Here we will create a 2 of 3 multisig address P2SH (Pay to Script Hash), found it and then spend from it. 

To create 2 of 3 multisig address we need 3 public keys and we will use the following keys: 
- OP_m pubkey1 OP_n OP_n pubkey2 OP_n OP_n pubkey3 OP_n OP_n OP_n CHECKMULTISIG

Where m is the number of required signatures and n is the number of public keys



In [6]:
# lets create 3 new addresses
from bitcoinrpc.authproxy import AuthServiceProxy

rpc_user = "pawel"
rpc_password = "qqqwwweee"
rpc_port = "18332"  # Default port for Bitcoin Core RPC is 8332. Use 18332 for testnet.
rpc_connection = AuthServiceProxy(f"http://{rpc_user}:{rpc_password}@localhost:{rpc_port}")

addr1 = rpc_connection.getnewaddress('', 'legacy')
addr2 = rpc_connection.getnewaddress('', 'legacy')
addr3 = rpc_connection.getnewaddress('', 'legacy')

print(addr1)
print(addr2)
print(addr3)


mummdHktaZVtTHUKKJFpejX53jXWhyVn4p
mrfytxUqgkPQNPPMd9yMrsi5ZN7JaswZbf
muWfEiXfUYzNDmW6xGsPUar6DoepttRq2b


In [None]:
addr1 = 'mummdHktaZVtTHUKKJFpejX53jXWhyVn4p'
addr2 = 'mrfytxUqgkPQNPPMd9yMrsi5ZN7JaswZbf'
addr3 = 'muWfEiXfUYzNDmW6xGsPUar6DoepttRq2b'


the generated addresses are the following:

mummdHktaZVtTHUKKJFpejX53jXWhyVn4p
mrfytxUqgkPQNPPMd9yMrsi5ZN7JaswZbf
muWfEiXfUYzNDmW6xGsPUar6DoepttRq2b

Now we will generate receiving P2SH address in 2 different ways.
1. Manually - we will read the corresponding public keys from Bitcoin Core and create the address manually
2. Using the Bitcoin Core - we will use the addmultisigaddress command to create the address

Info: we could have created the private keys also manually, as shown P2PKH_part1 notebook, but we will use the Bitcoin Core to generate them.

In [26]:
rpc_user = "pawel"
rpc_password = "qqqwwweee"
rpc_port = "18332"  # Default port for Bitcoin Core RPC is 8332. Use 18332 for testnet.
rpc_connection = AuthServiceProxy(f"http://{rpc_user}:{rpc_password}@localhost:{rpc_port}")

pubkey1 = rpc_connection.getaddressinfo(addr1)['pubkey']
pubkey2 = rpc_connection.getaddressinfo(addr2)['pubkey']
pubkey3 = rpc_connection.getaddressinfo(addr3)['pubkey']

# calc len of pubkey and add it to the beginning of pubkey
pubkey1_len = hex(len(pubkey1)//2)[2:] + pubkey1
pubkey2_len = hex(len(pubkey2)//2)[2:] + pubkey2
pubkey3_len = hex(len(pubkey3)//2)[2:] + pubkey3
 


print(pubkey1)
print(pubkey2)
print(pubkey3)

0208de440a749d849d9536f83e521380e6fb399f6cb8cdae0d182f2fd13eda1d09
03f4c3ab04b995a1e1e543dcc3ea0ea812b00621ffb201ee30b91c43fd3c6f3ae3
03c6d5dffd49224bc9e8d3c31bbeef7638444f69c8a71b67a4fa36eeeaf7a7f56f


In [36]:
# now we can create our 2 of 3 multi-sig address
# OP_m pubkey1 OP_n OP_n pubkey2 OP_n OP_n pubkey3 OP_n OP_n OP_n CHECKMULTISIG
OP_n = '53'
OP_m = '52'
OP_CHECKMULTISIG = 'ae'

raw_multiSig_Addr = OP_m + pubkey1_len + pubkey2_len +  pubkey3_len + OP_n + OP_CHECKMULTISIG

print(raw_multiSig_Addr)

52210208de440a749d849d9536f83e521380e6fb399f6cb8cdae0d182f2fd13eda1d092103f4c3ab04b995a1e1e543dcc3ea0ea812b00621ffb201ee30b91c43fd3c6f3ae32103c6d5dffd49224bc9e8d3c31bbeef7638444f69c8a71b67a4fa36eeeaf7a7f56f53ae


