# DS 453 / 653 Spring 2024: Project 1

---

_You must follow the Academic Code of Conduct and Collaboration Policy stated in the course syllabus at all times while working on this project._

This Jupyter notebook file explains the tasks that you must complete for Project 1. You must submit your final project on [Gradescope](https://www.gradescope.com/courses/497424). You have two opportunities to submit the project:

- The first submission date is Thursday, March 21 at 8pm. You __must__ complete Parts 1-3 by then to receive credit for the project! You can complete Parts 4-5 as well, or it's okay if those are still a work in progress. We will review your work and tell you whether you have passed, or otherwise what is needed to reach a passing grade.
- The second submission date is Thursday, March 28 at 8pm. You must complete the entire project by this time.

## Project Overview

In this project, you will explore how to use the Bitcoin blockchain. More precisely, you will use an alternative blockchain called "testnet." This blockchain acts like the real Bitcoin blockchain and uses nearly-identical code, except it is just for testing purposes and the coins don't "count" as real money.

There are five parts to this assignment:

1. Receive money on Bitcoin testnet.
2. Send money to yourself on testnet.
3. Send money to your classmates on testnet.
4. Trace the transactions between your classmates on testnet.
5. Return your coins.

I imagine that the bulk of the work will be in Parts 3 and 4. Because Part 4 relies on Part 3 being completed, the first three parts must be done by the first submission date of March 21.

An important warning before we continue:
> This assignment involves creating secret and public keys for Bitcoin testnet wallets. If you happen to own any cryptocurrency, do NOT use any of those keys in this project! (And also, don't reuse any keys generated here for any other purpose after the project is over.)

In [1]:
# Execute this code block only if you are using Google Colab.
# Otherwise, run the commands locally on your own computer.

!pip install "cryptos @ git+https://github.com/nicolas3355/cryptos"
!pip install pycryptodome

Collecting cryptos@ git+https://github.com/nicolas3355/cryptos
  Cloning https://github.com/nicolas3355/cryptos to /private/var/folders/xs/jd50wml538gbmgccpcd6l9400000gn/T/pip-install-hfn26dg7/cryptos_d8831b133b6f4450b5df6da16322c08a
  Running command git clone --filter=blob:none --quiet https://github.com/nicolas3355/cryptos /private/var/folders/xs/jd50wml538gbmgccpcd6l9400000gn/T/pip-install-hfn26dg7/cryptos_d8831b133b6f4450b5df6da16322c08a
  Resolved https://github.com/nicolas3355/cryptos to commit 5dd9df1049a8e2ba5b2ec7cc0067a4ed8e875fd1
  Installing build dependencies ... [?25ldone
[?25h  Getting requirements to build wheel ... [?25ldone
[?25h  Installing backend dependencies ... [?25ldone
[?25h  Preparing metadata (pyproject.toml) ... [?25ldone


## Part 1: Receiving money on Bitcoin testnet

In this part of the project, you will create a cryptocurrency wallet and receive some coins.

Because real Bitcoins are expensive, in this task we will use the Bitcoin testnet instead. Testnet is a blockchain that uses all the real code of Bitcoin -- there are clients and nodes that have accounts and post transactions, and also miners who create blocks. There's just one big difference: the money doesn't count.


### Task 1.1: Create a Bitcoin testnet address

Execute the code below to generate a secret/public key pair for testnet.

> __Make sure that you only execute this block of code once!__ In fact, I recommend that you comment out this block after you have executed it, just to be sure that you do not execute it ever again. If you lose your secret key, _you won't be able to complete future steps and you will have to start over_.

In [2]:
# Execute this cell block ONLY ONCE! (and do not modify it)

from cryptos.keys import gen_secret_key, PublicKey
from cryptos.bitcoin import BITCOIN

'''
# generate a random secret/public key pair
secret_key = gen_secret_key(BITCOIN.gen.n)
public_key = PublicKey.from_sk(secret_key)
public_key_address = public_key.address('test', False)

# print the secret key, as an integer
print("Secret key:", secret_key)

# print the address
print("Address:", public_key_address)
'''

'\n# generate a random secret/public key pair\nsecret_key = gen_secret_key(BITCOIN.gen.n)\npublic_key = PublicKey.from_sk(secret_key)\npublic_key_address = public_key.address(\'test\', False)\n\n# print the secret key, as an integer\nprint("Secret key:", secret_key)\n\n# print the address\nprint("Address:", public_key_address)\n'

To be extra cautious that you don't forget your Bitcoin secret key, copy/paste it into the code block below. This way, if you accidentally re-run the previous code block or otherwise overwrite the `secret_key` variable, this code block will always allow you to get it back.

In [3]:
secret_key = 96148745860446627286535860544817502162398117326291229685907528802141967393707
public_key = PublicKey.from_sk(secret_key)
address = public_key.address('test', False)
pk_hashed = public_key.encode(False, hash160=True)

# print the address
print("Address:", address)
print("Public key:", public_key)
print("Publick key hashed:", pk_hashed)

Address: mviCqexZfnJCUjthKwgA4k2XmT1SJvMT3m
Public key: PublicKey(curve=Curve(p=115792089237316195423570985008687907853269984665640564039457584007908834671663, a=0, b=7), x=17596274686439945714674871081633272133841813317585565193384328463228769667876, y=33903956225630293349420010859036365225988929260490925309071578759832466052417)
Publick key hashed: b'\xa6\xaa\x9a\x90U\xc3\xf7\xd10\x99\xa2\xf4k^ra\xaf\xff[,'


Do not proceed further until you have stored your Bitcoin secret key!! You can even save a backup copy of it as a file on your computer somewhere else, if you want.

