In [1]:
# Import libraries
from functions import *

import json
import os
import subprocess
import time

# Creating a P2WSH multisig transaction

In this section we'll create a P2WSH transaction from scratch in python. We'll go through each part of the transaction, how it's constructed, signed, and we'll test it using bitcoin core in regtest mode.

## Reading
- Andreas Antonopoulos - Mastering Bitcoin Chapter 7
- Jimmy Song - Programming Bitcoin Chapters 13

### Create a P2WSH multisig UTXO

In order to create a transaction spending from a P2WSH multisig UTXO, we'll first need to create the UTXO that is locked with a multisig script. For this example we'll use a 2 of 2 multisig script. Note that this type of output will be identical to funding transactions used for layer 2 lightning channels. 

We'll create a two pubkeys and manually conscruct the multisig script. Then we'll fund it using the bitcoind wallet created in the setup step.

#### Create a multisig redeemScript 
For more on this step, review the 'Bitcoin Script' notebook.

In [2]:
privkey1 = bytes.fromhex("1111111111111111111111111111111111111111111111111111111111111111")
pubkey1 = privkey_to_pubkey(privkey1)

privkey2 = bytes.fromhex("2222222222222222222222222222222222222222222222222222222222222222")
pubkey2 = privkey_to_pubkey(privkey2)

# "21" is the length of a 33 byte (compressed) pubkey in hex notation
redeemScript = bytes.fromhex(
    "52" 
    + "21"
    + pubkey1.hex()
    + "21"
    + pubkey2.hex()
    + "52"
    + "ae")

print(redeemScript.hex())

5221034f355bdcb7cc0af728ef3cceb9615d90684bb5b2ca5f859ab0f0b704075871aa2102466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f2752ae


#### Convert the redeemScript to a P2WSH address

For more on this step, review the 'Addresses' notebook.

In [3]:
address_to_spend = script_to_p2wsh(redeemScript, "regtest")
print(address_to_spend)

bcrt1qpqn5k3h89nfv6cnrkvk3rt3g0zfhqfz23cxkgapsenj29ety5ckqyrn25s


#### Fund the 'sender' with 2.001 btc (0.001 btc is for the next tx fee)

Now that we have the address, we'll fund it using the python code we used in the previous sections, `create_regtest_utxo.py`.

In [4]:
setup_regtest_bitcoind()
txid_to_spend, index_to_spend = fund_address(address_to_spend, 2.001)
print(f"txid: {txid_to_spend}, {index_to_spend}")

txid: 2f53f45950bb3d77ec60484387bbac5ccb30212bc7a9db651c9e2655540b11f6, 1


## Spending a P2WSH (multisig) UTXO

Now that we have some funds locked up in a P2WSH multisig utxo, we can create a transaction spending from it. Let's say we want to send 1.5 btc to the address `mkxwE7XtVYJKepoD2hbHnDjftuMQ1k6deE`.

From our previous examples we know this corresponds to a scriptPubkey of `76a9143bc28d6d92d9073fb5e3adf481795eaf446bceed88ac`, so we will skip the decoding step. For more on decoding base58 addresses, refer to the 'Addresses' chapter.

In [5]:
receiver_spk = bytes.fromhex("76a9143bc28d6d92d9073fb5e3adf481795eaf446bceed88ac")

### Create an unsigned P2WSH transaction

The first thing we'll do is define the inputs and outputs of our transaction.

In [6]:
# Note we have already defined a few variables we need to create our transaction:
# The input utxo txid and index: `txid_to_spend` and `index_to_spend`
# The input private key and public key: `privkey1`, `pubkey1`, ...

# Set our outputs
# Create a new pubkey to use as a change output.
change_privkey = bytes.fromhex("4444444444444444444444444444444444444444444444444444444444444444")
change_pubkey = privkey_to_pubkey(change_privkey)

# Determine our output scriptPubkeys and amounts (in satoshis)
output1_value_sat = int(float("1.5") * 100000000)
output1_spk = receiver_spk
output2_value_sat = int(float("0.5") * 100000000)
output2_spk = bytes.fromhex("76a914") + hash160(change_pubkey) + bytes.fromhex("88ac")

Now that we've defined everything we need, we can fill in the fields we need to create our unsigned transaction. What makes a transaction 'unsigned' is that the witness field is empty. This first step is necessary as the signature will cover the whole transaction (using SIGHASH_ALL). In a later chapter we will cover other sighash types and how they are signed.

