# Introduction
This [Jupyter](https://jupyter.org/) notebook can be run using [colab.research.google.com](https://colab.research.google.com) (see [here](https://colab.research.google.com/notebooks/intro.ipynb) for an intro) or from [jupyter.org/try](https://jupyter.org/try) (select JupyterLab). Alternatively this source file can be downloaded and run locally with [Anaconda](https://docs.anaconda.com/anaconda/navigator/) or directly with Jupyter (Lab|Notebook). Jupyter and Anaconda should be installed in all AUT engineering and computer science labs. I recommend using a web-interface for portability.

The benefit of using Jupyter is that code snippets can be run live (Python is running in the background).

The version on Github is static; markdown is rendered but code cannot be executed. All code can be copied and pasted into your favourite text editor or IDE and *should* run with Python 3.x ;)

You are encouraged to use any programming language you feel comfortable with, this is simply an example using Python (and Jupyter is designed for Python demonstrations).

---

# Tutorial: Creating a Bitcoin address from an asymmetric public-private key pair 

Bitcoin and many other cryptocurrencies including those forked from Bitcoin use elliptic curve cryptography (ECC) to generate key pairs and sign transactions. Keep in mind the transactions themselves are not encrypted -- the data is public -- but private keys must be kept secure. 

In this tutorial we will use a cryptographic library with built-in support for symmetric & asymmetric schemes, and digital signature algorithms. This will allow us to generate a key pair which we will then convert into a standard Bitcoin address such as `1HLoD9E4SDFFPDiYfNYnkBLQ85Y51J3Zb1` which is an original address used by [Satoshi](https://blockchair.com/bitcoin/address/1HLoD9E4SDFFPDiYfNYnkBLQ85Y51J3Zb1).

### Precondition: Using standard Fernet

[Fernet](https://cryptography.io/en/latest/fernet/) is the name of python's cryptography package for symmetric encryption. It is also a bitter Italian liqueur. Jeff is not sure how the two are related. 

(If using `colab` see [below](#packages) regarding installing the cryptography library.)

In [1]:
from cryptography.fernet import Fernet
key = Fernet.generate_key()
print(key)

b'YuZfjzofYjAFRWOQnM_oFkrX0AccDAW_Bn339ZhB8BY='


Recall the `b'` means its a byte object. Generate the key a second time. (```Shift+Enter```) Did it change? Think about using the same code to generate keys, how can we (Fernet) ensure that keys are different every time?

In [2]:
#show a listing of available methods in the Fernet library
dir(Fernet)

['__class__',
 '__delattr__',
 '__dict__',
 '__dir__',
 '__doc__',
 '__eq__',
 '__format__',
 '__ge__',
 '__getattribute__',
 '__getstate__',
 '__gt__',
 '__hash__',
 '__init__',
 '__init_subclass__',
 '__le__',
 '__lt__',
 '__module__',
 '__ne__',
 '__new__',
 '__reduce__',
 '__reduce_ex__',
 '__repr__',
 '__setattr__',
 '__sizeof__',
 '__str__',
 '__subclasshook__',
 '__weakref__',
 '_decrypt_data',
 '_encrypt_from_parts',
 '_get_unverified_token_data',
 '_verify_signature',
 'decrypt',
 'decrypt_at_time',
 'encrypt',
 'encrypt_at_time',
 'extract_timestamp',
 'generate_key']

Four of the bottom few methods may be useful: ```decrypt, encrypt, extract_timestamp, generate_key```. (n.b. The ```..._at_time``` methods are for testing tokens that expire, for example receiving an email code that expires in ten minutes.)

Fernet can be implemented as follows:

In [3]:
#the 'suite' will be like a 'cryptography object' that we can encrypt/decrypt with
cipher_suite = Fernet(key)
cipher_text = cipher_suite.encrypt(b'we attack at dawn')
print('Plain Text: ')
print(cipher_text)

Plain Text: 
b'gAAAAABkwHql1hcmXffKv9eUNUvRs3rw70e6Qm-MHUwxkX3NDROY2yTmICBSKqAU-01H72oxnxVAiSCP303vITSqKoY3v632b1KneWiKyJrIlDiBUC6B8Bw='


this message (e.g. `gAAAAABi_C7lO5IvqnGu...`) can be sent in the open or communicated freely. Upon receipt, we may want to decrypt it into a form that contains information.