Whereas the secret key must be kept secret, the `address` is something you can share freely with anyone so that they can send you coins. Next, we'll see how that works.

### Task 1.2: Receive coins

On testnet, there are services called _faucets_ that will give you testnet-Bitcoins (written as tBTC) for free.

Here's how to receive tBTC:

1. Visit the website https://coinfaucet.eu/en/btc-testnet/.

2. Submit your testnet address to the website. The address is a hash of your public key. (Remember: _do not send your secret key_! Never send your secret key to anyone.)

3. Write down the following pieces of information from the confirmation page.

In [4]:
# Write down how many testnet-Bitcoins you received. It should be a fraction of a coin,
# data type: floating point number, written to 8 digits of precision

tBTC_received = 0.00038043

# Write down the address where you can send back the testnet coins once you are finished with them
# Most likely, you should only need to uncomment the address shown below
return_address = 'tb1qerzrlxcfu24davlur5sqmgzzgsal6wusda40er'

# converting from tBTC to Satoshis, which are the smallest unit of money within Bitcoin
# in other words, multiply by 10^8
# data type: integer
sat_received = int(tBTC_received * 100000000)
sat_received

38043

### Task 1.3: Find your coins

On testnet, a block gets mined every 10 minutes on average.  Check that a transaction has been mined (or is still in mempool waiting to be picked up by a miner) by visiting https://mempool.space/testnet/mempool-block/0 and searching for your address. Remember: only copy/paste your public address into mempool; never share your secret key with anyone!

At first you will see that the confirmation is unconfirmed but soon it will get picked up by a miner. Your address should be recorded in 1 transaction, where you received some coins from the faucet. Click on the link to explore that transaction in more detail.

Copy the transaction hash (as a hex string) below. For example if your transaction was https://mempool.space/testnet/tx/5c8288498b29d8b6208f924bafddaa5794549cb2d33e084994708c58e52d62e0 then your transaction hash would be 5c8288498b29d8b6208f924bafddaa5794549cb2d33e084994708c58e52d62e0.

In [5]:
# transaction hash, corresponding to the transaction that sent money into your address
# data type: hex string
transaction_hash = '99ec41b6b85890522df9ce2e0765e302201d2ab828dd7bb97f066c12ea17560a'

Next, click on the "details" button next to "Inputs & Outputs." Your transaction is likely to have one input account and two outputs.

- The input account is owned by the faucet.
- One of the two outputs belongs to the faucet. The other one, if you've done the above steps correctly, should belong to you!

The two output scripts both have the following format.

    OP_DUP
    OP_HASH160
    OP_PUSHBYTES_20 [hashed-public-key]
    OP_EQUALVERIFY
    OP_CHECKSIG

Run the code below to check that your public key is included in one of the locked output scripts. Your bitcoin address is just the hash of your public key, but using a hash function called `Hash160` rather than the `SHA-256` function we have discussed so far in class.

In [6]:
# Do NOT modify this code block!

from cryptos.keys import b58decode, b58encode
from cryptos.sha256 import sha256
from binascii import hexlify

print("OP_DUP")
print("OP_HASH160")
print("OP_PUSHBYTES_20 " + hexlify(pk_hashed).decode("ascii"))
print("OP_EQUALVERIFY")
print("OP_CHECKSIG")

OP_DUP
OP_HASH160
OP_PUSHBYTES_20 a6aa9a9055c3f7d13099a2f46b5e7261afff5b2c
OP_EQUALVERIFY
OP_CHECKSIG


Which output is the one corresponding to your address? Write down the index, starting at 0. That is, consider the top output to be index 0, the one after that to be index 1, and so forth.

In [7]:
# write down the index corresponding to the script that you own
# data type: integer
script_index = 1

The script above says that:

> Whoever can provide (1) a public key that hashes to the specified hash digest and (2) a valid digital signature corresponding to this public key has the right to transfer these coins somewhere else.

Because you know the secret key, you can unlock this script and spend its coins!

_Just to confirm: you did keep your secret key safe, right? Remember that you will need it for the rest of this project, because only that gives you the power to send coins. If you lose your secret key, you will have to start the project over again. You don't want that._

## Part 2: Send money to yourself

In this part of the project, you will post a transaction to the testnet blockchain to send some of your coins to the instructor, and keep the rest of the coins for yourself.

### Task 2.1: Create a transaction

In this step, you are going to send some of your tBTC coins to the instructors. Our address is "mvvssVimoMGdJ2fExKvH1ydjqRQLdbswQe"

Please read and understand the code block below, and then execute it. It will produce a script to send 100 Satoshi to the instructors (you can change this amount if you wish), 300 Satoshi as a fee to the miner who puts this transaction into the block, and the remaining money back to yourself.