In [30]:
# now we just need to hash it, add prefix for testnet and encode it to base58
# we will use this function to do it
import hashlib
import base58

def public_key_to_address(public_key, prefix):

    public_key_bytes = bytes.fromhex(public_key)
    # Perform SHA-256 hashing on the public key
    sha256_public_key = hashlib.sha256(public_key_bytes).digest()
    
    # Perform RIPEMD-160 hashing on the result of SHA-256
    ripemd160 = hashlib.new('ripemd160')
    ripemd160.update(sha256_public_key)
    
    # prefix - Adding network byte to mainnet public key (0x00 for Main Network)
    extended_ripemd160_result = prefix + ripemd160.digest()
    
    # Double SHA-256 to get checksum
    first_sha256 = hashlib.sha256(extended_ripemd160_result).digest()
    second_sha256 = hashlib.sha256(first_sha256).digest()
    
    # Adding checksum to extended RIPEMD-160 result
    final_binary_data = extended_ripemd160_result + second_sha256[:4]
    #print('final_binary_data: ', final_binary_data.hex())
    # Converting final result into a base58 string using Bitcoin's alphabet
    bitcoin_address = base58.b58encode(final_binary_data)
    return bitcoin_address.decode('utf-8')


prefix = b'\xC4' # Testnet script hash prefix
multiSig_Addr = public_key_to_address(raw_multiSig_Addr, prefix)

print(multiSig_Addr)

2N6ShAbXFdLsfX8EvewWqg5kT4ktaiTF3LN


This is the address that we created:
2N6ShAbXFdLsfX8EvewWqg5kT4ktaiTF3LN

Now lets create the same address using Bitcoin Core.
This is example of the command for console

addmultisigaddress 2 '["02349cc51f7c284efbeb0b6084aa7e3f8001eb38efb22a7d6e41d6042f05475b84", "037bbf5b4db523853ae8021f9702deda51db31a02ba3f7aadf383027a7527e8042", "029c77e41350c219b5500ad9ee04c0a1220e39b50bd36f0d27ea03bd3f32ff9a5a"]' 'mymulti' 'legacy'

In [32]:
rpc_user = "pawel"
rpc_password = "qqqwwweee"
rpc_port = "18332"  # Default port for Bitcoin Core RPC is 8332. Use 18332 for testnet.
rpc_connection = AuthServiceProxy(f"http://{rpc_user}:{rpc_password}@localhost:{rpc_port}")


required_signatures = 2
keys = [addr1, addr2, addr3]
label = 'mymulti2'
address_type = 'legacy'

multiSig_Addr_2 = rpc_connection.addmultisigaddress(required_signatures, keys, label, address_type)['address']

print(multiSig_Addr_2)

2N6ShAbXFdLsfX8EvewWqg5kT4ktaiTF3LN


So in both ways we got the same address
- 2N6ShAbXFdLsfX8EvewWqg5kT4ktaiTF3LN

Now we send 0.0048 btc to the address 2N6ShAbXFdLsfX8EvewWqg5kT4ktaiTF3LN
TX_ID
b19f125d02e2dfaf637109399a1b1cac1a5f53aa71fc0032fb30ee9add421db4

Now we will construct manually the transaction that will spend the funds from the multisig address.
It is important to note that to spend the transaction we need to reveal ALL public keys (actually unhashed script hash). So even that in case 2 of 3 multisig we need only 2 signatures, we need to reveal all 3 public keys. So every participant in creation of the multisig address should save all public keys. Otherwise if some participanta are not availble or have lost his private key/public key we will not be able to spend the funds, even if we have the required number of private keys.


One diffrence to the P2PKH transaction, is that all participants sign the same raw transaction (not like in P2PKH where the temp. ScriptSig is replaced with previous ScriptPubkey for the tx_id we are signing and all others temp. ScriptSig is empty)

I have created the new address and will try to send 0.0047 btc from our 2 of 3 multisig address to the new address.
New address:
mqNsJTu3paf47i32GxrERSuZ68p1XchrYw

The basic structure of the P2SH transaction is the same:
rawTx_toSign = (
    version             # 4 bytes: Transaction version number
    + tx_in_count      # Variable length: Number of transaction inputs
    + txid             # 32 bytes: Transaction ID of the UTXO being spent
    + vout             # 4 bytes: Index of the UTXO in the transaction
    + scriptSig_len_t   # Variable length: Length of the scriptSig
    + scriptSig_t      # Variable length: Script that provides data to satisfy the UTXO's locking script
    + sequence         # 4 bytes: Sequence number
    + tx_out_count     # Variable length: Number of transaction outputs
    + value            # 8 bytes: Amount of satoshis to send to the recipient
    + scriptPubKey_len # Variable length: Length of the scriptPubKey
    + scriptPubKey     # Variable length: Locking script specifying conditions to spend the output
    + locktime         # 4 bytes: Time or block number when the transaction becomes valid
    + sighash_type     # 4 bytes: Signature hash type (only if signing)
)

