# Complete Bitcoin Code

## Finite Field

Mathematically, a finite field is defined as a finite set of numbers and two operations + (addition) and ⋅ (multiplication) that satisfy the following:

1. If $a$ and $b$ are in the set, $a + b$ and $a ⋅ b$ are in the set.We call this property closed.
2. $0$ exists and has the property $a + 0 = a$. We call this the additive identity.
3. $1$ exists and has the property $a ⋅ 1 = a$. We call this the multiplicative identity.
4. If $a$ is in the set, $–a$ is in the set, which is defined as the value that makes $a + (–a) = 0$.This is what we call the additive inverse.
5. If $a$ is in the set and is not $0$, $a^{–1}$ is in the set, which is defined as the value that makes $a ⋅ a^{–1} = 1$.This is what we call the multiplicative inverse.

If the order (or size) of the set is $p$, we can call the elements of the set, $0, 1, 2, … p – 1$. Here $p$ is a prime number. In math notation the finite field set looks like this:

$$\Large F_p = \{0, 1, 2, ... p–1\}$$

A finite field of order 11 looks like this, $F_{11} = \{0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10\}$

A finite field of order 983 looks like this, $F_{983} = \{0, 1, 2, ... 982\}$

![Finite Field](img\finite_field.png)

For a finite field of order $p$, where p is a prime number. Here, $\%$ is a modulo operator of programming. All the operations can only be performed between elements of the same finite field.

1. Any element $a$ = $ a \% p$. Also, $-a$ = $ -a \% p$.
2. Addition is, $( a +_f b )$ = $ (a + b) \% p $.
3. Subtraction is, $( a -_f b )$ = $ (a - b) \% p$.
4. Multiplication is, $( a ⋅_f b )$ = $ (a ⋅ b) \% p$. Also, exponentiation is $ (a ^ b) \% p$.
5. From Fermat's Little Theorem, $n^{(p–1)} \% p = 1$. Thus, $b^{–1} = b^{(p–2)}$.
6. Division is, $ ( a/_fb ) = a ⋅ {b}^{(p–2)} $


### Why Prime Fields are Useful

No matter what k you choose, as long as it’s greater than 0, multiplying the entire set by k will result in the same set as you started with.

Intuitively, the fact that we have a prime order results in every element of a finite field being equivalent. If the order of the set was a composite number, multiplying the set by one of the divisors would result in a smaller set.

In [1]:
class FieldElement:
    
    def __init__(self, num, prime):
        if num >= prime or num <0:
            error = 'Num {} not in field range 0 to {}'.format(
                num, prime - 1)
            raise ValueError(error)
        self.num = num
        self.prime = prime
            
    def __repr__(self):
        return 'FieldElement_{}({})'.format(self.prime, self.num)
    
    def __eq__(self, other):
        if other is None:
            return False
        return self.num == other.num and self.prime == other.prime
    
    def __ne__(self, other):
        if other is None:
            return False
        return self.num != other.num or self.prime != other.prime
    
    def __add__(self, other):
        if (self.prime != other.prime):
            raise TypeError('Cannot add two numbers in different Fields')
        num = (self.num + other.num) % self.prime
        return self.__class__(num, self.prime)
    
    def __sub__(self, other):
        if (self.prime != other.prime):
            raise TypeError('Cannot subtract two numbers in different Fields')
        num = (self.num - other.num) % self.prime
        return self.__class__(num, self.prime)
    
    def __mul__(self, other):
        if (self.prime != other.prime):
            raise TypeError('Cannot multiply two numbers in different Fields')
        num = (self.num * other.num) % self.prime
        return self.__class__(num, self.prime)
    
    def __pow__(self, exp):
        exp = exp % (self.prime - 1)
        # num = pow(self.num ** exp) % self.prime both are same
        num = pow(self.num, exp, self.prime)
        return self.__class__(num, self.prime)
    
    def __truediv__(self, other):
        
        if (self.prime != other.prime):
            raise TypeError('Cannot divide two numbers in different Fields')
        p = self.prime
        num = (self.num * pow(other.num, p - 2, p)) % p
        return self.__class__(num, self.prime)
    
    def __rmul__(self, coefficient):
        '''
        If the left element doesn't have a multiplication function.
        Then being the right element element, the multiplication between two elements will be done as follows.
        '''
        num = (self.num * coefficient) % self.prime
        return self.__class__(num=num, prime=self.prime)

### Elliptic Curve

An elliptic curve has equation

$$\LARGE y^{2} = x^{3} + ax + b$$

The $y^2$ term on the left side has the effect of making the graph symmetric over the x-axis.

![Elliptic Curve](img\elliptic_curve.png)


## Point Infinity

A point whose addition results a same point or Additive Identity.

$$\large I + A = A$$

## Point Addition

1. Create a line for two points.
2. Find the third intersection on the graph.
3. The refection of that point over x-axis is the result of addition.

![Adding Three Numbers](img\point_addition.png)

## Two different points $ (x_1 \neq x_2) $

$\large s = (y_2 – y_1)/(x_2 – x_1)$

$\large x_3 = s^2 – x_1 – x_2$

$\large y_3 = s(x_1 – x_3) – y_1$
    
![two_different_point_addition](img\two_different_point_addition.png)


## Tangent $P_1 = P_2$ 

$\large s = dy/dx = (3x^{2}_{1} + a)/(2y_1)$
    
$\large x_3 = s_2 – 2x_1$

$\large y_3 = s(x_1 – x_3) – y_1$

![tangent_line](img\tangent_line.png)

## Line is Perpendicular and Cuts the curve at two points $x_1 = x_2$ and $y_1 \neq y_2 $
    
$\large Point(\infty)$

![Perpendicular and Cuts two points](img\line_perpendicular.png)
    
## Line is Perpendicular and Tangent $x_1 = x_2$ and $y_1 = 0 $
    
$\large Point(\infty)$

![Tangent and Vertical](img\tangent_and_vertical.png)

## Scalar Multiplication

When a number is added with itself it results in multiplication with $2$ and goes on. Scalar Multiplication of a Point is the addition of the number with itself.

Scalar multiplication can be represented as $ kA = A + A + ... + A $, adding with itself $k-1$ times. This addition follows the above rule of adding on a Tangent Line.

If we'll keep multiplying the number with itself, it will result in $Point(infinity)$, further addition will result the number we started with.

This group is called finite cyclic group.

$$ \{ G, 2G, 3G, 4G, ... nG \}$$ where $nG = Point(\infty) $

This is the heart of elliptic curve crytography because for a very large prime number finding the scalar which can result into $Point(\infty)$ is almost impossible to find through hit and trial.

In [2]:
class Point:
    
    def __init__(self, x, y, a, b):
        self.x = x
        self.y = y
        self.a = a
        self.b = b
        
        if self.x is None and self.y is None:
            return
        if self.y**2 != self.x**3 + a*x + b:
            raise ValueError("({}, {}) are not on the curve".format(self.x, self.y))
            
    def __repr__(self):
        if self.x == None:
            return "Point(infinity)"
        elif isinstance(self.x, FieldElement):
            return 'Point({},{})_{}_{} FieldElement({})'.format(
                self.x.num, self.y.num, self.a.num, self.b.num, self.x.prime)
        else:
            return 'Point({},{})_{}_{}'.format(self.x, self.y, self.a, self.b)
        
    def __eq__(self, other):
        return self.x == other.x and self.y == other.y and self.a == other.a and self.b == other.b
    
    def __neq__(self, other):
        return self.x != other.x or self.y != other.y or self.a != other.a or self.b != other.b
    
    def __add__(self, other):
        if self.a != other.a or self.b != other.b:
            raise TypeError("Points {}, {} are not on the same curve".format(self.x, self.y))
          
        # Additive Identity A + I = A
        if self.x is None:
            return other
        if other.x is None:
            return self
        
        if self.x == other.x and self.y != other.y:
            # Line is perpendicular to x-axis and cut the graph at two points
            # Thus the third point on the line is at infinity.
            return self.__class__(None, None, self.a, self.b)
        
        if self.x != other.x:
            # Line cuts the graph at three different points
            # Addition of two points results in the reflection of third point on the line.
            # We take reflection so that addition will hold associativity
            # Addition property is commutative.
            x1, y1 = self.x, self.y
            x2, y2 = other.x, other.y
            s = (y2 - y1) / (x2 - x1)
            x3 = s**2 - x1 - x2
            y3 = s*(x1 - x3) - y1
            return self.__class__(x3, y3, self.a, self.b)
        
        if self == other and self.y == 0 * self.x:
            # Line is a tangent and perpendicuar to x-axis
            return self.__class__(None, None, self.a, self.b)
        
        if self == other:
            # Line is a tangent
            # Slope will be calculated by differentiating the equation of curve
            s = (3 * self.x**2 + self.a ) / (2 * self.y)
            x3 = s ** 2 - (2 * self.x)
            y3 = s*(self.x - x3) - self.y
            return self.__class__(x3, y3, self.a, self.b)
        
#     def __rmul__(self, coefficient):
#         product = self.__class__(None, None, self.a, self.b)
#         for _ in range(coefficient):
#             product += self
#         return product

    def __rmul__(self, coefficient):
        coef = coefficient
        current = self  
        result = self.__class__(None, None, self.a, self.b)  
        while coef:
            if coef & 1:  
                result += current
            current += current  
            coef >>= 1  
        return result

## Hashing and Encoding

### Hash 160

![Hash 160](img\hash160.png)

In [3]:
import hashlib

In [4]:
def hash256(s):
    '''two rounds of sha256'''
    return hashlib.sha256(hashlib.sha256(s).digest()).digest()

In [5]:
def hash160(s):
    '''sha256 followed by ripemd160'''
    return hashlib.new('ripemd160', hashlib.sha256(s).digest()).digest()

## Base 58 Encoding

![Base 58](img\base58.gif)

In [6]:
BASE58_ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz'

def encode_base58(s):
    count = 0
    for c in s:
        if c == 0:
            count += 1
        else:
            break
    num = int.from_bytes(s, 'big')
    prefix = '1' * count
    result = ''
    while num > 0:
        num, mod = divmod(num, 58)
        result = BASE58_ALPHABET[mod] + result
    
    return prefix + result

In [7]:
def encode_base58_checksum(b):
    return encode_base58(b + hash256(b)[:4])

In [8]:
def decode_base58(s):
    '''Bitcoin Address --> Hash160 version of Public Key'''
    num = 0
    for c in s:
        num *= 58
        num += BASE58_ALPHABET.index(c)
    combined = num.to_bytes(25, byteorder = "big")
    checksum = combined[-4:]
    
    # Checksum is hash256(prefix + has160)
    if hash256(combined[:-4])[:4] != checksum:
        raise ValueError('bad address: {} {}'.format(checksum, hash256(combined[:4])[:4]))
        
    # Remove prefix and suffix and return it.
    return combined[1:-4]

## Conversions

### Endian

- Data is transferred through of stream of bytes.
- This stream can be read in two manners, big endian and little endian.
- This stream is represented in HEX code.
- A byte consists of 8 bits and Hex values has 4 bits. 
- 1 character of Bytes = 2 Hex Characters.

| Big Endian                             | Little Endian                              |
| :------------------------------------- | :----------------------------------------- |
| Reading Left to Right, like in numbers | Reading Right to Left, opposite of numbers |
| 124 = 1 X 100 + 2 X 10 + 4             | 124 = 4 X 100 + 2 X 10 + 1                 |
| Example, `04F6E9`                      | Example, `E9F604`                          |

Note: It doesn't results in pure reflection, instead in groups of two characters. It's because 1 Byte stores two Hex Values.

### Conversion to Little Endian

![Conversion](img\littleendianconversion.gif)

In [9]:
def little_endian_to_int(little_endian):
    return int.from_bytes(little_endian, byteorder='little')

In [10]:
def int_to_little_endian(number, length):
    return number.to_bytes(length, byteorder='little')

### Variable Integers (Varints)

The range of 1 byte is 0 - 255 (2<sup>8</sup> = 256)

So, Variable integers work by these rules:

If the number is in range

- __[ 0, 253 )__
    - Encode that number as a single byte.
    - Example, `100 → 64`.

- __[ 253,  2<sup>16</sup> - 1 )__
    - Start with the 253 (FD) in single byte.
    - Then encode the number in ***2 bytes*** in little-endian.
    - Example, `255 → FDFF00`, `555 → FD2B02`.

- __[ 2<sup>16</sup>, 2<sup>32</sup> - 1 )__
    - Start with the 254 (FE) in single byte.
    - Then encode the number in ***4 bytes*** in little-endian.
    - Example, `70015 → FE7F110100`.
    
- __[ 2<sup>32</sup>, 2<sup>64</sup> - 1 )__
    - Start with the 255 (FF) in single byte.
    - Then encode the number in ***8 bytes*** in little-endian.
    - Example, `18005558675309 → FF6DC7ED3E60100000`.

In [11]:
def read_varint(stream):
    '''Compressed Stream in little endian --> int'''
    i = stream.read(1)[0] # Using [0] converts the byte into integer
    if i == 0xfd:
        # 0xfd (253) means the next two bytes are the number
        return little_endian_to_int(stream.read(2))
    elif i == 0xfe:
        # 0xfe (254) means the next four bytes are the number
        return little_endian_to_int(stram.read(4))
    elif i == 0xff:
        # 0xfef (255) means the next four bytes are the number
        return little_endian_to_int(stram.read(8))
    else:
        # anything else is an integer of 1 byte
        return i
    

In [12]:
def encode_varint(i):
    '''int  --> Compressed Stream in little endian'''
    if i < 0xfd:
        return bytes([i])
    elif i < 0x10000:
        return b'\xfd' + int_to_little_endian(i, 2)
    elif i < 0x100000000:
        return b'\xfe' + int_to_little_endian(i, 4)
    elif i < 0x10000000000000000:
        return b'\xff' + int_to_little_endian(i, 8)
    else:
        raise ValueError('integer too large: {}'.format(i))

## Bitcoin Elliptic Curve Cryptography

### The secp256k1 Curve

The equation of the curve used in bitcoin is

$$\Huge y^2 = x^3 + 7 $$

![The secp256k1 over real numbers](img\secp256k1_curve.png)

### Elliptic Curve over Finite Field

The prime number for the finite field is 

$$\Large p = 2^{256} – 2^{32} – 977$$

$$\Large y^2 \% p = x^3 + 7 \% p $$

![Elliptic Curve over Finite Field](img\elliptic_curve_over_finite_field.png)

### How big is $2^{256}$?

Think of finding a private key this way: there are as many possible private keys in Bitcoin as there are atoms in a billion galaxies.