In [4]:
#when calling 'decrypt' the cipher_suite already has the 'key' we made
plain_text = cipher_suite.decrypt(cipher_text)
plain_text = plain_text.decode()
print('Plain Text: '+plain_text)

Plain Text: we attack at dawn


Usage: The object `cipher_text` can be sent/received without worrying about end-to-end encryption or eavesdroppers. The process or receiver at the other end needs the `key` generated above. Sending the key requires a *key exchange* method such as Diffie-Helmann so that it can't be intercepted. This is because it is a symmetric method of encryption; the key is used for both encryption and decryption.

Standard Fernet is prepackaged so that developers that can use it without needing detailed cryptographic knowledge. It is also "safer" (you will notice many warnings on the documentation page).

### Hazardous Materials
We want to generate keys that will work with the bitcoin network and so will need to dig into the workings of the library. Specifically we are looking for keys that work with the standard ellipic curve `secp256k1` which Bitcoin was designed for. There will be more details about this in next weeks lecture.

In [5]:
# backend provides access to a variety of helper methods
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
# 'ec' is elliptic curve cryptography library
from cryptography.hazmat.primitives.asymmetric import ec

Note that we're now in the `hazmat` section and have access to `asymmetric` functions. What does asymmetric in this context mean?

In [6]:
curve = ec.SECP256K1()
print(curve)

<cryptography.hazmat.primitives.asymmetric.ec.SECP256K1 object at 0x2739188>


This `curve` object contains all the details from http://www.secg.org/sec2-v2.pdf including the constants necessary for point generation. They are listed here for interest. If you were developing without this library (a new programming language for example) you would need to set the following parameteres:

```python
# large prime number
p = 2**256 - 2**32 - 2**9 - 2**8 - 2**7 - 2**6 - 2**4 - 1
# curve constants
a = 0
b = 7
# generator point; coordinates on the 'curve' (not really a curve)
g_x = 55066263022277343669578718895168534326250603453777594175500187360389116729240
g_y = 32670510020758816978083085130507043184471273380659243275938904335757337482424
# number of points in the field; n < p
n = 115792089237316195423570985008687907852837564279074904382605163141518161494337
h = 1
```

The curve has been loaded as `ec`, now to generate a key which is a point on the curve (x,y).

In [7]:
private_key = ec.generate_private_key(curve,default_backend())
print(private_key)

<cryptography.hazmat.backends.openssl.ec._EllipticCurvePrivateKey object at 0x26d24e8>


This is very clearly a `...PrivateKey` object such that you can't accidentally dump the key or read it. Why would this be beneficial? 

Here we have dipped into the [openSSL](https://en.wikipedia.org/wiki/OpenSSL) standards; you may be familiar with these if you have taken a networking course. SSL is secure sockets layer and in this case is a broad term for network security.

Once you generate a private key, you can derive the public key by calling `public_key()`. The Private key is always created first, then the public portion is derived from it.

In [8]:
public_key = private_key.public_key()
print(public_key)

<cryptography.hazmat.backends.openssl.ec._EllipticCurvePublicKey object at 0x26d2f60>


And next we'll look at the real human readable format.

## Bitcoin addresses

To create a Bitcoin address we need the key in a form we can manipulate (not just an object in memory). This is because the Bitcoin protocol uses a custom format for addresses.

In [9]:
# view the private key (human readable) we must invoke serialization of the key object
from cryptography.hazmat.primitives import serialization
# create a serialized version of the private key (ks)
private_ks = private_key.private_bytes(
    encoding=serialization.Encoding.PEM,
    format=serialization.PrivateFormat.TraditionalOpenSSL,
    encryption_algorithm=serialization.NoEncryption())
# this is a byte object decoded into base64
print(private_ks.decode())

-----BEGIN EC PRIVATE KEY-----
MHQCAQEEIBbo7U8tgusmhz79AbFz8ttqio/t8apv7zzbR+Q4ovk3oAcGBSuBBAAK
oUQDQgAES6OmVtMWBuTgqExzDWx+BfRzmDP6xnq8EQd9n6q/+pxnBwljeBEnGoV6
HhL0/57AySO2hHLyGXwYaeT0Fdudxw==
-----END EC PRIVATE KEY-----