In [8]:
# Execute, but do NOT modify this code block!

from cryptos.transaction import Tx, TxIn, TxOut, Script, OP_CODE_NAMES
from cryptos.ecdsa import sign, verify, Signature
from binascii import hexlify

# first, let's specify the input to the transaction
# this will tell the Bitcoin network where you received the money that you are now spending
in_pkb_hash = hexlify(pk_hashed).decode("ascii")

tx_in = TxIn(
    net = "test",                              # specifying that the network is ran on testnet
    prev_tx = bytes.fromhex(transaction_hash), # transaction in which you received the coins
    prev_index = script_index,                 # index within the transaction where you received coins
    script_sig = None,                         # this field will have the digital signature, to be inserted later
)
tx_in.rev_tx_script_pubkey = Script([118, 169, in_pkb_hash, 136, 172]) # writing the script that you are going to unlock

# transaction output 1: send money to the instructors
# this is the pk_hashed for the instructors' Bitcoin testnet wallet, corresponding to our address mvvssVimoMGdJ2fExKvH1ydjqRQLdbswQe
out1_pkb_hash = bytes.fromhex("a9102d676b93d159fff7041d4f36f78b585c54df")
out1_script = Script([118, 169, out1_pkb_hash, 136, 172]) # OP_DUP, OP_HASH160, <hash>, OP_EQUALVERIFY, OP_CHECKSIG
tx_out1 = TxOut(
    amount = 100, # sending 100 Satoshs to the instructors
    script_pubkey=out1_script
)

# transaction output 2: sending the remaining money back to you
out2_pkb_hash = pk_hashed
out2_script = Script([118, 169, out2_pkb_hash, 136, 172])
tx_out2 = TxOut(
    amount = sat_received - 100 - 1000, # leaving 1000 Sat unclaimed, so the miner can take it as a fee
    script_pubkey=out2_script
)

tx = Tx(
    version = 1,
    tx_ins = [tx_in],
    tx_outs = [tx_out1, tx_out2],
)

# sign the input transaction and unlock the script
message = tx.encode(sig_index = 0)
sig = sign(secret_key, message)
sig_bytes_and_type = sig.encode() + b'\x01' # DER signature + SIGHASH_ALL
pubkey_bytes = public_key.encode(compressed=False, hash160=False)
script_sig = Script([sig_bytes_and_type, pubkey_bytes])
tx_in.script_sig = script_sig

# print the transaction, in hex
print(tx.encode().hex())

01000000010a5617ea126c067fb97bdd28b82a1d2002e365072ecef92d529058b8b641ec99010000008a47304402201cecf41c318815bd846bfe682e732760d20520b18e3b32b8a1a5410ee9865840022049d69306091033922ba7f9453e91b16e5c8b5469a945425f019ac557e8f8882f01410426e72376f616b94b7a2b8d10cc515146b2e2cf7625087da5720168bea2380b244af4f58da5bf44856397b0dff163425a77d5f841e185890bad24ff4f41435541ffffffff0264000000000000001976a914a9102d676b93d159fff7041d4f36f78b585c54df88ac4f900000000000001976a914a6aa9a9055c3f7d13099a2f46b5e7261afff5b2c88ac00000000



Now do the following steps:

1. Copy the transaction in hex and paste it here: https://blockstream.info/testnet/tx/push. They will broadcast your transaction to the testnet nodes, and within a few minutes one of the miners will include it in a block.

2. Write down your transaction id below, so we can find it and check that you have completed this step successfully.

__Task 2.1 response:__

[Todo: write the transaction ID here! If you can do so, please also attach a screenshot of the mempool.space page for this transaction.]

cd3b31c500572409948b06b964b131b910c1b87e95534c695dbcda658f5a7283

![Screenshot 2024-03-21 at 11.15.48.png](attachment:5cce9c82-5f7b-43cc-a388-ee2cffdc9114.png)

### Task 2.2: Improve pseudonymity

The code block in Task 2.1 above suffers from one defect: it creates a transaction that shows money being spent out of an account, and most of the coins are transferred back into the _same_ account. This is not ideal from the perspective of privacy; it could allow an attacker to link transactions over time.

A better strategy is to create a new account to receive the funds. Modify the code from Task 2.1 to do this. In fact: create a function that allows you to spend some of your own money, and also keep the change in a different wallet. As before, we're going to consider a transaction with one input address and two output addresses.

_Reminder: whenever you create a new secret key, you must make sure to remember it somewhere! If you lose any secret key that you generate in this project, you will be in trouble. Make sure to store all keys safely._

__Task 2.2 response:__

In [9]:
# Keeping track of existing coins in my wallet
existing_coins = sat_received - 1100
existing_coins

36943

In [10]:
def create_transaction(secret_key, public_key, in_pkb_hash, transaction_hash, script_index, out1_pkb_hash, out1_amount, out2_pkb_hash, out2_amount):
    
    # Input to the transaction: this will tell the Bitcoin network where you received the money that you are now spending
    tx_in = TxIn(
        net = "test",                              # specifying that the network is ran on testnet
        prev_tx = bytes.fromhex(transaction_hash), # transaction in which you received the coins
        prev_index = script_index,                 # index within the transaction where you received coins
        script_sig = None,                         # this field will have the digital signature, to be inserted later
    )
    in_pkb_hash = bytes.fromhex(in_pkb_hash)
    tx_in.rev_tx_script_pubkey = Script([118, 169, in_pkb_hash, 136, 172]) # writing the script that you are going to unlock
    