The difference to P2PKH transaction is that we replace the temp. ScriptSig with the unhashed spending script (scriptPubKey) of the multisig address:
OP_m pubkey1 OP_n OP_n pubkey2 OP_n OP_n pubkey3 OP_n OP_n OP_n CHECKMULTISIG

After we sign the raw transaction with required number of private keys it is important to put the signatures in the correct order - the signatures should be in the same order as the public keys in the spending script.


In [42]:
# lets define the variables we will need to create a raw transaction
version = '02000000'

tx_hash = 'b19f125d02e2dfaf637109399a1b1cac1a5f53aa71fc0032fb30ee9add421db4'
txid = bytes.fromhex(tx_hash)[::-1].hex()

tx_in_count = "01"

vout = "00000000"
sequence = "fdffffff"
tx_out_count = "01"
locktime = "00000000"
sig_hash = "01000000"

In [44]:
# the temp. ScriptSig for signing is the unhashed scriptPubkey with leading length

ScriptSig_t = bytes.fromhex(hex(len(raw_multiSig_Addr)//2)[2:]).hex() + raw_multiSig_Addr


In [45]:
# we want to spemd to P2PKH address so we need to create a scriptPubkey for it
# OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG
# mqNsJTu3paf47i32GxrERSuZ68p1XchrYw

SciptPubkey = '76a9146c29c323a0276150f9321b9a4bae226bdf56b90a88ac'

ScriptPubKey = bytes.fromhex(hex(len(SciptPubkey)//2)[2:]).hex() + SciptPubkey

print(ScriptPubKey)


1976a9146c29c323a0276150f9321b9a4bae226bdf56b90a88ac


In [41]:
# now lets convert 0.0047 btc that we wand to spend to satoshi
btc_value = 0.0047

# Convert BTC to satoshi (1 BTC = 100,000,000 satoshis)
satoshis = int(btc_value * 100_000_000)

# Convert to 8-byte little endian format
value = satoshis.to_bytes(8, 'little').hex().rjust(16, '0')

# Print the result
print(value)

f02b070000000000


In [55]:
# now we can create our raw transaction to sign
rawTx_toSign = (
    version             # 4 bytes: Transaction version number
    + tx_in_count      # Variable length: Number of transaction inputs
    + txid             # 32 bytes: Transaction ID of the UTXO being spent
    + vout             # 4 bytes: Index of the UTXO in the transaction   
    + ScriptSig_t      # Variable length: Script that provides data to satisfy the UTXO's locking script
    + sequence         # 4 bytes: Sequence number
    + tx_out_count     # Variable length: Number of transaction outputs
    + value            # 8 bytes: Amount of satoshis to send to the recipienty
    + ScriptPubKey     # Variable length: Locking script specifying conditions to spend the output
    + locktime         # 4 bytes: Time or block number when the transaction becomes valid
    + sig_hash     # 4 bytes: Signature hash type (only if signing)
)

print(rawTx_toSign)

# but we are signing the hash of the transaction, not the transaction itself
# so lets hash it
tx_toSign_hash = hashlib.sha256(hashlib.sha256(bytes.fromhex(rawTx_toSign)).digest()).digest().hex()

print(tx_toSign_hash)

0200000001b41d42dd9aee30fb3200fc71aa535f1aac1c1b9a39097163afdfe2025d129fb1000000006952210208de440a749d849d9536f83e521380e6fb399f6cb8cdae0d182f2fd13eda1d092103f4c3ab04b995a1e1e543dcc3ea0ea812b00621ffb201ee30b91c43fd3c6f3ae32103c6d5dffd49224bc9e8d3c31bbeef7638444f69c8a71b67a4fa36eeeaf7a7f56f53aefdffffff01f02b0700000000001976a9146c29c323a0276150f9321b9a4bae226bdf56b90a88ac0000000001000000
cb83b003ad2d06317dd9473d0e4b7ea8c4ec6f683d34ecba902e8ef9f9fbfb6a


