def payment_request():
"""Generates a http PaymentRequest object"""
bc = RPCCaller(allow_default_conf=True)
btc = CCoinAddress(bc.getnewaddress())
# Setting the 'amount' field to 0 (zero) should prompt the user to enter
# the amount for us but a bug in bitcoin core qt version 0.9.1 (at time of
# writing) wrongly informs us that the value is too small and aborts.
# https://github.com/bitcoin/bitcoin/issues/3095
# Also there can be no leading 0's (zeros).
btc_amount = 100000
serialized_pubkey = btc.to_scriptPubKey()
pdo = o.PaymentDetails(network="regtest")
# pdo.network = 'test'
pdo.outputs.add(amount=btc_amount, script=serialized_pubkey)
pdo.time = int(time())
pdo.memo = 'String shown to user before confirming payment'
pdo.payment_url = 'http://{}:{}/{}'.format(listen_on['host'],
listen_on['port'], ack_url_path)
pro = o.PaymentRequest()
pro.serialized_payment_details = pdo.SerializeToString()
sds_pr = pro.SerializeToString()
headers = {
'Content-Type': 'application/bitcoin-payment',
'Accept': 'application/bitcoin-paymentrequest'
}
return sds_pr, headers
def sign_input(tx, input_index, utxo):
"""Sign an input of transaction.
Single-signature signing with SIGHASH_ALL"""
key = utxo['key']
src_addr = CCoinAddress(utxo['address'])
script_for_sighash = CScript(
[OP_DUP, OP_HASH160,
Hash160(key.pub), OP_EQUALVERIFY, OP_CHECKSIG])
assert isinstance(src_addr, (P2PKHCoinAddress, P2SHCoinAddress,
P2WPKHCoinAddress)),\
'only p2pkh, p2wpkh and p2sh_p2wpkh addresses are supported'
if isinstance(src_addr, P2PKHCoinAddress):
sigversion = SIGVERSION_BASE
else:
sigversion = SIGVERSION_WITNESS_V0
if 'amountcommitment' in utxo:
amountcommitment = CConfidentialValue(x(utxo['amountcommitment']))
else:
amountcommitment = CConfidentialValue(coins_to_satoshi(utxo['amount']))
sighash = script_for_sighash.sighash(tx,
input_index,
SIGHASH_ALL,
amount=amountcommitment,
sigversion=sigversion)
sig = key.sign(sighash) + bytes([SIGHASH_ALL])
if isinstance(src_addr, P2PKHCoinAddress):
tx.vin[input_index].scriptSig = CScript(
[CScript(sig), CScript(key.pub)])
scriptpubkey = src_addr.to_scriptPubKey()
elif isinstance(src_addr, P2WPKHCoinAddress):
tx.vin[input_index].scriptSig = CScript()
tx.wit.vtxinwit[input_index] = CTxInWitness(
CScriptWitness([CScript(sig), CScript(key.pub)]))
scriptpubkey = src_addr.to_scriptPubKey()
else:
# Assume that this is p2sh-wrapped p2wpkh address
inner_scriptPubKey = CScript([0, Hash160(key.pub)])
tx.vin[input_index].scriptSig = CScript([inner_scriptPubKey])
tx.wit.vtxinwit[input_index] = CTxInWitness(
CScriptWitness([CScript(sig), CScript(key.pub)]))
scriptpubkey = inner_scriptPubKey.to_p2sh_scriptPubKey()
VerifyScript(tx.vin[input_index].scriptSig,
scriptpubkey,
tx,
input_index,
amount=amountcommitment,
flags=(SCRIPT_VERIFY_P2SH, ))
def check_sign(self, blinded_tx: CTransaction, signed_tx: CTransaction,
bundle: Dict[str, Any]) -> None:
tx_to_sign = blinded_tx.to_mutable()
for n, vin in enumerate(tx_to_sign.vin):
utxo = bundle['vin_utxo'][n]
amount = -1 if utxo['amount'] == -1 else coins_to_satoshi(
utxo['amount'])
scriptPubKey = CScript(x(utxo['scriptPubKey']))
