# PROGRAMMING BITCOIN FROM SCRATCH


These are my notes from the book, Programming Bitcoin from scratch by O'Reilly Publication.

Contents:
1. [Groups and Fields](#groups-fields)
2. [Finite Fields](#finite-fields)
  * [Finite Sets](#finite-sets) 
  * [Constructing a Finite Field in Python](#finite-field-python)
  * [Modulo Arithmetic](#modulo-arithmetic)
  * [Fermat's Little Theorem](#fermats-theorem)
3. [Elliptic Curves](#elliptic-curves)
  * [Definition](#el-def)


<a name="groups-fields"></a>

## Groups and Fields




<a name="finite-fields"></a>
## Finite Fields

```
Finite Fields are also called Galois Fields
```

Mathematically, a **finite field** is defined as a **finite set of numbers** and two operations +
(addition) and ⋅ (multiplication) that satisfy the following:
1. If a and b are in the set, a + b and a ⋅ b are in the set. **We call this property closed**.
2. 0 exists and has the property a + 0 = a. We call this the **additive identity**.
3. 1 exists and has the property a ⋅ 1 = a. We call this the **multiplicative identity**.
4. If a is in the set, –a is in the set, which is defined as the value that makes a + (–a)
= 0. This is what we call the **additive inverse**. Using the Additive Inverse, one can define Subtraction.
5. If a is in the set and is not 0, a<sup>–1</sup> is in the set, which is defined as the value that
makes a ⋅ a<sup>–1</sup> = 1. This is what we call the **multiplicative inverse**. Using the Multiplicative Inverse one can define Division.




<a name="finite-sets"></a>
### Finite Sets

Mathematically, a Finite Field Set of order p can be represented as:
>F<sub>p</sub> = {0,1,2,... p-1}
where the order of the set refers to the size of the set F<sub>p</sub>

```
Fields must have an order that is a power of a prime.
```





<a name="finite-field-python"></a>
#### Constructing a Finite Field in Python


In [None]:
class FieldElement:
  num : int = None
  prime : int = None

  def __init__(self, num : int, prime : int):
    if (num>=prime) or (num<0) :
      error = 'Number {} entered is not in the field range of 0 to {}'.format(num,prime-1)
      raise ValueError(error)
    
    self.num = num
    self.prime = prime
  
  def __repr__(self) -> str:
    return 'FieldElement_{}({})'.format(self.prime,self.num)
  
  def __eq__(self, other) -> bool:
    if other is None:
      return False
    return self.num == other.num and self.prime == other.prime
  
  def __ne__(self, other) -> bool:
    if other is None or type(other) is not FieldElement:
      return False
    return self.num != other.num and self.prime != other.prime

<a name="modulo-arithmetic"></a>

#### Modulo Arithmetic

Modulo Arithmetic of any element **a** by element **b** where a, b belong to the same finite field yields the remainder in the process of division of a by b.

>a%b = a **mod** (b)

>a ≡  n **mod**(b)




#### Finite Field Addition, Subtraction, Multiplication & Division

The Arithmetic Operation of a Finite Field must have modular properties. It is due to the Modular property, the Finite Fields are closed under these operations.

Let us say we have a finite field of order 7,
f<sub>7</sub> = {0,1,2,3,4,5,6}.

Let us operate on 5 and 6:
> **5 + 6 = 11**

But 11 is not in F<sub>7</sub>
> **5 x 6 = 30**

But 30 is not in F<sub>7</sub>
> **5 - 6 = -1**

But -1 is not in F<sub>7</sub>


But we have asserted that the Finite Field is closed under all these operations. To make this possible, we combine the modulo with these operations.


a **o** b = (a **o** b) **mod** p
where **p** is the order of the Finite Field 


Let us operate on 5 and 6:
> **5 + 6 = 11%7 = 4**

> **5 x 6 = 30%7 = 2**

> **5 - 6 = -1%7 = 6**

4, 2, 6 are present in F<sub>7</sub>

We can write a **o** b = (a **o** b) **mod** p in a contracted form using the following notation:

