# A Simple Bitcoin Demo in Python

## 1 Merkle Tree

In [1]:
import hashlib

def double_sha256(byts):
    '''Purpose SHA256 twice to the bytes.'''
    return hashlib.sha256(hashlib.sha256(byts).digest()).digest()

In [2]:
class MerkleTree:
    def __init__(self):
        self.txid_list = list()
        self.merkle_root = bytes()

    def make_merkle_tree(self, txid_list, is_sorted=True):
        '''Compute merkle root for the given list of TXIDs.'''
        if len(txid_list) == 0:
            raise ValueError("empty list")

        # Sort TXIDs (strings) in lexicographical order if not ordered
        if is_sorted:
            self.txid_list = txid_list
        else:
            self.txid_list = sorted(txid_list)

        # Compute merkle root row by row
        hashes = [s.encode() for s in self.txid_list]
        while len(hashes) > 1:
            if len(hashes) & 1:  # Number of hashes is odd
                hashes.append(hashes[-1])
            next_hashes = []
            for i in range(0, len(hashes), 2):
                next_hashes.append(hashes[i] + hashes[i+1])
            hashes = [double_sha256(s) for s in next_hashes]  # Hashes are bytes, not texts

        self.merkle_root = hashes[0]
        return self.merkle_root  # 32 bytes

## 2 Bitcoin Accounts

In [3]:
import ecdsa
from ecdsa import SigningKey, VerifyingKey, SECP256k1
import base58

class Account:
    pubkey_type = b'\x04'  # The identification byte 0x04 denotes uncompressed coordinates of public key
    
    def __init__(self, prikey=''):
        '''
        Create a Bitcoin account using the given private key.
        If private key not provided, generate a new one randomly.
        '''
        if prikey:
            self.private_key = prikey
            self.public_key = self.gen_pubkey_from_prikey(prikey)
        else:
            self.private_key, self.public_key = self.gen_keypair()
        
        self.public_key_hash = self.gen_public_key_hash(self.public_key)
        self.address = self.gen_address_from_pkh(self.public_key_hash)

    @staticmethod
    def gen_keypair():
        '''Generate a new pair of keys using SECP256k1 ECDSA.'''
        sk = SigningKey.generate(curve=SECP256k1) # Private key
        vk = sk.verifying_key                     # Public key (without prefix)
        return sk.to_string(), Account.pubkey_type + vk.to_string()
        
    @staticmethod
    def gen_pubkey_from_prikey(prikey):
        '''Compute public key from the given private key.'''
        sk = SigningKey.from_string(prikey, curve=SECP256k1)
        vk = sk.verifying_key
        return Account.pubkey_type + vk.to_string()

    @staticmethod
    def gen_public_key_hash(pubkey):
        '''Compute public key hash with "double hash".'''
        # Note that pubkey is already prefixed
        temp = hashlib.sha256(pubkey).digest()
        h = hashlib.new('ripemd160')
        h.update(temp)
        return h.digest()

    @staticmethod
    def gen_address_from_pkh(pubkeyhash):
        '''Compute base58check encoded address.'''
        # Base58check encode
        version_prefix = b'\x00'  # Version prefix of Bitcoin addresses is 0x00
        return base58.b58encode_check(version_prefix + pubkeyhash)

In [4]:
# Example from textbook
example_account = Account(bytes.fromhex("1E99423A4ED27608A15A2616A2B0E9E52CED330AC530EDCC32C8FFC6A526AEDD"))
print("Public key:", example_account.public_key.hex())
print("Address", example_account.address)

Public key: 04f028892bad7ed57d2fb57bf33081d5cfcf6f9ed3d3d7f159c2e2fff579dc341a07cf33da18bd734c600b96a72bbc4749d5141c90ec8ac328ae52ddfe2e505bdb
Address b'1424C2F4bC9JidNjjTUZCbUxv6Sa1Mt62x'


In [5]:
# Generate 100 Bitcoin accounts for testing
test_accounts = [Account() for i in range(100)]

## 3 Signature and Verification

In [6]:
test_message = b"blockchain-ss-2021"
print(test_message.hex())

626c6f636b636861696e2d73732d32303231


In [7]:
def sign(message, prikey):
    '''Sign a byte message using the private key.'''
    sk = SigningKey.from_string(prikey, curve=SECP256k1)
    return sk.sign(message)
    
def verify(message, signature, pubkey):
    '''
    Verify signature using the public key.
    Returns true if succeed. Otherwise raises errors.
    '''
    vk = VerifyingKey.from_string(pubkey, curve=SECP256k1)
    return vk.verify(signature, message)

In [8]:
fail_flag = False

for account in test_accounts:
    # Sign the message
    test_signature = sign(test_message, account.private_key)
    
    # Verify the signature
    try:
        verify(test_message, test_signature, account.public_key[1:])
    except ecdsa.BadSignatureError as e:
        print(e)
        fail_flag = True
        
if not fail_flag:
    print("All succeeded.")

All succeeded.


