# Keys & Addresses — Python Teaching Notebook

Use this notebook to demonstrate Bitcoin & Ethereum keys, addresses, and checksums. Each section has short, runnable examples you can live‑code while teaching.

**Note:** A few cells use external libraries. If running in a fresh env, run the install cell first.

In [None]:
# Optional: install dependencies if needed
# Uncomment the next lines if you don't already have these packages installed in your environment.
# %pip install ecdsa eth-utils eth-keys 'eth-hash[pycryptodome]'

## Table of Contents
1. [Base58 & Base58Check (pure‑Python)](#base58)
2. [secp256k1 keys, ECDSA, and WIF](#secp256k1)
3. [Bitcoin P2PKH (legacy `1…`) address](#p2pkh)
4. [Bitcoin P2SH (`3…`) from a redeem script](#p2sh)
5. [Bech32 (SegWit v0) P2WPKH `bc1…`](#bech32)
6. [Bech32m (v1+, e.g., Taproot)](#bech32m)
7. [Ethereum: Keccak‑256, address derivation, EIP‑55](#ethereum)
8. [EIP‑55 checksum (pure‑Python)](#eip55)
9. [SHA‑256 vs Keccak‑256 quick compare](#hashcompare)
10. [Checksum demo: error detection](#checksumdemo)


## 1) Base58 & Base58Check (pure‑Python) <a id='base58'></a>
Why Base58 avoids confusing characters; how Base58Check uses a 4‑byte double‑SHA‑256 checksum to catch typos.

In [2]:
import hashlib

ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz'

def b58encode(b: bytes) -> str:
    n_zeros = len(b) - len(b.lstrip(b'\x00'))
    num = int.from_bytes(b, 'big')
    s = ''
    while num:
        num, rem = divmod(num, 58)
        s = ALPHABET[rem] + s
    return '1' * n_zeros + s

def b58decode(s: str) -> bytes:
    num = 0
    for ch in s:
        num = num * 58 + ALPHABET.index(ch)
    full = num.to_bytes((num.bit_length() + 7) // 8, 'big') or b'\x00'
    n_zeros = len(s) - len(s.lstrip('1'))
    return b'\x00' * n_zeros + full

def base58check_encode(version_byte: bytes, payload: bytes) -> str:
    data = version_byte + payload
    checksum = hashlib.sha256(hashlib.sha256(data).digest()).digest()[:4]
    return b58encode(data + checksum)

def base58check_decode(s: str) -> tuple[bytes, bytes]:
    raw = b58decode(s)
    data, checksum = raw[:-4], raw[-4:]
    calc = hashlib.sha256(hashlib.sha256(data).digest()).digest()[:4]
    if calc != checksum:
        raise ValueError('Bad Base58Check checksum')
    return data[0:1], data[1:]

# Demo
v, payload = b'\x00', bytes.fromhex('00112233445566778899aabbccddeeff00112233')
addr = base58check_encode(v, payload)
print('Base58Check:', addr)
print('Decoded:', base58check_decode(addr))

Base58Check: 11MXTrefsj1ZS3Q5e9D6DxGzZKHWALyo9
Decoded: (b'\x00', b'\x00\x11"3DUfw\x88\x99\xaa\xbb\xcc\xdd\xee\xff\x00\x11"3')


## 2) secp256k1 keys, ECDSA sign/verify, and WIF <a id='secp256k1'></a>
Deterministic ECDSA (RFC 6979), compressed vs uncompressed pubkeys, WIF encoding.

In [3]:
from ecdsa import SigningKey, SECP256k1
import os, hashlib

# Private key & ECDSA keypair
priv_key_bytes = os.urandom(32)
sk = SigningKey.from_string(priv_key_bytes, curve=SECP256k1)
vk = sk.verifying_key

# Uncompressed & compressed public keys
x = vk.pubkey.point.x(); y = vk.pubkey.point.y()
x_bytes = x.to_bytes(32, 'big'); y_bytes = y.to_bytes(32, 'big')
uncompressed_pub = b'\x04' + x_bytes + y_bytes
prefix = b'\x02' if (y % 2 == 0) else b'\x03'
compressed_pub = prefix + x_bytes

print('Priv (hex):', priv_key_bytes.hex())
print('Pub (uncompressed):', uncompressed_pub.hex())
print('Pub (compressed):', compressed_pub.hex())