The key displayed above is in PEM (privacy enhanced mail) format which is a standard format for cryptographic objects like keys and signatures. In this format keys can be imported from files and exported, etc. If we were using a different scheme, say RSA, then the header tag would indicate `-----BEGIN RSA PRIVATE KEY-----`

And now the public key:

In [10]:
public_ks =public_key.public_bytes(
    serialization.Encoding.PEM,
    serialization.PublicFormat.SubjectPublicKeyInfo)
print(public_ks.decode())

-----BEGIN PUBLIC KEY-----
MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAES6OmVtMWBuTgqExzDWx+BfRzmDP6xnq8
EQd9n6q/+pxnBwljeBEnGoV6HhL0/57AySO2hHLyGXwYaeT0Fdudxw==
-----END PUBLIC KEY-----



Notice that much of the public key is also part of the private key. This isn't surprising because the public key is derived from the private key. 

### Convert the public key to an address
Rather than use the base64 representation decoded from PEM, we will start with the point on the elliptic curve and convert this integer into a `base58` address that can be used with the bitcoin network.

This process is decribed in (*Masting Bitcoin* by Antonopolous, 2017, pp 64-70) and shown in the chart hosted [here](https://github.com/millecodex/COMP726/blob/master/img/btcAddress.PNG).



In [11]:
# extract the x-coordinate of the ec public key (point)
x_coord = public_key.public_numbers()._x
print(x_coord)

34212607745982791277712004091086608313118597540546730881716209449678418213532


This is a *verry* big number. This is what we want. This is a real point that could be used in practise; not just for demonstration.

In [12]:
# convert to hex
pub_key_hex = hex(x_coord)
print(pub_key_hex)

0x4ba3a656d31606e4e0a84c730d6c7e05f4739833fac67abc11077d9faabffa9c


In [13]:
# strip the first two characters "0x" signifying a hex number
pub_key_hex = pub_key_hex[2:]
print(pub_key_hex)

4ba3a656d31606e4e0a84c730d6c7e05f4739833fac67abc11077d9faabffa9c


In [14]:
# append the prefix 03 indicating that the y-value was odd
# with this code, half the addresses should not validate
pub_key_hex = '03'+pub_key_hex
print(pub_key_hex)

034ba3a656d31606e4e0a84c730d6c7e05f4739833fac67abc11077d9faabffa9c


Next, two hash functions are used. First `sha256` which has a 256 bit output, second as `ripemd160` which has a ...160 bit output.

In [15]:
import hashlib
# hashed first as sha256, then as ripemd160 
temp = hashlib.sha256(pub_key_hex.encode())
pub_key_hash = hashlib.new('ripemd160',temp.digest()).digest()
print(pub_key_hash)

<class 'ValueError'>: unsupported hash type ripemd160

If you get an error at this step (`ValueError: unsupported hash type ripemd160`) it is likely because you are using the web version of JupyterLab and that is using a newer version of OpenSSL. As of November 2021 OpenSSL has [discontinued](https://stackoverflow.com/questions/72409563/unsupported-hash-type-ripemd160-with-hashlib-in-python) support for `RIPEMD-160` and as such it has been removed from the `hashlib.algorithms_available` list as of early 2022.

Find the hashing algroithims available to your kernel. You may or may not see `ripemd160`.

In [16]:
hashlib.algorithms_available

{'blake2b',
 'blake2s',
 'md5',
 'sha1',
 'sha224',
 'sha256',
 'sha384',
 'sha3_224',
 'sha3_256',
 'sha3_384',
 'sha3_512',
 'sha512',
 'shake_128',
 'shake_256'}

Find out what version of OpenSSL you are using:

In [17]:
import ssl
ssl.OPENSSL_VERSION

'OpenSSL 1.1.1n  15 Mar 2022'

My output for JupyterNotebook Local:
`'OpenSSL 1.1.1k  25 Mar 2021'`

My output for JupyterLab (lite, in-browser): `'OpenSSL 1.1.1n  15 Mar 2022'`

If you do not have `ripemd160` available, switch to a local version of Jupyter (see [install docs](https://jupyterlab.readthedocs.io/en/stable/getting_started/installation.html)) to continue.