## Serialization

There are two methods of sending a Public Key or Point on the Curve.
    1. Uncompressed SEC Format (04 Marker)
    2. Compressed SEC Format (02 Marker for even, 03 Marker for odd)

### Unompressed SEC Format

![Signature in DER](img\uncompressed_sec_pub_key.png)

### Compressed SEC Format

![Signature in DER](img\compressed_sec_pub_key.png)

In [13]:
from io import BytesIO

In [14]:
P = 2**256 - 2**32 - 977

class S256Field(FieldElement):

    def __init__(self, num, prime=None):
        super().__init__(num=num, prime=P)

    def __repr__(self):
        return '{:x}'.format(self.num).zfill(64)
    
    def sqrt(self):
        return self ** ( (P+1) // 4 )

In [15]:
A = 0
B = 7

N = 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141

class S256Point(Point):
    
    def __init__(self, x, y, a = None, b = None):
        a, b = S256Field(A), S256Field(B)
        
        if type(x) == int:
            super().__init__(x = S256Field(x), y = S256Field(y), a = a, b = b)
        else:
            super().__init__(x = x, y = y, a = a, b = b)
            
    def __rmul__(self, coefficient):
        coef = coefficient % N
        return super().__rmul__(coef)
    
    def verify(self, z, sig):
        r, s = sig.r, sig.s
        s_inv = pow(s, N-2, N)
        u = z * s_inv % N
        v = r * s_inv % N
        return (u*G + v*self).x.num == r 
    
    def sec(self, compressed = True):
        # big means big-endian
        if compressed:
            if self.y.num % 2 == 0:
                return b'\x02' + self.x.num.to_bytes(32, 'big')
            else:
                return b'\x03' + self.x.num.to_bytes(32, 'big')
        else:
            return b'\x04' + self.x.num.to_bytes(32, 'big') + self.y.num.to_bytes(32, 'big') 
        
    @classmethod
    def parse(self, sec_bin):
        '''returns a Point object from a SEC binary (not hex)'''
        if sec_bin[0] == 4:
            x = int.from_bytes(sec_bin[1:33], 'big')
            y = int.from_bytes(sec_bin[33:65], 'big')
            return S256Point(x=x, y=y)
        is_even = sec_bin[0] == 2
        x = S256Field(int.from_bytes(sec_bin[1:], 'big'))
        # right side of the equation y^2 = x^3 + 7
        alpha = x**3 + S256Field(B)
        # solve for left side
        beta = alpha.sqrt()
        if beta.num % 2 == 0:
            even_beta = beta
            odd_beta = S256Field(P - beta.num)
        else:
            even_beta = S256Field(P - beta.num)
            odd_beta = beta
        if is_even:
            return S256Point(x, even_beta)
        else:
            return S256Point(x, odd_beta)

        
    def hash160(self, compressed=True):
        return hash160(self.sec(compressed))
    
    def address(self, compressed=True, testnet=False):
        '''Returns the address string'''
        h160 = self.hash160(compressed)
        if testnet:
            prefix = b'\x6f'
        else:
            prefix = b'\x00'
        return encode_base58_checksum(prefix + h160)

In [16]:
Gx = 0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798
Gy = 0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8

G = S256Point(Gx, Gy)

## Signature

DER signature format is defined like this:

- Start with the `30` at first byte.
- Encode the length of the rest of the signature (usually `44` or `45`) and append.
- Append the marker byte for the r value, `02`.
- Encode r as a big-endian integer, but prepend it with the `00` byte if r’s first byte ≥ `80`. Prepend the resulting length to r. Add this to the result.
- Append the marker byte for the s value, `02`.
- Encode s as a big-endian integer, but prepend with the `00` byte if s’s first byte ≥ `80`. Prepend the resulting length to s. Add this to the result.

Note: All the values are in Hexadecimal, I've removed `0x` for the sake of reading ease.

![Signature in DER](img\der_signature.png)

In [17]:
class Signature:
    
    def __init__(self, r, s):
        self.r = r
        self.s = s
        
    def __repr__(self):
        return 'Signature({:x},{:x})'.format(self.r, self.s)
    
    def der(self):
        rbin = self.r.to_bytes(32, byteorder='big')
        rbin = rbin.lstrip(b'\x00')
        if rbin[0] & 0x80:
            rbin = b'\x00' + rbin
        result = bytes([2, len(rbin)]) + rbin
        
        sbin = self.s.to_bytes(32, byteorder = 'big')
        sbin = sbin.lstrip(b'\x00')
        if sbin[0] & 0x80:
            sbin = b'\x00' +sbin
        result += bytes([2, len(sbin)]) + sbin
        
        return bytes([0x30, len(result)]) + result
    
    @classmethod
    def parse(cls, signature_bin):
        s = BytesIO(signature_bin)
        compound = s.read(1)[0]
        if compound != 0x30:
            raise SyntaxError("Bad Signature")
        length = s.read(1)[0]
        if length + 2 != len(signature_bin):
            raise SyntaxError("Bad Signature Length")
        marker = s.read(1)[0]
        if marker != 0x02:
            raise SyntaxError("Bad Signature")
        rlength = s.read(1)[0]
        r = int.from_bytes(s.read(rlength), 'big')
        marker = s.read(1)[0]
        if marker != 0x02:
            raise SyntaxError("Bad Signature")
        slength = s.read(1)[0]
        s = int.from_bytes(s.read(slength), 'big')
        if len(signature_bin) != 6 + rlength + slength:
            raise SyntaxError("Signature too long")
        return cls(r, s)

## Private Key

- You use your private key (which is just a big random number) to generate a corresponding public key.

- You do elliptic curve multiplication using your private key, which will give you a final resting point on the elliptic curve. The `(x, y)` coordinate of this point is your public key.

- Private key is a scalar $e$ and private key is $eG=P$.

![Private Key to Public Key](img\public-key.png)

### Calculating $r$ and $s$

We first generate a random number $k$, which is an scalar. This number when multiplied by point $G$, gernerates a new Point $R(r,y)$.

That's how we generate $r$.

The methods to generate $s$ are as follows:

$$uG + vP = R = kG$$

$$uG + veG = kG$$

$$u + ve = k$$

$$z/s + re/s = k$$

$$(z + re)/s = k$$

$$s = (z + re)/k$$


### Signing in Depth

The signing procedure is as follows:

    1. We are given z and know e such that eG = P.
    2. Choose a random k.
    3. Calculate R = kG and r = x coordinate of R.
    4. Calculate s = (z + re)/k.
    5. Signature is (r,s)


### Verifying in Depth

    1. We are given (r,s) as the signature, z as the hash of the thing being signed, and P as the public key (or public point) of the signer.
    2. We calculate u = z/s, v = r/s.
    3. We calculate uG + vP = R.
    4. If R’s x coordinate equals r, the signature is valid.

### Why we don't reveal $k$

If we were to reveal k, then:

$$uG + vP = R$$

$$uG + veG = kG$$

$$kG – uG = veG$$

$$(k – u)G = veG$$

$$(k – u) = ve$$

$$(k – u)/v = e$$

It means that our secret would be revealed, which would defeat the whole purpose of the signature. We can, however, reveal $R$.

### Importance of Unique $k$

If our secret is $e$ and we are reusing $k$ to sign $z1$ and $z2$:

$$kG = (r,y)$$

$$s1 = (z1 + re) / k, s2 = (z2 + re) / k$$

$$s1/s2 = (z1 + re) / (z2 + re)$$

$$s1(z2 + re) = s2(z1 + re)$$

$$s1z2 + s1re = s2z1 + s2re$$

$$s1re – s2re = s2z1 – s1z2$$

$$e = (s2z1 – s1z2) / (rs1 – rs2)$$

If anyone sees both signatures, they can use this formula and find our secret!The [PlayStation 3](https://arstechnica.com/gaming/2010/12/ps3-hacked-through-poor-implementation-of-cryptography/) hack back in 2010 was due to the reuse of the k value in multiple signatures.

In [18]:
import hmac

In [19]:
class PrivateKey:
    
    def __init__(self, secret):
        self.secret = secret      # Private Key
        self.point = secret * G   # Public Key
        
    def hex(self):
        return '{:x}'.format(self.secret).zfill(64)
    
    def sign(self, z):
        k = self.deterministic_k(z)
        r = (k*G).x.num
        k_inv = pow(k, N-2, N)
        s = (z + r*self.secret) * k_inv % N
        if s > N/2:
            s = N - s
        return Signature(r, s)
    
    def deterministic_k(self, z):
        k = b'\x00' * 32
        v = b'\x01' * 32
        if z > N:
            z -= N
        z_bytes = z.to_bytes(32, 'big')
        secret_bytes = self.secret.to_bytes(32, 'big')
        s256 = hashlib.sha256
        k = hmac.new(k, v + b'\x00' + secret_bytes + z_bytes, s256).digest()
        v = hmac.new(k, v, s256).digest()
        k = hmac.new(k, v + b'\x01' + secret_bytes + z_bytes, s256).digest()
        v = hmac.new(k, v, s256).digest()
        while True:
            v = hmac.new(k, v, s256).digest()
            candidate = int.from_bytes(v, 'big')
            if candidate >= 1 and candidate < N:
                return candidate
            k = hmac.new(k, v + b'\x00', s256).digest()
            v = hmac.new(k, v, s256).digest()
            
    def wif(self, compressed=True, testnet=False):
        secret_bytes = self.secret.to_bytes(32, 'big')
        if testnet:
            prefix = b'\xef'
        else:
            prefix = b'\x80'
        if compressed:
            suffix = b'\x01'
        else:
            suffix = b''
        
        return encode_base58_checksum(prefix + secret_bytes + suffix)

# Transaction

Transaction ComponentsAt a high level, a transaction really only has four components.They are:

    1. Version (4 bytes)
    2. Inputs (<total-inputs><inputs>) 
    3. Outputs (<total-outputs><outputs>)
    4. Locktime (4 Bytes)

![Serialized Transaction](img\transaction_serialized.png)

### Segwit

![Segwit Serialized Transaction](img\p2sh_p2wpkh_serialized.png)

In [20]:
class Tx:
    command = b'tx'
    
    def __init__(self, version, tx_ins, tx_outs, locktime, testnet=False, segwit = False):
        self.version  = version
        self.tx_ins = tx_ins
        self.tx_outs = tx_outs
        self.locktime = locktime
        self.testnet = testnet
        self.segwit = segwit
        self._hash_prevouts = None
        self._hash_sequence = None
        self._hash_outputs = None
        
    def __repr__(self):
        tx_ins = ''
        for tx_in in self.tx_ins:
            tx_ins += tx_in.__repr__() + '\n'
        tx_outs = ''
        for tx_out in self.tx_outs:
            tx_outs += tx_out.__repr__() + '\n'
        return 'tx: {}\nversion: {}\ntx_ins:\n{}tx_outs:\n{}locktime: {}'.format(
        self.id(),
        self.version,
        tx_ins,
        tx_outs,
        self.locktime)
    
    def id(self):
        return self.hash().hex()
    
    def hash(self):
        return hash256(self.serialize_legacy())[::-1]
    
    @classmethod
    def parse(cls, s, testnet = False):
        s.read(4)
        if s.read(1) == b'\x00':
            parse_method = cls.parse_segwit
        else:
            parse_method = cls.parse_legacy
        s.seek(-5, 1)
        return parse_method(s, testnet = testnet)
    
    @classmethod
    def parse_segwit(cls, s, testnet = False):
        version = little_endian_to_int(s.read(4))
        marker = s.read(2)
        if marker != b'\x00\x01':
            raise RuntimeError('Not a segwit transaction {}'.format(marker))
        num_inputs = read_varint(s)
        inputs = [TxIn.parse(s) for _ in range(num_inputs)]
        num_outputs = read_varint(s)
        outputs = [TxOut.parse(s) for _ in range(num_outputs)]
        for tx_in in inputs:
            num_items = read_varint(s)
            items = []
            for _ in range(num_items):
                item_len = read_varint(s)
                if item_len == 0:
                    items.append(0)
                else:
                    items.append(s.read(item_len))
            tx_in.witness = items
        locktime = little_endian_to_int(s.read(4))
        return cls(version, inputs, outputs, locktime, testnet = testnet, segwit = True)
    
    @classmethod
    def parse_legacy(cls, s, testnet=False):
        # First 4 bytes (8 chars of hex) that stores the version
        version = little_endian_to_int(s.read(4))
        total_inputs = read_varint(s)
        inputs = [TxIn.parse(s) for _ in range(total_inputs)]
        total_outputs = read_varint(s)
        outputs = [TxOut.parse(s) for _ in range(total_outputs)]
        locktime = little_endian_to_int(s.read(4))
        return cls(version, inputs, outputs, locktime, testnet = testnet, segwit = False)
    
    def serialize(self):
        if self.segwit:
            return self.serialize_segwit()
        else:
            return self.serialize_legacy()
    
    def serialize_segwit(self):
        result = int_to_little_endian(self.version, 4)
        result += b'\x00\x01'
        result += encode_varint(len(self.tx_ins))
        for tx_in in self.tx_ins:
            result += tx_in.serialize()
        result += encode_varint(len(self.tx_outs))
        for tx_out in self.tx_outs:
            result += tx_out.serialize()
        for tx_in in self.tx_ins:
            result += int_to_little_endian(len(tx_in.witness), 1)
            for item in tx_in.witness:
                if type(item) == int:
                    result += int_to_little_endian(item, 1)
                else:
                    result += encode_varint(len(item)) + item
        result += int_to_little_endian(self.locktime, 4)
        
        return result   
    
    def serialize_legacy(self):
        result = int_to_little_endian(self.version, 4)
        result += encode_varint(len(self.tx_ins))
        for tx_in in self.tx_ins:
            result += tx_in.serialize()
        result += encode_varint(len(self.tx_outs))
        for tx_out in self.tx_outs:
            result += tx_out.serialize()
        result += int_to_little_endian(self.locktime, 4)
        
        return result
    
    def fee(self):
        input_sum = sum(tx_in.value(testnet=self.testnet) for tx_in in self.tx_ins)
        output_sum = sum(tx_out.amount for tx_out in self.tx_ins)
        
        return input_sum - output_sum
    
    def sig_hash(self, input_index, redeem_script = None):
        # Generate z
        s = int_to_little_endian(self.version, 4)
        s += encode_varint(len(self.tx_ins))
        for i, tx_in in enumerate(self.tx_ins):
            if i == input_index:
                if redeem_script:
                    script_sig = redeem_script
                else:
                    script_sig = tx_in.script_pubkey(self.testnet)
                s += TxIn(
                    prev_tx = tx_in.prev_tx,
                    prev_index = tx_in.prev_index,
                    script_sig = script_sig,
                    sequence = tx_in.sequence
                ).serialize()
            else:
                s += TxIn(
                    prev_tx = tx_in.prev_tx,
                    prev_index = tx_in.prev_index,
                    sequence = tx_in.sequence
                ).serialize()
        s += encode_varint(len(self.tx_outs))
        for tx_out in self.tx_outs:
            s += tx_out.serialize()
        s += int_to_little_endian(self.locktime, 4)
        s += int_to_little_endian(SIGHASH_ALL, 4)
        h256 = hash256(s)
        return int.from_bytes(h256, 'big')

    def hash_prevouts(self):
        if self._hash_prevouts is None:
            all_prevouts = b''
            all_sequence = b''
            for tx_in in self.tx_ins:
                all_prevouts += tx_in.prev_tx[::-1] + int_to_little_endian(tx_in.prev_index, 4)
                all_sequence += int_to_little_endian(tx_in.sequence, 4)
            self._hash_prevouts = hash256(all_prevouts)
            self._hash_sequence = hash256(all_sequence)
        return self._hash_prevouts

    def hash_sequence(self):
        if self._hash_sequence is None:
            self.hash_prevouts()  # this should calculate self._hash_prevouts
        return self._hash_sequence

    def hash_outputs(self):
        if self._hash_outputs is None:
            all_outputs = b''
            for tx_out in self.tx_outs:
                all_outputs += tx_out.serialize()
            self._hash_outputs = hash256(all_outputs)
        return self._hash_outputs

    def sig_hash_bip143(self, input_index, redeem_script=None, witness_script=None):
        '''Returns the integer representation of the hash that needs to get
        signed for index input_index'''
        tx_in = self.tx_ins[input_index]
        # per BIP143 spec
        s = int_to_little_endian(self.version, 4)
        s += self.hash_prevouts() + self.hash_sequence()
        s += tx_in.prev_tx[::-1] + int_to_little_endian(tx_in.prev_index, 4)
        if witness_script:
            script_code = witness_script.serialize()
        elif redeem_script:
            script_code = p2pkh_script(redeem_script.cmds[1]).serialize()
        else:
            script_code = p2pkh_script(tx_in.script_pubkey(self.testnet).cmds[1]).serialize()
        s += script_code
        s += int_to_little_endian(tx_in.value(), 8)
        s += int_to_little_endian(tx_in.sequence, 4)
        s += self.hash_outputs()
        s += int_to_little_endian(self.locktime, 4)
        s += int_to_little_endian(SIGHASH_ALL, 4)
        return int.from_bytes(hash256(s), 'big')
        
