In [2]:
# Add the functional test framework to our PATH
import sys
sys.path.insert(0, "/home/josibake/bitcoin/test/functional")

# Import libraries
from test_framework.test_shell import TestShell
from functions import *
import json

# Creating a P2PKH transaction

In this section we'll create a P2PKH transaction from scratch in python. We'll go through each part of the transaction, how it's constructed, signed, and we'll test it using bitcoin core in regtest mode.

## Reading
- Andreas Antonopoulos - Mastering Bitcoin Chapter 6
- Jimmy Song - Programming Bitcoin Chapters 5 and 7 

## Setup 

### Requirements
For this exercise we'll need Bitcoin Core (v22 or higher) with the application data is stored in 
```$HOME/Library/Application Support/Bitcoin```.

### Setup bitcoind in regtest
Start up regtest mode, delete any regtest network history so we are starting from scratch. Create a wallet so that we can fund our first output using the `sendtoaddress` command. Mine 101 blocks so that the mining reward first block will have sufficient block maturity (100 blocks) to spend from.

In [3]:
# Setup our regtest environment
test = TestShell().setup(
    num_nodes=1, 
    setup_clean_chain=True, 
    extra_args=[['--fallbackfee=0.0002']]
)
node = test.nodes[0]

2022-12-01T11:31:44.999000Z TestFramework (INFO): Initializing test directory /tmp/bitcoin_func_test_wtt1df8m


In [4]:
node = test.nodes[0]

# Create a new wallet and address that we can mine blocks so that we can fund our transactions
node.createwallet('mywallet')
address = node.getnewaddress()

# Generate 101 blocks so that the first block's block reward reaches maturity
result = node.generatetoaddress(nblocks=101, address=address, invalid_call=False)

# Check that we were able to mine 101 blocks
assert(node.getblockcount() == 101)

### Create a P2PKH UTXO

In order to create a transaction spending from a P2PKH UTXO, we'll first need to create the UTXO that is locked with a p2pkh script. To do that, we'll create a P2PKH address from a private key, and fund it using the bitcoind wallet created in the setup step.

#### Create a p2pkh address 
For more on this step, review the 'Addresses' notebook.

In [5]:
sender_privkey = bytes.fromhex("1111111111111111111111111111111111111111111111111111111111111111")
sender_pubkey = privkey_to_pubkey(sender_privkey)
sender_p2pkh_addr = pk_to_p2pkh(sender_pubkey, network = "regtest")
print("sender's p2pkh address: " + sender_p2pkh_addr)

sender's p2pkh address: n4XmX91N5FfccY678vaG1ELNtXh6skVES7


#### Fund the 'sender' with 2.001 btc (0.001 btc is for the next tx fee)

In [6]:
txid_to_spend = node.sendtoaddress(sender_p2pkh_addr, 2.001)
print(txid_to_spend)

797aa3f330bbf4c75103b9a37b1a3aa94132c313e312d8b1db7e972d5c8aa8cf


We can view the transaction using the bitcoin-cli commands `getrawtransaction` and `decoderawtransaction` as follows:

In [7]:
raw_tx = node.getrawtransaction(txid_to_spend)
decoded = node.decoderawtransaction(raw_tx)
print(json.dumps(decoded, indent=2, default=str))

{
  "txid": "797aa3f330bbf4c75103b9a37b1a3aa94132c313e312d8b1db7e972d5c8aa8cf",
  "hash": "7f3b9e68be678b19069af221e328012eb93394f5b734a95118f833121a4f636e",
  "version": 2,
  "size": 228,
  "vsize": 147,
  "weight": 585,
  "locktime": 101,
  "vin": [
    {
      "txid": "3c793cd6fb99cd4f97473c4da342a49831d99e46aa70ab80707daa0dc7d3dc39",
      "vout": 0,
      "scriptSig": {
        "asm": "",
        "hex": ""
      },
      "txinwitness": [
        "304402205166927873979885ddf3fd1cb510b9da4ba591c7654b5fab1573518acf454c5302202635bca61b2a7a4c6d5b3cc07221e3865a85a0732ce7d16a9ff851fbf84991d001",
        "0381a877c20d2e7b1c4ca995b7df4f010f084b5f5b2b73241c351a61a93d7cf280"
      ],
      "sequence": 4294967293
