# Creating a Funding Transaction

In this section we'll create a Lightning Channel funding transaction from scratch in python. We'll go through each part of the transaction, how it's constructed, signed, and the message the peers exchange to send and get the needed information from each other to make it happen. We'll test it using bitcoin core in regtest mode.

## Prerequisite knowledge
- For all notebooks:
    - A high level understanding of the bitcoin. e.g. [Mastering Bitcoin](https://github.com/bitcoinbook/bitcoinbook) by Andreas Antonopoulos UTXO model, in particular [Chapter 6](https://github.com/bitcoinbook/bitcoinbook/blob/develop/ch06.asciidoc).
    - A high level understanding of the Lightning Network. e.g. [Mastering Lightning](https://github.com/bitcoinbook/bitcoinbook) TODO Get the chapter to point it here
    - A conceptual understanding of [hash functions](https://www.thesslstore.com/blog/what-is-a-hash-function-in-cryptography-a-beginners-guide).
    - [Hexadecimal notation](https://inst.eecs.berkeley.edu/~cs61bl/r//cur/bits/decimal-binary-hex.html?topic=lab28.topic&step=2&course=) and [endianness](https://www.freecodecamp.org/news/what-is-endianness-big-endian-vs-little-endian/).

- Specific to this notebook:
    - SHA256, HASH256, HASH160 - '[Hash Functions chapter](https://github.com/MPins/lightning-tx-tutorial/blob/main/appendix/hash-functions.ipynb)'
    - Bech32 addresses - '[Addresses chapter](https://github.com/MPins/lightning-tx-tutorial/blob/main/appendix/Addresses.ipynb)'
    - Bitcoin Script basics - '[Bitcoin Script chapter](https://github.com/MPins/lightning-tx-tutorial/blob/main/appendix/Bitcoin%20Script.ipynb)'
    - Lightning Network BOLT #2: '[Peer Protocol for Channel Management](https://github.com/lightning/bolts/blob/master/02-peer-protocol.md#channel-establishment-v1)'

## Channel Establishment v1

The Basis of Lightning Technology ([BOLT](https://github.com/lightning/bolts/blob/master/00-introduction.md)) defines two pathways to create a channel, lets focus on the legacy one because most of the channels are created using it, and lets the 'Channel Establishment v2' for the following notebook.

    +-----------+                              +---------+
    |           |--(1)---  open_channel  ----->|         |
    |           |<-(2)--  accept_channel  -----|         |
    |           |                              |         |
    |   Alice   |--(3)--  funding_created  --->|   Bob   |
    |           |<-(4)--  funding_signed  -----|         |
    |           |                              |         |
    |           |--(5)---  channel_ready  ---->|         |
    |           |<-(6)---  channel_ready  -----|         |
    +-----------+                              +---------+

    - where node Alice is 'funder' and node Bob is 'fundee'



Alice send the [`open_channel`](https://github.com/lightning/bolts/blob/master/02-peer-protocol.md#the-open_channel-message) message to Bob. This message define many channel operational criterias, here we are going to focus on the information that are used in the funding transaction:
* chain_hash - denotes the exact blockchain that the opened channel will reside within.
* funding_satoshis - is the amount the sender is putting into the channel
* funding_pubkey - is the public key in the 2-of-2 multisig script of the funding transaction output.


If Bob does not agree with the criterias sent into the `open_channel` message he send a [`error_message`](https://github.com/lightning/bolts/blob/master/01-messaging.md#the-error-and-warning-messages) back to Alice, otherwise he sends the [`accept_channel`](https://github.com/lightning/bolts/blob/master/02-peer-protocol.md#the-accept_channel-message) message, containing some operational criterias from your side, here we are going to focus on the information that are used in the funding transaction:
* funding_pubkey - is the public key in the 2-of-2 multisig script of the funding transaction output.