    def verify_input(self, input_index):
        # Generates z and Verifies the signature
        tx_in = self.tx_ins[input_index]
        script_pubkey = tx_in.script_pubkey(testnet=self.testnet)
        # Here redeem_script is extracted only for generating z
        # It has no relation with the execution of script for transaction validation
        # For transaction validation the Script class has it's own changes.
        if script_pubkey.is_p2sh_script_pubkey():
            top_element_script_sig = tx_in.script_sig.cmds[-1]
            raw_redeem = encode_varint(len(top_element_script_sig)) + top_element_script_sig
            redeem_script = Script.parse(BytesIO(raw_redeem))
            if redeem_script.is_p2wpkh_script_pubkey():
                # p2sh-p2wpkh
                z = self.sig_hash_bip143(input_index, redeem_script)
                witness = tx_in.witness
            elif redeem_script.is_p2wsh_script_pubkey():
                # p2sh-p2wsh
                command = tx_in.witness[-1]
                raw_witness = encode_varint(len(command)) + command
                witness_script = Script.parse(BytesIO(raw_witness))
                z = self.sig_hash_bip143(input_index, witness_script = witness_script)
                witness = tx_in.witness
            else:
                # p2sh
                z = self.sig_hash(input_index, redeem_script)
                witness = None
        else:
            if script_pubkey.is_p2wpkh_script_pubkey():
                # p2wpkh
                z = self.sig_hash_bip143(input_index, redeem_script)
                witness = tx_in.witness
            elif script_pubkey.is_p2wsh_script_pubkey():
                # p2wsh
                command = tx_in.witness[-1]
                raw_witness = encode_varint(len(command)) + command
                witness_script = Script.parse(BytesIO(raw_witness))
                z = self.sig_hash_bip143(input_index, witness_script = witness_script)
                witness = tx_in.witness
            else:
                # Legacy Script
                z = self.sig_hash(input_index, redeem_script)
                witness = None
        combined = tx_in.script_sig + tx_in.script_pubkey(self.testnet)
        return combined.evaluate(z)
    
    def verify(self):
        # Checks whether fee is positive and verifies each transaction
        if self.fee() < 0:
            return False
        for i in range(len(self.tx_ins)):
            if not self.verify_input(i):
                return False
        return True
    
    def sign_input(self, input_index, private_key):
        z = self.sig_hash(input_index)
        der = private_key.sign(z).der()
        sig = der + SIGHASH_ALL.to_bytes(1, 'big')
        sec = private_key.point.sec()
        self.tx_ins[input_index].script_sig = Script([sig, sec])
        return self.verify_input(input_index)
    
    def is_coinbase(self):
        return len(self.tx_ins) == 1 and self.tx_ins[0].prev_tx == (0).to_bytes(32, 'big') and self.tx_ins[0].prev_index == 0xffffffff
    
    def coinbase_height(self):
        if self.is_coinbase():
            return little_endian_to_int(self.tx_ins[0].script_sig.cmds[0])
        else:
            return None

## Transaction Input

Inputs have unlocking script `ScriptSig` on them.

Transaction Inputs:

    1. Total Number of Inputs (Varint)
    2. Transaction Ins (Little Endian)

![Transaction Inputs](img\transaction_input_length.png)

The fields of an individual Transaction Input is as follows:

    1. Previous transaction ID
    2. Previous transaction index
    3. ScriptSig
    4. Sequence
    
![Individual Transaction Input](img\transaction_input.png)

Note: Locktime is ignored if the sequence numbers for every input are `FFFFFFFF`.

In [21]:
class TxIn:
    def __init__(self, prev_tx, prev_index, script_sig=None, sequence=0xffffffff):
        self.prev_tx = prev_tx
        self.prev_index = prev_index
        if script_sig is None:
            self.script_sig = Script()
        else:
            self.script_sig = script_sig
        self.sequence = sequence
        
    def __repr__(self):
        return '{}:{}'.format(
            self.prev_tx.hex(),
            self.prev_index
        )
    
    @classmethod
    def parse(cls, s):
        prev_tx = s.read(32)[::-1]
        prev_index = little_endian_to_int(s.read(4))
        script_sig = Script.parse(s)
        sequence = little_endian_to_int(s.read(4))
        
        return cls(prev_tx, prev_index, script_sig, sequence)
    
    def serialize(self):
        result = self.prev_tx[::-1]
        result += int_to_little_endian(self.prev_index, 4)
        result += self.script_sig.serialize()
        result += int_to_little_endian(self.sequence, 4)
        
        return result
    
    def fetch_tx(self, testnet=False):
        return TxFetcher.fetch(self.prev_tx.hex(), testnet=testnet)

    def value(self, testnet=False):
        '''Get the output value by looking up the tx hash.
        Returns the amount in satoshi.
        '''
        tx = self.fetch_tx(testnet=testnet)
        return tx.tx_outs[self.prev_index].amount

    def script_pubkey(self, testnet=False):
        '''Get the ScriptPubKey by looking up the tx hash.
        Returns a Script object.
        '''
        tx = self.fetch_tx(testnet=testnet)
        return tx.tx_outs[self.prev_index].script_pubkey

## Transaction Output

Outputs have locking script `ScriptPubKey` on them

Transaction Outputs:

    1. Total Number of Outputs (Varint)
    2. Transaction Outs (Little Endian)

![Transaction Outputs](img\transaction_output_length.png)

The fields of an individual Transaction Output is as follows:

    1. Amount
    2. ScriptPubKey
    
![Individual Transaction Output](img\transaction_output.png)

In [22]:
class TxOut:
    
    def __init__(self, amount, script_pubkey):
        self.amount = amount
        self.script_pubkey = script_pubkey
        
    def __repr__(self):
        return '{}:{}'.format(self.amount, self.script_pubkey)
    
    @classmethod
    def parse(cls, s):
        amount = little_endian_to_int(s.read(8))
        script_pubkey = Script.parse(s)
        return cls(amount, script_pubkey)
    
    def serialize(self):
        result = int_to_little_endian(self.amount, 8)
        result += self.script_pubkey.serialize()
        
        return result

In [23]:
import requests

In [24]:
# Dumped by the writer of the book

class TxFetcher:
    cache = {}

    @classmethod
    def get_url(cls, testnet=False):
        if testnet:
            return 'http://testnet.programmingbitcoin.com'
        else:
            return 'http://mainnet.programmingbitcoin.com'

    @classmethod
    def fetch(cls, tx_id, testnet=False, fresh=False):
        if fresh or (tx_id not in cls.cache):
            url = '{}/tx/{}.hex'.format(cls.get_url(testnet), tx_id)
            response = requests.get(url)
            try:
                raw = bytes.fromhex(response.text.strip())
            except ValueError:
                raise ValueError('unexpected response: {}'.format(response.text))
            if raw[4] == 0:
                raw = raw[:4] + raw[6:]
                tx = Tx.parse(BytesIO(raw), testnet=testnet)
                tx.locktime = little_endian_to_int(raw[-4:])
            else:
                tx = Tx.parse(BytesIO(raw), testnet=testnet)
            if tx.id() != tx_id:
                raise ValueError('not the same id: {} vs {}'.format(tx.id(), tx_id))
            cls.cache[tx_id] = tx
        cls.cache[tx_id].testnet = testnet
        return cls.cache[tx_id]

### Transaction Fees

`Fees = sum(inputs) - sum(outputs)`

Mentioned in `class Tx` as function `fee`.

### Generating z

![Generating z](img\genereate_z.png)

The steps to generate the z or hash of the Transaction:

- We'll mimic the Transaction but will remove and replace some of it's contents, after that we'll hash it.
- Pick the Transaction and Input Transaction index.
- Create a stream and sppend the version in little endian to it.
- Encode the total number of input transactions in varint.
- Loop through all the input transactions and
    - if the input transaction index matches
        - Then replace the `scriptsig` with the `scriptPubKey`.
        - Remain other contents as it is.
        - Serialize it and append it.
    - else
        - Remove the `scriptsig` from that imput.
        - Remain other contents as it is.
        - Serialize it and append it.
- Encode the total number of output transactions in varint.
- Loop through all the output transactions and serialize them as it is and then append it.
- Append the Locktime in little endian.
- Append the hash type in the end of it e.g. SIGHASH_ALL(01000000)
- Hash this new modified tx stream with hash256
- Convert this hash into integer.
- This integer is `z`

Mentioned in `class Tx` as function `sig_hash`.

# P2PKH

The Serialized `p2pkh` transaction looks like:

![Serialized p2pkhh Transaction](img\serialized_p2pkh_transaction.png)

### STEP 1: EMPTY ALL THE SCRIPTSIGS

- The first step is to empty all the ScriptSigs when checking the signature

![Serialized p2sh Empty Scriptsig](img\serialized_p2pkh_empty_scriptsigs.png)

### STEP 2: REPLACE THE SCRIPTSIG OF THE INPUT BEING SIGNED WITH THE PREVIOUS SCRIPTPUBKEY

- Each Transaction input was once an output, and had `scriptPubKey`.
- We take the `ScriptPubKey` that the input is pointing to and put that in place of the empty `ScriptSig`.

![Serialized p2pkh Replace ScriptPubKey](img\serialized_p2pkh_replace_scriptPubKey.png)


### STEP 3: APPEND THE HASH TYPE

- Last, we add a 4-byte hash type to the **end**.
- The integer corresponding to `SIGHASH_ALL` is `1` and this has to be encoded in little-endian over `4` bytes.

![Serialized p2pkh Append SIGHASH](img\serialized_p2pkh_append_SIGHASH_ALL.png)

### The hash256 of this interpreted as a big-endian integer is our `z`.


## P2SH

The Serialized `p2sh` transaction looks like:

![Serialized p2sh Transaction](img\serialized_p2sh_transaction.png)

### STEP 1: EMPTY ALL THE SCRIPTSIGS

- The first step is to empty all the ScriptSigs when checking the signature
- This step is similar to the `p2pkh`

![Serialized p2sh Empty Scriptsig](img\serialized_p2sh_empty_scriptsigs.png)

### STEP 2: REPLACE THE SCRIPTSIG OF THE P2SH INPUT BEING SIGNED WITH THE REDEEMSCRIPT

- Each p2sh input has a RedeemScript. 
- We take the `RedeemScript` and put that in place of the empty ScriptSig.
- This is different from `p2pkh` in that it’s not the `ScriptPubKey`.

![Serialized p2sh Replace ScriptPubKey](img\serialized_p2sh_replace_scriptPubKey.png)


### STEP 3: APPEND THE HASH TYPE

- Last, we add a 4-byte hash type to the **end**. This is the same as in `p2pkh`.
- The integer corresponding to `SIGHASH_ALL` is `1` and this has to be encoded in little-endian over `4` bytes.

![Serialized p2sh Append SIGHASH](img\serialized_p2sh_append_SIGHASH_ALL.png)

### The hash256 of this interpreted as a big-endian integer is our `z`.

## Sequence and Locktime

-  If Alice pays Bob x bitcoins for something and then Bob pays Alice y bitcoins for something else (say, if x > y), then Alice can just pay Bob x – y. 
- A continuously updating mini-ledger between the two parties involved that gets settled on-chain.
- The trade transaction would start with sequence at 0 and with a far-away locktime (say, 500 blocks from now, so valid in 500 blocks).
- After the first transaction, where Alice pays Bob x bitcoins, the sequence of each input would be 1. After the second transaction, where Bob pays Alice y bitcoins, the sequence of each input would be 2.
- But It allows miner to cheat. Bob could be a miner, he could ignore the updated trade transaction with sequence number 2 and mine the trade transaction with sequence number 1, cheating Alice out of y bitcoins.
- A much better design was created later with “payment channels,” which is the basis for the Lightning Network.

# Script

A script consists of a simple stacks which can contain two types of entities:

    1. Operation
    2. Elements

In [25]:
%run op.ipynb

In [26]:
class Script:
    
    def __init__(self, cmds=None):
        if cmds is None:
            self.cmds = []
        else:
            self.cmds = cmds

    def __add__(self, other):
        # First cmds stack contains ScriptSig and next one contains ScriptPubKey
        return Script(self.cmds + other.cmds)
            
    def __repr__(self):
        result = []
        for cmd in self.cmds:
            if type(cmd) == int:
                if OP_CODE_NAMES.get(cmd):
                    name = OP_CODE_NAMES.get(cmd)
                else:
                    name = 'OP_[{}]'.format(cmd)
                result.append(name)
            else:
                result.append(cmd.hex())
        return ' '.join(result)
            
    @classmethod
    def parse(cls, s):
        '''Stream in little endian --> Stack containing elements and opcodes'''
        length = read_varint(s)
        cmds = []
        count = 0
        while count < length:
            current = s.read(1) # Whether it's an element or opcode
            count += 1
            current_byte = current[0] # Converts bytes into int
            if current_byte >= 1 and current_byte <= 75:
                # <---Basic--->
                # <current_byte><element>
                n = current_byte
                cmds.append(s.read(n))
                count += n
            elif current_byte == 76:
                # <---OP_PUSHDATA1--->
                # <current_byte><1-byte-length><element>
                data_length = little_endian_to_int(s.read(1))
                cmds.append(s.read(data_length))
                count += data_length + 1
            elif current_byte == 77:
                # <---OP_PUSHDATA2--->
                # <current_byte><2-bytes-length><element>
                data_length = little_endian_to_int(s.read(2))
                cmds.append(s.read(data_length))
                count += data_length + 2
            else:
                # <---OPCODE--->
                # <current_byte>
                op_code = current_byte
                cmds.append(op_code)
        if count != length:
            raise SyntaxError('parsing script failed')
        return cls(cmds)
    
    def raw_serialize(self):
        '''Stack of cmds --> Stream of bytes'''
        result = b''
        for cmd in self.cmds:
            if type(cmd) == int:
                # Opcode (type is int)
                result += int_to_little_endian(cmd, 1)
            else:
                # Element (type is bytes)
                length = len(cmd)
                if length <= 75:
                    result += int_to_little_endian(length, 1)
                elif length >= 76 and length <= 255:
                    result += int_to_little_endian(76, 1)
                    result += int_to_little_endian(length, 1)
                elif length >= 256 and length <= 520:
                    result += int_to_little_endian(77, 1)
                    result += int_to_little_endian(length, 2)
                else:
                    raise ValueError('too long an cmd')
                result += cmd
        return result
    
    def serialize(self):
        result = self.raw_serialize()
        total = len(result)
        
        return encode_varint(total) + result
    
    def evaluate(self, z, witness):
        # z is Signature hash
        cmds = self.cmds[:] # Copy of cmds
        stack = []
        altstack = []
        while len(cmds) > 0:
            # Popping of elements is done from bottom of the stack and not the top.
            cmd = cmds.pop(0) # Pop the genesis element
            if type(cmd) == int:
                # An operation
                operation = OP_CODE_FUNCTIONS[cmd]
                if cmd in (99, 100):
                    if not operation(stack, cmds):
                        LOGGER.info('bad op: {}'.format(OP_CODE_NAMES[cmd]))
                        return False
                elif cmd in (107, 108):
                    if not operation(stack, altstack):
                        LOGGER.info('bad op: {}'.format(OP_CODE_NAMES[cmd]))
                        return False
                elif cmd in (172, 173, 174, 175):
                    if not operation(stack, z):
                        LOGGER.info('bad op: {}'.format(OP_CODE_NAMES[cmd]))
                        return False
                else:
                    if not operation(stack):
                        LOGGER.info('bad op: {}'.format(OP_CODE_NAMES[cmd]))
                        return False
            else:
                # Not an opcode
                stack.append(cmd)
                
                # P2SH Check
                # This condition checks if it contains <op-hash160><hash><op-equal>
                if len(cmds) == 3 \
                    and cmds[0] == 0xa9 \
                    and type(cmds[1]) == bytes and len(cmds[1]) == 20 \
                    and cmds[2] == 0x87:
                    