This is the raw transaction that we will sign:
0200000001b41d42dd9aee30fb3200fc71aa535f1aac1c1b9a39097163afdfe2025d129fb1000000006952210208de440a749d849d9536f83e521380e6fb399f6cb8cdae0d182f2fd13eda1d092103f4c3ab04b995a1e1e543dcc3ea0ea812b00621ffb201ee30b91c43fd3c6f3ae32103c6d5dffd49224bc9e8d3c31bbeef7638444f69c8a71b67a4fa36eeeaf7a7f56f53aefdffffff01f02b0700000000001976a9146c29c323a0276150f9321b9a4bae226bdf56b90a88ac0000000001000000

hash:
cb83b003ad2d06317dd9473d0e4b7ea8c4ec6f683d34ecba902e8ef9f9fbfb6a

In [48]:
# before signing we need to get the private key (if we have not generated it manually) and transfrom it from WIF format to hex
from bitcoinrpc.authproxy import AuthServiceProxy
rpc_user = "pawel"
rpc_password = "qqqwwweee"
rpc_port = "18332"  # Default port for Bitcoin Core RPC is 8332. Use 18332 for testnet.
rpc_connection = AuthServiceProxy(f"http://{rpc_user}:{rpc_password}@localhost:{rpc_port}")


privKeyWIF_1 = rpc_connection.dumpprivkey(addr1)
privKeyWIF_2 = rpc_connection.dumpprivkey(addr2)

print(privKeyWIF_1)
print(privKeyWIF_2)



cPnov3M9bHJuEJrjRnm38sQFqZxESjPLno5yw71cp84tHpXFmfFi
cP698ES3fGH4vXLFjsW8EVhFX2aUfTZnLKq75HaKJ8nVVnv1d2eC


In [50]:
# lets convert it to hex
import hashlib
import base58 

def WIF_to_hex(privKeyWIF):
    # 1. Decode the WIF format using Base58
    decoded = base58.b58decode(privKeyWIF)

    # 2. Strip and validate the checksum
    extended_key = decoded[:-4]  # Strip the checksum
    checksum = decoded[-4:]

    # Verify the checksum
    if checksum != hashlib.sha256(hashlib.sha256(extended_key).digest()).digest()[:4]:
        raise ValueError("Invalid WIF checksum!")

    # 3. Remove the version byte
    extended_key = extended_key[1:]

    # 4. Check and remove the 01 byte for compressed pubKey (if present)
    if extended_key[-1] == 1:  # Checking if the last byte is 0x01
        privKey_hex = extended_key[:-1].hex()  # Removing the 01 byte
    else:
        privKey_hex = extended_key.hex()

    return privKey_hex

privKey_hex_1 = WIF_to_hex(privKeyWIF_1)
privKey_hex_2 = WIF_to_hex(privKeyWIF_2)

print(privKey_hex_1)
print(privKey_hex_2)

41e7545cda38672b73c0822c65fec8841ae196862d3b0e61b73448739850cad6
2cfb68a220534a24efa5b4085d868b48ca7625024814ce5b78488f4167a09be9


In [78]:
print(privKeyWIF_1)
print(privKeyWIF_2)

cPnov3M9bHJuEJrjRnm38sQFqZxESjPLno5yw71cp84tHpXFmfFi
cP698ES3fGH4vXLFjsW8EVhFX2aUfTZnLKq75HaKJ8nVVnv1d2eC


In [66]:
# now we can sign our raw transaction
from coincurve import PrivateKey

# signing key from private key deterministically

def signTx(rawTx_toSign_hash, privKey_hex):
    bytes_to_sign = bytes.fromhex(rawTx_toSign_hash)
    privkey = PrivateKey(bytes.fromhex(privKey_hex))
    signature = privkey.sign(bytes_to_sign, hasher=None)

    # also to signale that we used SigHash all we add 01 at the end
    signature += bytes.fromhex('01')

    scriptSig = signature.hex()
    Sig_len = hex(len(signature))[2:]
    scriptSig = Sig_len + scriptSig

    return scriptSig

scriptSig_1 = signTx(tx_toSign_hash, privKey_hex_1)
scriptSig_2 = signTx(tx_toSign_hash, privKey_hex_2)

print(scriptSig_1)
print(scriptSig_2)

483045022100996c6a8a0ea4310e32d3a1cd62a17dd9aa6d129c900d37c069d3c2fffff690af022016bfceb29ae988083d301513a3b24961231705a5594922209a1c0ea2b587ab8c01
47304402205de3046ee25788e0f72a5bd57ec6e1367ed9d807780d199300102b159ed58db202206a4c4be21bda4291f3e1921ce1469611f3171e37e92b07b195fa6fda4930c3e601


In case if the ScriptSig >= 253 bytes, we need to use follwoing format for the tx:
fd + 4 bytes length in little endian