## The Funding Transaction

The funding transaction input could be one or more UTXOs from Alice (the funder) and the output arethea change to Alice and a P2WSH output (pay-to-witness-script-hash)<sup>[BIP141](https://github.com/bitcoin/bips/blob/master/bip-0141.mediawiki#witness-program)</sup> funding the channel, the order of the pubkeys on the output script is defined lexicographically, where pubkey1 is the lesser of the two funding_pubkey in compressed format and pubkey2 is the greater.

`2 <pubkey1> <pubkey2> 2 OP_CHECKMULTISIG`

## Setup 

### Requirements
For this exercise we'll need Bitcoin Core. This notebook has been tested with [v24.0.1](https://github.com/bitcoin/bitcoin/releases/tag/v24.0.1).

Below, set the paths for:
1. The bitcoin core functional test framework directory.
2. The directory containing lightning-tx-tutorial.

**You'll need to edit these next two lines for your local setup.**

In [2]:
path_to_bitcoin_functional_test = "/home/pins-dev/Projects/bitcoin/test/functional"
path_to_bitcoin_tx_tutorial = "/home/pins-dev/Projects/lightning-tx-tutorial"

import sys

# Add the functional test framework to our PATH
sys.path.insert(0, path_to_bitcoin_functional_test)
from test_framework.test_shell import TestShell

# Add the lightning-tx-tutorial functions to our PATH
sys.path.insert(0, path_to_bitcoin_tx_tutorial)
from functions import *

import json

### Create a P2WPKH UTXO

In order to have Alice as funder of a channel we are going to create P2WPKH UTXO. To do that, we'll define a private key for Alice node and use it to generate a pubkey, then convert the pubkey to a p2wpkh address, we do the same process to create a change address (when you are running a lightning node, you would use wallet commands to derive addressess to use).

In [3]:
alice_funding_secret = "alice_funding_secret"
alice_funding_privkey = sha256(bytes.fromhex(alice_funding_secret.encode("utf-8").hex()))
alice_funding_pubkey = privkey_to_pubkey(alice_funding_privkey)
alice_funding_address = pk_to_p2wpkh(alice_funding_pubkey, network = "regtest")
%store alice_funding_address
print (f"Alice's pubkey: {alice_funding_pubkey.hex()}")
print("Alice's funding p2wpkh address: " + alice_funding_address)
alice_change_secret = "alice_change_secret"
alice_change_privkey = sha256(bytes.fromhex(alice_change_secret.encode("utf-8").hex()))
alice_change_pubkey = privkey_to_pubkey(alice_change_privkey)
alice_change_address = pk_to_p2wpkh(alice_change_pubkey, network = "regtest")
print("Alice's change p2wpkh address: " + alice_change_address)

Stored 'alice_funding_address' (str)
Alice's pubkey: 037685b7e0a23a1b58540e6af6f60550e2ed6705e858817d92df23170a65e4a4c1
Alice's funding p2wpkh address: bcrt1qk7k7fzan0wfn6tf3y4vylujlvcrs2s5v4d2ngm
Alice's change p2wpkh address: bcrt1qhm34rrrhcntahx9cg8dzsgxeq9xymnkh8rgcrk


 Finally we send 0.201 BTC to the alice funding address.

In [4]:
node = setup_testshell()
txid_to_spend, index_to_spend = fund_address(node, alice_funding_address, 0.201)
print(f"txid: {txid_to_spend}, {index_to_spend}")

2024-12-29T22:36:46.078000Z TestFramework (INFO): PRNG seed is: 5842535605602723617
2024-12-29T22:36:46.081000Z TestFramework (INFO): Initializing test directory /tmp/bitcoin_func_test_0lghup4g
txid: fc7e042b1440f57759995b6215d0755355d055ac175573e865b5b550f9030236, 1


At this moment Alice would send Bob the `open_channel` message and Bob would answer with `accept_channel` message containing its pubkey.So lets' create below the Bob's pubkey.

In [5]:
bob_funding_secret = "bob_funding_secret"
bob_funding_privkey = sha256(bytes.fromhex(bob_funding_secret.encode("utf-8").hex()))
bob_funding_pubkey = privkey_to_pubkey(bob_funding_privkey)
print (f"Bob's pubkey: {bob_funding_pubkey.hex()}")

Bob's pubkey: 03e81dfa1a26011178a4c5e8a704e5909015a51558deb011c43d98fd94c63b1223


### Create the Channel P2WSH multisig script

In order to create the channel funding transaction, we are going to create the 2 of 2 multisig script.