    # Transaction output 1: spend some of your money
    out1_pkb_hash = bytes.fromhex(out1_pkb_hash)
    out1_script = Script([118, 169, out1_pkb_hash, 136, 172]) # OP_DUP, OP_HASH160, <hash>, OP_EQUALVERIFY, OP_CHECKSIG
    tx_out1 = TxOut(
        amount = out1_amount, 
        script_pubkey=out1_script
    )
    
    # Transaction output 2: sending the remaining money back to you (to a different wallet!)
    out2_pkb_hash =  bytes.fromhex(out2_pkb_hash)
    out2_script = Script([118, 169, out2_pkb_hash, 136, 172])
    tx_out2 = TxOut(
        amount = out2_amount - 1000, #1000 satoshis for the miner
        script_pubkey=out2_script
    )
    
    tx = Tx(
        version = 1,
        tx_ins = [tx_in],
        tx_outs = [tx_out1, tx_out2],
    )
    
    # Sign the input transaction and unlock the script
    message = tx.encode(sig_index = 0)
    sig = sign(secret_key, message)
    sig_bytes_and_type = sig.encode() + b'\x01' # DER signature + SIGHASH_ALL
    pubkey_bytes = public_key.encode(compressed=False, hash160=False)
    script_sig = Script([sig_bytes_and_type, pubkey_bytes])
    tx_in.script_sig = script_sig

    # Update the existing coins
    existing_coins = tx_out2.amount
    
    # Print the transaction, in hex
    print(tx.encode().hex())

## Part 3: Send money to your classmates

Now that you know how to send money to yourself, send some money to your classmates.

In order to complete this part of the project: find at least 3 classmates in the Crypto for Data Science class, and send some testnet coins to them.

Remember that other students will be asking you for an address so that they can send money to you, in order to complete this part of their project. Use the technique you learned in Task 2.2 to improve pseudonymity: your goal should be to give each classmate a fresh new address that cannot be linked back to the rest of your money.

Show all relevant code below.

### Task 3.1: Create many Bitcoin testnet addresses pseudorandomly

In order to try to preserve your pseudonymity, you should hand a different Bitcoin address to each of your classmates. One way that you could do this is to run the code block from Task 1.1 over and over again to generate many secret/public key pairs, and then carefully keep track of all of your secret keys. That will work, but it's tedious.

Instead, let's use the idea of _hierarchical deterministic wallets_ that we learned in Lecture 8 (...but without the hierarchy). Specifically, your goal here is to generate a method that would allow you to protect a single __secret seed__, and use that to generate many secret/public key pairs.

In the `cryptos` library, we have created a new method called `gen_secret_key_from_bytes` that will deterministically (but pseudorandomly) generate a secret key given a seed. Here is an example to show how it works.

In [11]:
# Execute this code block multiple times.
# Observe that the output is the same each time, unlike in Part 1.
# That's because the new method gen_secret_key_from_bytes is repeatable if you use the same seed.

from cryptos.keys import gen_secret_key_from_bytes, PublicKey
from cryptos.bitcoin import BITCOIN

super_secret_seed = b"1234567890123456789012345678901234567890123456789012345678901234567890"
secret_key = gen_secret_key_from_bytes(BITCOIN.gen.n, super_secret_seed)
public_key = PublicKey.from_sk(secret_key)
public_key_address = public_key.address('test', False)

# print the secret key, as an integer
print("Secret key:", secret_key)

# print the address
print("Address:", public_key_address)

Secret key: 34898150363254957465749142463706752256725619842651514335399468822696204774367
Address: myb5SsjenAiczwoi8HtRkC3UwDrGAZMTza


This method will get you part of the way toward the goal. But remember that we want to store only one secret_seed and generate __many__ secret/public key pairs from it.

Your task is to use the ideas from Lecture 8 in order to design a method that will generate at least 10 secret/public keys from a single seed.

__Your response:__

In [12]:
def generate_keys(seed, number_of_keys):
    key_pairs = []
    
    for i in range(number_of_keys):
        # Generate a unique seed for each key by concatenating the seed with an index number and hashing this combined value to produce a unique secret key for each index
        indexed_seed = seed + str(i).encode()
        
        # Generate the secret key from the hashed seed
        secret_key = gen_secret_key_from_bytes(BITCOIN.gen.n, indexed_seed)
        public_key = PublicKey.from_sk(secret_key)
        address = public_key.address('test', False)
        pk_hashed = public_key.encode(False, hash160=True)
        pk_hashed = hexlify(pk_hashed).decode("ascii")
        
        # Add the key pair (secret, public) to the list
        key_pairs.append((i, secret_key, address, pk_hashed))
        
    return key_pairs

super_secret_seed = b"0987654321098765432109876543210987654321098765432109876543210987654321"
keys = generate_keys(super_secret_seed, 10)
print("Secret key, Address, Public Key Hash")
keys