a = CCoinAddress(utxo['address'])
if 'privkey' in utxo:
privkey = CCoinKey(utxo['privkey'])
assert isinstance(a, P2PKHCoinAddress),\
"only P2PKH is supported for single-sig"
assert a == P2PKHElementsAddress.from_pubkey(privkey.pub)
assert scriptPubKey == a.to_scriptPubKey()
sighash = SignatureHash(scriptPubKey,
tx_to_sign,
n,
SIGHASH_ALL,
amount=amount,
sigversion=SIGVERSION_BASE)
sig = privkey.sign(sighash) + bytes([SIGHASH_ALL])
tx_to_sign.vin[n].scriptSig = CScript(
[CScript(sig), CScript(privkey.pub)])
else:
pk_list = [CCoinKey(pk) for pk in utxo['privkey_list']]
redeem_script_data = [utxo['num_p2sh_participants']]
redeem_script_data.extend([pk.pub for pk in pk_list])
redeem_script_data.extend([len(pk_list), OP_CHECKMULTISIG])
redeem_script = CScript(redeem_script_data)
assert isinstance(a, P2SHCoinAddress),\
"only P2SH is supported for multi-sig."
assert scriptPubKey == redeem_script.to_p2sh_scriptPubKey()
assert a == P2SHElementsAddress.from_scriptPubKey(
redeem_script.to_p2sh_scriptPubKey())
sighash = SignatureHash(redeem_script,
tx_to_sign,
n,
SIGHASH_ALL,
amount=amount,
sigversion=SIGVERSION_BASE)
sigs = [
pk.sign(sighash) + bytes([SIGHASH_ALL]) for pk in pk_list
]
tx_to_sign.vin[n].scriptSig = CScript([b''] + sigs +
[redeem_script])
VerifyScript(tx_to_sign.vin[n].scriptSig,
scriptPubKey,
tx_to_sign,
n,
amount=amount)
self.assertEqual(tx_to_sign.serialize(), signed_tx.serialize())
def T(str_addr, expected_bytes, expected_version, expected_class):
addr = CCoinAddress(str_addr)
addr2 = CBitcoinAddress(str_addr)
self.assertEqual(addr, addr2)
self.assertEqual(type(addr), type(addr2))
self.assertEqual(addr.to_bytes(), expected_bytes)
self.assertEqual(addr.__class__, expected_class)
if isinstance(addr, CBase58BitcoinAddress):
self.assertEqual(addr.base58_prefix[0], expected_version)
elif isinstance(addr, CBech32BitcoinAddress):
self.assertEqual(addr.witver, expected_version)
def test_legacy_p2sh(self):
with ChainParams('litecoin', allow_legacy_p2sh=True):
a = CCoinAddress('3F1c6UWAs9RLN2Mbt5bAJue12VhVCorXzs')
self.assertIsInstance(a, P2SHLitecoinLegacyAddress)
with ChainParams('litecoin'):
with self.assertRaises(CCoinAddressError):
a = CCoinAddress('3F1c6UWAs9RLN2Mbt5bAJue12VhVCorXzs')
l_addr = '3N4DqfrHhStCao4NjwroxoegjydkJk3P9Z'
c_addr = 'MUGN9ZGFeZjdPJLGqpr9nSu64gECLRzQrx'
self.assertEqual(
str(
P2SHLitecoinAddress.from_scriptPubKey(
P2SHLitecoinLegacyAddress(l_addr).to_scriptPubKey())),
c_addr)
def test_scriptpubkey_type(self) -> None:
for l1_cls in dispatcher_mapped_list(CCoinAddress):
for l2_cls in dispatcher_mapped_list(l1_cls):
for l3_cls in dispatcher_mapped_list(l2_cls):
spk_type = l3_cls.get_scriptPubKey_type()
matched_cls = CCoinAddress.match_scriptPubKey_type(spk_type)
self.assertTrue(l3_cls is matched_cls)
def mktx(ins, outs, version=1, locktime=0):
""" Given a list of input tuples (txid(bytes), n(int)),
and a list of outputs which are dicts with
keys "address" (value should be *str* not CCoinAddress) (
or alternately "script" (for nonstandard outputs, value
should be CScript)),
"value" (value should be integer satoshis), outputs a
CMutableTransaction object.