> a **o<sub>f</sub>** b = (a **o** b)**%**p





In [None]:
class FieldElement:
  num : int = None
  prime : int = None

  def __init__(self, num : int, prime : int):
    if (num>=prime) or (num<0) :
      error = 'Number {} entered is not in the field range of 0 to {}'.format(num,prime-1)
      raise ValueError(error)
    
    self.num = num
    self.prime = prime
  
  def __repr__(self) -> str:
    return 'FieldElement_{}({})'.format(self.prime,self.num)
  
  def __eq__(self, other) -> bool:
    if other is None:
      return False
    return self.num == other.num and self.prime == other.prime
  
  def __ne__(self, other) -> bool:
    if other is None or type(other) is not FieldElement:
      return False
    return self.num != other.num and self.prime != other.prime
  
  def __add__(self, other):
    if other is None or type(other) is not self.__class__:
      error = "{} is not an element of type Finite Field".format(other)
      raise TypeError(error)
    
    elif other.prime != self.prime:
      error = "{} does not belong to the Field of {}".format(other.num,self.num)
      raise TypeError(error)
    
    mod_sum = (self.num+other.num)%self.prime 
    return self.__class__(mod_sum,self.prime)
  
  def __sub__(self, other):
    if other is None or type(other) is not self.__class__:
      error = "{} is not an element of type Finite Field".format(other)
      raise TypeError(error)
    
    elif other.prime != self.prime:
      error = "{} does not belong to the Field of {}".format(other.num,self.num)
      raise TypeError(error)
    
    mod_difference = (self.prime + self.num-other.num)%self.prime 
    return self.__class__(mod_difference,self.prime)

  def __mul__(self, other):
    if other is None or type(other) is not self.__class__:
      error = "{} is not an element of type Finite Field".format(other)
      raise TypeError(error)
    
    elif other.prime != self.prime:
      error = "{} does not belong to the Field of {}".format(other.num,self.num)
      raise TypeError(error)
    
    mod_prod = (self.num*other.num)%self.prime 
    return self.__class__(mod_prod,self.prime)
  
  def __pow__(self, exponent):
    mod_power = pow(self.num,exponent,self.prime)
    return self.__class__(mod_power,self.prime)

#### Test Examples

In [None]:
a = FieldElement(7, 13)
b = FieldElement(12, 13)
c = FieldElement(6, 13)
print(a+b==c)

True


In [None]:
a = FieldElement(3, 13)
b = FieldElement(12, 13)
c = FieldElement(10, 13)
print(a*b==c)

True


In [None]:
a = FieldElement(3, 13)
b = FieldElement(1, 13)
print(a**3==b)

True


In [None]:
a = FieldElement(12,97)
b = FieldElement(77,97)
a**7*b**49

FieldElement_97(63)

#### Question

For k = 1, 3, 7, 13, 18, what is this set in $F_{19}$?

{*k⋅0, k⋅1, k⋅2, k⋅3, ... k⋅18*}

Do you notice anything about these sets?

In [None]:
def get_field_k(k):
  Field_19 = []
  k = FieldElement(k,19)
  for _ in range(19):
    element = FieldElement(_,19)
    product = element*k
    Field_19.append(product.num)
  Field_19.sort()
  print("For {} we have the following Field {}".format(k,Field_19))

for _ in range(19):
  get_field_k(_)

For FieldElement_19(0) we have the following Field [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
For FieldElement_19(1) we have the following Field [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18]
For FieldElement_19(2) we have the following Field [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18]
For FieldElement_19(3) we have the following Field [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18]
For FieldElement_19(4) we have the following Field [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18]
For FieldElement_19(5) we have the following Field [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18]
For FieldElement_19(6) we have the following Field [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18]
For FieldElement_19(7) we have the following Field [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18]
For FieldElement_19(8) we have the following Field [0, 1, 2, 3, 4

