Programming Bitcoin Learn How to Program Bitcoin from Scratch Jimmy Song Programming Bitcoin Learn How to Program Bitcoin from Scratch Jimmy Song BBeeiijjiinngg BBoossttoonn FFaarrnnhhaamm SSeebbaassttooppooll TTookkyyoo Programming Bitcoin by Jimmy Song Copyright © 2019 Jimmy Song. All rights reserved. Printed in the United States of America. Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472. O’Reilly books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles (http://oreilly.com). For more information, contact our corporate/institutional sales department: 800-998-9938 or [email protected]. Editors: Mike Loukides and Michele Cronin Indexer: Judy McConville Production Editor: Kristen Brown Interior Designer: David Futato Copyeditor: James Fraleigh Cover Designer: Karen Montgomery Proofreader: Rachel Head Illustrator: Rebecca Demarest March 2019: First Edition Revision History for the First Edition 2019-02-08: First Release See http://oreilly.com/catalog/errata.csp?isbn=9781492031499 for release details. The O’Reilly logo is a registered trademark of O’Reilly Media, Inc. Programming Bitcoin, the cover image, and related trade dress are trademarks of O’Reilly Media, Inc. The views expressed in this work are those of the author, and do not represent the publisher’s views. While the publisher and the author have used good faith efforts to ensure that the information and instructions contained in this work are accurate, the publisher and the author disclaim all responsibility for errors or omissions, including without limitation responsibility for damages resulting from the use of or reliance on this work. Use of the information and instructions contained in this work is at your own risk. If any code samples or other technology this work contains or describes is subject to open source licenses or the intellectual property rights of others, it is your responsibility to ensure that your use thereof complies with such licenses and/or rights. 978-1-492-03149-9 [LSI] Table of Contents Foreword. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi Preface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii 1. Finite Fields. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Learning Higher-Level Math 1 Finite Field Definition 2 Defining Finite Sets 3 Constructing a Finite Field in Python 3 Exercise 1 5 Modulo Arithmetic 5 Modulo Arithmetic in Python 7 Finite Field Addition and Subtraction 8 Exercise 2 9 Coding Addition and Subtraction in Python 9 Exercise 3 10 Finite Field Multiplication and Exponentiation 10 Exercise 4 11 Exercise 5 11 Coding Multiplication in Python 12 Exercise 6 12 Coding Exponentiation in Python 12 Exercise 7 13 Finite Field Division 13 Exercise 8 15 Exercise 9 16 Redefining Exponentiation 16 Conclusion 17 iii 2. Elliptic Curves. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 Definition 19 Coding Elliptic Curves in Python 26 Exercise 1 27 Exercise 2 27 Point Addition 27 Math of Point Addition 31 Coding Point Addition 33 Exercise 3 34 Point Addition for When x ≠x 35 1 2 Exercise 4 36 Coding Point Addition for When x ≠x 36 1 2 Exercise 5 36 Point Addition for When P = P 37 1 2 Exercise 6 38 Coding Point Addition for When P = P 38 1 2 Exercise 7 39 Coding One More Exception 39 Conclusion 40 3. Elliptic Curve Cryptography. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 Elliptic Curves over Reals 41 Elliptic Curves over Finite Fields 42 Exercise 1 44 Coding Elliptic Curves over Finite Fields 44 Point Addition over Finite Fields 45 Coding Point Addition over Finite Fields 47 Exercise 2 47 Exercise 3 47 Scalar Multiplication for Elliptic Curves 47 Exercise 4 49 Scalar Multiplication Redux 50 Mathematical Groups 51 Identity 51 Closure 52 Invertibility 53 Commutativity 54 Associativity 55 Exercise 5 56 Coding Scalar Multiplication 57 Defining the Curve for Bitcoin 58 Working with secp256k1 60 iv | Table of Contents Public Key Cryptography 61 Signing and Verification 62 Inscribing the Target 63 Verification in Depth 65 Verifying a Signature 66 Exercise 6 67 Programming Signature Verification 67 Signing in Depth 68 Creating a Signature 68 Exercise 7 69 Programming Message Signing 70 Conclusion 72 4. Serialization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 Uncompressed SEC Format 73 Exercise 1 75 Compressed SEC Format 75 Exercise 2 79 DER Signatures 79 Exercise 3 81 Base58 81 Transmitting Your Public Key 81 Exercise 4 83 Address Format 83 Exercise 5 84 WIF Format 84 Exercise 6 85 Big- and Little-Endian Redux 85 Exercise 7 86 Exercise 8 86 Exercise 9 86 Conclusion 86 5. Transactions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 Transaction Components 87 Version 90 Exercise 1 90 Inputs 90 Parsing Script 95 Exercise 2 96 Outputs 96 Exercise 3 97 Table of Contents | v Locktime 98 Exercise 4 98 Exercise 5 98 Coding Transactions 99 Transaction Fee 100 Calculating the Fee 102 Exercise 6 102 Conclusion 102 6. Script. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 Mechanics of Script 103 How Script Works 105 Example Operations 105 Coding Opcodes 106 Exercise 1 107 Parsing the Script Fields 107 Coding a Script Parser and Serializer 108 Combining the Script Fields 111 Coding the Combined Instruction Set 111 Standard Scripts 111 p2pk 112 Coding Script Evaluation 115 Stack Elements Under the Hood 117 Exercise 2 118 Problems with p2pk 118 Solving the Problems with p2pkh 120 p2pkh 120 Scripts Can Be Arbitrarily Constructed 124 Exercise 3 127 Utility of Scripts 127 Exercise 4 127 SHA-1 Piñata 128 Conclusion 128 7. Transaction Creation and Validation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129 Validating Transactions 129 Checking the Spentness of Inputs 130 Checking the Sum of the Inputs Versus the Sum of the Outputs 130 Checking the Signature 131 Exercise 1 135 Exercise 2 135 Verifying the Entire Transaction 135 vi | Table of Contents Creating Transactions 136 Constructing the Transaction 136 Making the Transaction 139 Signing the Transaction 141 Exercise 3 141 Creating Your Own Transactions on testnet 141 Exercise 4 142 Exercise 5 142 Conclusion 142 8. Pay-to-Script Hash. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143 Bare Multisig 143 Coding OP_CHECKMULTISIG 148 Exercise 1 148 Problems with Bare Multisig 148 Pay-to-Script-Hash (p2sh) 149 Coding p2sh 156 More Complicated Scripts 157 Addresses 157 Exercise 2 158 Exercise 3 158 p2sh Signature Verification 158 Exercise 4 161 Exercise 5 161 Conclusion 161 9. Blocks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163 Coinbase Transactions 164 Exercise 1 164 ScriptSig 165 BIP0034 165 Exercise 2 166 Block Headers 166 Exercise 3 167 Exercise 4 167 Exercise 5 167 Version 168 Exercise 6 169 Exercise 7 169 Exercise 8 169 Previous Block 169 Merkle Root 169 Table of Contents | vii Timestamp 169 Bits 170 Nonce 170 Proof-of-Work 170 How a Miner Generates New Hashes 171 The Target 172 Exercise 9 173 Difficulty 173 Exercise 10 173 Checking That the Proof-of-Work Is Sufficient 174 Exercise 11 174 Difficulty Adjustment 174 Exercise 12 176 Exercise 13 176 Conclusion 176 10. Networking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177 Network Messages 177 Exercise 1 179 Exercise 2 179 Exercise 3 179 Parsing the Payload 179 Exercise 4 181 Network Handshake 181 Connecting to the Network 181 Exercise 5 184 Getting Block Headers 184 Exercise 6 185 Headers Response 185 Conclusion 188 11. Simplified Payment Verification. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189 Motivation 189 Merkle Tree 190 Merkle Parent 191 Exercise 1 192 Merkle Parent Level 192 Exercise 2 193 Merkle Root 193 Exercise 3 194 Merkle Root in Blocks 194 Exercise 4 195 viii | Table of Contents