Keys ≠ Identity
In mathematics and logic, there are many functions that act only one-way. Bitcoin is based on many such functions. For instance, a cryptographically secure hash function, based on an indexed value that is returned from the hash function yet cannot be linked the other way, enables an individual to verify the existence of some data. In doing so, we demonstrate knowledge of some informational secret, through an algorithmic process.
For a digital signature, the mere use of an algorithm is insufficient. Even now, many misunderstandings surrounding the construction of electronic signatures continue to confound people. In the UK, electronic signature laws were introduced in 2002 , providing some level of clarity. Such regulations have been further clarified with the introduction of new laws in 2016 , that were designed to update and enhance the ones previously issued.
Throughout the time, people within the ‘cryptocurrency community’ have failed to understand the requirements associated with digital signatures. Like many parts of Bitcoin, digital signatures present a one-way function. You cannot attribute identity because of a key. Advanced electronic signatures require that identity be verified and stored prior to the use of a key. They are not transferable. The ill-formed attempt at creating the Silk Road ‘Dread Pirate Roberts’ defence failed because those involved did not understand some very simple concepts. Your keys in Bitcoin do not provide proof of ownership or identity. At best, keys may be associated with possession. In the realm of English law, there are many laws associated with the subject of possession, but possession, contrary to popular dogma, is not the same as ownership, and it does not guarantee an individual’s identity.
Why Do Signatures Exist?
Electronic signature legislation has been created to enable a means for people to easily provide authenticity of the person using a signature algorithm. In some cases, they can provide evidence of integrity around the exchange of data or messages.
Chris Reed  describes the nature of a signature along the lines of the case of Goodman v. J. Eban Limited . Here, the use of a rubber stamp by a solicitor was considered sufficient as the solicitor had the intention of authenticating the document as his own. What is being ignored in discussions around ‘cryptocurrency’ is the fact that the mere use of a digital signature algorithm does not create a signature. As with Goodman v. J. Eban Limited, it is clear that a signature does not need to be in the form of a natural person, but it is required that the signature links to the person’s identity in some manner .
It is not necessary for a signature to reference the name of an individual . As in Morton v. Copeland (1855) , a signature is not the writing of a person’s Christian name and surname but some mark which identifies it as resulting from the act of the party. For a digital signature algorithm to link the key to an individual and hence the act, there needs to be some way to register and control the signature key. Where such is not the case, it is not possible to say that the individual engaged in the act, and some other extrinsic evidence would need to be provided. Such evidence is not evidence of possessing a key at a later point in time, but it is the ability to introduce extrinsic evidence that proves the control of the key at the time the signature was reportedly made.
As explained by Reed , for it to be valid, it is necessary to, in accordance with the time of signing, evidence aspects of a digital signature including:
- the identity of the signatory;
- an intention to sign; and
- an intention to adopt a document.
The consequence here is that a signature cannot be completely anonymous. Yet, it does not preclude pseudonymous exchange. More importantly, many exchanges occur under the limit  for requiring the use of a signature. Extrinsic evidence linked to identity may of course be used in attributing a digital signature key to an individual .
Such extrinsic evidence would not be valid unless it could be demonstrated that it was available at the time of signing. For instance, if Alice owned a digital signature key between 2010 and 2017 and then sold it or otherwise gave it to Bob in 2018, and he maintained it from that point on, Bob would not be able to use the signature key to authenticate a transaction prior to his receiving it.
Such aspects of the law are erroneously used by those seeking to say that a digital signature key can disapprove an individual’s identity. The argument was used by Mr Antonopoulos as a proposed defence in the Silk Road case, saying that the keys had been transferred. But it missed the necessity of extrinsic evidence supporting the claim. If Mr Ross Ulbricht wished to use such a claim, it would require him to provide extrinsic evidence of the other person’s identity and the exchange of keys. In other words, the Dread Pirate Roberts defence would require evidence that would be adduced through the accused proving that he was not the holder of the keys. It is a difficult barrier to cross in the Silk Road case.
In his case, Ross Ulbricht would have needed to find another individual, one who could act as a signatory from the initiation of the use of the original keys. He would then need to prove that the same individual had never provided copies of the keys to him before the later date, which he argued was when he purchased the site.
If we take the hypothesis and assume that there is extrinsic evidence of Alice having keys to Silk Road in 2010, it still does not preclude Ross from having the same keys. Alice would need to provide evidence that she had sole control, that Ross could not have had control of the keys. There are technical solutions that would allow such evidence. There are hardware solutions that do not allow keys to be removed from a device. If Alice could provide evidence detailing her control of such a hardware device and that she maintained control of the device for the entire time, up until she gave it to Ross, it would be good evidence that a key was not under his control at any point. Yet, no such evidence exists. It doesn’t exist because their fanciful tale was mere puffery, in a vain attempt to get out of a criminal conviction.
The Crux of the Argument
The mistake that many people make is to assume that, because a digital signature algorithm may be used to validate and authenticate a document, a key may be used to authenticate an identity. Such scenarios present distinct and different outcomes. For a digital signature algorithm to validate a document, the key must necessarily be maintained securely.
In Lemayne v. Stanley , it was held that a seal, which is what a digital signature on a document is, may be used as a signature—which is not always the case :
“For anyone may put a seal; no particular evidence arises from that seal: common seals are alike, and one man’s may be like another’s; no certainty or guard therefor arises from thence.” 
Where an individual seeks to say that a digital signature key was compromised, they would be required to provide evidence of such a compromise. Cryptography does not remove the legal ability to repudiate a document; it merely changes the nature of evidence that must be provided. It is a key aspect that is misunderstood by many cryptographers. There is no algorithm that will allow you to remove repudiation, and hence there is no system for non-repudiation that can ever be created. If you understand the legal bounds of and evidential requirements for repudiation, you will understand that it is not an issue of technology.