In [9]:
# A bad case
test_signature = sign(test_message, test_accounts[0].private_key)
temp = list(test_signature)
temp[-1] += 1  # Modifying one byte in the signature causes corruption
bad_signature = bytes(temp)

print("Correct signature:", test_signature.hex())
print("Corrupt signature:", bad_signature.hex())

try:
    verify(test_message, bad_signature, test_accounts[0].public_key)  # Will raise an error
except ecdsa.BadSignatureError as e:
    print("BadSignatureError:", e)

Correct signature: 811c638fb6c80f2c2cd810d66112bfb4a9da01a8715cc28a811febeadce8dafad9c94b776616b121abad2716952aee3c202089c467b89204232c89ec5cabc862
Corrupt signature: 811c638fb6c80f2c2cd810d66112bfb4a9da01a8715cc28a811febeadce8dafad9c94b776616b121abad2716952aee3c202089c467b89204232c89ec5cabc863
BadSignatureError: Signature verification failed


In [10]:
#  Correctness verification
# import pybtc
# a = pybtc.Address(address_type="P2PKH", compressed=False)
# Account(bytes.fromhex(a.private_key.hex)).address == a.address.encode()

## 4 Bitcoin Transactions

In [11]:
def int_to_varint(value: int) -> bytes:
    if value <= 0xfc:
        return value.to_bytes(1, 'little')
    elif value <= 0xffff:
        return b'\xfd' + value.to_bytes(2, 'little')
    elif value <= 0xffffffff:
        return b'\xfe' + value.to_bytes(4, 'little')
    else:
        return b'\xff' + value.to_bytes(8, 'little')

In [12]:
class ScriptPubKey:
    def __init__(self, pubkeyhash):
        self.public_key_hash = pubkeyhash
        self.before = b'\x76\xa9\x14' # OP_DUP OP_HASH160
        self.after = b'\x88\xac'      # OP_EQUALVERIFY OP_CHECKSIG
    
    def encode(self):
        return self.before + self.public_key_hash + self.after
    
class ScriptSig:
    def __init__(self, sig, pubkey):
        self.signature = sig
        self.public_key = pubkey
        self.sighash = b'\x01'  # SIGHASH_ALL
    
    def encode(self):
        raw = bytes()
        raw += int_to_varint(len(self.signature) + 1)
        raw += self.signature
        raw += self.sighash
        raw += int_to_varint(len(self.public_key))
        raw += self.public_key
        return raw

In [13]:
class Transaction:
    def __init__(self):
        self.version = 1   # 4 bytes
        self.vin = list()  # List of Transaction.Input
        self.vout = list() # List of Transaction.Output
        self.locktime = 0  # 4 bytes
    
    def encode(self):
        '''Serialize transaction data into bytes.'''
        tx_raw = bytes()
        tx_raw += self.version.to_bytes(4, 'little')
        tx_raw += int_to_varint(len(self.vin))
        for v in self.vin:
            tx_raw += v.encode()
        tx_raw += int_to_varint(len(self.vout))
        for v in self.vout:
            tx_raw += v.encode()
        tx_raw += self.locktime.to_bytes(4, 'little')
        return tx_raw

    def add_input(self, txid, vout, sig, pubkey):
        v = self.Input(txid, vout, sig, pubkey)
        self.vin.append(v)
        
    def add_output(self, value, pubkeyhash):
        v = self.Output(value, pubkeyhash)
        self.vout.append(v)
    
    # Below are inner classes
            
    class Output:
        def __init__(self, value, pubkeyhash):
            self.value = value  # 8 bytes, in satoshis
            self.script_pubkey = ScriptPubKey(pubkeyhash)
            
        def encode(self):
            locking_script = self.script_pubkey.encode()
            
            out_raw = bytes()
            out_raw += self.value.to_bytes(8, 'little')
            out_raw += int_to_varint(len(locking_script))  # Locking script size in bytes
            out_raw += locking_script
            return out_raw

    class Input:
        def __init__(self, txid, vout, sig, pubkey):
            assert len(txid) == 32
            self.txid = txid  # 32 bytes
            self.vout = vout  # 4 bytes
            self.script_sig = ScriptSig(sig, pubkey)
            self.sequence = 0xFFFFFFFF  # 4 bytes
            
        def encode(self):
            unlocking_script = self.script_sig.encode()
            
            in_raw = bytes()
            in_raw += self.txid[::-1]  # Reverse byte order
            in_raw += self.vout.to_bytes(4, 'little')
            in_raw += int_to_varint(len(unlocking_script))  # Unlocking script size in bytes
            in_raw += unlocking_script
            in_raw += self.sequence.to_bytes(4, 'little')
            return in_raw

In [14]:
tx = Transaction()
txid = bytes.fromhex("7957a35fe64f80d234d76d83a2a8f1a0d8149a41d81de548f0a65a8a999f6f18")
sig = bytes.fromhex("3045022100884d142d86652a3f47ba4746ec719bbfbd040a570b1deccbb6498c75c4ae24cb02204b9f039ff08df09cbe9f6addac960298cad530a863ea8f53982c09db8f6e3813")
pubkey = bytes.fromhex("0484ecc0d46f1918b30928fa0e4ed99f16a0fb4fde0735e7ade8416ab9fe423cc5412336376789d172787ec3457eee41c04f4938de5cc17b4a10fa336a8d752adf")
tx.add_input(txid, 0, sig, pubkey)
tx.add_output(1500000, bytes.fromhex("ab68025513c3dbd2f7b92a94e0581f5d50f654e7"))
tx.add_output(8450000, bytes.fromhex("7f9b1a7fb68d60c536c2fd8aeaa53a8f3cc025a8"))
tx.encode().hex()

'0100000001186f9f998a5aa6f048e51dd8419a14d8a0f1a8a2836dd734d2804fe65fa35779000000008b483045022100884d142d86652a3f47ba4746ec719bbfbd040a570b1deccbb6498c75c4ae24cb02204b9f039ff08df09cbe9f6addac960298cad530a863ea8f53982c09db8f6e381301410484ecc0d46f1918b30928fa0e4ed99f16a0fb4fde0735e7ade8416ab9fe423cc5412336376789d172787ec3457eee41c04f4938de5cc17b4a10fa336a8d752adfffffffff0260e31600000000001976a914ab68025513c3dbd2f7b92a94e0581f5d50f654e788acd0ef8000000000001976a9147f9b1a7fb68d60c536c2fd8aeaa53a8f3cc025a888ac00000000'

## 5 Bitcoin Blocks