    }
  ],
  "vout": [
    {
      "value": "2.00100000",
      "n": 0,
      "scriptPubKey": {
        "asm": "OP_DUP OP_HASH160 fc7250a211deddc70ee5a2738de5f07817351cef OP_EQUALVERIFY OP_CHECKSIG",
        "desc": "addr(n4XmX91N5FfccY678vaG1ELNtXh6skVES7)#n2xufj4n",
        "hex": 

#### Find which output index the btc was sent to
Since we only sent 2.001 btc of the coinbase transaction (50 btc) to our address, bitcoind creates a change output to send the rest of the btc. By looking at the outputs we can see which is the change output and which was sent to our address. To do this in python we can do the following:

In [8]:
if decoded["vout"][0]["scriptPubKey"]["address"] == sender_p2pkh_addr:
    index_to_spend = 0
elif decoded["vout"][1]["scriptPubKey"]["address"] == sender_p2pkh_addr:
    index_to_spend = 1
else:
    raise Exception("couldn't find output")
print("index to spend from: " + str(index_to_spend))

index to spend from: 0


#### Mine a block so that the funding tx gets confirmed

In [9]:
node.generatetoaddress(1, address, invalid_call=False);

## Spending a p2pkh UTXO

Now that we have some funds locked up in a p2pkh utxo, we can create a transaction spending from it. Let's say we want to send 1.5 btc to the address `mkxwE7XtVYJKepoD2hbHnDjftuMQ1k6deE`.

### Decoding a base58 address

The first thing we need to do is decode the address by doing this we can achieve the following:
1 - validate the checksum to know the address was transmitted without error
2 - make sure we are sending btc on the correct network (testnet/mainnet)
3 - know what to put in the scriptPubkey

For more on addresses, refer back to the 'Addresses' chapter.

In [10]:
receiver_address = 'mkxwE7XtVYJKepoD2hbHnDjftuMQ1k6deE'
receiver_address_decoded = decode_base58(receiver_address)
# Darius - TODO: create a function in the address chapter to validate and parse addresses and use here

prefix = receiver_address_decoded[0]  
pubkey_hash = receiver_address_decoded[1:-4] 
checksum = receiver_address_decoded[-4:]
print(hex(prefix))
print(pubkey_hash.hex())
print(checksum.hex())

0x6f
3bc28d6d92d9073fb5e3adf481795eaf446bceed
ee2161b7


The first byte , in our case `6f`, tells us that this address corresponds to a p2pkh output for testnet. For more on decoding addresses, refer back to the 'Addresses' chapter.

Now we can create the receiver's output scriptPubkey:

In [11]:
receiver_spk = bytes.fromhex("76a914") + pubkey_hash + bytes.fromhex("88ac")

### Create an unsigned p2pkh transaction

The first thing we'll do is define the inputs and outputs of our transaction.

In [12]:
# Note we have already defined a few variables we need to create our transaction:
# The input utxo txid and index: `txid_to_spend` and `index_to_spend`
# The input private key and public key: `sender_privkey` and `sender_pubkey`

# Set our outputs
# Create a new pubkey to use as a change output.
change_privkey = bytes.fromhex("2222222222222222222222222222222222222222222222222222222222222222")
change_pubkey = privkey_to_pubkey(change_privkey)

# Determine our output scriptPubkeys and amounts (in satoshis)
output1_value_sat = int(float("1.5") * 100000000)
output1_spk = receiver_spk
output2_value_sat = int(float("0.5") * 100000000)
output2_spk = bytes.fromhex("76a914") + hash160(change_pubkey) + bytes.fromhex("88ac")

Now that we've defined everything we need, we can fill in the fields we need to create our unsigned transaction. What makes a transaction 'unsigned' is that the input's scriptSig, the field where the signature goes, is empty. This first step is necessary as the signature will cover the whole transaction (using SIGHASH_ALL). In a later chapter we will cover other sighash types and how they are signed.