For more on this step, review the 'Bitcoin Script' notebook.

In [6]:
# Compare the public keys lexicographically
if alice_funding_pubkey < bob_funding_pubkey:
    print(f"Alice pubkey is lexicographically lesser than Bob pubkey:\n{alice_funding_pubkey.hex()} < {bob_funding_pubkey.hex()}")
    pubkey1 = alice_funding_pubkey
    pubkey2 = bob_funding_pubkey
elif alice_funding_pubkey > bob_funding_pubkey:
    print(f"Alice pubkey is lexicographically greater than Bob pubkey:\n{alice_funding_pubkey.hex()} > {bob_funding_pubkey.hex()}")
    pubkey2 = alice_funding_pubkey
    pubkey1 = bob_funding_pubkey
else:
    print("Error: the public keys are equal.")

# Redeem Script: 2 <pubkey1> <pubkey2> 2 OP_CHECKMULTISIG
# "21" is the length of a 33 bytes (compressed) pubkey in hex notation
redeemScript = bytes.fromhex(
    "52" 
    + "21"
    + pubkey1.hex()
    + "21"
    + pubkey2.hex()
    + "52"
    + "ae")

print(f"Redeem Script:\n{redeemScript.hex()}")

Alice pubkey is lexicographically lesser than Bob pubkey:
037685b7e0a23a1b58540e6af6f60550e2ed6705e858817d92df23170a65e4a4c1 < 03e81dfa1a26011178a4c5e8a704e5909015a51558deb011c43d98fd94c63b1223
Redeem Script:
5221037685b7e0a23a1b58540e6af6f60550e2ed6705e858817d92df23170a65e4a4c12103e81dfa1a26011178a4c5e8a704e5909015a51558deb011c43d98fd94c63b122352ae


### Convert the Redeem Script to a P2WSH address

For more on this step, review the 'Addresses' notebook.

In [7]:
channel_address = script_to_p2wsh(redeemScript, "regtest")
print(channel_address)

bcrt1qg7zgfcvz9eneugzh9df8gc2wek3rfyf3t3vjuw06q8d7jtz7h5eqdjlj5l


### Create an unsigned channel funding transaction

The first thing we'll do is define the inputs and outputs of our funding transaction.

In [8]:
# Note we have already defined a few variables we need to create our transaction:
# The input utxo txid and index: `txid_to_spend` and `index_to_spend`
# The input private key and public key: `alice_funding_privkey` and `alice_funding_pubkey`

# Our outputs
# Determine our output scriptPubkeys and amounts (in satoshis)
# Output1 is the Alice Change P2WPKH
output1_value_sat = int(float("0.15") * 100000000)
pk_hash = hash160(alice_change_pubkey)
output1_spk = bytes.fromhex("0014") + pk_hash
# Output2 is the Channel P2WSH
output2_value_sat = int(float("0.05") * 100000000)
script_hash = hashlib.sha256(redeemScript).digest()
output2_spk = bytes.fromhex("0020") + script_hash
# The Alice UTXO was 0.201, we are leaving 0.001 as the fee of the funding trransaction

Now that we've defined everything we need, we can fill in the fields we need to create our unsigned transaction. What makes a transaction 'unsigned' is that the witness field is empty.