In [18]:
# prefix a zero byte for a bitcoin address
pub_key_hash = bytes.fromhex('00')+pub_key_hash
print(pub_key_hash)

<class 'NameError'>: name 'pub_key_hash' is not defined

Bitcoin base58 check encoding is pictured [here](https://github.com/millecodex/COMP726/blob/master/img/Base58check.PNG) (Antonopolous, 2017). Its not a typo, the `sha256` hash is run twice. This was a design decision and there is [debate](https://bitcoin.stackexchange.com/questions/9202/why-does-bitcoin-use-two-hash-functions-sha-256-and-ripemd-160-to-create-an-ad#9216) about the motivation behind this decision and whether it changes the security properties.

In [None]:
# double sha256 hash and take the first 4 bytes as a checksum
dubhash = hashlib.sha256(hashlib.sha256(pub_key_hash).digest()).digest()
checksum = dubhash[:4]
pub_key_check = pub_key_hash + checksum
print(pub_key_check)

The final step is to convert to base58 which is a bitcoin specific encoding. A good exercise is to write your own base58 converter! Here, I'm importing one called base58. You might have to install the package=>`!pip install base58`

And if you are using JupyterLab (lite, web-version): 
```
import piplite
await piplite.install('base58')
```

In [None]:
!pip install base58

In [None]:
# now convert to base58 encoding
# may need the base58 package to be installed
import base58
key_b58 = base58.b58encode(pub_key_check)
btc_address = key_b58.decode()
print(btc_address)

Verify the address you made [here](http://lenschulwitz.com/base58).

---
# Summary





In this tutorial we have:<br>
 - used a cryptographic library to generate a symmetric key pair
 - accessed the elliptic curve module to generate a public-private key pair
 - converted an elliptic curve public point to a bitcoin address
 
What we have __not__ done is:<br>
 - investigate how private keys are generated by the system
 - verified our procedure works for all keys generated (see exercise)
 
Python libraries that this code depends on:
 - [cryptography](https://cryptography.io/en/latest/)
 - [base58](https://pypi.org/project/base58/)
 - [hashlib](https://docs.python.org/3/library/hashlib.html)

Elliptic Curve Standards [Documentation](http://www.secg.org/sec2-v2.pdf)

---
# Exercises
1. Copy and paste the keys generated above (```private_ks``` & ```public_ks```) into a text editor to compare them. Can you think of how to compress this public/private key pair?
2. Change the code in this notebook to handle **all** generated points on the curve. This notebook assumes the x-coordinate is odd and prepends `03` to the compressed format. See figure 4.7 in Antonopolous.
3. Write a script to generate multiple addresses. Why would you need multiple addresses? Propose a method to link multiple unique addresses to the same wallet.
4. How many addresses are possible? If you write an address-generating script and leave it running, will you eventually generate everyone's bitcoin keys?

---
# <a id='install'>Local (not web) Installation of pip and libraries</a>
If running locally you may need to install some packages. *This has not been tested for 2022.*

### Install the python package installer - [PIP](https://pip.pypa.io/en/stable/installing/)

This will install pip on your local lab PC
1. Download [get-pip.py](https://bootstrap.pypa.io/get-pip.py) and save to `C:\Python37\`
2. Open a command prompt and navigate to `C:\Python37\`
3. type>> `python get-pip.py --proxy=http://cache.aut.ac.nz:3128`
4. you can now install packages using: `pip install packageName`

### Install the base58 package in Anaconda
If you are running the jupyter notebook it uses a different python interpreter found in its own install directory. This version of python already has `cryptography` installed, but you will need to add the `base58` encoder package.
1. Navigate to `C:\ProgramData\Anaconda\`
2. Type>> `python -m pip install base58 --proxy=http://cache.aut.ac.nz:3128`

---
# <a id='packages'>Installation of supporting packages in Jupyter</a>
For additional packages that aren't preloaded in the kernal try:

In [None]:
!pip install cryptography

Successful output should say:
```Successfully installed cryptography-3.0```

In [None]:
!pip install base58

```Collecting base58
  Downloading base58-2.1.0-py3-none-any.whl (5.6 kB)
Installing collected packages: base58
Successfully installed base58-2.1.0```

### Check your jupyter environment
The following may be handy to determine what's going on within jupyter
```python
import sys
print(sys.version)
print(sys.executable)
```