In [13]:
# VERSION
# version '2' indicates that we may use relative timelocks (BIP68)
version = bytes.fromhex("0200 0000")

# INPUTS
# We have just 1 input
input_count = bytes.fromhex("01")

# Convert txid and index to bytes (little endian)
txid = (bytes.fromhex(txid_to_spend))[::-1]
index = index_to_spend.to_bytes(4, byteorder="little", signed=False)

# For the unsigned transaction we use an empty scriptSig
scriptsig = bytes.fromhex("")

# use 0xffffffff unless you are using OP_CHECKSEQUENCEVERIFY, locktime, or rbf
sequence = bytes.fromhex("ffff ffff")

inputs = (
    txid
    + index
    + varint_len(scriptsig)
    + scriptsig
    + sequence
)

# OUTPUTS
# 0x02 for out two outputs
output_count = bytes.fromhex("02")

# OUTPUT 1 
output1_value = output1_value_sat.to_bytes(8, byteorder="little", signed=True)
# 'output1_spk' already defined at the start of the script

# OUTPUT 2
output2_value = output2_value_sat.to_bytes(8, byteorder="little", signed=True)
# 'output2_spk' already defined at the start of the script

outputs = (
    output1_value
    + varint_len(output1_spk)
    + output1_spk
    + output2_value
    + varint_len(output2_spk)
    + output2_spk
)

# LOCKTIME
locktime = bytes.fromhex("0000 0000")

unsigned_tx = (
    version
    + input_count
    + inputs
    + output_count
    + outputs
    + locktime
)
print("unsigned_tx: ", unsigned_tx.hex())

unsigned_tx:  0200000001cfa88a5c2d977edbb1d812e313c33241a93a1a7ba3b90351c7f4bb30f3a37a790000000000ffffffff0280d1f008000000001976a9143bc28d6d92d9073fb5e3adf481795eaf446bceed88ac80f0fa02000000001976a914531260aa2a199e228c537dfa42c82bea2c7c1f4d88ac00000000


We can decode this raw transaction to inspect it and see that it has all the information we need apart from the scriptSig.

In [14]:
decoded = node.decoderawtransaction(unsigned_tx.hex())
print(json.dumps(decoded, indent=2, default=str))

{
  "txid": "eb8d3ad78d19d2f6719d85ceb840c8a7d0b0208caf674f94e96da4e319911ca8",
  "hash": "eb8d3ad78d19d2f6719d85ceb840c8a7d0b0208caf674f94e96da4e319911ca8",
  "version": 2,
  "size": 119,
  "vsize": 119,
  "weight": 476,
  "locktime": 0,
  "vin": [
    {
      "txid": "797aa3f330bbf4c75103b9a37b1a3aa94132c313e312d8b1db7e972d5c8aa8cf",
      "vout": 0,
      "scriptSig": {
        "asm": "",
        "hex": ""
      },
      "sequence": 4294967295
    }
  ],
  "vout": [
    {
      "value": "1.50000000",
      "n": 0,
      "scriptPubKey": {
        "asm": "OP_DUP OP_HASH160 3bc28d6d92d9073fb5e3adf481795eaf446bceed OP_EQUALVERIFY OP_CHECKSIG",
        "desc": "addr(mkxwE7XtVYJKepoD2hbHnDjftuMQ1k6deE)#xlnzfr97",
        "hex": "76a9143bc28d6d92d9073fb5e3adf481795eaf446bceed88ac",
        "address": "mkxwE7XtVYJKepoD2hbHnDjftuMQ1k6deE",
        "type": "pubkeyhash"
      }
    },
    {
      "value": "0.50000000",
      "n": 1,
      "scriptPubKey": {
        "asm": "OP_DUP OP_HASH160 531

Before we can sign this transaction there is one final step we need to do. We need to replace the empty scriptSig with the scriptPubkey of the input we are signing over. If we had multiple inputs, we would need to do this step for each input. We will cover signing transactions with multiple inputs in a later chapter.

