integyrs.com did not exist until April 26, 2009.