In [7]:
# VERSION
# version '2' indicates that we may use relative timelocks (BIP68)
version = bytes.fromhex("0200 0000")

# MARKER (new to segwit)
marker = bytes.fromhex("00")

# FLAG (new to segwit)
flag = bytes.fromhex("01")

# INPUTS
# We have just 1 input
input_count = bytes.fromhex("01")

# Convert txid and index to bytes (little endian)
txid = (bytes.fromhex(txid_to_spend))[::-1]
index = index_to_spend.to_bytes(4, byteorder="little", signed=False)

# For the unsigned transaction we use an empty scriptSig
scriptsig = bytes.fromhex("")

# use 0xffffffff unless you are using OP_CHECKSEQUENCEVERIFY, locktime, or rbf
sequence = bytes.fromhex("ffff ffff")

inputs = (
    txid
    + index
    + varint_len(scriptsig)
    + scriptsig
    + sequence
)

# OUTPUTS
# 0x02 for out two outputs
output_count = bytes.fromhex("02")

# OUTPUT 1 
output1_value = output1_value_sat.to_bytes(8, byteorder="little", signed=True)
# 'output1_spk' already defined at the start of the script

# OUTPUT 2
output2_value = output2_value_sat.to_bytes(8, byteorder="little", signed=True)
# 'output2_spk' already defined at the start of the script

outputs = (
    output1_value
    + pushbytes(output1_spk)
    + output2_value
    + pushbytes(output2_spk)
)

# LOCKTIME
locktime = bytes.fromhex("0000 0000")

unsigned_tx = (
    version
    + input_count
    + inputs
    + output_count
    + outputs
    + locktime
)
print("unsigned_tx: ", unsigned_tx.hex())

unsigned_tx:  0200000001f6110b5455269e1c65dba9c72b2130cb5cacbb87434860ec773dbb5059f4532f0100000000ffffffff0280d1f008000000001976a9143bc28d6d92d9073fb5e3adf481795eaf446bceed88ac80f0fa02000000001976a914cc1b07838e387deacd0e5232e1e8b49f4c29e48488ac00000000


We can decode this raw transaction to inspect it and see that it has all the information we need apart from the segwit fields (marker, flag, witness).

In [8]:
decoded = subprocess.getoutput("bitcoin-cli -regtest decoderawtransaction " + unsigned_tx.hex())
print(decoded)

{
  "txid": "12e4b4adef2a1cddbaa860d85315dae7c37e65d5a0b1d2fb28e1eae0cc09487f",
  "hash": "12e4b4adef2a1cddbaa860d85315dae7c37e65d5a0b1d2fb28e1eae0cc09487f",
  "version": 2,
  "size": 119,
  "vsize": 119,
  "weight": 476,
  "locktime": 0,
  "vin": [
    {
      "txid": "2f53f45950bb3d77ec60484387bbac5ccb30212bc7a9db651c9e2655540b11f6",
      "vout": 1,
      "scriptSig": {
        "asm": "",
        "hex": ""
      },
      "sequence": 4294967295
    }
  ],
  "vout": [
    {
      "value": 1.50000000,
      "n": 0,
      "scriptPubKey": {
        "asm": "OP_DUP OP_HASH160 3bc28d6d92d9073fb5e3adf481795eaf446bceed OP_EQUALVERIFY OP_CHECKSIG",
        "desc": "addr(mkxwE7XtVYJKepoD2hbHnDjftuMQ1k6deE)#xlnzfr97",
        "hex": "76a9143bc28d6d92d9073fb5e3adf481795eaf446bceed88ac",
        "address": "mkxwE7XtVYJKepoD2hbHnDjftuMQ1k6deE",
        "type": "pubkeyhash"
      }
    },
    {
      "value": 0.50000000,
      "n": 1,
      "scriptPubKey": {
        "asm": "OP_DUP OP_HASH160 cc1b078

Segwit transactions have a new signing scheme described in [BIP143](https://github.com/bitcoin/bips/blob/master/bip-0143.mediawiki)

In [9]:
scriptcode = redeemScript

input_amount_sat = int(2.001 * 100_000_000)
value = input_amount_sat.to_bytes(8, byteorder="little", signed=False)

hashPrevOuts = hash256(txid + index)
hashSequence = hash256(sequence)
hashOutputs = hash256(outputs)
sighash_type = bytes.fromhex("0100 0000") # SIGHASH_ALL

tx_digest_preimage = (
    version
    + hashPrevOuts
    + hashSequence
    + txid
    + index
    + varint_len(scriptcode)
    + scriptcode
    + value
    + sequence
    + hashOutputs
    + locktime
    + sighash_type
)
print(tx_digest_preimage.hex())

0200000049bb6836cadee4e486958159d289fb07384684dcc69c349429d22df4edbd97aa3bb13029ce7b1f559ef5e747fcac439f1455a2ec7c5f09b72290795e70665044f6110b5455269e1c65dba9c72b2130cb5cacbb87434860ec773dbb5059f4532f01000000475221034f355bdcb7cc0af728ef3cceb9615d90684bb5b2ca5f859ab0f0b704075871aa2102466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f2752aea048ed0b00000000ffffffff7c27b92041484c01942ac85d0fe5ff31e92d1a54e1618e190ef3f316c4799ecf0000000001000000


Now we are ready to hash this transaction and produce two ecdsa signatures on it. 

Before hashing the transaction with hash256, we append the sighash flag. In this example we'll use the most commonly used SIGHASH_ALL flag, meaning the signature guarantees the input will only be used in a transaction with these exact inputs and outputs.