Since we are spending from a p2pkh utxo, we will create the scriptPubkey in the same way as we did for the outputs, but using the sender's pubkey:

In [15]:
pk_hash = hash160(sender_pubkey)
input_spk = bytes.fromhex("76a914" + pk_hash.hex() + "88ac")

# replace the empty scriptSig with the input scriptPubkey
inputs = (
    txid
    + index
    + varint_len(input_spk)
    + input_spk
    + sequence
)

# tx hex to sign
tx_to_sign = (
    version
    + input_count
    + inputs
    + output_count
    + outputs
    + locktime
)

Now we are ready to hash this transaction and produce an ecdsa signature on it. 

Before hashing the transaction with hash256, we append the sighash flag. In this example we'll use the most commonly used SIGHASH_ALL flag, meaning the signature guarantees the input will only be used in a transaction with these exact inputs and outputs.

Note that when we append the sighash flag to the transaction, we use 4 bytes, however when we append the sighash flag to the end of the signature itself we only use 1 byte.

In [16]:
# Append the sighash flag to the transaction
sighash_flag = bytes.fromhex("0100 0000") # SIGHASH_ALL
sighash_preimage = tx_to_sign + sighash_flag

# Create sigHash to be signed
sighash = hash256(sighash_preimage)

# Sign the sigHash with the input private key
signing_key = ecdsa.SigningKey.from_string(sender_privkey, curve=ecdsa.SECP256k1) 
signature = signing_key.sign_digest(sighash, sigencode=ecdsa.util.sigencode_der_canonize)

# Append SIGHASH_ALL to the signature
signature = signature + bytes.fromhex("01")

# Signature
sig_script_signed = (
    pushbytes(signature)
    + pushbytes(sender_pubkey)
)

# tx_in with our new sigScript containing the signature we just created
inputs_signed = (
    txid
    + index
    + varint_len(sig_script_signed)
    + sig_script_signed
    + sequence
)

# the final signed transaction
signed_tx = (
    version
    + input_count
    + inputs_signed
    + output_count
    + outputs
    + locktime
)

print("signed transaction: ",signed_tx.hex())

signed transaction:  0200000001cfa88a5c2d977edbb1d812e313c33241a93a1a7ba3b90351c7f4bb30f3a37a79000000006a47304402202a8bbf3aa77db0d78da54755bfe874c723276f81ee37c548abf33a6b36d4ef59022074395760809b31ad1ef92d41341b0db784cc39ada733fa7b8492820c82b7ef0f0121034f355bdcb7cc0af728ef3cceb9615d90684bb5b2ca5f859ab0f0b704075871aaffffffff0280d1f008000000001976a9143bc28d6d92d9073fb5e3adf481795eaf446bceed88ac80f0fa02000000001976a914531260aa2a199e228c537dfa42c82bea2c7c1f4d88ac00000000


### Broadcast the transaction (on regtest mode)
If we get back a txid (32 byte hash), then it means the tx was successfully broadcast! If we just want to see if the transaction would have been accepted, but without broadcasting it, we can use the `testmempoolaccept` command (commented out).

In [17]:
new_tx_txid = node.sendrawtransaction(signed_tx.hex())
# new_tx_txid = subprocess.getoutput("bitcoin-cli -regtest testmempoolaccept " + "'[\"" +  signed_tx.hex()+ "\"]'")

print(new_tx_txid)

28f296c4cbf02d84939087ac0c8d1943d7feb7e6e641029df51cbcfa27bfc851


We can decode the serialized transaction using ```decoderawtransction```. Notice that our output addresses match the change and receiver addresses from earlier.