Secret key, Address, Public Key Hash


[(0,
  60473187758989348812634729585392165283045480408938589286209701920258989521745,
  'n3Hfsv2YKi2ijhR5pxVyyXaL2gHCtkjqZh',
  'eecfa7fc6d9d8a49aa373cddd345360ba95d4c8f'),
 (1,
  61401101716739204547397692105444625481665250347332648976367147671521500741490,
  'mnFuAatWLip6Gou1eoJo9aF5XsV5tMkVZt',
  '49f0077f8dfd28e6e6bd18e1e5254d0b6533080a'),
 (2,
  32928231715271731111016138747663125577913375443227491504268446736386297887222,
  'mz2mbHjzuqVJt6dtWmykUP1b9r9soCBKSE',
  'cb15cf05da8276fc7906a63381fb56ef31befbff'),
 (3,
  38253499592242266039192612191490143138593521668801657712900325931389217044971,
  'mwGkhhXmLV7YyhgeiWuKwMUKXXrcCyrdsX',
  'acd28325d8590059ecd4c0293001dcb45f8b76fe'),
 (4,
  73671774547972315670519951181080202357455477886805125613939199096990057950927,
  'msZBX56fkQPKv1huMqPw5d7rzFa7WHW1hC',
  '840d616ab448a49816a021faf0e36475258d08e2'),
 (5,
  65043301363527894125393440324838949480178368437746257627262965628155759516318,
  'msgv2omKT9utGhS1cLHTaWaRzkAx7nZZNY',
  '8583c7

### Task 3.2: Send and receive testnet Bitcoins

You have the two crucial ingredients that you need to send and receive tBTC.

1. You have some coins.
2. You have the ability to generate new keys/addresses on demand.

In this task, you must talk with your classmates, exchange public keys (not secret keys!), and use it to transfer tBTC through the testnet blockchain.

In the space below, provide the mempool.space links to all transactions in which you were the _sender_. There must be at least 3 such transactions. Make sure your response clearly shows the (1) Bitcoin address and (2) transaction IDs of these transactions.

__Task 3.2: transactions in which you were the sender__

**Transaction 1**: to Jasmine (to her public key `1c77b7750a5bb5720b0a53e5ada88c85bfc14214`)

In [13]:
hexlify(b'\xa6\xaa\x9a\x90U\xc3\xf7\xd10\x99\xa2\xf4k^ra\xaf\xff[,').decode("ascii")

'a6aa9a9055c3f7d13099a2f46b5e7261afff5b2c'

In [14]:
# Wallet 0 to Wallet 3

secret_key = 96148745860446627286535860544817502162398117326291229685907528802141967393707
public_key = PublicKey.from_sk(secret_key)
in_pkb_hash = 'a6aa9a9055c3f7d13099a2f46b5e7261afff5b2c'
transaction_hash = 'cd3b31c500572409948b06b964b131b910c1b87e95534c695dbcda658f5a7283'
script_index = 1
out1_pkb_hash = '1c77b7750a5bb5720b0a53e5ada88c85bfc14214'
out1_amount = 100
out2_pkb_hash = 'acd28325d8590059ecd4c0293001dcb45f8b76fe'
out2_amount = existing_coins - 100

create_transaction(secret_key, public_key, in_pkb_hash, transaction_hash, script_index, out1_pkb_hash, out1_amount, out2_pkb_hash, out2_amount)

010000000183725a8f65dabc5d694c53957eb8c110b931b164b9068b9409245700c5313bcd010000008b483045022100c840e87a97664971548768e5c4f4852822d518f05a4e781829941a6ce3a7c45402202130af995230b83bfbbdc29f3186e4da0c4b3e8e616a2b810405bd0b4571ccef01410426e72376f616b94b7a2b8d10cc515146b2e2cf7625087da5720168bea2380b244af4f58da5bf44856397b0dff163425a77d5f841e185890bad24ff4f41435541ffffffff0264000000000000001976a9141c77b7750a5bb5720b0a53e5ada88c85bfc1421488ac038c0000000000001976a914acd28325d8590059ecd4c0293001dcb45f8b76fe88ac00000000


Transaction ID: **60a085b4db854191c1be930b5c0bda25f09d8a32e51072a75fc7cb03e3012f2b**
https://mempool.space/testnet/tx/60a085b4db854191c1be930b5c0bda25f09d8a32e51072a75fc7cb03e3012f2b

**Transaction 2**: to Xiteng Yao (to his public key `3cea0976a74406ac2eb61fba41f562636d90e401`)

In [15]:
# Wallet 3 to Wallet 4

secret_key = 38253499592242266039192612191490143138593521668801657712900325931389217044971
public_key = PublicKey.from_sk(secret_key)
in_pkb_hash = 'acd28325d8590059ecd4c0293001dcb45f8b76fe'
transaction_hash = '60a085b4db854191c1be930b5c0bda25f09d8a32e51072a75fc7cb03e3012f2b'
script_index = 1
out1_pkb_hash = '3cea0976a74406ac2eb61fba41f562636d90e401'
out1_amount = 100
out2_pkb_hash = '840d616ab448a49816a021faf0e36475258d08e2'
out2_amount = existing_coins - 600

create_transaction(secret_key, public_key, in_pkb_hash, transaction_hash, script_index, out1_pkb_hash, out1_amount, out2_pkb_hash, out2_amount)