In [None]:
# Change the order to a composite number

def get_field_k(k):
  Field_20 = []
  k = FieldElement(k,20)
  for _ in range(20):
    element = FieldElement(_,20)
    product = element*k
    Field_20.append(product.num)
  Field_20.sort()
  print("For {} we have the following Field {}".format(k,Field_20))

for _ in range(20):
  get_field_k(_)

For FieldElement_20(0) we have the following Field [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
For FieldElement_20(1) we have the following Field [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19]
For FieldElement_20(2) we have the following Field [0, 0, 2, 2, 4, 4, 6, 6, 8, 8, 10, 10, 12, 12, 14, 14, 16, 16, 18, 18]
For FieldElement_20(3) we have the following Field [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19]
For FieldElement_20(4) we have the following Field [0, 0, 0, 0, 4, 4, 4, 4, 8, 8, 8, 8, 12, 12, 12, 12, 16, 16, 16, 16]
For FieldElement_20(5) we have the following Field [0, 0, 0, 0, 0, 5, 5, 5, 5, 5, 10, 10, 10, 10, 10, 15, 15, 15, 15, 15]
For FieldElement_20(6) we have the following Field [0, 0, 2, 2, 4, 4, 6, 6, 8, 8, 10, 10, 12, 12, 14, 14, 16, 16, 18, 18]
For FieldElement_20(7) we have the following Field [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19]
For FieldElement_20(8) we have the f

>No matter what k you choose, as long as it’s greater than 0, multiplying the entire set by k will result in the same set as you started with. 

>`Intuitively, the fact that we have a prime order results in every 
element of a finite field being equivalent. If the order of the set was 
a composite number, multiplying the set by one of the divisors would result in a smaller set.`

#### Question

For p = 7, 11, 17, 31, what is this set in F<sub>p</sub> ?

{*1<sup>(p – 1)</sup> , 2<sup>(p – 1)</sup> , 3<sup>(p – 1)</sup> , 4<sup>(p – 1)</sup> , ... (p – 1)<sup>(p – 1)</sup>*}

In [None]:
def get_field_k(prime):
  Field = []
  p = prime - 1
  for _ in range(prime):
    element = FieldElement(_,prime)    
    result = element**p
    Field.append(result.num)
  Field.sort()
  print("For {} we have the following Field {}".format(prime,Field))

p = [7,8,11,14,17,24,31]

for _ in p:
  get_field_k(_)

For 7 we have the following Field [0, 1, 1, 1, 1, 1, 1]
For 8 we have the following Field [0, 0, 0, 0, 1, 3, 5, 7]
For 11 we have the following Field [0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1]
For 14 we have the following Field [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13]
For 17 we have the following Field [0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1]
For 24 we have the following Field [0, 0, 0, 0, 1, 3, 5, 7, 8, 8, 8, 8, 9, 11, 13, 15, 16, 16, 16, 16, 17, 19, 21, 23]
For 31 we have the following Field [0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1]


n<sup>(p–1)</sup> is always 1 for every p that is prime
and every n > 0

<a name="fermats-theorem"></a>

#### Fermat's Little Theorem

Given a Prime Field F<sub>p</sub>, No matter what k you choose, as long as it’s greater than 0, multiplying the entire set by k will result in the same set as you started with.

{1, 2, 3, ... p–2, p–1} = {k % p, 2k % p, 3k % p, ...,(p–2)k % p, (p–1)k % p }

Multiplying all the elements together will also result in an element that belongs to the same field

1.2.3. ... (p–2).(p–1) = (k % p).(2k % p).(3k % p). ...,((p–2)k % p).((p–1)k % p)