Tx version and locktime are optionally set, for non-default
locktimes, inputs are given nSequence as per below comment.
"""
vin = []
vout = []
# This does NOT trigger rbf and mimics Core's standard behaviour as of
# Jan 2019.
# Tx creators wishing to use rbf will need to set it explicitly outside
# of this function.
if locktime != 0:
sequence = 0xffffffff - 1
else:
sequence = 0xffffffff
for i in ins:
outpoint = CMutableOutPoint((i[0][::-1]), i[1])
inp = CMutableTxIn(prevout=outpoint, nSequence=sequence)
vin.append(inp)
for o in outs:
if "script" in o:
sPK = o["script"]
else:
# note the to_scriptPubKey method is only available for standard
# address types
sPK = CCoinAddress(o["address"]).to_scriptPubKey()
out = CMutableTxOut(o["value"], sPK)
vout.append(out)
return CMutableTransaction(vin, vout, nLockTime=locktime, nVersion=version)
def T(confidential_addr, expected_bytes, unconfidential_addr,
expected_blinding_pubkey, expected_class):
a = CCoinAddress(confidential_addr)
self.assertIsInstance(a, expected_class)
self.assertEqual(a.to_bytes(), expected_bytes)
self.assertEqual(unconfidential_addr, a.to_unconfidential())
self.assertEqual(
confidential_addr,
str(a.__class__.from_unconfidential(
unconfidential_addr, a.blinding_pubkey)))
self.assertEqual(expected_blinding_pubkey, a.blinding_pubkey)
a2 = CCoinConfidentialAddress(str(a))
self.assertEqual(a, a2)
a2 = CCoinConfidentialAddress.from_unconfidential(unconfidential_addr,
a.blinding_pubkey)
self.assertEqual(a, a2)
def T(confidential_addr: str, expected_bytes: bytes,
unconfidential_addr: CCoinAddress,
expected_blinding_pubkey: bytes, expected_class: type) -> None:
a = CCoinAddress(confidential_addr)
assert isinstance(a, CCoinConfidentialAddress)
self.assertIsInstance(a, expected_class)
self.assertEqual(bytes(a), expected_bytes)
self.assertEqual(unconfidential_addr, a.to_unconfidential())
self.assertEqual(
confidential_addr,
str(
a.__class__.from_unconfidential(unconfidential_addr,
a.blinding_pubkey)))
self.assertEqual(expected_blinding_pubkey, a.blinding_pubkey)
a2 = CCoinConfidentialAddress(str(a))
self.assertEqual(a, a2)
a2 = CCoinConfidentialAddress.from_unconfidential(
unconfidential_addr, a.blinding_pubkey)
self.assertEqual(a, a2)
def try_reclaim_btc(say, btc_rpc, txid, btc_contract, key, die):
ensure_rpc_connected(say, btc_rpc)
# we won't return from this function, so we can just
# set the chain with select_chain_params
select_chain_params(bitcoin_chain_name)
def custom_die(msg):
say(msg)
die('Failed to reclaim my Bitcoin')
from_addr = P2WSHCoinAddress.from_redeemScript(btc_contract)
say('Will try to reclaim my bitcoin from {}'.format(from_addr))
tx_json = btc_rpc.getrawtransaction(txid, 1)
confirmations = int(tx_json['confirmations'])
while confirmations < bitcoin_contract_timeout:
tx_json = btc_rpc.getrawtransaction(txid, 1)
confirmations = int(tx_json['confirmations'])
for vout in tx_json['vout']:
if 'scriptPubKey' in vout:
if str(from_addr) in vout['scriptPubKey']['addresses']:
vout_n = int(vout['n'])
say('({} at UTXO {}:{})'.format(vout['value'], txid, vout_n))
break
else:
custom_die(
'Cannot find {} in outputs of tx {} - this must be a bug.'.format(
from_addr, txid))