                    # Simply pop all the elements, since we know what they're doing
                    cmds.pop() 
                    h160 = cmds.pop()
                    cmds.pop()
                    
                    # Eats the topmost element and appends it hash
                    if not op_hash160(stack):
                        return False
                    stack.append(h160)
                    
                    # Eats two elements and appends a boolean 0 or 1
                    if not op_equal(stack):
                        return False
                    
                    # Eats one element and doesn't append anything
                    if not op_verify(stack):
                        LOGGER.info('bad p2sh h160')
                        return False
                    
                    # At this point the cmd variable stores the redeem script as on element
                    # We don't worry about the redeem script element that was consumed during hash160 
                    redeem_script = encode_varint(len(cmd)) + cmd
                    stream = BytesIO(redeem_script)
                    cmds.extend(Script.parse(stream).cmds)     
                    
                # Segwit P2WPKH
                # <0><20 byte hash>
                if len(stack) == 2 and stack[0] == b'' and len(stack[1]) == 20:  # <1>
                    h160 = stack.pop()
                    stack.pop()
                    cmds.extend(witness)
                    cmds.extend(p2pkh_script(h160).cmds)
                    
                # Segwit P2WSH
                # <0><32 byte hash>
                if len(stack) == 2 and stack[0] == b'' and len(stack[1]) == 32:
                    s256 = stack.pop()  # <1>
                    stack.pop()  # <2>
                    cmds.extend(witness[:-1])  # <3>
                    witness_script = witness[-1]  # <4>
                    if s256 != sha256(witness_script):  # <5>
                        print('bad sha256 {} vs {}'.format
                            (s256.hex(), sha256(witness_script).hex()))
                        return False
                    stream = BytesIO(encode_varint(len(witness_script)) 
                        + witness_script)
                    witness_script_cmds = Script.parse(stream).cmds  # <6>
                    cmds.extend(witness_script_cmds)
                    
        if len(stack) == 0:
            return False
        if stack.pop() == b'':
            return False
        return True
  
    def is_p2pkh_script_pubkey(self):
        # <OP_DUP> <OP_HASH160> <20 byte hash> <OP_EQUALVERIFY> <OP_CHECKSIG>
        return len(self.cmds) == 5 and self.cmds[0] == 0x76 \
            and self.cmds[1] == 0xa9 \
            and type(self.cmds[2]) == bytes and len(self.cmds[2]) == 20 \
            and self.cmds[3] == 0x88 and self.cmds[4] == 0xac

    def is_p2sh_script_pubkey(self):
        # <OP_HASH160> <20 byte hash> <OP_EQUAL>
        return len(self.cmds) == 3 and self.cmds[0] == 0xa9 \
            and type(self.cmds[1]) == bytes and len(self.cmds[1]) == 20 \
            and self.cmds[2] == 0x87

    def is_p2wpkh_script_pubkey(self):
        # <0><20 byte hash>
        return len(self.cmds) == 2 and self.cmds[0] == 0x00 \
            and type(self.cmds[1]) == bytes and len(self.cmds[1]) == 20

    def is_p2wsh_script_pubkey(self):
        # <0><32 byte hash>
        return len(self.cmds) == 2 and self.cmds[0] == 0x00 \
            and type(self.cmds[1]) == bytes and len(self.cmds[1]) == 32
    
    def address(self, testnet=False):
        '''Returns the address corresponding to the script'''
        if self.is_p2pkh_script_pubkey():  # p2pkh
            # hash160 is the 3rd cmd
            h160 = self.cmds[2]
            # convert to p2pkh address using h160_to_p2pkh_address (remember testnet)
            return h160_to_p2pkh_address(h160, testnet)
        elif self.is_p2sh_script_pubkey():  # p2sh
            # hash160 is the 2nd cmd
            h160 = self.cmds[1]
            # convert to p2sh address using h160_to_p2sh_address (remember testnet)
            return h160_to_p2sh_address(h160, testnet)


In [27]:
def p2pkh_script(h160):
    '''Takes a hash160 and returns the p2pkh ScriptPubKey'''
    return Script([0x76, 0xa9, h160, 0x88, 0xac])

In [None]:
def p2sh_script(h160):
    '''Takes a hash160 and returns the p2sh ScriptPubKey'''
    return Script([0xa9, h160, 0x87])

In [None]:
def p2wpkh_script(h160):
    '''Takes a hash160 and returns the p2wpkh ScriptPubKey'''
    return Script([0x00, h160])  # <1>

In [None]:
def p2wsh_script(h256):
    '''Takes a hash160 and returns the p2wsh ScriptPubKey'''
    return Script([0x00, h256])

In [28]:
## Sighash

SIGHASH_ALL = 1
SIGHASH_NONE = 2
SIGHASH_SINGLE = 3

## Method to create a Transaction

1. Create a TxIns:
    - Select a Previous Transaction
    - Select the output index
    - Create a `tx_in` object.
    
2. Create TxOuts:
    - We need to create two outputs, one for the receiver and other back to us.
    - Select the amount you want to send and receive back. Rest will be adjusted as Transaction Fees.
    - Convert these amounts from BTC to Satoshis, by multiplying them with 100,000,000.
    - Then convert Bitcoin Addresses to hash160's using `decode_base58()`.
    - Create two p2pkh script's using these hash160's.
    - Create different `tx_out` objects for the receiver and change by specifying amount and script.

3. Create Tx:
    - Append all the `tx_in` and `tx_out` objects to seperate lists, even if there's only one element in a list.
    - Create a `Tx` object using VERSION, TX_INS, TX_OUTS, LOCKTIME, TESTNET BOOL.
    
## Signing a Transaction

1. Now, the transaction created earlier is empty and does not contain any ssignatures.
2. We need to create a signature we need `z` and a `private key` .
3. Generate `z` by providing the index of  selected transaction input (tricky one).
4. Create the private key by providing the secret.
5. Use private key and `z` to generate DER Signature.
6. Append `SIGHASH_ALL` to the DER Signature.
7. Create `script_sig` by adding DER Signature and SEC Public Key.
8. Inside the previously created Transaction, Assign `script_sig` to that particular input for which you created the signature.

In [29]:
## Creating a Transaction

### Creating TxIns
prev_tx = bytes.fromhex('0d6fe5213c0b3291f208cba8bfb59b7476dffacc4e5cb66f6\
eb20a080843a299')
prev_index = 13
tx_in = TxIn(prev_tx = prev_tx, prev_index = prev_index)
tx_ins = [tx_in]

### Creating TxOuts
'''
Output that should be returned back to us
'''
change_amount = int(0.33*100000000)
change_h160 = decode_base58('mzx5YhAH9kNHtcN481u6WkjeHjYtVeKVh2')
change_script = p2pkh_script(change_h160)
change_output = TxOut(amount = change_amount, script_pubkey = change_script)
'''
Output for the receiver
'''
target_amount = int(0.1*100000000)
target_h160 = decode_base58('mnrVtF8DWjMu839VW3rBfgYaAfKk8983Xf')
target_script = p2pkh_script(target_h160)
target_output = TxOut(amount = target_amount, script_pubkey = target_script)
tx_outs = [change_output, target_output]

### Creating Tx
tx_obj = Tx(version = 1, tx_ins = tx_ins, tx_outs = tx_outs, locktime = 0, testnet=True)
print(tx_obj)

tx: cd30a8da777d28ef0e61efe68a9f7c559c1d3e5bcd7b265c850ccb4068598d11
version: 1
tx_ins:
0d6fe5213c0b3291f208cba8bfb59b7476dffacc4e5cb66f6eb20a080843a299:13
tx_outs:
33000000:OP_DUP OP_HASH160 d52ad7ca9b3d096a38e752c2018e6fbc40cdf26f OP_EQUALVERIFY OP_CHECKSIG
10000000:OP_DUP OP_HASH160 507b27411ccf7f16f10297de6cef3f291623eddf OP_EQUALVERIFY OP_CHECKSIG
locktime: 0


In [30]:
## Signing an Input

z = tx_obj.sig_hash(0)
private_key = PrivateKey(secret = 8675309)
der = private_key.sign(z).der()
sig = der + SIGHASH_ALL.to_bytes(1, 'big')
sec = private_key.point.sec()
script_sig = Script([sig, sec])
tx_obj.tx_ins[0].script_sig = script_sig
print(tx_obj.serialize().hex())

# Note: A function named sign_input() has been created in Tx class.

010000000199a24308080ab26e6fb65c4eccfadf76749bb5bfa8cb08f291320b3c21e56f0d0d0000006b4830450221008ed46aa2cf12d6d81065bfabe903670165b538f65ee9a3385e6327d80c66d3b502203124f804410527497329ec4715e18558082d489b218677bd029e7fa306a72236012103935581e52c354cd2f484fe8ed83af7a3097005b2f9c60bff71d35bd795f54b67ffffffff02408af701000000001976a914d52ad7ca9b3d096a38e752c2018e6fbc40cdf26f88ac80969800000000001976a914507b27411ccf7f16f10297de6cef3f291623eddf88ac00000000


## Create your own Private Key

In [31]:
secret = little_endian_to_int(b'utkarshg6 secret')
private_key = PrivateKey(secret)

In [32]:
private_key.point.address()

'1L11qvCJbD7yoWgag7rXzyj1ULxZoe3p5A'

In [33]:
secret

154717189563442328630435449493107995765

## P2PK (Pay To Pubkey)

- It is a script pattern that locks an output to a public key.
- You’ll most commonly find P2PK in coinbase transactions in the earlier blocks in the blockchain. This is because the original Bitcoin Core miner would use P2PK for the block reward when constructing a candidate block.

![combined_script](img\p2pk_simplified.png)

`scriptSig` - It unlocks the corresponding ScriptPubKey. It is the signature followed by a single sighash byte.

![scriptSig](img\p2pk_scriptSig.png)

`scriptPubKey` - Specifies where the bitcoins go, this is the lockbox that receives the bitcoins.

![scriptPubKey](img\p2pk_scriptPubKey.png)

The working of this script is as follows

![p2pk_working](img\p2pk_working.gif)

## P2PKH (Pay To Pubkey Hash)

- It is a script pattern that also locks an output to public key.
- It is used to “send” someone bitcoins.

![combined_script](img\p2pkh_simplified.png)

`scriptSig` - The owner of the hashed public key above needs to provide the original public key, along with a valid signature for it

![scriptSig](img\p2pkh_scriptSig.png)

`scriptPubKey` - It contains a hashed public key surrounded by these opcodes.

![scriptPubKey](img\p2pkh_scriptPubKey.png)

The working of this script is as follows

![p2pkh_working](img\p2pkh_working.gif)

## P2MS (Pay To Multisig)

- P2MS is a script pattern that allows you to lock bitcoins to multiple public keys, and require signatures for some (or all) of those public keys to unlock it.
- For example, you could create a P2MS script that includes the public keys of 3 different people, but only 2 of those people would need to provide their signatures to spend the bitcoins.

![Use Case](img\p2ms_usecase.png)

![combined_script](img\p2ms_simplified.png)

`scriptSig` - It contains an extra opcode in the start because of the bug due to which one more element is popped. It then contains the Signatures in order of the Public key's specified in the locking script.

![scriptSig](img\p2ms_scriptSig.png)

`scriptPubKey` - Total signatures need to unlock, followed by public keys, then total number of public keys and the `OP_CHECKMULTISIG`.

![scriptPubKey](img\p2ms_scriptPubKey.png)

If the tally of valid signatures is equal to `M` after all of the signatures have been checked, then `CHECKMULTISIG` pushes a `1` on to the stack and the script is valid. The working of this script is as follows

![p2ms_working](img\p2ms_working.gif)

## P2SH (Pay To Script Hash)

- It allows you to lock bitcoins to the hash of a script, and you then provide that original script when you come unlock those bitcoins.
- It basically allows you to create your own custom “redeem scripts”, but still be able to share them easily with other people.
- P2SH has a prefix `05`, thus it's Bitcoin Addresses start with `3` due to Base58 encoding. 

![Use Case](img\p2sh_usecase.png)

![combined_script](img\p2sh_simplified.png)

In p2sh, a special rule gets executed only when the pattern shown in the Figure below is encountered.

![p2sh_stack](img\p2sh_stack.png)

If this exact command set ends with a 1 on the stack, then the RedeemScript (the top item in Figure 8-9) is parsed and then added to the Script command set.

`RedeemScript`- This script is same as the `scriptPubKey` of `P2MS`.

![p2sh_redeemScript](img\p2sh_redeemScript.png)

`scriptSig` - It consists of the signatures along with the `ReedeemScript`. Also `OP_0` is there because of the `OP_CHECKMULTISIG` bug.

![scriptSig](img\p2sh_scriptSig.png)

`scriptPubKey` - This script consists of the hash of `ReedeemScript` surrounded by the op codes. 

![scriptPubKey](img\p2sh_scriptPubKey.png)

A P2SH script is executed in two parts:

1. Standard Execution - The redeem script is hashed, and is then checked that it is equal the script hash in the locking script.

![p2sh_working_standard](img\p2sh_working_standard.png)

2. Redeem Script Execution - This is the special part. The redeem script is deserialized and ran as if it were a locking script.

![p2sh_working_redeem](img\p2sh_working_redeem.gif)

Thus, the whole script runs as follows

![p2sh_working](img\p2sh_working.gif)

## Doesn't P2SH takes more space than P2MS

- Yes, it does.
- It shifts the burden from the sender (the one who locks), to the person who unlocks the transaction.
- UTXO's are stored in the UTXO set which is stored in the RAM of each node. Thus, a small UTXO is less expensive to store.

An example of 2 of 3 script

### Using P2MS

- It takes up 253 bytes.

![p2ms_size](img\p2ms_size.png)

### Using P2SH

- It takes up 278 bytes.

![p2ms_size](img\p2sh_size.png)

## Bitcoin Address

- A bitcoin address is a base58 version of the `hash160`.
- It also contains the [prefix](https://en.bitcoin.it/wiki/List_of_address_prefixes) that determines which script is being used.
- There's a suffix `checksum` that contains the first 4 characters of `hash256` of the `prefix + h160`.
- You'll only find Bitcoin Addresses for `p2pkh` and `p2sh` because only these scripts results in a formation of `h160`.

### P2PKH

- When we convert hex to Base58, `00 → 1`, thus all `p2pkh` addresses start with `1`.

![P2PKH](img\bitcoin_address.png)


### P2SH

- The prefix `05` combined with the hash160 results in `3` everytime.

![p2sh Address](img\p2sh_to_address.png)

Note: Since `p2pk` sends directly to the public key and don't contains `hah160`. It doesn't results in the Btcoin Address. In fact Bitcoin Address was introduced in `p2pkh` only. Also, you will not see any addresses for the `p1ms` locking scripts in the transactions above, as `p2ms` does not have its own address format (like `p2pkh` and `p2sh` do).