In [18]:
print("receiver's p2pkh address: " + receiver_address)
change_p2pkh_addr = pk_to_p2pkh(change_pubkey, network = "regtest")
print("sender's change p2pkh address: " + change_p2pkh_addr)

receiver's p2pkh address: mkxwE7XtVYJKepoD2hbHnDjftuMQ1k6deE
sender's change p2pkh address: mo6CPsdW8EsnWdmSSCrQ6225VVDtpMBTug


In [19]:
decoded = node.decoderawtransaction(signed_tx.hex())
print(json.dumps(decoded, indent=2, default=str))

{
  "txid": "28f296c4cbf02d84939087ac0c8d1943d7feb7e6e641029df51cbcfa27bfc851",
  "hash": "28f296c4cbf02d84939087ac0c8d1943d7feb7e6e641029df51cbcfa27bfc851",
  "version": 2,
  "size": 225,
  "vsize": 225,
  "weight": 900,
  "locktime": 0,
  "vin": [
    {
      "txid": "797aa3f330bbf4c75103b9a37b1a3aa94132c313e312d8b1db7e972d5c8aa8cf",
      "vout": 0,
      "scriptSig": {
        "asm": "304402202a8bbf3aa77db0d78da54755bfe874c723276f81ee37c548abf33a6b36d4ef59022074395760809b31ad1ef92d41341b0db784cc39ada733fa7b8492820c82b7ef0f[ALL] 034f355bdcb7cc0af728ef3cceb9615d90684bb5b2ca5f859ab0f0b704075871aa",
        "hex": "47304402202a8bbf3aa77db0d78da54755bfe874c723276f81ee37c548abf33a6b36d4ef59022074395760809b31ad1ef92d41341b0db784cc39ada733fa7b8492820c82b7ef0f0121034f355bdcb7cc0af728ef3cceb9615d90684bb5b2ca5f859ab0f0b704075871aa"
      },
      "sequence": 4294967295
    }
  ],
  "vout": [
    {
      "value": "1.50000000",
      "n": 0,
      "scriptPubKey": {
        "asm": "OP_DUP OP_HAS

## Quiz
- 1. When we generated our addresses using the function `pk_to_p2pkh`, we passed in an argument `"regtest"` for the network. If instead we had passed in `"mainnet"` to `pk_to_p2pkh`, what would have happened in the next step where we fund the address using `bitcoin-cli -regtest sendtoaddress`?
    - A. Nothing different would happen as the address still encodes the same pubkey hash.
    - B. `sendtoaddress` would work but with a warning that a mainnet address is being used on regtest.
    - C. `sendtoaddress` would return an error saying that the address is invalid. 
    - D. `sendtoaddress` would work but later on when we try to spend the output, our signature would be invalid.

 ## Answers
    
- 1. C : Since we pass in the `-regtest` flag when running `sendtoaddress`, bitcoind it would say the address is invalid and not send bitcoin to it. Note that there's nothing stopping a bad wallet implementation from decoding the address and ignoring the network prefix. The purpose of this prefix is to prevent users accidentally sending mainnet bitcoins instead of testnet bitcoins. 

## Exercise
Now that we have the change output with a known private key `change_privkey`, create a transaction that spends from it to two outputs. The first output should to send 0.1 btc to the address `mgiS1dSDrPunE7GvXmoS4xEfmdwWsStZc7`. The second address should send the rest to a change output with the address `mz8AXDhDMhvLs7kxwfQxvcH5GoVH6AdARZ`. Set the miner fee to 0.001 btc.

The first step will be to decode the output addresses we want to send btc to and convert them into their scriptPubkeys.