01000000012b2f01e303cbc75fa77210e5328a9df025da0b5c0b93bec1914185dbb485a060010000008b483045022100aca2fcc9952a9c32d1d3608b31bf568d0c9114b9b123dde3d708a6d6f6ec18fd0220228969e0f4d47a4bbfe75911a4a7328541dd6af38a49c5471d47914140cfc12401410482a61e9e110f7835c45ef044cf5644512ca49060fcb8d43e2ef200cd4fa1ace62dd630ea59ec8066ab37ff82dcbe0bc2d9ae65e1ab4dd9994726160d63890313ffffffff0264000000000000001976a9143cea0976a74406ac2eb61fba41f562636d90e40188ac0f8a0000000000001976a914840d616ab448a49816a021faf0e36475258d08e288ac00000000


Transaction ID: **ca484e83ece8b1d690f5203ed878585ba1978223d0332830efbf22a4cf417518**
https://blockstream.info/testnet/tx/ca484e83ece8b1d690f5203ed878585ba1978223d0332830efbf22a4cf417518

In [None]:
existing_coins

**Transaction 3**: to Xiang Fu (to his public key `c97102ff9ba7a2aaba6377da97ffa9f9a3fdcb67`)

In [16]:
# Wallet 4 to Wallet 5

secret_key = 73671774547972315670519951181080202357455477886805125613939199096990057950927
public_key = PublicKey.from_sk(secret_key)
in_pkb_hash = '840d616ab448a49816a021faf0e36475258d08e2'
transaction_hash = 'ca484e83ece8b1d690f5203ed878585ba1978223d0332830efbf22a4cf417518'
script_index = 1
out1_pkb_hash = 'c97102ff9ba7a2aaba6377da97ffa9f9a3fdcb67'
out1_amount = 100
out2_pkb_hash = '8583c7b28545fff6f879da2cb2b49c3df034112a'
out2_amount = existing_coins - 1100

create_transaction(secret_key, public_key, in_pkb_hash, transaction_hash, script_index, out1_pkb_hash, out1_amount, out2_pkb_hash, out2_amount)

0100000001187541cfa422bfef302833d0238297a15b5878d83e20f590d6b1e8ec834e48ca010000008a4730440220225c2a394de0a64125ffdc257949de41f15909124e5b5da35fe72134347411f1022045ce6f86dc3708e80d7e67f09ee4d80378f126fe0704e2006bdf8713d25f6bdb014104ba15d3288bbde34fb8cf481f6a1e22cb9f67d93532faeb454ba2568328452e5b6d74650c90f22fef7c7471748dbff94b9ffadca218d3fc31eca56b824a60ac61ffffffff0264000000000000001976a914c97102ff9ba7a2aaba6377da97ffa9f9a3fdcb6788ac1b880000000000001976a9148583c7b28545fff6f879da2cb2b49c3df034112a88ac00000000


Transaction ID: **bc583fabcb89d3243ea52b4f9b5eab4a2dde6cc735fa614381867274a2200b74**
https://mempool.space/testnet/tx/bc583fabcb89d3243ea52b4f9b5eab4a2dde6cc735fa614381867274a2200b74

**Transaction 4**: to FJ Gao (to his public key `b59286358557063614d34527fe3ffa020fb61e4d`)

In [17]:
# Wallet 5 to Wallet 6

secret_key = 65043301363527894125393440324838949480178368437746257627262965628155759516318
public_key = PublicKey.from_sk(secret_key)
in_pkb_hash = '8583c7b28545fff6f879da2cb2b49c3df034112a'
transaction_hash = 'bc583fabcb89d3243ea52b4f9b5eab4a2dde6cc735fa614381867274a2200b74'
script_index = 1
out1_pkb_hash = 'b59286358557063614d34527fe3ffa020fb61e4d'
out1_amount = 100
out2_pkb_hash = '6f23f3360fd6f42bf5adcadb7223813680ec8ea7'
out2_amount = existing_coins - 1600

create_transaction(secret_key, public_key, in_pkb_hash, transaction_hash, script_index, out1_pkb_hash, out1_amount, out2_pkb_hash, out2_amount)

0100000001740b20a2747286814361fa35c76cde2d4aab5e9b4f2ba53e24d389cbab3f58bc010000008b483045022100aa9af5e284c18367b1edf77e7cefd121a9b1bcfe7da6e03665fdc55818574d600220772a5337aef69f0b90d15be77f47b623b33782fed59a39e6bb17526ba1638537014104ea6ce7047e2349385d7b2df6e2200d560463a36affebd20c1491239ed9274398cc6a18ac6a0f4f9ec0a56e719fe39f0af9324a77bd4b327303c3bfbb38577cc2ffffffff0264000000000000001976a914b59286358557063614d34527fe3ffa020fb61e4d88ac27860000000000001976a9146f23f3360fd6f42bf5adcadb7223813680ec8ea788ac00000000


Transaction ID: **f32d5d443753d5b1ad8fc8f5298e0659757f586cbd6a48303d1b784b92c765c9**
https://mempool.space/testnet/tx/f32d5d443753d5b1ad8fc8f5298e0659757f586cbd6a48303d1b784b92c765c9

Next, provide the mempool.space links for all transactions in which you were the _receiver_. Once again, make sure your response clearly shows the (1) Bitcoin address and (2) transaction IDs of these transactions.