Note that when we append the sighash flag to the transaction, we use 4 bytes, however when we append the sighash flag to the end of the signature itself we only use 1 byte.

In [10]:
# Create sigHash to be signed
sighash = hash256(tx_digest_preimage)

# Sign the sigHash with the input privkey1
signing_key1 = ecdsa.SigningKey.from_string(privkey1, curve=ecdsa.SECP256k1) 
signature1 = signing_key1.sign_digest(sighash, sigencode=ecdsa.util.sigencode_der_canonize)

# Append SIGHASH_ALL to the signature
signature1 = signature1 + bytes.fromhex("01")

# Sign the sigHash with the input privkey2
signing_key2 = ecdsa.SigningKey.from_string(privkey2, curve=ecdsa.SECP256k1) 
signature2 = signing_key2.sign_digest(sighash, sigencode=ecdsa.util.sigencode_der_canonize)

# Append SIGHASH_ALL to the signature
signature2 = signature2 + bytes.fromhex("01")

# Combine the signatures into the final scriptSig
witness = (
    # indicate the number of stack items
    bytes.fromhex("04")
    + bytes.fromhex("00") # Add an extra "00" for the CheckMultiSig bug
    + pushbytes(signature1)
    + pushbytes(signature2)
    + pushbytes(redeemScript)
)

# the final signed transaction
signed_tx = (
    version
    + marker
    + flag
    + input_count
    + inputs
    + output_count
    + outputs
    + witness
    + locktime
)

print("signed transaction: ",signed_tx.hex())

signed transaction:  02000000000101f6110b5455269e1c65dba9c72b2130cb5cacbb87434860ec773dbb5059f4532f0100000000ffffffff0280d1f008000000001976a9143bc28d6d92d9073fb5e3adf481795eaf446bceed88ac80f0fa02000000001976a914cc1b07838e387deacd0e5232e1e8b49f4c29e48488ac040047304402205b4f1218292875d6b246858c3503ea06b42a5a3e5cd4c60e484bf16e1447398c02205843581690b0ffd4e4a30624d9b02f5de04ab39e92a7525b122135d695eecfe80147304402205668f1c5e828db7f84dc96442871785520071fd492f6af93184f915875f99de7022059ade6ebf055f808d3ec77b5de5f05b1c1ac92d142787ef43ad179a2cca5a70b01475221034f355bdcb7cc0af728ef3cceb9615d90684bb5b2ca5f859ab0f0b704075871aa2102466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f2752ae00000000


### Broadcast the transaction (on regtest mode)
If we get back a txid (32 byte hash), then it means the tx was successfully broadcast! If we just want to see if the transaction would have been accepted, but without broadcasting it, we can use the `testmempoolaccept` command (commented out).

In [11]:
# new_tx_txid = subprocess.getoutput("bitcoin-cli -regtest sendrawtransaction " + signed_tx.hex())
new_tx_txid = subprocess.getoutput("bitcoin-cli -regtest testmempoolaccept " + "'[\"" +  signed_tx.hex()+ "\"]'")

print(new_tx_txid)

[
  {
    "txid": "12e4b4adef2a1cddbaa860d85315dae7c37e65d5a0b1d2fb28e1eae0cc09487f",
    "wtxid": "f377ca0e89e7f07454dee6a2748af3e9227342e60dab5a0ead2af6885a0e22b2",
    "allowed": true,
    "vsize": 174,
    "fees": {
      "base": 0.00100000
    }
  }
]


In [12]:
decoded = subprocess.getoutput("bitcoin-cli -regtest decoderawtransaction " + signed_tx.hex())
print(decoded)

{
  "txid": "12e4b4adef2a1cddbaa860d85315dae7c37e65d5a0b1d2fb28e1eae0cc09487f",
  "hash": "f377ca0e89e7f07454dee6a2748af3e9227342e60dab5a0ead2af6885a0e22b2",
  "version": 2,
  "size": 339,
  "vsize": 174,
  "weight": 696,
  "locktime": 0,
  "vin": [
    {
      "txid": "2f53f45950bb3d77ec60484387bbac5ccb30212bc7a9db651c9e2655540b11f6",
      "vout": 1,
      "scriptSig": {
        "asm": "",
        "hex": ""
      },
      "txinwitness": [
        "",
        "304402205b4f1218292875d6b246858c3503ea06b42a5a3e5cd4c60e484bf16e1447398c02205843581690b0ffd4e4a30624d9b02f5de04ab39e92a7525b122135d695eecfe801",
        "304402205668f1c5e828db7f84dc96442871785520071fd492f6af93184f915875f99de7022059ade6ebf055f808d3ec77b5de5f05b1c1ac92d142787ef43ad179a2cca5a70b01",
        "5221034f355bdcb7cc0af728ef3cceb9615d90684bb5b2ca5f859ab0f0b704075871aa2102466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f2752ae"
      ],
      "sequence": 4294967295
    }
  ],
  "vout": [
    {
      "value": 

## Quiz


## Answers


## Exercise