In [9]:
# VERSION
# version '2' indicates that we may use relative timelocks (BIP68)
version = bytes.fromhex("0200 0000")

# MARKER
marker = bytes.fromhex("00")

# FLAG
flag = bytes.fromhex("01")

# INPUTS
# We have just 1 input
input_count = bytes.fromhex("01")

# Convert txid and index to bytes (little endian)
txid = (bytes.fromhex(txid_to_spend))[::-1]
index = index_to_spend.to_bytes(4, byteorder="little", signed=False)

# For the unsigned transaction we use an empty scriptSig
scriptsig = bytes.fromhex("")

# use 0xffffffff unless you are using OP_CHECKSEQUENCEVERIFY, locktime, or rbf
sequence = bytes.fromhex("ffff ffff")

inputs = (
    txid
    + index
    + varint_len(scriptsig)
    + scriptsig
    + sequence
)

# OUTPUTS
# 0x02 for out two outputs
output_count = bytes.fromhex("02")

# OUTPUT 1 
output1_value = output1_value_sat.to_bytes(8, byteorder="little", signed=True)
# 'output1_spk' already defined at the start of the script

# OUTPUT 2
output2_value = output2_value_sat.to_bytes(8, byteorder="little", signed=True)
# 'output2_spk' already defined at the start of the script

outputs = (
    output1_value
    + varint_len(output1_spk)
    + output1_spk
    + output2_value
    + varint_len(output2_spk)
    + output2_spk
)

# LOCKTIME
locktime = bytes.fromhex("0000 0000")

unsigned_tx = (
    version
    + input_count
    + inputs
    + output_count
    + outputs
    + locktime
)

print("unsigned_tx: ", unsigned_tx.hex())



unsigned_tx:  0200000001360203f950b5b565e8735517ac55d0555375d015625b995977f540142b047efc0100000000ffffffff02c0e1e40000000000160014bee3518c77c4d7db98b841da2820d9014c4dced7404b4c0000000000220020478484e1822e679e20572b5274614ecda23491315c592e39fa01dbe92c5ebd3200000000


We can decode this raw transaction to inspect it and see that it has all the information we need apart from the segwit fields (version, marker, and witness).

In [10]:
decoded = node.decoderawtransaction(unsigned_tx.hex())
print(json.dumps(decoded, indent=2, default=str))

{
  "txid": "13abef16e9d699c0a397841071423f91b9d4b2bdfc17f056382305121deeff8d",
  "hash": "13abef16e9d699c0a397841071423f91b9d4b2bdfc17f056382305121deeff8d",
  "version": 2,
  "size": 125,
  "vsize": 125,
  "weight": 500,
  "locktime": 0,
  "vin": [
    {
      "txid": "fc7e042b1440f57759995b6215d0755355d055ac175573e865b5b550f9030236",
      "vout": 1,
      "scriptSig": {
        "asm": "",
        "hex": ""
      },
      "sequence": 4294967295
    }
  ],
  "vout": [
    {
      "value": "0.15000000",
      "n": 0,
      "scriptPubKey": {
        "asm": "0 bee3518c77c4d7db98b841da2820d9014c4dced7",
        "desc": "addr(bcrt1qhm34rrrhcntahx9cg8dzsgxeq9xymnkh8rgcrk)#va63jkv7",
        "hex": "0014bee3518c77c4d7db98b841da2820d9014c4dced7",
        "address": "bcrt1qhm34rrrhcntahx9cg8dzsgxeq9xymnkh8rgcrk",
        "type": "witness_v0_keyhash"
      }
    },
    {
      "value": "0.05000000",
      "n": 1,
      "scriptPubKey": {
        "asm": "0 478484e1822e679e20572b5274614ecda2349131

Segwit transactions have a signing scheme described in [BIP143](https://github.com/bitcoin/bips/blob/master/bip-0143.mediawiki)

In [11]:
pk_hash = hash160(alice_funding_pubkey)
scriptcode = bytes.fromhex("76a914" + pk_hash.hex() + "88ac")

input_amount_sat = int(0.201 * 100_000_000)
value = input_amount_sat.to_bytes(8, byteorder="little", signed=False)

hashPrevOuts = hash256(txid + index)
hashSequence = hash256(sequence)
hashOutputs = hash256(outputs)
sighash_type = bytes.fromhex("0100 0000") # SIGHASH_ALL

tx_digest_preimage = (
    version
    + hashPrevOuts
    + hashSequence
    + txid
    + index
    + varint_len(scriptcode)
    + scriptcode
    + value
    + sequence
    + hashOutputs
    + locktime
    + sighash_type
)
print(tx_digest_preimage.hex())