# We should not use CBitcoinAddress directly here, because we might be
# in regtest or testnet, and it is treated as different chain.
# CBitcoinAddress will not recognize regtest address, you would need
# to use CBitcoinTestnetAddress/CBitcoinRegtestAddress.
# CCoinAddress is the correct abstraction to use.
dst_addr = CCoinAddress(btc_rpc.getnewaddress())
say('Will reclaim my Bitcoin to {}'.format(dst_addr))
reclaim_tx = create_btc_spend_tx(dst_addr,
txid,
vout_n,
btc_contract,
spend_key=key,
branch_condition=False)
say('Sending my Bitcoin-reclaim transaction')
new_txid = btc_rpc.sendrawtransaction(b2x(reclaim_tx.serialize()))
wait_confirm(say, 'Bitcoin', new_txid, custom_die, btc_rpc, num_confirms=3)
say('Reclaimed my Bitcoin. Swap failed.')
def T(str_addr: str, expected_bytes: bytes, expected_version: int,
expected_class: type) -> None:
addr = CCoinAddress(str_addr)
addr2 = CBitcoinAddress(str_addr)
self.assertEqual(addr, addr2)
self.assertEqual(type(addr), type(addr2))
self.assertEqual(bytes(addr), expected_bytes)
self.assertEqual(addr.__class__, expected_class)
if isinstance(addr, CBase58BitcoinAddress):
self.assertEqual(addr.base58_prefix[0], expected_version)
elif isinstance(addr, CBech32BitcoinAddress):
self.assertEqual(addr.bech32_witness_version, expected_version)
def human_readable_output(txoutput):
""" Returns a dict of human-readable entries
for this output.
"""
assert isinstance(txoutput, CTxOut)
outdict = {}
outdict["value_sats"] = txoutput.nValue
outdict["scriptPubKey"] = bintohex(txoutput.scriptPubKey)
try:
addr = CCoinAddress.from_scriptPubKey(txoutput.scriptPubKey)
outdict["address"] = str(addr)
except CCoinAddressError:
pass # non standard script
return outdict
def test_p2sh_p2wpkh_signaturehash(self):
unsigned_tx = x(
'0100000001db6b1b20aa0fd7b23880be2ecbd4a98130974cf4748fb66092ac4d3ceb1a54770100000000feffffff02b8b4eb0b000000001976a914a457b684d7f0d539a46a45bbc043f35b59d0d96388ac0008af2f000000001976a914fd270b1ee6abcaea97fea7ad0402e8bd8ad6d77c88ac92040000'
)
scriptpubkey = CScript(
x('001479091972186c449eb1ded22b78e40d009bdf0089'))
value = coins_to_satoshi(10)
address = CCoinAddress.from_scriptPubKey(scriptpubkey)
self.assertEqual(
SignatureHash(address.to_redeemScript(),
CTransaction.deserialize(unsigned_tx), 0,
SIGHASH_ALL, value, SIGVERSION_WITNESS_V0),
x('64f3b0f4dd2bb3aa1ce8566d220cc74dda9df97d8490cc81d89d735c92e59fb6'
))
def test_valid_bip341_scriptpubkeys_addresses():
with ChainParams("bitcoin"):
with open(os.path.join(testdir, "bip341_wallet_test_vectors.json"),
"r") as f:
json_data = json.loads(f.read())
for x in json_data["scriptPubKey"]:
sPK = hextobin(x["expected"]["scriptPubKey"])
addr = x["expected"]["bip350Address"]
res, message = validate_address(addr)
assert res, message
print("address {} was valid bech32m".format(addr))
# test this specific conversion because this is how
# our human readable outputs work:
assert str(CCoinAddress.from_scriptPubKey(
btc.CScript(sPK))) == addr
print("and it converts correctly from scriptPubKey: {}".format(
btc.CScript(sPK)))
def get_utxos_by_address(self, address: Address) -> List[Utxo]:
raw_utxos = self.query_api(self.Query.GET_UNSPENT_TX, str(address))["txs"]
utxos: List[Utxo] = []
for raw_utxo in raw_utxos:
value = int(float(raw_utxo["value"]) * SATOSHIS_PER_COIN)
tx_hash = raw_utxo["txid"]
block = self.get_block_by_tx(tx_hash)
vout = raw_utxo["output_no"]
tx_in = TxIn(OutPoint(lx(tx_hash), vout))
tx_out = TxOut(value, address.to_scriptPubKey())
utxo = Utxo(block, tx_in, tx_out)
utxos.append(utxo)
return utxos
def payment_ack(serialized_payment_message: bytes,
) -> Tuple[bytes, Dict[str, str], CCoinAddress]:
"""Generates a PaymentACK object, captures client refund address
and returns a tuple (message, refund_address)"""
pao = o.PaymentACK()
pao.payment.ParseFromString(serialized_payment_message)
pao.memo = 'String shown to user after payment confirmation'
refund_address = CCoinAddress.from_scriptPubKey(
CScript(pao.payment.refund_to[0].script))
sds_pa = pao.SerializeToString()
headers = {'Content-Type': 'application/bitcoin-payment',
'Accept': 'application/bitcoin-paymentack'}
return sds_pa, headers, refund_address
def get_dst_addr(say, rpc):
"""Generate an address and retrieve blinding key for it"""
# Note that we could generate our own keys, and make
# addresses from them, and then derive the blinding keys,
# but then we would have to decide how to store the keys
# for the user to be able to do own exploration
# after example finishes working. We choose the easiest path.
#
# Note that if we have master blinding key
# (Elements will include master blinding key in wallet dump
# in future versions), we could derive the blinding key
# from the master key and the address, with this code:
# addr.to_scriptPubKey().derive_blinding_key(blinding_derivation_key)
# derive_blinding_key() follows the logic of blinding key
# derivation in Elements Core source.
if say:
say('Generating new address and retrieving blinding key for it')
addr_str = rpc.getnewaddress()
# Retrieve the blinding key
blinding_key = CCoinKey.from_secret_bytes(x(rpc.dumpblindingkey(addr_str)))
return CCoinAddress(addr_str), blinding_key
vault_in_privkey = CBitcoinSecret.from_secret_bytes(
hashlib.sha256(b'Vault Tx Brain Secret').digest())
vault_in_pubkey = vault_in_privkey.pub
fee_wallet_privkey = CBitcoinSecret.from_secret_bytes(
hashlib.sha256(b'Fee Wallet Brain Secret').digest())
fee_wallet_pubkey = fee_wallet_privkey.pub
# # Create P2WSH address for depositor.
depositor_witnessScript = CScript([depositor_pubkey, OP_CHECKSIG])
depositor_scripthash = hashlib.sha256(depositor_witnessScript).digest()
depositor_redeemScript = CScript([OP_0, depositor_scripthash])
depositor_address = CCoinAddress.from_scriptPubKey(
depositor_redeemScript)
# # Create P2WSH address for fee_wallet.
fee_wallet_witnessScript = CScript([fee_wallet_pubkey, OP_CHECKSIG])
fee_wallet_scripthash = hashlib.sha256(fee_wallet_witnessScript).digest()
fee_wallet_redeemScript = CScript([OP_0, fee_wallet_scripthash])
fee_wallet_address = CCoinAddress.from_scriptPubKey(
fee_wallet_redeemScript)
# # Create P2WSH vault address (used for vault_transaction and p2rw_transaction)
vault_in_witnessScript = CScript([vault_in_pubkey, OP_CHECKSIG])
vault_in_scripthash = hashlib.sha256(vault_in_witnessScript).digest()
vault_in_redeemScript = CScript([OP_0, vault_in_scripthash])
vault_in_address = CCoinAddress.from_scriptPubKey(vault_in_redeemScript)