(p-1)! = k<sup>p-1</sup>(p-1)!%p

1 = k<sup>p-1</sup>%p



Division is the inverse of multiplication, we know:
a/b = a⋅<sub>f</sub>(1/b) = a⋅<sub>f</sub>b<sup>-1</sup>
We can reduce the division problem to a multiplication problem as long as we can figure out what b<sup>–1</sup> is. This is where Fermat’s little theorem comes into play. We know:
b<sup>p-1</sup> = 1
because p is prime. Thus:
b<sup>-1</sup>= b<sup>-1</sup>⋅<sub>f</sub>1

b<sup>-1</sup>⋅<sub>f</sub>1=b<sup>-1</sup>⋅<sub>f</sub>b<sup>p-1</sup>  

b<sup>-1</sup>⋅<sub>f</sub>b<sup>p-1</sup>  = b<sup>p-2</sup>

or:

b<sup>-1</sup> = b<sup>p-2</sup>

**Updating the True Division Method**

In [None]:
class FieldElement:
  num : int = None
  prime : int = None

  def __init__(self, num : int, prime : int):
    if (num>=prime) or (num<0) :
      error = 'Number {} entered is not in the field range of 0 to {}'.format(num,prime-1)
      raise ValueError(error)
    
    self.num = num
    self.prime = prime
  
  def __repr__(self) -> str:
    return 'FieldElement_{}({})'.format(self.prime,self.num)
  
  def check_field(self,element):
    if element is None or type(element) is not self.__class__:
      error = "{} is not an element of type Finite Field".format(element)
      raise TypeError(error)
    
    elif element.prime != self.prime:
      error = "{} does not belong to the Field of {}".format(element.num,self.prime)
      raise TypeError(error)
    
  def __eq__(self, other) -> bool:
    if other is None:
      return False
    return self.num == other.num and self.prime == other.prime
  
  def __ne__(self, other) -> bool:
    if other is None or type(other) is not FieldElement:
      return False
    return self.num != other.num and self.prime != other.prime
  
  def __add__(self, other):
    self.check_field(other)
    mod_sum = (self.num+other.num)%self.prime 
    return self.__class__(mod_sum,self.prime)
  
  def __sub__(self, other):
    self.check_field(other)    
    mod_difference = (self.prime + self.num-other.num)%self.prime 
    return self.__class__(mod_difference,self.prime)

  def __mul__(self, other):
    self.check_field(other)
    mod_prod = (self.num*other.num)%self.prime 
    return self.__class__(mod_prod,self.prime)
  
  def __pow__(self, exponent):
    mod_power = pow(self.num,exponent,self.prime)
    return self.__class__(mod_power,self.prime)
  
  def __truediv__(self, other):
    self.check_field(other)
    other = pow(other.num,self.prime-2,self.prime)
    other = self.__class__(other,self.prime)
    mod_division = (self.num*other.num)%self.prime 
    return self.__class__(mod_division,self.prime)

**Updating the Power Method to take negative powers**

In [None]:
class FieldElement:
  num : int = None
  prime : int = None

  def __init__(self, num : int, prime : int):
    if (num>=prime) or (num<0) :
      error = 'Number {} entered is not in the field range of 0 to {}'.format(num,prime-1)
      raise ValueError(error)
    
    self.num = num
    self.prime = prime
  
  def __repr__(self) -> str:
    return 'FieldElement_{}({})'.format(self.prime,self.num)
  
  def check_field(self,element):
    if element is None or type(element) is not self.__class__:
      error = "{} is not an element of type Finite Field".format(element)
      raise TypeError(error)
    
    elif element.prime != self.prime:
      error = "{} does not belong to the Field of {}".format(element.num,self.prime)
      raise TypeError(error)
    
  def __eq__(self, other) -> bool:
    if other is None:
      return False
    return self.num == other.num and self.prime == other.prime
  
  def __ne__(self, other) -> bool:
    if other is None or type(other) is not FieldElement:
      return False
    return self.num != other.num and self.prime != other.prime
  
  def __add__(self, other):
    self.check_field(other)
    mod_sum = (self.num+other.num)%self.prime 
    return self.__class__(mod_sum,self.prime)
  
  def __sub__(self, other):
    self.check_field(other)    
    mod_difference = (self.prime + self.num-other.num)%self.prime 
    return self.__class__(mod_difference,self.prime)

  def __mul__(self, other):
    self.check_field(other)
    mod_prod = (self.num*other.num)%self.prime 
    return self.__class__(mod_prod,self.prime)
  
  def __pow__(self, exponent):
    """
    Added the Exponentiation for negative powers
    """
    exponent = exponent % (self.prime - 1)
    mod_power = pow(self.num,exponent,self.prime)
    return self.__class__(mod_power,self.prime)
  
  def __truediv__(self, other):
    self.check_field(other)
    other = pow(other.num,self.prime-2,self.prime)
    other = self.__class__(other,self.prime)
    mod_division = (self.num*other.num)%self.prime 
    return self.__class__(mod_division,self.prime)