02000000c1fe6747822cbae058031cb2c6a9477b2ff1ff411af676f09c30e62801d017753bb13029ce7b1f559ef5e747fcac439f1455a2ec7c5f09b72290795e70665044360203f950b5b565e8735517ac55d0555375d015625b995977f540142b047efc010000001976a914b7ade48bb37b933d2d3125584ff25f660705428c88aca0b3320100000000ffffffff51866cfa9f65fdad1ed67d665903fa1d186e8408b49b05f10d00723c9904856e0000000001000000


Now we are ready to hash this transaction and produce an ecdsa signature on it.

Before hashing the transaction with hash256, we append the sighash flag. In this example we'll use the most commonly used SIGHASH_ALL flag, meaning the signature guarantees the input will only be used in a transaction with these exact inputs and outputs.

Note that when we append the sighash flag to the transaction, we use 4 bytes, however when we append the sighash flag to the end of the signature itself we only use 1 byte.

In [13]:
# Create sigHash to be signed
sighash = hash256(tx_digest_preimage)

# Sign the sigHash with the input private key
signing_key = ecdsa.SigningKey.from_string(alice_funding_privkey, curve=ecdsa.SECP256k1) 
signature = signing_key.sign_digest(sighash, sigencode=ecdsa.util.sigencode_der_canonize)

# Append SIGHASH_ALL to the signature
signature = signature + bytes.fromhex("01")

# Witness field
witness = (
    # indicate the number of stack items for the txin
    # 2 items for signature and pubkey
    bytes.fromhex("02")
    + varint_len(signature)
    + signature
    + varint_len(alice_funding_pubkey)
    + alice_funding_pubkey
)

# the final signed transaction
signed_tx = (
    version
    + marker
    + flag
    + input_count
    + inputs # scriptsig left empty as espcified on BIP
    + output_count
    + outputs
    + witness
    + locktime
)

print("signed transaction: ",signed_tx.hex())

%store signed_tx
import pickle
#pip install pickleshare

signed transaction:  02000000000101360203f950b5b565e8735517ac55d0555375d015625b995977f540142b047efc0100000000ffffffff02c0e1e40000000000160014bee3518c77c4d7db98b841da2820d9014c4dced7404b4c0000000000220020478484e1822e679e20572b5274614ecda23491315c592e39fa01dbe92c5ebd3202483045022100cb42d5c67022cc0f9a464bc73ef12af9993c849442a2c4b7083f00ca6e2bfc3b022037f55caebd8d0be7e496dc6f61cfc7a5be6a6f7c8299321549a34795a0ff95920121037685b7e0a23a1b58540e6af6f60550e2ed6705e858817d92df23170a65e4a4c100000000
Stored 'signed_tx' (bytes)


TypeError: cannot pickle '_thread.lock' object

### Broadcast the transaction

To see if the transaction would have been accepted, but without broadcasting it, we can use the testmempoolaccept command.

Alice should never broadcast this funding transaction before having its commitment transaction signed by Bob, otherwise she would have to trust Bob to unlock its funds from the multisig address. So let's got to the next [notebook](https://github.com/MPins/lightning-tx-tutorial/blob/master/Chapter%202%20-%20Commitment%20Transactions/Alice%20Commitment%20Transaction.ipynb) to see a commitment transaction construction in detail.

In [13]:
result = node.testmempoolaccept(rawtxs=[signed_tx.hex()])
print(result)

[{'txid': '4b691c951a383a808aa836cbb4d03d6b1e1ba77370aea5613c16a4485ab17f61', 'wtxid': '77e88da4b08ea6be6db3ca5f803a585c20ca6719ab14ac165fbad31681cb3e01', 'allowed': True, 'vsize': 153, 'fees': {'base': Decimal('0.00100000'), 'effective-feerate': Decimal('0.00653594'), 'effective-includes': ['77e88da4b08ea6be6db3ca5f803a585c20ca6719ab14ac165fbad31681cb3e01']}}]
