COPA submitted that Mr Gao’s articles and posts demonstrate an extraordinary lack of independence and objectivity, citing the following examples. In his recent self-published book, he treats Dr Wright as a messianic figure, misunderstood by the world {L20/121/67}:

“Being the world’s most highly certificated cybersecurity expert, Wright knew how to secure the system.

Having a Master of Laws, Wright understood how the system he created would interact with real society, including the legal and political systems.

It all bears the marks of a deliberate Divine preparation for this creation, for where in the world can you find another person with all these necessary qualifications?”

In his blog posts and articles, Mr Gao committed his personal credibility to the position that Dr Wright is Satoshi Nakamoto and made clear his strong desire to see Dr Wright prevail in this litigation. Under cross-examination, he admitted that attitude {Day18/67:10}:

Q. And you were saying that you cared that Dr Wright should win, didn't you?

A. Yeah, because the result would affect the kind of Bitcoin I believe should be advanced.

Mr Gao also accepted that he had staked his personal reputation on the case {Day18/74:16}:

Q. But through these articles, and through your book, you have staked your personal credibility on this position, haven't you?

A. Yes.

His lack of independence extended to a personal hostility to COPA, claiming that its approach in these proceedings is to trick the court {{Day18/66:10} and blog at {L19/264/1}}, and disputing its stated motivation for bringing this claim. Finally, and tellingly, he maintained in that there was no error of judgment in him continuing to post such articles after he had been instructed as an expert, and even in the run-up to trial {Day18/75:20}.

I agree that certain aspects of Mr Gao’s report lacked independence and objectivity and, in view of his publicly stated view of Dr Wright, I would be very cautious about relying on any of his evidence which conflicted with that given by Professor Meiklejohn. However, on the important matters – the signing sessions and the technical aspects of cryptographic proof, he did not dispute Professor Meiklejohn’s evidence.

However, COPA submitted that one feature of his evidence demonstrated his lack of independence. This was where he attempted to make arguments about the meaning of the Sartre blog post. While accepting that it was not the cryptographic proof which Dr Wright’s backers, the journalists, Mr Andresen and Mr Matonis expected it to be, Mr Gao sought to argue that it was apparent from the words of the post that it was not offering such proof. Since the matters of technical content are not in dispute, the meaning of the blog post is not a matter for expert evidence. So I give no weight at all to Mr Gao’s efforts to argue for a particular interpretation of the post.

Notwithstanding the trenchant attack on Mr Gao’s independence, I am not sure his lack of independence really affected anything I have to decide. As COPA submitted, during his cross-examination Mr Gao accepted the following points (which were all the points which COPA needed):

294.1.

All that is needed for a digital signature to be verifiable and avoid a replay attack is that the verifier has ensured that a known, new message is being used. It does not improve security for the person signing to add anything to the message {Day18/5:17}. So, there was no good reason for Dr Wright to add “CSW” to the message chosen by Mr Andresen in the signing session with him.

294.2.

All that is required for a simple and subversion-proof signing session is for someone to sign a new message (chosen by the verifier), and send the signature or put it onto a USB and hand that over. The verifier can then run verification software against the relevant public key and the known message on their own computer, even without connecting to the internet. This could be done in a matter of minutes {Day18/7:13} - {Day18/9:24}.

294.3.

A public proof of possession of a private key may be given by signing an obviously new message with the key and publishing the digital signature. Anyone can then verify the signature for themselves. There is no risk of the private key being compromised (i.e. found out) by this process {Day18/11:3} - {Day18/12:1}.

294.4.

There were straightforward means for all the signing sessions to be spoofed, including both with the journalists, the one with Mr Matonis and the one with Mr Andresen. Moreover, this could have been done in such a way that no clear warning was visible – see the whole section at {Day18/17:3} - {Day18/33:1} – regarding Mr Gao’s agreement with the technical steps set out in Ms Meiklejohn’s evidence about how the signing sessions could be subverted.

294.5.

It was not necessary to spend the time and effort to download the Bitcoin Core software or the entire blockchain in order to conduct the signing sessions, and doing so did not confer any benefit in terms of security or preventing subversion {Day18/38:6} - {Day18/41:8}.

294.6.

The Sartre blog was “clearly not a genuine proof” of possession of any private key {Day18/45:4}.