# # Create P2WSH output address for vault tx.
def alice(say, recv, send, die, btc_rpc, elt_rpc):
"""A function that implements the logic
of the Elements-side participant
of confidential cross-chain atomic swap"""
global last_wish_func
# Default chain for Alice will be Elements
# To handle bitcoin-related objects, either
# `with ChainParams(bitcoin_chain_name):` have to be used, or
# concrete classes, like CBitcoinAddress, CBitcoinTransaction, etc.
select_chain_params(elements_chain_name)
# Let's create the shared blinding key
blinding_key = CKey.from_secret_bytes(os.urandom(32))
# And the key for btc spend
alice_btc_key = CKey.from_secret_bytes(os.urandom(32))
# And the key for the 'timeout' branch of the contract
alice_elt_exit_key = CKey.from_secret_bytes(os.urandom(32))
say('Sending pubkeys to Bob')
send('pubkeys', (alice_btc_key.pub, alice_elt_exit_key.pub))
say('Sending the blinding key to Bob')
send('blinding_key', blinding_key.secret_bytes)
(contract_pubkey_raw, bob_elt_pubkey_raw,
bob_btc_exit_pub_raw) = recv('pubkeys')
say("Pubkey of the key to be revealed: {}".format(
b2x(contract_pubkey_raw)))
say("Bob's Elements-side pubkey: {}".format(b2x(bob_elt_pubkey_raw)))
contract_pubkey = CPubKey(contract_pubkey_raw)
key_to_reveal_pub = CPubKey.add(contract_pubkey, blinding_key.pub)
elt_contract = make_elt_cntract(key_to_reveal_pub, bob_elt_pubkey_raw,
alice_elt_exit_key.pub)
elt_contract_addr = P2SHCoinAddress.from_redeemScript(elt_contract)
confidential_contract_addr = P2SHCoinConfidentialAddress.from_unconfidential(
elt_contract_addr, blinding_key.pub)
assert isinstance(confidential_contract_addr, CElementsConfidentialAddress)
say("Created Elemets-side swap contract, size: {}".format(
len(elt_contract)))
say("Contract address:\n\tconfidential: {}\n\tunconfidential: {}".format(
confidential_contract_addr, elt_contract_addr))
btc_txid = recv('btc_txid')
combined_btc_spend_pubkey = CPubKey.add(contract_pubkey, alice_btc_key.pub)
btc_contract = make_btc_contract(combined_btc_spend_pubkey,
bob_btc_exit_pub_raw)
tx_json = btc_rpc.getrawtransaction(btc_txid, 1)
if tx_json['confirmations'] < 6:
die('Transaction does not have enough confirmations')
# We use ChainParams, and not P2WSHBitcoinAddress here,
# because bitcoin_chain_name might be 'bitcoin/regtest', for example,
# and then the address would need to be P2WSHBitcoinRegtestAddress.
# with ChainParams we leverage the 'frontend class' magic, P2WSHCoinAddress
# will give us appropriate instance.
with ChainParams(bitcoin_chain_name):
btc_contract_addr = P2WSHCoinAddress.from_redeemScript(btc_contract)
say('Looking for this address in transaction {} in Bitcoin'.format(
btc_txid))