## Solution

In [20]:
# Convert the addresses to scriptPubkeys
# TODO: create a function in the address chapter to validate an address and convert to a scriptPubkey
# Use that function here
receiver_address = 'mgiS1dSDrPunE7GvXmoS4xEfmdwWsStZc7'
receiver_address_decoded = decode_base58(receiver_address)
receiver_pubkey_hash = receiver_address_decoded[1:-4] 
output1_spk = bytes.fromhex("76a914") + receiver_pubkey_hash + bytes.fromhex("88ac")

change_address = 'mz8AXDhDMhvLs7kxwfQxvcH5GoVH6AdARZ'
change_address_decoded = decode_base58(change_address)
change_pubkey_hash = change_address_decoded[1:-4] 
output2_spk = bytes.fromhex("76a914") + change_pubkey_hash + bytes.fromhex("88ac")

Now let's create an unsigned transaction. For now we will keep the scriptSig empty (`0x00`)

In [21]:
version = bytes.fromhex("0200 0000")

# INPUTS
input_count = bytes.fromhex("01")

# INPUT 1
txid_to_spend = new_tx_txid
txid = (bytes.fromhex(txid_to_spend))[::-1]
index_to_spend = 1
index = index_to_spend.to_bytes(4, byteorder="little", signed=False)
scriptsig = bytes.fromhex("00")
sequence = bytes.fromhex("ffff ffff")

inputs = (
    txid
    + index
    + varint_len(scriptsig)
    + scriptsig
    + sequence
)

# OUTPUTS
output_count = bytes.fromhex("02")

# OUTPUT 1 
output1_value_sat = int(float("0.1") * 100000000)
output1_value = output1_value_sat.to_bytes(8, byteorder="little", signed=True)

# OUTPUT 2
output2_value_sat = int(float("0.399") * 100000000) # 0.5 - 0.1 - 0.001 for the miner fee
output2_value = output2_value_sat.to_bytes(8, byteorder="little", signed=True)

outputs = (
    output1_value
    + varint_len(output1_spk)
    + output1_spk
    + output2_value
    + varint_len(output2_spk)
    + output2_spk
)

# LOCKTIME
locktime = bytes.fromhex("0000 0000")

unsigned_tx = (
    version
    + input_count
    + inputs
    + output_count
    + outputs
    + locktime
)

# print(unsigned_tx.hex())

Replace the scriptSig with the input's scriptPubkey. You can either code this yourself or take it directly from the decoded transaction. The `"hex"` field of the output we are spending from can be used directly.

In [22]:
input_spk = bytes.fromhex("76a914531260aa2a199e228c537dfa42c82bea2c7c1f4d88ac")

In [23]:
inputs = (
    txid
    + index
    + varint_len(input_spk)
    + input_spk
    + sequence
)

tx_to_sign = (
    version
    + input_count
    + inputs
    + output_count
    + outputs
    + locktime
)


# Append the sighash flag to the transaction
sighash_flag = bytes.fromhex("0100 0000") # SIGHASH_ALL
sighash_preimage = tx_to_sign + sighash_flag

# Create sigHash to be signed
sighash = hash256(sighash_preimage)

# Sign the sigHash with the input private key
signing_key = ecdsa.SigningKey.from_string(change_privkey, curve=ecdsa.SECP256k1) 
signature = signing_key.sign_digest(sighash, sigencode=ecdsa.util.sigencode_der_canonize)

# Append SIGHASH_ALL to the signature
signature = signature + bytes.fromhex("01")

# Signature
sig_script_signed = (
    pushbytes(signature)
    + pushbytes(change_pubkey)
)

# tx_in with our new sigScript containing the signature we just created
inputs_signed = (
    txid
    + index
    + varint_len(sig_script_signed)
    + sig_script_signed
    + sequence
)

# the final signed transaction
signed_tx = (
    version
    + input_count
    + inputs_signed
    + output_count
    + outputs
    + locktime
)

# print("signed transaction: ",signed_tx.hex())

In [24]:
node.sendrawtransaction(signed_tx.hex())

'c2a8d36d5630c58b8d1c1dc87009fa15d41e4f6c56d91f237f2bc3fbcdffc312'

In [25]:
# stop bitcoin core
test.shutdown()

2022-12-01T11:32:15.319000Z TestFramework (INFO): Stopping nodes
2022-12-01T11:32:15.373000Z TestFramework (INFO): Cleaning up /tmp/bitcoin_func_test_wtt1df8m on exit
2022-12-01T11:32:15.375000Z TestFramework (INFO): Tests successful