__Task 3.2: transactions in which you were the receiver__

**Transaction 1**: From Xiteng Yao (to my address `mnFuAatWLip6Gou1eoJo9aF5XsV5tMkVZt`)

In [18]:
# To Wallet 1

https://mempool.space/testnet/tx/59bb7820a93ccaf4b3a966ef4f2bd181eae65500f43cb8d38e04f033f1f7280e

**Transaction 2**: From Xiang Fu (to my address `mz2mbHjzuqVJt6dtWmykUP1b9r9soCBKSE`)

In [19]:
# To Wallet 2

https://mempool.space/testnet/tx/208fd22474e4b8c562661e479d9957e5f4197728add83e25232aac2c13669d7b

**Transaction 3**: From FJ Gao (to my address `mpdY5EpKoGAiKov25AvuzPWGpJYERC1m83`)

In [20]:
# To Wallet 7

https://mempool.space/testnet/tx/11014e49857e442d13750cccaf457362fe5827e46400db2a479142fca716aa19

## Part 4: Track your classmates' spending

Remember how Bitcoin works:
- you know the addresses of anyone you've ever sent money to or received money from, and
- every transaction is posted publicly for the world to see.

You can use these facts to track other people's spending! Let's see how.

### Task 4.1: Learn how to link transactions

Even though we tried in Task 2.2 to provide pseudonymity, one can make an educated guess as to which addresses belong to the same people. For example, take a look at this transaction: https://mempool.space/testnet/tx/ac44742345a22d88580f34f3a20683da955c8a1206e5b69330c61e7f8520ecf4. It was created by one of the students who performed Task 2.2 in last year's class. They sent 100 satoshis to the instructors, and from the workflow you can probably guess that the change address `mqfwaJbkuJSmrPb3oqjx2ZsQDFk1Fz1t8e` and the sender address `mm5mG34BBkLvKUfWzdQUQTpGfs5nrz2vJT` belong to the same person!

Let's read about how that can be done at scale across the Blockchain. Read [this Wired article](https://www.wired.com/story/27-year-old-codebreaker-busted-myth-bitcoins-anonymity/) about Sarah Meiklejohn's work to trace transactions across Bitcoin, such as coins sent to currency exchanges or websites that sold (sometimes illegal) goods via Bitcoin. Alternatively, you can read the [original paper](https://cseweb.ucsd.edu/~smeiklejohn/files/imc13.pdf) or [Sarah's PhD thesis](https://smeiklej.com/files/dissertation.pdf) if you prefer.

Write a summary of the reading below. We are looking for 1-2 paragraphs that show that you understood the material.

__Task 4.1 response:__

Sarah Meiklejohn realized that, since all coins contained in a wallet (each reprensented by a BTC address) need to be spent in every transaction (i.e. no coins can be left out in the sender's wallet even if the money to be transfered to a different owner is lower than the total amount), then that means transactions with 2 output addresses (i.e. receivers) would likely be used to save the expense's change (i.e. money not to be transfered to a different owner). Interestingly, from the 2 output addresses, we could know which corresponds to the change (and thus, it would not be exchanging hands but rather being inserted to a different wallet from the original sender) because it has never been used in the blockchain before. Since all the transactions (along with the input/output addresses) are publicly available, Sarah used this strategy to chain money transfers (creating the so-called 'peel chains'), and, gathering the chained addresses, created clusters that enabled her to disclose the ecosystem of Bitcoin. Additionally, she was able to see when certain parties cashed in and out their bitcoins to other currencies, an information that could be used by the police to track real identities.

### Task 4.2: Track your classmates

Using your newfound knowledge, try to find as many Bitcoin addresses and transaction ids produced by your classmates! Remember that they all performed Parts 1-3 of the project as well.

Include below any code, links, screenshots, or any other information needed for us to understand (a) how you performed your linking attack and (b) what you have discovered.

To pass this part of the project, you must be able to uncover at least one classmate's address and one transction between a pair of classmates that does not involve you, and you must be able to explain how you deduced that this was a transaction involving your classmates.

__Task 4.2 response:__

All students in the class sent their first transaction to the taching team (with address `mvvssVimoMGdJ2fExKvH1ydjqRQLdbswQe`):

![Screenshot 2024-03-22 at 22.20.34.png](attachment:b722f5fb-067b-4839-bff3-32732f0f2c0b.png)

After looking up that address in the Mempool's search box, I examined the different transactions sent to the teaching team's address and I saw that one of my classmates (that with initial address `n36wew3nrmFLTMQoyJxEuD79g7Ct9Jqep5`) reused this address to send some coins to another classmate: 

![Screenshot 2024-03-22 at 22.30.25.png](attachment:bcc59756-0745-4565-ab73-d23ca75a0da7.png)

Looking at the screenshot, we can see that (from the lower to the upper transaction):
-   The oldest transaction (`7ef186c11c71b33a45bfe1f13b6b5a469b9295898783a867dd341d7faf3d43a7`) was simply when my classmate was given the initial coins to enter the game. The money was inserted into his original wallet (`n36wew3nrmFLTMQoyJxEuD79g7Ct9Jqep5`).
-   In the second transaction (`f1af1129796baa1e57c0e2c12e1034520041a16b686c0c7c1332d9cb4d2f049d`) my classmate sent money to the teaching team (`mvvssVimoMGdJ2fExKvH1ydjqRQLdbswQe`).
-   In the newest transaction (`6fa229a07abc4e3091011e8e1c93fe9a22f589f85d54c67cc1ccf187106ba1eb`), my classmate then reused this address to send 100 tBTCs to another classmate (`mmEYB5NSJEKmpsposGUdjRokuLsWRThdKX`), thus showing that his new wallet was `msPpFExhGncGVewQgkX74aQgTYGJme4bJT`. Following that hint, I looked this new wallet up, and found out that he had used it to perform the next transaction, as we can see in the screenshot below:

![Screenshot 2024-03-22 at 22.43.00.png](attachment:6d5256c1-c343-4376-be26-b8b273f93879.png)

And so on and so on. We could keep following the hint, creating a chain of transactions from the same sender. 