# CTransaction subclasses do not change between mainnet/testnet/regtest,
# so we can directly use CBitcoinTransaction.
# That might not be true for other chains, though.
# You might also want to use CTransaction within `with ChainParams(...):`
btc_tx = CBitcoinTransaction.deserialize(x(tx_json['hex']))
for n, vout in enumerate(btc_tx.vout):
if vout.scriptPubKey == btc_contract_addr.to_scriptPubKey():
say("Found the address at output {}".format(n))
btc_vout_n = n
break
else:
die('Did not find contract address in transaction')
if vout.nValue != coins_to_satoshi(pre_agreed_amount):
die('the amount {} found at the output in the offered transaction '
'does not match the expected amount {}'.format(
satoshi_to_coins(vout.nValue), pre_agreed_amount))
say('Bitcoin amount match expected values')
say('Sending {} to {}'.format(pre_agreed_amount,
confidential_contract_addr))
contract_txid = elt_rpc.sendtoaddress(str(confidential_contract_addr),
pre_agreed_amount)
def alice_last_wish_func():
try_reclaim_elt(say, elt_rpc, contract_txid, elt_contract,
alice_elt_exit_key, blinding_key, die)
last_wish_func = alice_last_wish_func
wait_confirm(say, 'Elements', contract_txid, die, elt_rpc, num_confirms=2)
send('elt_txid', contract_txid)
sr_txid = wait_spend_reveal_transaction(say, contract_txid, die, elt_rpc)
say('Got txid for spend-reveal transaction from Bob ({})'.format(sr_txid))
tx_json = elt_rpc.getrawtransaction(sr_txid, 1)
wait_confirm(say, 'Elements', sr_txid, die, elt_rpc, num_confirms=2)
sr_tx = CTransaction.deserialize(x(tx_json['hex']))
for n, vin in enumerate(sr_tx.vin):
if vin.prevout.hash == lx(contract_txid)\
and vin.scriptSig[-(len(elt_contract)):] == elt_contract:
say('Transaction input {} seems to contain a script '
'we can recover the key from'.format(n))
reveal_script_iter = iter(vin.scriptSig)
break
else:
die('Spend-reveal transaction does not have input that spends '
'the contract output')
next(reveal_script_iter) # skip Bob's spend signature
try:
# 2 skipped bytes are tag and len
sig_s = ecdsa.util.string_to_number(next(reveal_script_iter)[2:])
except (ValueError, StopIteration):
die('Reveal script is invalid')
k, r = get_known_k_r()
order = ecdsa.SECP256k1.order
mhash = ecdsa.util.string_to_number(hashlib.sha256(b'\x01').digest())
r_inverse = ecdsa.numbertheory.inverse_mod(r, order)
for s in (-sig_s, sig_s):
secret_exponent = (((s * k - mhash) % order) * r_inverse) % order
recovered_key = CKey.from_secret_bytes(
ecdsa.util.number_to_string(secret_exponent, order))
if recovered_key.pub == key_to_reveal_pub:
break
else:
die('Key recovery failed. Should not happen - the sig was already '
'verified when transaction was accepted into mempool. '
'Must be a bug.')
say('recovered key pubkey: {}'.format(b2x(recovered_key.pub)))
contract_key = CKey.sub(recovered_key, blinding_key)
say('recovered unblined key pubkey: {}'.format(b2x(contract_key.pub)))
combined_btc_spend_key = CKey.add(contract_key, alice_btc_key)
say('Successfully recovered the key. Can now spend Bitcoin from {}'.format(
btc_contract_addr))
with ChainParams(bitcoin_chain_name):
dst_addr = CCoinAddress(btc_rpc.getnewaddress())
btc_claim_tx = create_btc_spend_tx(dst_addr,
btc_txid,
btc_vout_n,
btc_contract,
spend_key=combined_btc_spend_key)
say('Sending my Bitcoin-claim transaction')
btc_claim_txid = btc_rpc.sendrawtransaction(b2x(btc_claim_tx.serialize()))
wait_confirm(say, 'Bitcoin', btc_claim_txid, die, btc_rpc, num_confirms=3)
say('Got my Bitcoin. Swap successful!')
def bob(say, recv, send, die, btc_rpc, elt_rpc):
"""A function that implements the logic
of the Bitcoin-side participant
of confidential cross-chain atomic swap"""