In [34]:
def h160_to_p2pkh_address(h160, testnet = False):
    if testnet:
        return encode_base58_checksum(b'\x6f' + h160)
    else:
        return encode_base58_checksum(b'\x00' + h160)

In [35]:
def h160_to_p2sh_address(h160, testnet = False):
    if testnet:
        return encode_base58_checksum(b'\xc4' + h160)
    else:
        return encode_base58_checksum(b'\x05' + h160)

In [36]:
# def h160_to_p2pkh_address(h160, testnet=False):
#     '''Takes a byte sequence hash160 and returns a p2pkh address string'''
#     # p2pkh has a prefix of b'\x00' for mainnet, b'\x6f' for testnet
#     if testnet:
#         prefix = b'\x6f'
#     else:
#         prefix = b'\x00'
#     return encode_base58_checksum(prefix + h160)


# def h160_to_p2sh_address(h160, testnet=False):
#     '''Takes a byte sequence hash160 and returns a p2sh address string'''
#     # p2sh has a prefix of b'\x05' for mainnet, b'\xc4' for testnet
#     if testnet:
#         prefix = b'\xc4'
#     else:
#         prefix = b'\x05'
#     return encode_base58_checksum(prefix + h160)

### Verifying a `p2sh` signature

In [37]:
modified_tx = bytes.fromhex('0100000001868278ed6ddfb6c1ed3ad5f8181eb0c7a38\
5aa0836f01d5e4789e6bd304d87221a000000475221022626e955ea6ea6d98850c994f9107b036\
b1334f18ca8830bfff1295d21cfdb702103b287eaf122eea69030a0e9feed096bed8045c8b98be\
c453e1ffac7fbdbd4bb7152aeffffffff04d3b11400000000001976a914904a49878c0adfc3aa0\
5de7afad2cc15f483a56a88ac7f400900000000001976a914418327e3f3dda4cf5b9089325a4b9\
5abdfa0334088ac722c0c00000000001976a914ba35042cfe9fc66fd35ac2224eebdafd1028ad2\
788acdc4ace020000000017a91474d691da1574e6b3c192ecfb52cc8984ee7b6c5687000000000\
1000000')

In [38]:
h256 = hash256(modified_tx)
z = int.from_bytes(h256, 'big')

In [39]:
sec = bytes.fromhex('022626e955ea6ea6d98850c994f9107b036b1334f18ca8830bfff\
1295d21cfdb70')

der = bytes.fromhex('3045022100dc92655fe37036f47756db8102e0d7d5e28b3beb83a\
8fef4f5dc0559bddfb94e02205a36d4e4e6c7fcd16658c50783e00c341609977aed3ad00937bf4\
ee942a89937')

In [40]:
point = S256Point.parse(sec)
sig = Signature.parse(der)

In [41]:
print(point.verify(z, sig))

True


In [42]:
Tx.parse(BytesIO(modified_tx))

tx: 1e90fb97ed89b51f23e31ea7cb7e0743700ce1d0270f46d44757eedd50fcb21a
version: 1
tx_ins:
22874d30bde689475e1df03608aa85a3c7b01e18f8d53aedc1b6df6ded788286:26
tx_outs:
1356243:OP_DUP OP_HASH160 904a49878c0adfc3aa05de7afad2cc15f483a56a OP_EQUALVERIFY OP_CHECKSIG
606335:OP_DUP OP_HASH160 418327e3f3dda4cf5b9089325a4b95abdfa03340 OP_EQUALVERIFY OP_CHECKSIG
797810:OP_DUP OP_HASH160 ba35042cfe9fc66fd35ac2224eebdafd1028ad27 OP_EQUALVERIFY OP_CHECKSIG
47074012:OP_HASH160 74d691da1574e6b3c192ecfb52cc8984ee7b6c56 OP_EQUAL
locktime: 0

## Coinbase Transaction

Three conditions of a coinbase transaction:
1. Coinbase transactions must have exactly one input.
2. The one input must have a previous transaction of `32` bytes of `00`.
3. The one input must have a previous index of `ffffffff`.

![Coinbase Transaction](img\coinbase_transaction.png)

In [43]:
stream_of_script_sig_genesis_block = BytesIO(bytes.fromhex('4d04ffff001d0104455468652054696d65732030332f4a616e2f32303039\
204368616e63656c6c6f72206f6e206272696e6b206f66207365636f6e64206261696c6f757420666f722062616e6b73'))
script_sig_genesis = Script.parse(stream_of_script_sig_genesis_block)

In [44]:
script_sig_genesis.cmds[2]

b'The Times 03/Jan/2009 Chancellor on brink of second bailout for banks'

# Blocks

- Blocks are batches of transactions.
- All blocks have to point to a previous block.
- This is why the data structure is called a *blockchain*.
- Blocks link back all the way to the very first block, or the genesis block.
- The previous block field ends in a bunch of `00` bytes.

## Block Headers

- The block header is metadata about the transactions included in a block.
- A block header takes up exactly **80 bytes**. The size of headers are roughly .023% of the entire blockchain.

The block header consists of:

| Name           | Size (bytes) | Byteorder | Functionality                                                      |
| :------------- | -----------: | :-------: | :----------------------------------------------------------------- |
| Version        |            4 |    LE     | Reflects the capabilities of the software that produced the block  |
| Previous block |           32 |    LE     | Hash of Previous block                                             |
| Merkle root    |           32 |    LE     | Encodes all the ordered transactions, used by SPV                  |
| Timestamp      |            4 |    LE     | A Unix-style timestamp, the number of seconds since January 1, 1970|
| Bits           |            4 |    BE     | Encodes the proof-of-work                                          |
| Nonce          |            4 |    BE     | *n-once* or “number used only once”                                  |

![Block Header](img\block_header.png)

The version consists of 4 bytes or 32 bits. I'll use x to represent 0 or 1 of binary. There were changes in different BIPs to make versioning Bitcoin software easier.

| BIP | Representation                     |
| --: | :--------------------------------- |
|   9 | `001xxxxxxxxxxxxxxxxxxxxxxxxxxxxx` |
|  91 | `xxxxxxxxxxxxxxxxxxxxxxxxxxx1xxxx` |
| 141 | `xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx1x` |

## Target

- Target is given in bits, for example `E93C0118`
- The first two digits stores coefficient in little endian.
- The third bit stores the exponent.

The Target is then calculated using the formula:

$$\Large \mathrm{target} = \mathrm{coefficient} \times 256^{(\mathrm{exponent} - 3)} $$

## Difficulty

- Targets are hard for human beings to comprehend. To make different targets easier to compare, the concept of *difficulty* was born.
- The difficulty can be thought of as how much more difficult mining is now than it was at the start.

The difficulty is then calculated using the formula:

$$\Large \mathrm{difficulty} = \dfrac{  \mathrm{0xffff} \times 256^{(\mathrm{0x1d}–3)}}{\mathrm{target}} $$

## New Target

- In Bitcoin, each group of `2,016 blocks` is called a *difficulty adjustment period*.

time_differential = (block timestamp of last block in difficulty adjustment period) – (block timestamp of first block in difficulty adjustment period)

new_target = previous_target * time_differential / (2 weeks)

In [45]:
# Block Headers Only

class Block:
    
    def __init__(self, version, prev_block, merkle_root,
                 timestamp, bits, nonce, tx_hashes = None):
        self.version = version
        self.prev_block = prev_block
        self.merkle_root = merkle_root
        self.timestamp = timestamp
        self.bits = bits
        self.nonce = nonce
        self.tx_hashes = tx_hashes
    
    @classmethod
    def parse(cls, s):
        version = little_endian_to_int(s.read(4))
        prev_block = s.read(32)[::-1]
        merkle_root = s.read(32)[::-1]
        timestamp = little_endian_to_int(s.read(4))
        bits = s.read(4)
        nonce = s.read(4)
        
        return cls(version, prev_block, merkle_root, timestamp, bits, nonce)
    
    def serialize(self):
        s = int_to_little_endian(self.version, 4)
        s += self.prev_block[::-1]
        s += self.merkle_root[::-1]
        s += int_to_little_endian(self.timestamp, 4)
        s += self.bits
        s += self.nonce
        
        return s
    
    def hash(self):
        # Returns reversed hash in bytes
        return hash256(self.serialize())[::-1]
    
    """These functions checks whether the version of the block follows that particular BIP's guidelines"""
    
    def bip9(self):
        # remember version is 32 bytes
        # right shift 29 (>> 29) and see if that is 001
        return self.version >> 29 == 0b001

    def bip91(self):
        # shift 4 bits to the right and see if the last bit is 1
        return self.version >> 4 & 1 == 1

    def bip141(self):
        # shift 1 bit to the right and see if the last bit is 1
        return self.version >> 1 & 1 == 1
    
    def target(self):
        '''Returns the proof-of-work target based on the bits'''
        return bits_to_target(self.bits)

    def difficulty(self):
        '''Returns the block difficulty based on the bits'''
        # note difficulty is (target of lowest difficulty) / (self's target)
        # lowest difficulty has bits that equal 0xffff001d
        lowest = 0xffff * 256**(0x1d - 3)
        return lowest / self.target()
    
    def check_pow(self):
        # return whether the hash of block is less than the target
        proof = int.from_bytes(self.hash(), byteorder = 'big')
        return proof < self.target()
    
    def validate_merkle_root(self):
        # Since all transactions are stored in little endian
        # Also, the merkle root is stored in little endian
        tx_hashes = [h[::-1] for h in self.tx_hashes]
        return merkle_root(tx_hashes)[::-1] == self.merkle_root

In [46]:
TWO_WEEKS = 60 * 60 * 24 * 14
MAX_TARGET = 0xffff * 256**(0x1d - 3)

def bits_to_target(bits):
    '''Turns bits into a target(int) (large 256-bit integer)'''
    # last byte is exponent
    # the first three bytes are the coefficient in little endian
    # the formula is:
    # coefficient * 256**(exponent-3)
    exponent = bits[-1] # Return Last Byte or rightmost 8 bits
    coefficient = little_endian_to_int(bits[:-1])
    target = coefficient * 256**(exponent - 3)
    return target

def target_to_bits(target):
    # int --> bits
    raw_bytes = target.to_bytes(32, 'big')
    raw_bytes = raw_bytes.lstrip(b'\x00')
    if raw_bytes[0] > 0x7f:
        exponent = len(raw_bytes) + 1
        coefficient = b'\x00' + raw_bytes[:2]
    else:
        exponent = len(raw_bytes)
        coefficient = raw_bytes[:3]
    new_bits = coefficient[::-1] + bytes([exponent])
    return new_bits

def calculate_new_bits(previous_bits, time_differential):
    if time_differential > TWO_WEEKS * 4:
        time_differential = TWO_WEEKS * 4
    if time_differential < TWO_WEEKS // 4:
        time_differential = TWO_WEEKS // 4
    new_target = bits_to_target(previous_bits) * time_differential // TWO_WEEKS
    
    if new_target > MAX_TARGET:
        new_target = MAX_TARGET
    return target_to_bits(new_target)

## Network Message

![Network Message](img\network_message.png)

A network message consists of:

| Name             | Size (bytes) | Functionality                                                 |
| :--------------- | -----------: | :------------------------------------------------------------ |
| Network Magic    |            4 | Magic bytes give the receiver of the message a place to start |
| Command          |           12 | A description of what the payload actually carries            |
| Payload Length   |            4 | Length of Payload in little endian                            |
| Payload Checksum |            4 | The first 4 bytes of the hash256 of the payload               |
| Payload          |    $<2^{32}$ | The message which is usually less than 32 MB                  |



In [47]:
NETWORK_MAGIC = b'\xf9\xbe\xb4\xd9'
TESTNET_NETWORK_MAGIC = b'\x0b\x11\x09\x07'

class NetworkEnvelope:
    
    def __init__(self, command, payload, testnet = False):
        self.command = command
        self.payload = payload
        if testnet:
            self.magic = TESTNET_NETWORK_MAGIC
        else:
            self.magic = NETWORK_MAGIC
            
    def __repr__(self):
        return '{}: {}'.format(
            self.command.decode('ascii'),
            self.payload.hex(),
        )
    
    @classmethod
    def parse(cls, s, testnet = False):
        magic = s.read(4)
        
        if magic == b'':
            raise IOError('Connection reset!')
        
        if testnet:
            expected_magic = TESTNET_NETWORK_MAGIC
        else:
            expected_magic = NETWORK_MAGIC
        
        if magic != expected_magic:
            raise SyntaxError(
                'magic is not right. Received: {} Expected: {}'.format(
                    magic.hex(), expected_magic.hex()))
        
        command = s.read(12)
        command = command.strip(b'\x00')
        
        payload_length = little_endian_to_int(s.read(4))
        payload_checksum = s.read(4)
        payload = s.read(payload_length)
        
        calculated_checksum = hash256(payload)[:4]
        
        if calculated_checksum != payload_checksum:
            raise IOError('Checksum does not match')
            
        return cls(command, payload, testnet = testnet)
    
    def serialize(self):
        s = self.magic
        s += self.command + b'\x00' * (12 - len(self.command))
        s += int_to_little_endian(len(self.payload), 4)
        s += hash256(self.payload)[:4]
        s += self.payload
        
        return s

    def stream(self):
        '''Returns a stream for parsing the payload'''
        return BytesIO(self.payload)

## Version Message

![Version Message](img\version_message.png)

| Name              | Size (bytes) | Byteorder | Functionality                                              |
| :---------------- | -----------: | :-------: | :--------------------------------------------------------- |
| Protocol Version  |            4 |    LE     | What messages may be communicated                          |
| Network Services  |            8 |    LE     | What capabilities are available to connecting nodes        |
| Timestamp         |            8 |    LE     | Unix timestamp (as opposed to 4 bytes in the block header) |
| Receiver Services |            8 |    LE     | Network Services of Receiver                               |
| Receiver Address  |           16 |    BE     | Network Address of Receiver                                |
| Receiver Port     |            2 |    BE     | Network Port of Receiver                                   |
| Sender Services   |            8 |    LE     | Network Services of Sender                                 |
| Sender Address    |           16 |    BE     | Network Address of Sender                                  |
| Sender Port       |            2 |    BE     | Network Port of Sender                                     |
| Nonce             |            8 |    BE     | A number used by a node to detect a connection to itself   |
| User Agent        |            - |     -     | It identifies the software being run, in var int           |
| Height            |            4 |    LE     | The latest block a node is synced up to                    |
| Relay             |            1 |    BE     | It is used for Bloom filters and is an optional flag       |

- IP addresses can be IPv6, IPv4, or OnionCat (a mapping of TOR’s .onion addresses to IPv6).
- If IPv4, the first 12 bytes are `00000000000000000000FFFF` and the last 4 bytes are the IP.
- The port is 2 bytes in big-endian. The default on mainnet is `8333`, which maps to `208D` in big-endian hex.

