# Practical 2: Creating an asymmetric public-private key pair 

This jupyter notebook can be downloaded and run locally with anaconda. Jupyter and anaconda should be installed in all AUT engineering and computer science labs. The benefit of using jupyter is that code snippets can be run live (python is running in the background).

A static version can be found on github at https://github.com/millecodex/COMP842/. All code can be copied and pasted into your favourite text editior or IDE and *should* run with Python 3.x.

You are encouraged to use any programming language you feel comfortable with, this is simply an example using python (and jupyter is designed for python demonstrations). AUT lab computers also have a java interpreter, and visual basic. For scientific computing you may also want to consider matlab or R.
***

Bitcoin and many other cryptocurrencies including those forked from bitcoin use elliptic curve cryptography to generate key pairs and sign transaction. Keep in mind the transactions themselves are not encrypted -- the data is public -- but private keys must be kept secure. In this tutorial we will install a cryptographic library with built-in support for symmetric, asymmetric, and signature algorithms.

***install instructions here***


### Using standard Fernet

In [1]:
from cryptography.fernet import Fernet
key = Fernet.generate_key()
print(key)

b'EyRQsMXUoQF6YDWYwNyXP4pAYDb_ZouX6XweAf_ZLzU='


Recall the `b` means its a byte object. Generate the key a second time. (Shift-Enter runs an individual cell.) Did it change? Think about using the same code to generate keys, how can we (Fernet) ensure that keys are different every time?

In [2]:
#show listing of available methods
print(dir(Fernet))

['__class__', '__delattr__', '__dict__', '__dir__', '__doc__', '__eq__', '__format__', '__ge__', '__getattribute__', '__gt__', '__hash__', '__init__', '__init_subclass__', '__le__', '__lt__', '__module__', '__ne__', '__new__', '__reduce__', '__reduce_ex__', '__repr__', '__setattr__', '__sizeof__', '__str__', '__subclasshook__', '__weakref__', '_decrypt_data', '_encrypt_from_parts', '_get_unverified_token_data', '_verify_signature', 'decrypt', 'encrypt', 'extract_timestamp', 'generate_key']


The last four methods may be useful: `decrypt, encrypt, extract_timestamp, generate_key`

Fernet can be implemented as follows:

In [3]:
cipher_suite = Fernet(key)
cipher_text = cipher_suite.encrypt(b'we attack at dawn')
print(cipher_text)
plain_text = cipher_suite.decrypt(cipher_text)
plain_text = plain_text.decode()
print('Plain Text: '+plain_text)

b'gAAAAABcjX8BciooZvIM_LJPBwlZBBQmTdo6W8ghlJHnYTrSSj2wjPxnauotAUJ9bW_YwL5Ycj53uy1b0PeVAyubgcanzOhH9RNjstDlbNzBOOpZtaw3afg='
Plain Text: we attack at dawn


Usage: The object `cipher_text` can be sent/received without worrying about end-to-end encryption or eavedroppers. The process or receiver at the other end needs the `key` generated above. Sending the key requires a *key exchange* method such as Diffie-Helmann so that it can't be intercepted.

Standard Fernet is prepackaged so that developers that can use it without needing detailed  cryptographic knowledge. It is also "safer" as you will see many warnings on the documentation page.

### Hazardous Materials
We want to generate keys that will work with the bitcoin network and so will need to dig into the workings of the library. Specifically we are looking for keys that work with the standard curve `secp256k1` which bitcoin was designed with. 

In [4]:
# backend provides access to a variety of helper methods
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
# 'ec' is elliptic curve cryptography library
from cryptography.hazmat.primitives.asymmetric import ec

In [5]:
curve = ec.SECP256K1()
print(curve)

<cryptography.hazmat.primitives.asymmetric.ec.SECP256K1 object at 0x000002176FBFB5C0>


This `curve` contains all the details from http://www.secg.org/sec2-v2.pdf including the constants necessary for point generation. They are listed here for interest. If you were developing without this library you would need to set the following parameteres:

```python
# large prime number
p = 2**256 - 2**32 - 2**9 - 2**8 - 2**7 - 2**6 - 2**4 - 1
# curve constants
a = 0
b = 7
# generator point; coordinates on the 'curve' (not really a curve)
g_x = 55066263022277343669578718895168534326250603453777594175500187360389116729240
g_y = 32670510020758816978083085130507043184471273380659243275938904335757337482424
# number of points in the field; n < p
n = 115792089237316195423570985008687907852837564279074904382605163141518161494337
h = 1
```

In [6]:
private_key = ec.generate_private_key(curve,default_backend())
print(private_key)

<cryptography.hazmat.backends.openssl.ec._EllipticCurvePrivateKey object at 0x000002176FBFB780>


This is very clearly a `...PrivateKey object` such that you can't accidentally dump the key or read it.

Once you generate a private key, you can derive the public key by calling `public_key()`

In [7]:
public_key = private_key.public_key()
print(public_key)

<cryptography.hazmat.backends.openssl.ec._EllipticCurvePublicKey object at 0x000002176FBFB8D0>


To create a bitcoin address we need the key in a form we can manipulate. 