It is possible, within Bitcoin, to link and authenticate a key in accordance with a hierarchy of keys. It allows for the ability to digitally sign a document when required, coupled with the ability to maintain privacy—even on an open and public ledger. Some of the patent innovations  we have filed for and that have been granted with nChain provide such an ability.
As explained, the flaw in understanding digital signatures and advanced electronic signatures, as can be implemented using Bitcoin, is exposed by understanding that keys do not provide an individual’s identity, or that they do not prove ownership. A key can be used as evidence, but it is not sufficient in many cases to offer proof without additional evidence. In the case of a transfer of electronic coins (bitcoin), a transaction for a small amount of money in the order of less than £500 would not require additional evidence. It is very unlikely that anyone would take things to court based merely on one such transaction. For an amount over £500, on the other hand, the necessity to provide further evidence may be a requirement. In some US states, the sale of personal property goods and items requires documentation for any exchange of value of over US$5,000. Know your customer (KYC), customer due diligence (CDD), and anti-money laundering (AML) rules also apply.
The Key to Identity
You do not own your bitcoin because you have a key. Just as you do not own the money in your bank account because you have a password. You own bitcoin when you have validly obtained it. The laws of property and exchange are not new. The mere possession of a key does not give ownership. In the same way that having a copy of a house key does not provide you with ownership of a house, a key does not provide you with ownership of bitcoin.
It needs to be remembered: Bitcoin is not encrypted. There is no encryption in the Bitcoin blockchain. All transactions are made in the form of clear text. You can change transactions in databases, and the same can be done on Bitcoin. It is not achieved by changing the blockchain, but by changing the pointers. It is common practice to do so, and anyone who understands accounting will know that it is best practice when updating records. It mirrors the process used in correcting paper ledgers. You do not change all of the ledgers; you add an erratum entry.
The mere possession of a key will never in itself be evidence of identity or ownership. When we are talking about small amounts of bitcoin, amounts that are used in normal commercial activities, possession outside of other evidence will be sufficient. When seeking to prove contracts, the identity of individuals, and other aspects of commerce, the possession of a key is insufficient to act as evidence alone.
In public key infrastructure (PKI), the use of certification authorities links keys to individuals’ identities. Bitcoin does not remove the need to link their identities in large transactions. As I have explained before, individuals’ identities are firewalled from the blockchain. The model does not mean that an individual’s identity is not required, but rather that it can be isolated and, using deterministic key structures, provided in a manner that maintains privacy.
References and Notes
 Electronic Signatures Regulations 2002/318.
 Revoked by Electronic Identification and Trust Services for Electronic Transactions Regulations 2016/696 Pt 3 reg.4(1) (July 22, 2016: revocation has effect subject to transitional provisions specified in SI 2016/696 reg.4(2))
 Reed, C.: What is a Signature? 2000 (3). The Journal of Information, Law and Technology (JILT). <http://elj.warwick.ac.uk/jilt/00-3/reed.html/>. New citation as at 1/1/04: http://www2.warwick.ac.uk/fac/soc/law/elj/jilt/2000_3/reed/, last accessed 2020/08/07.
  1 QB 550.
 Reed (2000); Redding, in re (1850) 14 Jur 1052, 2 Rob. Ecc. 339, where the testator executed a will in the assumed name of the man with whom she was cohabiting and two years later erased that signature and re-signed in her real name. The court held that probate could be granted in the first name because the second signature, while not itself valid as execution, was not intended to revoke the will but merely to clarify her identity. See also Hill v. Hill  Ch 231 (initials); Cook, In the Estate of (Deceased). Murison v. Cook and Another  1 All ER 689 (holograph will validly signed ‘your loving mother’); Rhodes v. Peterson (1972) SLT 98 (‘Mum’ a valid signature under Scots law).
 Baker v. Dening (1838) 8 A&E 94.
 Morton v. Copeland (1855) 16 CB 517, 535 per Maule J.
 The Statute of Frauds (1677) remains in effect in many common law countries. The Act requires that certain exchanges, such as contracts over a defined amount of money, are done in writing and with a valid signature. https://www.legislation.gov.uk/aep/Cha2/29/3/contents, last accessed 2020/08/07.
 See Baker v. Dening (1838) 8 A&E 94; Field, in re 3 Curt 752; Clarke, in re 27 LJPM&A 18; Redding, in re (1850) 14 Jur 1052, 2 Rob. Ecc. 339; Hill v. Hill  Ch 231; Cook, in the Estate of (Deceased). Murison v. Cook and Another  1 All ER 689.
 (1681) 3 Lev. 1 per North, Wyndham and Charlton JJ.
 Per Reed (2000); Grayson v. Atkinson (1752) 2 Ves. Sen. 454, 459 per Hardwicke LC, reversing his previous opinion in Gryle v. Gryle (1741) 2 Atk. 176. See also Smith v. Evans (1754) 1 Wils. 313; Ellis v. Smith (1754) 1 Ves. Jun. 11 at p. 13 per Willes CJ and p. 15 per Sir John Strange MR.
 Gryle v. Gryle (1741) 2 Atk. 176; see also Wright v. Wakeford (1811) 17 Ves. Jun. 454.
 Wright, C. S. Savanah, S.: Personal Device Security Using Elliptic Curve Cryptography for Secret Sharing. International Patent Application Number: EP3257006 (B1). WIPO. 2018/10/03. Espacenet Homepage, https://worldwide.espacenet.com/patent/search?q=pn%3DSG11201806702XA; https://patentimages.storage.googleapis.com/4c/c5/d2/48ad44c210de89/EP3257006B1.pdf, last accessed 2020/08/07.