In [48]:
from random import randint
import time
import socket

In [49]:
class VersionMessage:
    command = b'version'
    
    def __init__(self, version=70015, services = 0, timestamp = None,
                receiver_services = 0,
                receiver_ip = b'\x00\x00\x00\x00', receiver_port = 8333,
                sender_services = 0,
                sender_ip = b'\x00\x00\x00\x00', sender_port = 8333,
                nonce = None, user_agent = b'/programmingbitcoin:0.1/',
                latest_block = 0, relay = False):
        self.version = version
        self.services = services
        if timestamp is None:
            self.timestamp = int(time.time())
        else:
            self.timestamp = timestamp
        self.receiver_services = receiver_services
        self.receiver_ip = receiver_ip
        self.receiver_port = receiver_port
        self.sender_services = sender_services
        self.sender_ip = sender_ip
        self.sender_port = sender_port
        if nonce is None:
            self.nonce = int_to_little_endian(randint(0, 2**64), 8)
        else:
            self.nonce = nonce
        self.user_agent = user_agent
        self.latest_block = latest_block
        self.relay = relay
        
    @classmethod
    def parse(cls, s):
        version = little_endian_to_int(s.read(4))
        services = little_endian_to_int(s.read(8))
        timestamp = little_endian_to_int(s.read(8))
        
        receiver_services = little_endian_to_int(s.read(8))
        receiver_ip = s.read(16)[12:]
        receiver_port = int.from_bytes(s.read(2), byteorder='big')
        
        sender_services = little_endian_to_int(s.read(8))
        sender_ip = s.read(16)[12:]
        sender_port = int.from_bytes(s.read(2), byteorder='big')
        
        nonce = s.read(8)
        user_agent = read_varint(s)
        latest_block = little_endian_to_int(s.read(4))
        relay = int.from_bytes(s.read(1), byteorder='big')
        
        return cls(version=version, services = services,
                   timestamp = timestamp,
                   receiver_services = receiver_services,
                   receiver_ip = receiver_ip, receiver_port = receiver_port,
                   sender_services = sender_services,
                   sender_ip = sender_ip, sender_port = sender_port,
                   nonce = nonce, user_agent = user_agent,
                   latest_block = latest_block, relay = relay)
    
    def serialize(self):
        s = int_to_little_endian(self.version, 4)
        s += int_to_little_endian(self.services, 8)
        s += int_to_little_endian(self.timestamp, 8)
        
        s += int_to_little_endian(self.receiver_services, 8)
        s += bytes.fromhex('00000000000000000000ffff') + self.receiver_ip
        s += (self.receiver_port).to_bytes(2, 'big')
        
        s += int_to_little_endian(self.sender_services, 8)
        s += bytes.fromhex('00000000000000000000ffff') + self.sender_ip
        s += (self.sender_port).to_bytes(2, 'big')
        
        s += self.nonce # Already in Bytes
        s += encode_varint(len(self.user_agent)) + self.user_agent
        s += int_to_little_endian(self.latest_block, 4)
        s += (self.relay).to_bytes(1, 'big')
        
        return s

In [50]:
class VerAckMessage:
    command = b'verack'
    
    def __init__(self):
        pass
    
    @classmethod
    def parse(cls, s):
        return cls()
    
    def serialize(self):
        return b''

class PingMessage:
    command = b'ping'

    def __init__(self, nonce):
        self.nonce = nonce

    @classmethod
    def parse(cls, s):
        nonce = s.read(8)
        return cls(nonce)

    def serialize(self):
        return self.nonce


class PongMessage:
    command = b'pong'

    def __init__(self, nonce):
        self.nonce = nonce

    def parse(cls, s):
        nonce = s.read(8)
        return cls(nonce)

    def serialize(self):
        return self.nonce

In [51]:
class SimpleNode:
    
    def __init__(self, host, port=None, testnet=False, logging=False):
        if port is None:
            if testnet:
                port = 18333
            else:
                port = 8333
        self.testnet = testnet
        self.logging = logging
        self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        self.socket.connect((host, port))
        self.stream = self.socket.makefile('rb', None)
        
    def handshake(self):
        '''Handshake is sending a version message and getting a verack back.'''
        version = VersionMessage()
        self.send(version)
        self.wait_for(VerAckMessage)
        
    def send(self, message):
        envelope = NetworkEnvelope(
            message.command, message.serialize(), testnet = self.testnet)
        if self.logging:
            print('sending: {}'.format(envelope))
        self.socket.sendall(envelope.serialize())
        
    def read(self):
        envelope = NetworkEnvelope.parse(self.stream, self.testnet)
        if self.logging:
            print('receiving: {}'.format(envelope))
        return envelope
    
    def wait_for(self, *message_classes):
        command = None
        command_to_class = {m.command: m for m in message_classes}
        while command not in command_to_class.keys():
            envelope = self.read()
            command = envelope.command
            if command == VersionMessage.command:
                self.send(VerAckMessage())
            elif command == PingMessage.command:
                self.send(PongMessage(envelope.payload))
        return command_to_class[command].parse(envelope.stream())

In [52]:
node = SimpleNode('testnet.programmingbitcoin.com', testnet=True)
node.handshake()

## Getting Headers

![Get Headers](img\getheaders.png)

| Name             | Size (bytes) | Byteorder | Functionality                                                             |
| :--------------- | -----------: | :-------: | :------------------------------------------------------------------------ |
| Protocol Version |            4 |    LE     | What messages may be communicated                                         |
| Number of Hashes |            - |     -     | This number can be more than 1 if there’s a chain split, stored in varint |
| Starting Block   |            - |    LE     | The block from where we want to download                                  |
| Ending Block     |            - |    LE     | The block to which we want to download                                    |

- If we specify the ending block to be `000...000`, we’re indicating that we want as many as the other node will give us.
- The maximum number of headers that we can get back is 2,000, or almost a single difficulty adjustment period (2,016 blocks)

In [53]:
class GetHeadersMessage:
    command = b'getheaders'
    
    def __init__(self, version = 70015, num_hashes = 1,
                 start_block = None, end_block = None):
        self.version = version
        self.num_hashes = num_hashes
        
        if start_block is None:
            raise RuntimeError('a start block is required')
        self.start_block = start_block
        
        if end_block is None:
            self.end_block = b'\x00' *32
        else:
            self.end_block = end_block
            
    def serialize(self):
        s = int_to_little_endian(self.version, 4)
        s += encode_varint(self.num_hashes)
        s += self.start_block[::-1]
        s += self.end_block[::-1]
        
        return s    

In [54]:
GENESIS_BLOCK = bytes.fromhex('0100000000000000000000000000000000000000000000000000000000000000000000003ba3edfd7a7b12b27ac72c3e67768f617fc81bc3888a51323a9fb8aa4b1e5e4a29ab5f49ffff001d1dac2b7c')
TESTNET_GENESIS_BLOCK = bytes.fromhex('0100000000000000000000000000000000000000000000000000000000000000000000003ba3edfd7a7b12b27ac72c3e67768f617fc81bc3888a51323a9fb8aa4b1e5e4adae5494dffff001d1aa4ae18')
LOWEST_BITS = bytes.fromhex('ffff001d')

In [55]:
node = SimpleNode('mainnet.programmingbitcoin.com', testnet=False)
node.handshake()
genesis = Block.parse(BytesIO(GENESIS_BLOCK))
getheaders = GetHeadersMessage(start_block=genesis.hash())
node.send(getheaders)

## Headers Response

![Headers Response](img\headers_response.png)

- The headers message starts with the number of headers as a **varint**, which is a number from 1 to 2,000 inclusive.
- Each block header, we know, is **80 bytes**.
- The number of transactions in the headers message is always 0 because we only asked for the headers and not the transactions.
- By specifying that the number of transactions is 0, we can use the same parsing engine as when parsing a full block.

In [56]:
class HeadersMessage:
    command = b'headers'
    
    def __init__(self, blocks):
        self.blocks = blocks
        
    @classmethod
    def parse(cls, s):
        num_headers = read_varint(s)
        blocks = []
        for _ in range(num_headers):
            blocks.append(Block.parse(s))
            num_txs = read_varint(s)
            if num_txs != 0:
                raise RuntimeError('number of txs is not 0')
        return cls(blocks)

In [57]:
class GenericMessage:
    def __init__(self, command, payload):
        self.command = command
        self.payload = payload

    def serialize(self):
        return self.payload

### Download Blockchain

In [58]:
# previous = Block.parse(BytesIO(GENESIS_BLOCK))
# first_epoch_timestamp = previous.timestamp
# expected_bits = LOWEST_BITS
# count = 1
# node = SimpleNode('mainnet.programmingbitcoin.com', testnet=False)
# node.handshake()
# for _ in range(19):
#     getheaders = GetHeadersMessage(start_block=previous.hash())
#     node.send(getheaders)
#     headers = node.wait_for(HeadersMessage)
#     for header in headers.blocks:
#         if not header.check_pow():
#             raise RuntimeError('bad PoW at block {}'.format(count))
#         if header.prev_block != previous.hash():
#             raise RuntimeError('discontinuous block at {}'.format(count))
#         if count % 2016 == 0:
#             time_diff = previous.timestamp - first_epoch_timestamp
#             expected_bits = calculate_new_bits(previous.bits, time_diff)
#             print(expected_bits.hex())
#             first_epoch_timestamp = header.timestamp
#         if header.bits != expected_bits:
#             raise RuntimeError('bad bits at block {}'.format(count))
#         previous = header
#         count += 1

Note: The above code won’t work on testnet as the difficulty adjustment algorithm is different.

To make sure blocks can be found consistently for testing, if a block hasn’t been found on testnet in 20 minutes, the difficulty drops to 1, making it very easy to find a block.This is set up this way to allow testers to be able to keep building blocks on the network without expensive mining equipment

A $30 USB ASIC can typically find a few blocks per minute at the minimum difficulty.

# Merkle Tree

- It is a computer science structure designed for efficient proofs of inclusion.
- [Ralph Merkle](https://en.wikipedia.org/wiki/Ralph_Merkle) patented it in 1979.

## Merkle Root

- Fingerprint for all the transactions in a block.
- There doesn’t appear to be much benefit to using merkle trees when you have a small number of transactions in a block, but you can really see the difference when you have a much larger number of starting “leaves” in the tree.

![Merkle Root](img\merkle_root.png)

A technical diagram that explains how merkle roots are created in bitcoin

![Create Merkle Tree](img\create_merkle_tree.png)

In [59]:
import math

In [60]:
def merkle_parent(hash1, hash2):
    '''Takes the binary hashes and calculates the hash256'''
    # return the hash256 of hash1 + hash2
    return hash256(hash1 + hash2)

In [61]:
def merkle_parent_level(hashes):
    '''Takes a list of binary hashes and returns a list that's half
    the length'''
    if len(hashes) == 1:
        raise ValueError('only one element in the list')
    
    if len(hashes) % 2 == 1:
        hashes.append(hashes[-1])
    
    result = [merkle_parent(hashes[i], hashes[i+1]) for i in range(0, len(hashes), 2)]
    
    return result

In [62]:
def merkle_root(hashes):
    '''Takes a list of binary hashes and returns the merkle root
    '''
    while len(hashes) != 1:
        hashes = merkle_parent_level(hashes)
    return hashes[0]

# Use of Merkle Tree

- A merkle tree is just an efficient way to prove that something is in a set, without having to know the full set.
- You can create “lightweight wallets” that can verify when a transaction has made it in to a block, without the overhead of having to download and store the entire the blockchain.
- These wallets just download and store block headers, and use the merkle roots inside them (along with merkle proofs they receive from full nodes) to verify that a transaction has made it in to a block.

![Wallets](img\wallets.png)

## Verifying Transactions using Merkle Proof

- If we want to check that a TXID is part of the merkle root, we would only need to know some of the hashes along the path of the tree.

![Merkle Proof](img\markle_proof.png)

### Flag bits and Hashes

- The bits are either `0` or `1`.
- They are used to tell what to do with a particular node.

| Task                                 | Leaf Node |  Provided | Bit Value |
| :----------------------------------- | --------: | --------: | :-------: |
| Complimentary Hashes for calculation |     Maybe |     Given |     0     |
| Hashes to be calculated              |        No | Not Given |     1     |
| Transaction of Interest              |       Yes |     Given |     1     |

### An example for better understanding

The calculated bits are:

```python
1, 0, 1, 1, 0, 1, 1, 0, 1, 1, 0, 1, 0
```

![Flag Bits Merkle Tree](img\flag_bits_merkle_tree.png)

Note: The main drawback of SPV is that the nodes you are connecting to know something about the transactions you are interested in.

In [63]:
class MerkleTree:

    def __init__(self, total):
        self.total = total
        self.max_depth = math.ceil(math.log(total, 2))
        self.nodes = []
        for depth in range(self.max_depth + 1):
            num_items = math.ceil(self.total / 2**(self.max_depth - depth))
            level_hashes = [None] * num_items
            self.nodes.append(level_hashes)
        # Index in the list of a particular level
        self.current_index = 0
        # Level of the Tree
        self.current_depth = 0
    
    def __repr__(self):
        result = []
        for depth, level in enumerate(self.nodes):
            items = []
            for index, h in enumerate(level):
                if h is None:
                    short = 'None'
                else:
                    short = '{}...'.format(h.hex()[:8])
                if depth == self.current_depth and index == self.current_index:
                    items.append('*{}*'.format(short[:-2]))
                else:
                    items.append('{}'.format(short))
            result.append(', '.join(items))
        return '\n'.join(result)
    
    def up(self):
        self.current_depth -= 1
        self.current_index //= 2
        
    def left(self):
        self.current_depth += 1
        self.current_index *= 2
        
    def right(self):
        self.current_depth += 1
        self.current_index = self.current_index*2 + 1
        
    def root(self):
        return self.nodes[0][0]
    
    def set_current_node(self, value):
        # Assigns a value to seleceted node
        self.nodes[self.current_depth][self.current_index] = value
        
    def get_current_node(self):
        # Get the value of selected node
        return self.nodes[self.current_depth][self.current_index]
    
    def get_left_node(self):
        return self.nodes[self.current_depth + 1][self.current_index * 2]
    
    def get_right_node(self):
        return self.nodes[self.current_depth + 1][self.current_index * 2 + 1]
    
    def is_leaf(self):
        return self.current_depth == self.max_depth
    
    def right_exists(self):
        return len(self.nodes[self.current_depth + 1]) > self.current_index * 2 + 1
    
    def populate_tree(self, flag_bits, hashes):
        while self.root() is None:
            if self.is_leaf():
                # It's a leaf, it doesn't matter if the bit is 1 or 0
                # because the hash is given
                flag_bits.pop(0)
                self.set_current_node(hashes.pop(0))
                self.up()
            else:
                left_hash = self.get_left_node()
                if left_hash is None:
                    if flag_bits.pop(0) == 0:
                        # 0: We received hash for this node
                        self.set_current_node(hashes.pop(0))
                        self.up()
                    else:
                        # 1: We are asked to calculate hash for this node
                        self.left()
                elif self.right_exists():
                    # We have Left Node
                    right_hash = self.get_right_node()
                    if right_hash is None:
                        # We have left node but not the right node
                        self.right()
                    else:
                        # We have both left and right node
                        self.set_current_node(merkle_parent(left_hash, right_hash))
                        self.up()
                else:
                    # We have left node but right node doesn't exists
                    self.set_current_node(merkle_parent(left_hash, left_hash))
                    self.up()
        if len(hashes) != 0:
            raise RuntimeError('hashes not all consumed {}'.format(len(hashes)))
        for flag_bit in flag_bits:
            if flag_bit != 0:
                raise RuntimeError('flag bits not all consumed')

## Merkle Block

![Merkle Block](img\merkle_block.png)

| Name               | Size (bytes) | Byteorder | Functionality                                                             |
| :----------------- | -----------: | :-------: | :------------------------------------------------------------------------ |
| Version            |            4 |    LE     | Same: Reflects the capabilities of the software that produced the block   |
| Previous Block     |           32 |    LE     | Same: Hash of Previous block                                              |
| Merkle Root        |           32 |    LE     | Same: Encodes all the ordered transactions, used by SPV                   |
| Timestamp          |            4 |    LE     | Same: A Unix-style timestamp, the number of seconds since January 1, 1970 |
| Bits               |            4 |    BE     | Same: Encodes the proof-of-work                                           |
| Nonce              |            4 |    BE     | Same: _n-once_ or “number used only once”                                 |
| Total Transactions |            4 |    LE     | The total leaves for the merkle tree                                      |
| Total Hashes       |            - |     -     | Number of Hashes required to verify transaction (in varint)               |
| Hashes             |            - |    LE     | All the hashes of 32 byte each                                            |
| Flag Bits Length   |            - |     -     | The length of flag bits in varint                                         |
| Flag Bits          |            - |    BE     | The flag bits are stored in the next bytes of given length                |

In [64]:
def bytes_to_bit_field(some_bytes):
    flag_bits = []
    for byte in some_bytes:
        for _ in range(8):
            flag_bits.append(byte & 1)
            byte >>= 1
    return flag_bits

In [65]:
class MerkleBlock:
    command = b'merkleblock'

    def __init__(self, version, prev_block, merkle_root, timestamp, bits, nonce, total, hashes, flags):
        self.version = version
        self.prev_block = prev_block
        self.merkle_root = merkle_root
        self.timestamp = timestamp
        self.bits = bits
        self.nonce = nonce
        self.total = total
        self.hashes = hashes
        self.flags = flags

    def __repr__(self):
        result = 'Total Transactions: {}\n Hashes:\n'.format(self.total)
        for h in self.hashes:
            result += '\t{}\n'.format(h.hex())
        result += 'Flags: {}'.format(bytes_to_bit_field(self.flags))
        return result