## Part 5: Return the remaining coins

Once you are done with the project, send any remaining tBTC coins back to the original faucet so that they can be used by someone else later. Use the `return_address` that you saved in Task 1.2 to remember where the coins need to go.

In [33]:
def final_return(secret_key, public_key, in_pkb_hash, transaction_hash, script_index, out_pkb_hash, out_amount):
    
    # Input to the transaction: this will tell the Bitcoin network where you received the money that you are now spending
    tx_in = TxIn(
        net = "test",                              # specifying that the network is ran on testnet
        prev_tx = bytes.fromhex(transaction_hash), # transaction in which you received the coins
        prev_index = script_index,                 # index within the transaction where you received coins
        script_sig = None,                         # this field will have the digital signature, to be inserted later
    )
    in_pkb_hash = bytes.fromhex(in_pkb_hash)
    tx_in.rev_tx_script_pubkey = Script([118, 169, in_pkb_hash, 136, 172]) # writing the script that you are going to unlock
    
    # Transaction output : return all money
    out_pkb_hash = bytes.fromhex(out_pkb_hash)
    out_script = Script([118, 169, out_pkb_hash, 136, 172]) # OP_DUP, OP_HASH160, <hash>, OP_EQUALVERIFY, OP_CHECKSIG
    tx_out = TxOut(
        amount = out_amount, 
        script_pubkey=out_script
    )
    
    tx = Tx(
        version = 1,
        tx_ins = [tx_in],
        tx_outs = [tx_out],
    )
    
    # Sign the input transaction and unlock the script
    message = tx.encode(sig_index = 0)
    sig = sign(secret_key, message)
    sig_bytes_and_type = sig.encode() + b'\x01' # DER signature + SIGHASH_ALL
    pubkey_bytes = public_key.encode(compressed=False, hash160=False)
    script_sig = Script([sig_bytes_and_type, pubkey_bytes])
    tx_in.script_sig = script_sig
    
    # Print the transaction, in hex
    print(tx.encode().hex())

In [39]:
# Return all leftover money to teaching team (a9102d676b93d159fff7041d4f36f78b585c54df)

secret_key = 10324010173490885695818665090675986377074699396160103716662070218850377049199
public_key = PublicKey.from_sk(secret_key)
in_pkb_hash = '6f23f3360fd6f42bf5adcadb7223813680ec8ea7'
transaction_hash = 'f32d5d443753d5b1ad8fc8f5298e0659757f586cbd6a48303d1b784b92c765c9'
script_index = 1
out_pkb_hash = 'a9102d676b93d159fff7041d4f36f78b585c54df'
out_amount = existing_coins - 2823

final_return(secret_key, public_key, in_pkb_hash, transaction_hash, script_index, out_pkb_hash, out_amount)

0100000001c965c7924b781b3d30486abd6c587f7559068e29f5c88fadb1d55337445d2df3010000008b483045022100ac9a82086c07ce4ce413f3888ea791e756052bc32f61dfce6f0b532f82fecbe702200323a81f03807d6f30732f59f2d3c576687f80488c666b8f732dbd1f67e6626401410497e649a79314ebf04832e324036be7ff3aabbd79a7419af22773822d2c43b905b66f29ce0109ada3447413b742f9431cfcb78b95861c253610b2017337da7fc3ffffffff0148850000000000001976a914a9102d676b93d159fff7041d4f36f78b585c54df88ac00000000


Final return transaction ID: **2f98cfb9d99f6de01acbda157d73d85cce742dd801fd1709eb6feac76eae004e.**
https://blockstream.info/testnet/tx/2f98cfb9d99f6de01acbda157d73d85cce742dd801fd1709eb6feac76eae004e

## Documenting collaborators, sources, and AI tools

In accordance with the collaboration policy, use the space below to report if you used any resources to complete this homework assignment, aside from the lecture notes and the course textbooks/videos. Specifically, please report:

1. Names of all classmates you worked with, and a short description of the work that you performed together.
2. All written materials that you used, such as books or websites (besides the lecture notes or textbooks). Please include links to any web-based resources, or citations to any physical works.
3. All code that you used from other sources. In particular, if you used an AI tool, then you must include the entire exchange with the AI tool, as per the [CDS Generative AI Assistance Policy](https://www.bu.edu/cds-faculty/culture-community/gaia-policy/).

Remember that if we discover any undocumented collaborators, sources, or AI tools then this is grounds for a Not Passed grade on the project without the ability to resubmit, and possible referral to BU's Academic Conduct Committee (as described in the syllabus). It is in your own interest to document all collaborators, sources, and tools used!

__Your response:__

1. I exchanged coins with Xiteng Yao, Xiang Fu, Fanjie Gao and Jasmine Pham.

2. N/A

3. N/A

When you have completed the project, please submit this .ipynb file to Gradescope.