- So our 253 bytes length should look like this:
'fd' + 'fd00'

- 2 important things to note:
1. We need to put '00' at the start of the scriptSig, because of the bug in the script execution in bitcoin core
2. If the unhashed multisig address (OP codes and public keys) is longer as 75 bytes, we need to use OP 'Push Data' - '4c'

In [86]:
# now we will build the full scriptSig which consists of the signatures and unhashed multisig address
scriptSig = '00' + scriptSig_1 + scriptSig_2 + '4c' + bytes.fromhex(hex(len(raw_multiSig_Addr)//2)[2:]).hex()  + raw_multiSig_Addr

# but we need to correctly calculate the length of the scriptSig
# bitcoin uses var length, see the function below
hex_string = hex(len(scriptSig)//2)[2:]
integer_value = int(hex_string, 16)

print(integer_value)

253


In [87]:
def int_to_varint(n):
    if n < 0xfd:
        return bytes([n])
    elif n <= 0xffff:
        return b'\xfd' + n.to_bytes(2, 'little')
    elif n <= 0xffffffff:
        return b'\xfe' + n.to_bytes(4, 'little')
    else:
        return b'\xff' + n.to_bytes(8, 'little')

number = 253
varint_representation = int_to_varint(integer_value)
print(varint_representation.hex())

fdfd00


In [89]:
scriptSig = varint_representation.hex() + scriptSig

In [90]:
# now we can create our raw transaction
# now we can create our raw transaction to sign
rawTx_toSign = (
    version             # 4 bytes: Transaction version number
    + tx_in_count      # Variable length: Number of transaction inputs
    + txid             # 32 bytes: Transaction ID of the UTXO being spent
    + vout             # 4 bytes: Index of the UTXO in the transaction   
    + scriptSig      # Variable length: Script that provides data to satisfy the UTXO's locking script
    + sequence         # 4 bytes: Sequence number
    + tx_out_count     # Variable length: Number of transaction outputs
    + value            # 8 bytes: Amount of satoshis to send to the recipienty
    + ScriptPubKey     # Variable length: Locking script specifying conditions to spend the output
    + locktime         # 4 bytes: Time or block number when the transaction becomes valid
)
print(rawTx_toSign)

0200000001b41d42dd9aee30fb3200fc71aa535f1aac1c1b9a39097163afdfe2025d129fb100000000fdfd0000483045022100996c6a8a0ea4310e32d3a1cd62a17dd9aa6d129c900d37c069d3c2fffff690af022016bfceb29ae988083d301513a3b24961231705a5594922209a1c0ea2b587ab8c0147304402205de3046ee25788e0f72a5bd57ec6e1367ed9d807780d199300102b159ed58db202206a4c4be21bda4291f3e1921ce1469611f3171e37e92b07b195fa6fda4930c3e6014c6952210208de440a749d849d9536f83e521380e6fb399f6cb8cdae0d182f2fd13eda1d092103f4c3ab04b995a1e1e543dcc3ea0ea812b00621ffb201ee30b91c43fd3c6f3ae32103c6d5dffd49224bc9e8d3c31bbeef7638444f69c8a71b67a4fa36eeeaf7a7f56f53aefdffffff01f02b0700000000001976a9146c29c323a0276150f9321b9a4bae226bdf56b90a88ac00000000


This transaction has been accepted by the network and we can see it in the blockchain:
70fd5b6ea72172ffe79844160ce245a458a247119d779394821a787b091daaa6

0200000001b41d42dd9aee30fb3200fc71aa535f1aac1c1b9a39097163afdfe2025d129fb100000000fdfd0000483045022100996c6a8a0ea4310e32d3a1cd62a17dd9aa6d129c900d37c069d3c2fffff690af022016bfceb29ae988083d301513a3b24961231705a5594922209a1c0ea2b587ab8c0147304402205de3046ee25788e0f72a5bd57ec6e1367ed9d807780d199300102b159ed58db202206a4c4be21bda4291f3e1921ce1469611f3171e37e92b07b195fa6fda4930c3e6014c6952210208de440a749d849d9536f83e521380e6fb399f6cb8cdae0d182f2fd13eda1d092103f4c3ab04b995a1e1e543dcc3ea0ea812b00621ffb201ee30b91c43fd3c6f3ae32103c6d5dffd49224bc9e8d3c31bbeef7638444f69c8a71b67a4fa36eeeaf7a7f56f53aefdffffff01f02b0700000000001976a9146c29c323a0276150f9321b9a4bae226bdf56b90a88ac00000000