    @classmethod
    def parse(cls, s):
        version = little_endian_to_int(s.read(4))
        prev_block = s.read(32)[::-1]
        merkle_root = s.read(32)[::-1]
        timestamp = little_endian_to_int(s.read(4))
        bits = s.read(4)
        nonce = s.read(4)
        total = little_endian_to_int(s.read(4))
        
        total_hashes = read_varint(s)
        hashes = []
        for _ in range(total_hashes):
            hashes.append(s.read(32)[::-1])
            
        flags_length = read_varint(s)
        flags = s.read(flags_length)
        return cls(version, prev_block, merkle_root, timestamp, bits, nonce, total, hashes, flags) 
    
    def is_valid(self):
        flag_bits = bytes_to_bit_field(self.flags)
        hashes = [h[::-1] for h in self.hashes]
        tree = MerkleTree(self.total)
        tree.populate_tree(flag_bits, hashes)
        return tree.root()[::-1] == self.merkle_root

In [66]:
hex_merkle_block = '00000020df3b053dc46f162a9b00c7f0d5124e2676d47bbe7c5d0793a500000000000000ef445fef2ed495c275892206ca533e7411907971013ab83e3b47bd0d692d14d4dc7c835b67d8001ac157e670bf0d00000aba412a0d1480e370173072c9562becffe87aa661c1e4a6dbc305d38ec5dc088a7cf92e6458aca7b32edae818f9c2c98c37e06bf72ae0ce80649a38655ee1e27d34d9421d940b16732f24b94023e9d572a7f9ab8023434a4feb532d2adfc8c2c2158785d1bd04eb99df2e86c54bc13e139862897217400def5d72c280222c4cbaee7261831e1550dbb8fa82853e9fe506fc5fda3f7b919d8fe74b6282f92763cef8e625f977af7c8619c32a369b832bc2d051ecd9c73c51e76370ceabd4f25097c256597fa898d404ed53425de608ac6bfe426f6e2bb457f1c554866eb69dcb8d6bf6f880e9a59b3cd053e6c7060eeacaacf4dac6697dac20e4bd3f38a2ea2543d1ab7953e3430790a9f81e1c67f5b58c825acf46bd02848384eebe9af917274cdfbb1a28a5d58a23a17977def0de10d644258d9c54f886d47d293a411cb6226103b55635'
mb = MerkleBlock.parse(BytesIO(bytes.fromhex(hex_merkle_block)))

In [67]:
mb

Total Transactions: 3519
 Hashes:
	8a08dcc58ed305c3dba6e4c161a67ae8ffec2b56c972301770e380140d2a41ba
	7de2e15e65389a6480cee02af76be0378cc9c2f918e8da2eb3a7ac58642ef97c
	c2c2c8df2a2d53eb4f4a432380abf9a772d5e92340b9242f73160b941d42d934
	ba4c2c2280c2725def0d401772896298133ec14bc5862edf99eb04bdd1858715
	ce6327f982624be78f9d917b3fda5ffc06e59f3e8582fab8db50151e836172ee
	9750f2d4abce7063e7513cc7d9ec51d0c22b839b362ac319867caf77f925e6f8
	8dcb9db66e8654c5f157b42b6e6f42fe6bac08e65d4253ed04d498a87f5956c2
	4325eaa2383fbde420ac7d69c6daf4accaea0e06c7e653d03c9ba5e980f8f66b
	4c2717f99abeee84838402bd46cf5a828cb5f5671c1ef8a9900743e35379abd1
	6122b61c413a297dd486f8549c8d2544d610def0de7779a1238ad5a5281abbdf
Flags: [1, 0, 1, 0, 1, 1, 0, 1, 0, 1, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 1, 0, 0]

In [68]:
mb.is_valid()

True

# Bloom Filter

In [69]:
def murmur3(data, seed=0):
    '''from http://stackoverflow.com/questions/13305290/is-there-a-pure-python-implementation-of-murmurhash'''
    c1 = 0xcc9e2d51
    c2 = 0x1b873593
    length = len(data)
    h1 = seed
    roundedEnd = (length & 0xfffffffc)  # round down to 4 byte block
    for i in range(0, roundedEnd, 4):
        # little endian load order
        k1 = (data[i] & 0xff) | ((data[i + 1] & 0xff) << 8) | \
            ((data[i + 2] & 0xff) << 16) | (data[i + 3] << 24)
        k1 *= c1
        k1 = (k1 << 15) | ((k1 & 0xffffffff) >> 17)  # ROTL32(k1,15)
        k1 *= c2
        h1 ^= k1
        h1 = (h1 << 13) | ((h1 & 0xffffffff) >> 19)  # ROTL32(h1,13)
        h1 = h1 * 5 + 0xe6546b64
    # tail
    k1 = 0
    val = length & 0x03
    if val == 3:
        k1 = (data[roundedEnd + 2] & 0xff) << 16
    # fallthrough
    if val in [2, 3]:
        k1 |= (data[roundedEnd + 1] & 0xff) << 8
    # fallthrough
    if val in [1, 2, 3]:
        k1 |= data[roundedEnd] & 0xff
        k1 *= c1
        k1 = (k1 << 15) | ((k1 & 0xffffffff) >> 17)  # ROTL32(k1,15)
        k1 *= c2
        h1 ^= k1
    # finalization
    h1 ^= length
    # fmix(h1)
    h1 ^= ((h1 & 0xffffffff) >> 16)
    h1 *= 0x85ebca6b
    h1 ^= ((h1 & 0xffffffff) >> 13)
    h1 *= 0xc2b2ae35
    h1 ^= ((h1 & 0xffffffff) >> 16)
    return h1 & 0xffffffff

In [70]:
def bit_field_to_bytes(bit_field):
    if len(bit_field) % 8 != 0:
        raise RuntimeError('bit_field does not have a length that is divisible by 8')
    result = bytearray(len(bit_field) // 8)
    for i, bit in enumerate(bit_field):
        byte_index, bit_index = divmod(i, 8)
        if bit:
            result[byte_index] |= 1 << bit_index
    return bytes(result)


def bytes_to_bit_field(some_bytes):
    flag_bits = []
    # iterate over each byte of flags
    for byte in some_bytes:
        # iterate over each bit, right-to-left
        for _ in range(8):
            # add the current bit (byte & 1)
            flag_bits.append(byte & 1)
            # rightshift the byte 1
            byte >>= 1
    return flag_bits

In [71]:
BIP37_CONSTANT = 0xfba4c795

## Bloom Filter

- The first thing to do is to send a `VersionMessage()` with `relay = False`.
- This tells the full node not to send transaction messages unless they match a Bloom filter or they have been specifically requested.

![Bloom Filter](img\bloom_filer_serialized.png)

| Name              | Size (bytes) | Byteorder | Functionality                                                                     |
| :---------------- | -----------: | :-------: | :-------------------------------------------------------------------------------- |
| Bloom Filter Size |            - |     -     | The size of Bloom Filter in Bytes, encoded in varint                              |
| Bit Field         |            - |    BE     | The bit field converted to bytes which is of Bloom Filter size                    |
| Hash Count        |            4 |    LE     | The total number of murmur hash functions used                                    |
| Tweak             |            4 |    LE     | The integer to make a slight change                                               |
| Matched Item Flag |            1 |    BE     | A way of asking the full node to add any matched transactions to the Bloom filter |

In [72]:
class BloomFilter:
    
    def __init__(self, size, function_count, tweak):
        self.size = size
        self.bit_field = [0] * (size * 8)
        self.function_count = function_count
        self.tweak = tweak
        
    def add(self, item):
        for i in range(self.function_count):
            seed = i * BIP37_CONSTANT + self.tweak
            h = murmur3(item, seed = seed)
            bit = h % (self.size * 8)
            self.bit_field[bit] = 1

    def filter_bytes(self):
        return bit_field_to_bytes(self.bit_field)
    
    def filterload(self, flag=1):
        # Works similar to serialize()
        payload = encode_varint(self.size)
        payload += self.filter_bytes()
        payload += int_to_little_endian(self.function_count, 4)
        payload += int_to_little_endian(self.tweak, 4)
        payload += (flag).to_bytes(1, 'big')
        return GenericMessage(b'filterload', payload)

In [73]:
bf = BloomFilter(10, 5, 99)
item = b'Hello World'
bf.add(item)
item = b'Goodbye!'
bf.add(item)
expected = '0a4000600a080000010940050000006300000001'

In [74]:
bf.filterload().serialize().hex() == expected

True

## Get Data Message

![Get Data Message Serialized](img\get_data_message_serialized.png)

| Name                 | Size (bytes) | Byteorder | Functionality                       |
| :------------------- | -----------: | :-------: | :---------------------------------- |
| Number of Data Items |            - |     -     | The total items encoded in varint   |
| Type of Data Item    |            4 |    LE     | A type identifier                   |
| Hash Identifier      |            - |    LE     | The identifier due to hash function |

| Type Identifier | Data Transmitted |
| :-------------: | ---------------: |
|        1        |      Transaction |
|        2        |     Normal Block |
|        3        |     Merkle Block |
|        4        |    Compact Block |

In [75]:
TX_DATA_TYPE = 1
BLOCK_DATA_TYPE = 2
FILTERED_BLOCK_DATA_TYPE = 3
COMPACT_BLOCK_DATA_TYPE = 4

In [76]:
class GetDataMessage:
    command = b'getdata'
    
    def __init__(self):
        self.data = []
        
    def add_data(self, data_type, identifier):
        self.data.append((data_type, identifier))
    
    def serialize(self):
        s = encode_varint(len(self.data))
        for (data_type, identifier) in self.data:
            s += int_to_little_endian(data_type, 4)
            s += identifier[::-1]
        return s

In [77]:
bit_field_size = 10
bit_field = [0] * bit_field_size

In [78]:
bit_field

[0, 0, 0, 0, 0, 0, 0, 0, 0, 0]

In [79]:
h = hash256(b'hello world')

In [80]:
h

b'\xbcb\xd4\xb8\r\x9e6\xda)\xc1l]M\x9f\x11s\x1f6\x05,r@\x1av\xc2<\x0f\xb5\xa9\xb7D#'

In [81]:
num = int.from_bytes(h, 'big')

In [82]:
num

85209434678292214399516606369540687209995712346561802549023407573798789530659

In [83]:
bit = num % bit_field_size

In [84]:
bit

9

In [85]:
bit_field[bit] = 1

In [86]:
bit_field

[0, 0, 0, 0, 0, 0, 0, 0, 0, 1]

In [87]:
bit_field = [0] * bit_field_size
for item in (b'hello world', b'goodbye'):  
    h = hash256(item)
    bit = int.from_bytes(h, 'big') % bit_field_size
    bit_field[bit] = 1

In [88]:
bit_field

[0, 0, 1, 0, 0, 0, 0, 0, 0, 1]

In [89]:
bit_field_size = 10
bit_field = [0] * bit_field_size
for ele in (b'hello world', b'goodbye'):
    h = hash160(ele)
    bit = int.from_bytes(h, 'big') % bit_field_size
    bit_field[bit] = 1
print(bit_field)

[1, 1, 0, 0, 0, 0, 0, 0, 0, 0]


In [90]:
bit_field_size = 10
bit_field = [0] * bit_field_size
for item in (b'hello world', b'goodbye'):
    for hash_function in (hash256, hash160):
        h = hash_function(item)
        bit = int.from_bytes(h, 'big') % bit_field_size
        bit_field[bit] = 1
print(bit_field)

[1, 1, 1, 0, 0, 0, 0, 0, 0, 1]


In [91]:
field_size = 2
num_functions = 2
tweak = 42 # the number of god

In [92]:
bit_field_size = field_size * 8
bit_field = [0] * bit_field_size

In [93]:
for phrase in (b'hello world', b'goodbye'):
    for i in range(num_functions):
        seed = i * BIP37_CONSTANT + tweak
        h = murmur3(phrase, seed = seed)
        bit = h % bit_field_size
        bit_field[bit] = 1

In [94]:
bit_field

[0, 0, 0, 0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 0, 0, 0]

In [95]:
field_size = 10
num_functions = 5
tweak = 99

In [96]:
bit_field_size = field_size * 8
bit_field = [0] * bit_field_size

In [97]:
for phrase in (b'Hello World',  b'Goodbye!'):
    for i in range(num_functions):
        seed = i * BIP37_CONSTANT + tweak
        h = murmur3(phrase, seed = seed)
        bit = h % bit_field_size
        bit_field[bit] = 1

In [98]:
bit_field_to_bytes(bit_field).hex()

'4000600a080000010940'

In [99]:
(3).to_bytes(1, 'big')

b'\x03'

In [100]:
secret = little_endian_to_int(b'utkarshg6 secret')
private_key = PrivateKey(secret)

In [101]:
private_key.point.address(testnet = True)

'mzWy8yHHQEZEadACPgpuptwLLLZGdNFEFN'

In [102]:
secret

154717189563442328630435449493107995765

In [103]:
# last_block_hex = '00000000000538d5c2246336644f9a4956551afb44ba47278759ec55ea912e19'
# address = 'mwJn1YPMq7y5F8J3LkC5Hxg9PHyZ5K4cFv'
# h160 = decode_base58(address)

# node = SimpleNode('testnet.programmingbitcoin.com', testnet=True, logging=True)
# bf = BloomFilter(size=30, function_count=5, tweak=90210)
# bf.add(h160)

# node.handshake()
# node.send(bf.filterload())
# start_block = bytes.fromhex(last_block_hex)
# getheaders = GetHeadersMessage(start_block=start_block)
# node.send(getheaders)
# headers = node.wait_for(HeadersMessage)
# getdata = GetDataMessage()
# for b in headers.blocks:
#     if not b.check_pow():
#         raise RuntimeError('proof of work is invalid')
#     getdata.add_data(FILTERED_BLOCK_DATA_TYPE, b.hash())
# node.send(getdata)

# print(len(getdata.data))

# found = False
# while not found:
#     message = node.wait_for(MerkleBlock, Tx)
#     if message.command == b'merkleblock':
#         print('Got Merkle Block')
#         if not message.is_valid():
#             raise RuntimeError('invalid merkle proof')
#     else:
#         print('Got Transaction')
#         for i, tx_out in enumerate(message.tx_outs):
#             print(tx_out.script_pubkey.address(testnet=True))
#             if tx_out.script_pubkey.address(testnet=True) == address:
#                 print('found: {}:{}'.format(message.id(), i))
#                 found = True
#                 break
#         break

## My Wallet

In [104]:
# node = SimpleNode('testnet.programmingbitcoin.com', testnet = True, logging = False)
# node.handshake()

In [105]:
# address = 'mwJn1YPMq7y5F8J3LkC5Hxg9PHyZ5K4cFv'
# h160 = decode_base58(address)
# bf = BloomFilter(size = 30, function_count = 5, tweak = 90210)
# bf.add(h160)
# node.send(bf.filterload())

In [106]:
# # Receive Empty Block Headers without transaction hashes
# last_block_hex = '00000000000538d5c2246336644f9a4956551afb44ba47278759ec55\
# ea912e19'
# start_block = bytes.fromhex(last_block_hex)
# getheaders = GetHeadersMessage(start_block = start_block)
# node.send(getheaders)
# headers = node.wait_for(HeadersMessage)

In [107]:
# # Sending a request to deliver merkle blocks of seleceted blocks
# getdata = GetDataMessage()
# for b in headers.blocks:
#     if not b.check_pow():
#         raise RuntimeError('proof of work is invalid')
#     getdata.add_data(FILTERED_BLOCK_DATA_TYPE, b.hash())
# node.send(getdata)

In [108]:
# found = False
# while not found:
#     message = node.wait_for(MerkleBlock, Tx)
#     if message.command == b'merkleblock':
#         print('Got Merkle Block')
#         # It's a Merkle Block
#         if not message.is_valid():
#             # 
#             raise RuntimeError('invalid merkle proof')
#     else:
#         print('Got Transaction')
#         for i, tx_out in enumerate(message.tx_outs):
#             if tx_out.script_pubkey.address(testnet = True) == address:
#                 print('found: {}:{}'.format(message.id(), i))
#                 found = True
#                 break

