Rather simple.
You start in reverse meaning instead of adding random public keys to the starting pubkey, you find the final key and then start working your way backwards by subtracting the pub key (of the private key you already have) from the starting public key (which you don't have the private key of).
If I substract this one with Satoshi's public key I'll get:
x: bd0b9e81abc8ed978bc0873b9b5d44e00e889983c60bb722354793df732cb849
y: 1ddce6233aea09569c65b37c2cf6e1dc6d8fb721de29c4abc1053c94c2801b28
(1LZtnC7Ck37V9uLGGXFmaVkeaLyzFLvf6W)
Thank you, I've calculated it with other examples and it works.
But that means, that we still don't have the private key for (1LZtnC7Ck37V9uLGGXFmaVkeaLyzFLvf6W) what we publish in the list. So we can say, that if you can sign with (1LZtnC7Ck37V9uLGGXFmaVkeaLyzFLvf6W) then you have the private key of Satoshi's key.