# WIF using Base58Check from section 1
def wif_from_privkey(priv: bytes, compressed=True, mainnet=True):
    version = b'\x80' if mainnet else b'\xEF'
    payload = priv + (b'\x01' if compressed else b'')
    return base58check_encode(version, payload)

wif = wif_from_privkey(priv_key_bytes, compressed=True, mainnet=True)
print('WIF:', wif)

# ECDSA sign/verify demo (deterministic k)
msg = b'bitcoin is built on signatures'
msg_hash = hashlib.sha256(msg).digest()
sig = sk.sign_deterministic(msg_hash)
print('Signature (DER):', sig.hex())
print('Verify OK?:', vk.verify(sig, msg_hash))

Priv (hex): 101dc067fff9e5b0ff3773f85226057c4951e33a0c6892a7f6d098e602ea5f1e
Pub (uncompressed): 041eed5cf57a51285df0928abd2660945327fafac65ab50e22015057878b96c69206b379ffb39ed5429abaf289fb28392b02a4c40fc3ce4a0d51e4d1b44d34afd4
Pub (compressed): 021eed5cf57a51285df0928abd2660945327fafac65ab50e22015057878b96c692
WIF: Kwm3CSmRWXZt46o886JFXfav2xcWKtGUVR3WmTJ5CxLpufMWLa8h
Signature (DER): 1e8b3c85a1baf4f86ae4d5a48cf388f0daf5533dbf54ef0c96b85ccfc3397226819c8ffc61677ca494b433f0b28bffea52144936aa10b3c09683802c0b1ea364
Verify OK?: True


## 3) Bitcoin P2PKH (legacy `1…`) address <a id='p2pkh'></a>
`address = Base58Check(version=0x00, payload=HASH160(pubkey))`.

In [None]:
import hashlib

def hash160(b: bytes) -> bytes:
    return hashlib.new('ripemd160', hashlib.sha256(b).digest()).digest()

def p2pkh_address_from_pubkey(pubkey_bytes: bytes, mainnet=True) -> str:
    vh160 = (b'\x00' if mainnet else b'\x6F') + hash160(pubkey_bytes)
    return base58check_encode(vh160[:1], vh160[1:])

addr_legacy = p2pkh_address_from_pubkey(compressed_pub, mainnet=True)
print('P2PKH (legacy) address:', addr_legacy)

## 4) Bitcoin P2SH (`3…`) from a redeem script <a id='p2sh'></a>
`address = Base58Check(version=0x05, payload=HASH160(redeem_script))`. Useful for multisig & custom scripts.

In [None]:
from binascii import unhexlify
import os

def push(data: bytes) -> bytes:
    return bytes([len(data)]) + data

# Example 2-of-3 multisig redeem script (illustrative; not production encoding)
pubkeys = [compressed_pub, os.urandom(33), os.urandom(33)]
redeem_script = b'\x52' + b''.join(push(pk) for pk in pubkeys) + b'\x53' + b'\xae'
sh = hash160(redeem_script)
version = b'\x05'
p2sh_addr = base58check_encode(version, sh)
print('P2SH address:', p2sh_addr)

## 5) Bech32 (SegWit v0) P2WPKH `bc1…` <a id='bech32'></a>
Encodes `OP_0 <20-byte HASH160(pubkey)>` using Bech32 (BIP‑0173).

In [None]:
CHARSET = 'qpzry9x8gf2tvdw0s3jn54khce6mua7l'

def bech32_polymod(values):
    GEN = [0x3b6a57b2,0x26508e6d,0x1ea119fa,0x3d4233dd,0x2a1462b3]
    chk = 1
    for v in values:
        b = (chk >> 25) & 0xff
        chk = ((chk & 0x1ffffff) << 5) ^ v
        for i in range(5):
            chk ^= GEN[i] if ((b >> i) & 1) else 0
    return chk

def bech32_hrp_expand(hrp):
    return [ord(x) >> 5 for x in hrp] + [0] + [ord(x) & 31 for x in hrp]

def bech32_create_checksum(hrp, data):
    values = bech32_hrp_expand(hrp) + data
    polymod = bech32_polymod(values + [0,0,0,0,0,0]) ^ 1
    return [(polymod >> 5*(5-i)) & 31 for i in range(6)]

def bech32_encode(hrp, data):
    combined = data + bech32_create_checksum(hrp, data)
    return hrp + '1' + ''.join(CHARSET[d] for d in combined)