<a name="elliptic-curves"></a>

## Elliptic Curves 

These are a family of curves having the following form

\begin{equation}
  y^2 = x^3 + ax +b
\end{equation}


Another way to look at this would be

\begin{equation}
y = \pm\sqrt{x^3 + ax + b}
\end{equation}

1. $y^2$ makes this function symmetric wrt x axis.
2. This function cannot work for certain values of a and b and cannot be defined for certain values of $x$ too.
3. For $x, a$ and $b$ there are 8 possible combinations of the values they can take.

x|a|b
-|-|-
+ve|+ve|+ve
+ve|+ve|-ve
+ve|-ve|+ve
+ve|-ve|-ve
-ve|+ve|+ve
-ve|+ve|-ve
-ve|-ve|+ve
-ve|-ve|-ve

![alt text](https://cdn.arstechnica.net/wp-content/uploads/2013/10/elliptic-curve-crypt-image00.png)

Let us define the class Point to be a point on a specific curve.

In [19]:
class Point:

  def __init__(self, x:float, y:float, a:float, b:float):
    if pow(y,2) != pow(x,3) + a*x + b :
      error = "Point ({},{}) does not lie on the curve y^2 = x^3 + {}x + {}".format(x,y,a,b)
      print(error)
    else:
      print("Point ({},{}) lies on the curve y^2 = x^3 + {}x + {}".format(x,y,a,b))
      self.x = x
      self.y = y
      self.a = a
      self.b = b
  
  def __repr__(self)->str:
    return "Point({},{})_(a={},b={})".format(self.x,self.y,self.a,self.b)


  def __eq__(self, other)->bool:
    return self.x == other.x and self.y == other.y and self.a == other.a and self.b == other.b
    
  def __ne__(self,other)->bool:
    return self.x != other.x or self.y != other.y or self.a != other.a or self.b != other.b

In [20]:
# Test whether the given points are on the curve y^2 = x^3 + 5x + 7
a = 5
b = 7
points = [(2,4),(-1,-1),(18,77),(5,7)]

for (x,y) in points:
  p = Point(x,y,a,b)

Point (2,4) does not lie on the curve y^2 = x^3 + 5x + 7
Point (-1,-1) lies on the curve y^2 = x^3 + 5x + 7
Point (18,77) lies on the curve y^2 = x^3 + 5x + 7
Point (5,7) does not lie on the curve y^2 = x^3 + 5x + 7


In [21]:
class Point:

  def __init__(self, x:float, y:float, a:float, b:float):
    if pow(y,2) != pow(x,3) + a*x + b :
      error = "Point ({},{}) does not lie on the curve y^2 = x^3 + {}x + {}".format(x,y,a,b)
      raise ValueError(error)
    else:
      print("Point ({},{}) lies on the curve y^2 = x^3 + {}x + {}".format(x,y,a,b))
      self.x = x
      self.y = y
      self.a = a
      self.b = b
  
  def __repr__(self)->str:
    return "Point({},{})_(a={},b={})".format(self.x,self.y,self.a,self.b)


  def __eq__(self, other)->bool:
    return self.x == other.x and self.y == other.y and self.a == other.a and self.b == other.b
    
  def __ne__(self,other)->bool:
    return self.x != other.x or self.y != other.y or self.a != other.a or self.b != other.b

Elliptic curves are useful because of something called point addition. Point addition is where we can do an operation on two of the points on the curve and get a third point,also on the curve