In [8]:
# view the private key (human readable) we must invoke serialization of the key object
from cryptography.hazmat.primitives import serialization
# create a serialized version of the private key (ks)
private_ks = private_key.private_bytes(
    encoding=serialization.Encoding.PEM,
    format=serialization.PrivateFormat.TraditionalOpenSSL,
    encryption_algorithm=serialization.NoEncryption())
# this is a byte object decoded into base64
print(private_ks.decode())

-----BEGIN EC PRIVATE KEY-----
MHQCAQEEIOvK9nqB3DriGMhvdU3P9/qmPWqeWHgd1/QfivsjrobwoAcGBSuBBAAK
oUQDQgAE9Ow6Czq8vUAd42kye0+Fby+l4S7wvl4I9l78SI/ld/s9osdnGjZglzTe
SxZZRE4t9/MUjPOqQG582kN1yF4gsA==
-----END EC PRIVATE KEY-----



The key displayed above is in PEM (privacy enhanced mail) format which is a standard format for cryptographic objects like keys and signatures. In this format keys can be imported from files and exported, etc. If we were using a different scheme, say RSA, then the header tag would indicate `-----BEGIN RSA PRIVATE KEY-----`

And now the public key:

In [9]:
public_ks =public_key.public_bytes(
    serialization.Encoding.PEM,
    serialization.PublicFormat.SubjectPublicKeyInfo)
print(public_ks.decode())

-----BEGIN PUBLIC KEY-----
MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAE9Ow6Czq8vUAd42kye0+Fby+l4S7wvl4I
9l78SI/ld/s9osdnGjZglzTeSxZZRE4t9/MUjPOqQG582kN1yF4gsA==
-----END PUBLIC KEY-----



Notice that much of the public key is also part of the private key. This isn't surprising because the public key is derived from the private key. Copying and pasting the keys into a text editor can help you compare.
***
### Convert the public key to an address
Rather than use the base64 representation decoded from PEM, we will start with the point on the elliptic curve and convert this integer into a base58 address that can be used with the bitcoin network.

This process is decribed in (Masting Bitcoin by Antonopolous, 2017, pp64-70)

In [10]:
# extract the x-coordinate of the ec public key (point)
x_coord = public_key.public_numbers()._x
print(x_coord)

110781711565637980400957611350519224237757018161051441768991534100850877495291


In [11]:
# convert to hex
pub_key_hex = hex(x_coord)
print(pub_key_hex)

0xf4ec3a0b3abcbd401de369327b4f856f2fa5e12ef0be5e08f65efc488fe577fb


In [12]:
# strip the first two characters signifying hex number
pub_key_hex = pub_key_hex[2:]
print(pub_key_hex)

f4ec3a0b3abcbd401de369327b4f856f2fa5e12ef0be5e08f65efc488fe577fb


In [13]:
# append the prefix 03 indicating that the y-value was odd
# with this code, half the addresses should not validate
pub_key_hex = '03'+pub_key_hex
print(pub_key_hex)

03f4ec3a0b3abcbd401de369327b4f856f2fa5e12ef0be5e08f65efc488fe577fb


In [14]:
import hashlib
# double-hashed first as sha256, then as ripemd160 
temp = hashlib.sha256(pub_key_hex.encode())
pub_key_hash = hashlib.new('ripemd160',temp.digest()).digest()
print(pub_key_hash)

b'dI\xe0\x84jh\xe1\x1f\xe3JFz-=\xd9\xec\x81S\xb8\x82'


In [15]:
# prefix a zero byte for a bitcoin address
pub_key_hash = bytes.fromhex('00')+pub_key_hash
print(pub_key_hash)

b'\x00dI\xe0\x84jh\xe1\x1f\xe3JFz-=\xd9\xec\x81S\xb8\x82'


In [16]:
# double sha256 hash and take the first 4 bytes as a checksum
dubhash = hashlib.sha256(hashlib.sha256(pub_key_hash).digest()).digest()
checksum = dubhash[:4]
pub_key_check = pub_key_hash + checksum
print(pub_key_check)

b'\x00dI\xe0\x84jh\xe1\x1f\xe3JFz-=\xd9\xec\x81S\xb8\x82\xa5\xcc\xf7\xe8'


The final step is to convert to base58 which is a bitcoin specific encoding. A good exercise is to write your own base58 converter! Here, I'm importing one called base58. You might have to install the package.

On Windows through Jupyter try:
```python
import sys
!{sys.executable} -m pip install base58
```

In [17]:
# now convert to base58 encoding
# may have to >>> pip install base58
import base58
key_b58 = base58.b58encode(pub_key_check)
btc_address = key_b58.decode()
print(btc_address)

1A9H5FQfnGyYKYkZXXnR99HmERTRqd6GpX


Verify the address you made __[here](http://lenschulwitz.com/base58)__

## Summary

In this tutorial we have:<br>
 - used a cryptographic library to generate a symmetric key pair
 - accessed the elliptic curve module to generate a public-private key pair
 - converted an elliptic curve public point to a bitcoin address
 
What we have __not__ done is:<br>
 - investigate how private keys are generated by the system
 - verified our procedure works for all keys generated (see exercise)
 
Python libraries that this code depends on:
 - __[cryptography](https://cryptography.io/en/latest/)__
 - __[base58](https://pypi.org/project/base58/)__
 - __[hashlib](https://docs.python.org/3/library/hashlib.html)__

Elliptic Curve standards __[documentation](http://www.secg.org/sec2-v2.pdf)__

## Exercise

1. Change the code in this notebook to handle **all** generated points on the curve. This notebook assumes the x-coordinate is odd and prepends `03` to the compressed format. See figure 4.7 in Antonopolous.
2. Write a script to generate multiple addresses. Why would you need multiple addresses? 