def convertbits(data, frombits, tobits, pad=True):
    acc = 0; bits = 0; ret = []
    maxv = (1 << tobits) - 1
    for value in data:
        if value < 0 or (value >> frombits): return None
        acc = (acc << frombits) | value
        bits += frombits
        while bits >= tobits:
            bits -= tobits
            ret.append((acc >> bits) & maxv)
    if pad and bits:
        ret.append((acc << (tobits - bits)) & maxv)
    elif bits >= frombits or ((acc << (tobits - bits)) & maxv):
        return None
    return ret

def hash160(b: bytes) -> bytes:
    import hashlib
    return hashlib.new('ripemd160', hashlib.sha256(b).digest()).digest()

def p2wpkh_address(pubkey_bytes: bytes, hrp: str = 'bc') -> str:
    h160 = hash160(pubkey_bytes)
    data = [0] + convertbits(h160, 8, 5)
    return bech32_encode(hrp, data)

bech32_addr = p2wpkh_address(compressed_pub, 'bc')
print('Bech32 P2WPKH:', bech32_addr)

## 6) Bech32m (v1+, e.g., Taproot) <a id='bech32m'></a>
Bech32m changes the checksum constant (BIP‑350) and is required for witness versions ≥ 1.

In [None]:
def bech32m_create_checksum(hrp, data):
    values = bech32_hrp_expand(hrp) + data
    polymod = bech32_polymod(values + [0,0,0,0,0,0]) ^ 0x2bc830a3
    return [(polymod >> 5*(5-i)) & 31 for i in range(6)]

def bech32m_encode(hrp, data):
    combined = data + bech32m_create_checksum(hrp, data)
    return hrp + '1' + ''.join(CHARSET[d] for d in combined)

import os
taproot_program = os.urandom(32)  # illustrative 32‑byte witness program
data = [1] + convertbits(taproot_program, 8, 5)
print('Bech32m (v1+):', bech32m_encode('bc', data))

## 7) Ethereum: Keccak‑256, EOA address derivation, and EIP‑55 <a id='ethereum'></a>
Ethereum uses Keccak‑256 (not FIPS SHA‑3) over the 64‑byte uncompressed pubkey; address is the last 20 bytes; EIP‑55 adds mixed‑case checksum.

In [None]:
from eth_keys import keys
from eth_utils import keccak, to_checksum_address
import os

eth_priv = os.urandom(32)
eth_sk = keys.PrivateKey(eth_priv)
eth_vk = eth_sk.public_key
uncompressed_64 = eth_vk.to_bytes()  # 64 bytes X||Y
eth_addr_bytes = keccak(uncompressed_64)[-20:]
eth_addr_hex = '0x' + eth_addr_bytes.hex()
print('Raw address (no checksum):', eth_addr_hex)
eth_addr_eip55 = to_checksum_address(eth_addr_hex)
print('EIP-55 address:', eth_addr_eip55)

message = b'hello ethereum'
msg_hash = keccak(message)
signature = eth_sk.sign_msg_hash(msg_hash)
print('Signature (r||s||v):', signature.to_bytes().hex())
print('Verify OK?:', eth_vk.verify_msg_hash(msg_hash, signature))

## 8) EIP‑55 checksum (pure‑Python helper) <a id='eip55'></a>

In [None]:
from eth_utils import keccak

def to_eip55(addr_hex_no_0x: str) -> str:
    addr = addr_hex_no_0x.lower()
    hash_hex = keccak(addr.encode()).hex()
    checksummed = ''.join(
        ch.upper() if ch in 'abcdef' and int(hash_hex[i], 16) >= 8 else ch
        for i, ch in enumerate(addr)
    )
    return '0x' + checksummed

# Example:
print(to_eip55('a0b86991c6218b36c1d19d4a2e9eb0ce3606eb48'))  # USDC mainnet contract

## 9) SHA‑256 vs Keccak‑256 quick compare <a id='hashcompare'></a>
Demonstrate the difference between `hashlib.sha3_256` (FIPS SHA‑3) and Ethereum's Keccak‑256.

In [None]:
import hashlib
from eth_utils import keccak
data = b'abc'
print('SHA-256:', hashlib.sha256(data).hexdigest())
print('SHA3-256 (FIPS):', hashlib.sha3_256(data).hexdigest())
print('Keccak-256:', keccak(data).hex())

## 10) Checksum demo: error detection <a id='checksumdemo'></a>
Flip a character in a Base58Check address and show that decoding fails.

In [None]:
# Requires addr_legacy from earlier cells
bad = addr_legacy[:5] + ('1' if addr_legacy[5] != '1' else '2') + addr_legacy[6:]
try:
    base58check_decode(bad)
    print('Unexpectedly valid!')
except ValueError as e:
    print('Checksum caught the error:', e)