## Exercise 6

### Create your testnet Bitcoin Address

In [109]:
secret = little_endian_to_int(b'utkarshg6 secret')
private_key = PrivateKey(secret)

In [110]:
address = private_key.point.address(testnet = True)

In [111]:
address

'mzWy8yHHQEZEadACPgpuptwLLLZGdNFEFN'

### Create a new node and have a handshake

In [112]:
node = SimpleNode('testnet.programmingbitcoin.com', testnet = True, logging = True)
node.handshake()

sending: version: 7f1101000000000000000000e870e35e00000000000000000000000000000000000000000000ffff00000000208d000000000000000000000000000000000000ffff00000000208d88d0fa6ee179b6df182f70726f6772616d6d696e67626974636f696e3a302e312f0000000000
receiving: version: 7f1101000d04000000000000e870e35e00000000000000000000000000000000000000000000ffff312484f2e7e60d040000000000000000000000000000000000000000000000007a2ad9cad31ef066102f5361746f7368693a302e31392e312ffa011b0001
sending: verack: 
receiving: verack: 


### Send Bloom Filter to the Node

In [113]:
h160 = decode_base58(address)
bf = BloomFilter(size = 30, function_count = 5, tweak = 90210)
bf.add(h160)
node.send(bf.filterload())

sending: filterload: 1e000020100000000000041000000000010000000000000000000000000000050000006260010001


### Receive Block Headers (no Transaction)

In [114]:
start_block_hex = '0000000000000263c1a37bb9c245167b708db976b17846d1b70de0e76d6135de'
start_block = bytes.fromhex(start_block_hex)
getheaders = GetHeadersMessage(start_block = start_block)
node.send(getheaders)
headers = node.wait_for(HeadersMessage)

sending: getheaders: 7f11010001de35616de7e00db7d14678b176b98d707b1645c2b97ba3c163020000000000000000000000000000000000000000000000000000000000000000000000000000
receiving: sendheaders: 
receiving: sendcmpct: 000200000000000000
receiving: sendcmpct: 000100000000000000
receiving: ping: ab1b063f27bcf996
sending: pong: ab1b063f27bcf996
receiving: addr: 01e970e35e0d0400000000000000000000000000000000ffffa2d49eac479d
receiving: feefilter: e803000000000000
receiving: headers: fda90400004020de35616de7e00db7d14678b176b98d707b1645c2b97ba3c16302000000000000caf9ff44259add9cd74659ea3f9cd2c1572c84143f0a05e2ed9fd0a52dc247c9d6e0e15ef0ff0f1a1b0defbd0000000020d3f17b802d17c8f238c9d73331b9f10d3526adec4ef6f9782e0700000000000004aaf3ab51926ba97c04bdb6681857f49f6a6244b7cc69d56fa68cc1fe80657cfce0e15ef0ff0f1a1ba9452700000040204581adcf64be73a6db57e464dc13647b8c11491182f45b77b60800000000000088ef5a4e0bab459ef1e4b18271d5e0e1e977bd038fe7a7af0afe4199e99b92b3a1e1e15ef0ff0f1a342aa02d000000002025535a5302b23b1f037e69ccb7f6

### Send a Request to receive Merkle Blocks

In [115]:
getdata = GetDataMessage()
for b in headers.blocks:
    if not b.check_pow():
        raise RuntimeError('invalid proof of work')
    getdata.add_data(FILTERED_BLOCK_DATA_TYPE, b.hash())
node.send(getdata)

sending: getdata: fda90403000000d3f17b802d17c8f238c9d73331b9f10d3526adec4ef6f9782e07000000000000030000004581adcf64be73a6db57e464dc13647b8c11491182f45b77b6080000000000000300000025535a5302b23b1f037e69ccb7f6109a3719674b2deb5c8fe10e00000000000003000000b27f97d2f15e3625d023f82f2875122747f76810751d9bfbeb020000000000000300000046bfdf6c74f5f6e62cb9bba782b8cb8f5bade273924f8864f90a00000000000003000000b7eccfd008ee4c633a12cfa4c6ec8299e9df4c643239154ef00300000000000003000000970ccb951a3310a9499760ae0ce322d8578edcfcc7de256f20090000000000000300000015c4a2a09eb172aaf9df0ca8df2cba984b47ece3cfaa696a550300000000000003000000d796143a9cb556b124543315ec2f95534347ad98fb94a088390d00000000000003000000fd9738248d1c2df08fbe9ee359be4182c8e8c26fad242c57780400000000000003000000db186b78646d8d9c1a19bb05372d4892cbf910d319b9dd02c50000000000000003000000388f4488e7546976efe3ebd382a33b8089f16de8068c1d30b10000000000000003000000eb674e312d0cfde39492afc3e9ae15274958e3cea58f794a9201000000000000030000007875226aef3344b247c42c69e8012224

### Fetch your Transaction

In [116]:
found = False
while not found:
    message = node.wait_for(MerkleBlock, Tx)
    if message.command == b'merkleblock':
        # It's a Merkle Block
        print('Got Merkle Block')
        if not message.is_valid():
            raise RuntimeError('invalid merkle proof')
    else:
        # It's a Transaction
        print('Got Transaction')
        for i, tx_out in enumerate(message.tx_outs):
            if tx_out.script_pubkey.address(testnet = True) == address:
                print('found: {}:{}'.format(message.id(), i))
                prev_tx = message.hash()
                prev_index = i
                total_amount = tx_out.amount
                found = True
                break

receiving: merkleblock: 00004020de35616de7e00db7d14678b176b98d707b1645c2b97ba3c16302000000000000caf9ff44259add9cd74659ea3f9cd2c1572c84143f0a05e2ed9fd0a52dc247c9d6e0e15ef0ff0f1a1b0defbd10000000059cd1b58e8fe3accf24a196a8b759f2c87a93d800d01560401ed44f805e0d0f42b10559553d9ad8dbbbc37494c87f49ed7949dd120d01c2440b5da9d4d826674c2655f5271cec7d1c8309a3fc38a64857bf8e1272a2231430f521bf42150ea2a2f72d099629afd65dfe63834cba4d34de204cb24e21b38d255d4e312892e20de80fcbc9d90af5927b42891c168085d861482a9501d5cf1e97a9fb82235dad2d4b022f00
Got Merkle Block
receiving: tx: 0200000001a094e759fb99e3d1fbe549a8675e1ed1894db3f2f086c5c9229dc1a6c34f9481000000001716001406b7e84989f9d9b5b78b42945fe5dce0d3054b66feffffff0292bb1700000000001976a914d06b180b8837978cdf85cfcc4f04c655e72ced7b88ac10b7ae0b0000000017a914c597727d0daaa28b43ade133adad1d5c748316eb8750fd1a00
Got Transaction
found: 4c6726d8d4a95d0b44c2010d12dd4979ed497fc89474c3bbdbd89a3d555905b1:0


### Create Transaction

In [117]:
## Creating a Transaction

### Creating TxIns
# prev_tx = bytes.fromhex(last_transaction.id())
# prev_index = 0
tx_in = TxIn(prev_tx = prev_tx, prev_index = prev_index)
tx_ins = [tx_in]

### Selecting Amounts in Satoshis
# total_amount = last_transaction.tx_outs[0].amount
target_amount = 1000000
fee = 5000
change_amount = total_amount - (target_amount + fee)

### Creating TxOuts
'''
Output that should be returned back to us
'''
my_address = 'mzWy8yHHQEZEadACPgpuptwLLLZGdNFEFN'
change_h160 = decode_base58(my_address)
change_script = p2pkh_script(change_h160)
change_output = TxOut(amount = change_amount, script_pubkey = change_script)
'''
Output for the receiver
'''
target_address = 'mwJn1YPMq7y5F8J3LkC5Hxg9PHyZ5K4cFv'
target_h160 = decode_base58(target_address)
target_script = p2pkh_script(target_h160)
target_output = TxOut(amount = target_amount, script_pubkey = target_script)
tx_outs = [change_output, target_output]

### Creating Tx
transaction = Tx(version = 1, tx_ins = tx_ins, tx_outs = tx_outs, locktime = 0, testnet=True)

In [118]:
transaction.sign_input(0, private_key)

True

In [119]:
transaction

tx: a124dc86144d0a62788e05c2f09c1524fd39fa6d675636710b562ecadcff3a0c
version: 1
tx_ins:
4c6726d8d4a95d0b44c2010d12dd4979ed497fc89474c3bbdbd89a3d555905b1:0
tx_outs:
550346:OP_DUP OP_HASH160 d06b180b8837978cdf85cfcc4f04c655e72ced7b OP_EQUALVERIFY OP_CHECKSIG
1000000:OP_DUP OP_HASH160 ad346f8eb57dee9a37981716e498120ae80e44f7 OP_EQUALVERIFY OP_CHECKSIG
locktime: 0

In [120]:
transaction.serialize().hex()

'0100000001b10559553d9ad8dbbbc37494c87f49ed7949dd120d01c2440b5da9d4d826674c000000006a47304402206bc68e868988b9265045339a1965b5c9a965a9826357a776a7b4ea92f1a10b4f022056bbe9e879ab65be6ebe6496aa09b1b7cabe98eaa64d55ae0b0e8ee05a00a78f012102f9af6892440e2dc30deadeac93255502ae47cef4d6cf70cddc0123821b7604bfffffffff02ca650800000000001976a914d06b180b8837978cdf85cfcc4f04c655e72ced7b88ac40420f00000000001976a914ad346f8eb57dee9a37981716e498120ae80e44f788ac00000000'

In [121]:
node.send(transaction)

sending: tx: 0100000001b10559553d9ad8dbbbc37494c87f49ed7949dd120d01c2440b5da9d4d826674c000000006a47304402206bc68e868988b9265045339a1965b5c9a965a9826357a776a7b4ea92f1a10b4f022056bbe9e879ab65be6ebe6496aa09b1b7cabe98eaa64d55ae0b0e8ee05a00a78f012102f9af6892440e2dc30deadeac93255502ae47cef4d6cf70cddc0123821b7604bfffffffff02ca650800000000001976a914d06b180b8837978cdf85cfcc4f04c655e72ced7b88ac40420f00000000001976a914ad346f8eb57dee9a37981716e498120ae80e44f788ac00000000


In [122]:
getdata = GetDataMessage()
getdata.add_data(TX_DATA_TYPE, transaction.hash())
node.send(getdata)

sending: getdata: 01010000000c3affdcca2e560b713656676dfa39fd24159cf0c2058e78620a4d1486dc24a1


In [123]:
received_tx = node.wait_for(Tx)

receiving: merkleblock: 00000020d3f17b802d17c8f238c9d73331b9f10d3526adec4ef6f9782e0700000000000004aaf3ab51926ba97c04bdb6681857f49f6a6244b7cc69d56fa68cc1fe80657cfce0e15ef0ff0f1a1ba94527060000000104aaf3ab51926ba97c04bdb6681857f49f6a6244b7cc69d56fa68cc1fe80657c0100
receiving: merkleblock: 000040204581adcf64be73a6db57e464dc13647b8c11491182f45b77b60800000000000088ef5a4e0bab459ef1e4b18271d5e0e1e977bd038fe7a7af0afe4199e99b92b3a1e1e15ef0ff0f1a342aa02d0b0000000188ef5a4e0bab459ef1e4b18271d5e0e1e977bd038fe7a7af0afe4199e99b92b30100
receiving: merkleblock: 0000002025535a5302b23b1f037e69ccb7f6109a3719674b2deb5c8fe10e000000000000b60c4d44e01d513341d44611f324e4fa0337b918313b8e7d77ff265714cbfac5c7e1e15ef0ff0f1a40d0fe080300000001b60c4d44e01d513341d44611f324e4fa0337b918313b8e7d77ff265714cbfac50100
receiving: merkleblock: 00008020b27f97d2f15e3625d023f82f2875122747f76810751d9bfbeb02000000000000cd5a43260fe22ab7b5ed3d965d6d115ae90f4594b506b2e8f2f1cecaec45c43df6e2e15ef0ff0f1a408876b22300000001cd5a43260fe22ab7b

receiving: merkleblock: 0000c020adbfa583baa97ee4eedd6d9c0a4b9aab4b2267d2a16b00161a090000000000006baa2d56617316dfa89cdf3d93fb69d04f21a1680383a48f4aed73dee1fa2e0af4afe25ef0ff0f1ab74ca92d08000000016baa2d56617316dfa89cdf3d93fb69d04f21a1680383a48f4aed73dee1fa2e0a0100
receiving: merkleblock: 0000c02077648ba8326411da500a521a36cc29e8cb589c007bf40aa8380d0000000000009ff8beb885d9a624db7aba1b00c7a7ae51b331cb856f0c86ce47e92ce18cc8396db0e25ef0ff0f1aa40300450c000000019ff8beb885d9a624db7aba1b00c7a7ae51b331cb856f0c86ce47e92ce18cc8390100
receiving: merkleblock: 00004020e7c55490158732534828064cd73dbc1bd67c8336bff6321dcc060000000000006b6ff8d4e544b6124cafba8c13d357f61a35e35c582973931c0820706d31575f7fb0e25ef0ff0f1aba840ea302000000016b6ff8d4e544b6124cafba8c13d357f61a35e35c582973931c0820706d31575f0100
receiving: merkleblock: 00000020e8e836ec09f0669e154f7d6c51d6f585a13e2f41f960879bdb010000000000000de68213ba8569fd53d34902a251d946409e301149254b1a114a5e327d3aa96850b1e25ef0ff0f1a96c2482f18000000010de68213ba8569fd5

receiving: merkleblock: 0000c020dd037860dd4b98f349b50eb4bac5f0f8078ac8a23576cb042f090000000000005eec874cce38886bf493719ea964f375b04f1f3aab1e2a2d226348d23fc358b4704be35ef0ff0f1a9dd9a75405000000015eec874cce38886bf493719ea964f375b04f1f3aab1e2a2d226348d23fc358b40100
receiving: merkleblock: 000040206c7dd2b882367eaef66ef94c14322e88b2b50b6775e68d031f0e0000000000002d408a5b86663b5d6f9e3b39a0bd12332d40df751c84e1d6b275c6d0e846a128f14be35ef0ff0f1ab00411310c000000012d408a5b86663b5d6f9e3b39a0bd12332d40df751c84e1d6b275c6d0e846a1280100
receiving: merkleblock: 00000020a41db8d2bb612f83d423dc72d0ef39a763d967b4eecbe7af180a00000000000043f1b77c59aeecc748e61ba3b2b7f96f5a88a51ed2a86dc2dde1ade75c5ddaf32f4ce35ef0ff0f1a892a5173050000000143f1b77c59aeecc748e61ba3b2b7f96f5a88a51ed2a86dc2dde1ade75c5ddaf30100
receiving: merkleblock: 00008020688a952b5327b6f453729d1a74f1e44581260860abe68d360302000000000000fe672aeeaeacaee8f8d1fdf4f9b36f6d900aebf3b095140bc7b64baac228508a4c4ce35ef0ff0f1ab31ea81e0100000001fe672aeeaeacaee8f

In [125]:
received_tx

tx: a124dc86144d0a62788e05c2f09c1524fd39fa6d675636710b562ecadcff3a0c
version: 1
tx_ins:
4c6726d8d4a95d0b44c2010d12dd4979ed497fc89474c3bbdbd89a3d555905b1:0
tx_outs:
550346:OP_DUP OP_HASH160 d06b180b8837978cdf85cfcc4f04c655e72ced7b OP_EQUALVERIFY OP_CHECKSIG
1000000:OP_DUP OP_HASH160 ad346f8eb57dee9a37981716e498120ae80e44f7 OP_EQUALVERIFY OP_CHECKSIG
locktime: 0

In [128]:
received_tx.id() == transaction.id()

True