global last_wish_func
# Default chain for Bob will be Bitcoin
# To handle bitcoin-related objects, either
# `with ChainParams(elements_chain_name):` have to be used, or
# concrete classes, like CElementsAddress, CElementsTransaction, etc.
select_chain_params(bitcoin_chain_name)
say('Waiting for blinding key from Alice')
alice_btc_pub_raw, alice_elt_exit_pub_raw = recv('pubkeys')
blinding_key = CKey.from_secret_bytes(recv('blinding_key'))
say("Pubkey for blinding key: {}".format(b2x(blinding_key.pub)))
# Let's create the key that would lock the coins on Bitcoin side
contract_key = CKey.from_secret_bytes(os.urandom(32))
# And the key for Elements side
bob_elt_spend_key = CKey.from_secret_bytes(os.urandom(32))
# And the key for 'timeout' case on btc side
bob_btc_exit_key = CKey.from_secret_bytes(os.urandom(32))
key_to_reveal_pub = CPubKey.add(contract_key.pub, blinding_key.pub)
say("The pubkey of the combined key to be revealed: {}".format(
b2x(key_to_reveal_pub)))
say('Sending my pubkeys to Alice')
send('pubkeys',
(contract_key.pub, bob_elt_spend_key.pub, bob_btc_exit_key.pub))
combined_btc_spend_pubkey = CPubKey.add(contract_key.pub,
CPubKey(alice_btc_pub_raw))
say('combined_btc_spend_pubkey: {}'.format(b2x(combined_btc_spend_pubkey)))
btc_contract = make_btc_contract(combined_btc_spend_pubkey,
bob_btc_exit_key.pub)
btc_contract_addr = P2WSHCoinAddress.from_redeemScript(btc_contract)
say("Created Bitcoin-side swap contract, size: {}".format(
len(btc_contract)))
say("Contract address: {}".format(btc_contract_addr))
say('Sending {} to {}'.format(pre_agreed_amount, btc_contract_addr))
btc_txid = btc_rpc.sendtoaddress(str(btc_contract_addr), pre_agreed_amount)
def bob_last_wish_func():
try_reclaim_btc(say, btc_rpc, btc_txid, btc_contract, bob_btc_exit_key,
die)
last_wish_func = bob_last_wish_func
wait_confirm(say, 'Bitcoin', btc_txid, die, btc_rpc, num_confirms=6)
send('btc_txid', btc_txid)
elt_txid = recv('elt_txid')
elt_contract = make_elt_cntract(key_to_reveal_pub, bob_elt_spend_key.pub,
alice_elt_exit_pub_raw)
with ChainParams(elements_chain_name):
elt_contract_addr = P2SHCoinAddress.from_redeemScript(elt_contract)
say('Got Elements contract address from Alice: {}'.format(
elt_contract_addr))
say('Looking for this address in transaction {} in Elements'.format(
elt_txid))
tx_json = elt_rpc.getrawtransaction(elt_txid, 1)
if tx_json['confirmations'] < 2:
die('Transaction does not have enough confirmations')
elt_commit_tx = CElementsTransaction.deserialize(x(tx_json['hex']))
vout_n, unblind_result = find_and_unblind_vout(say, elt_commit_tx,
elt_contract_addr,
blinding_key, die)
if unblind_result.amount != coins_to_satoshi(pre_agreed_amount):
die('the amount {} found at the output in the offered transaction '
'does not match the expected amount {}'.format(
satoshi_to_coins(unblind_result.amount), pre_agreed_amount))
say('The asset and amount match expected values. lets spend it.')
with ChainParams(elements_chain_name):
dst_addr = CCoinAddress(elt_rpc.getnewaddress())
assert isinstance(dst_addr, CCoinConfidentialAddress)
say('I will claim my Elements-BTC to {}'.format(dst_addr))
elt_claim_tx = create_elt_spend_tx(
dst_addr,
elt_txid,
vout_n,
elt_contract,
die,
spend_key=bob_elt_spend_key,
contract_key=contract_key,
blinding_key=blinding_key,
blinding_factor=unblind_result.blinding_factor,
asset_blinding_factor=unblind_result.asset_blinding_factor)
# Cannot use VerifyScript for now,
# because it does not support CHECKSIGFROMSTACK yet
#
# VerifyScript(tx.vin[0].scriptSig,
# elt_contract_addr.to_scriptPubKey(),
# tx, 0, amount=amount)
say('Sending my spend-reveal transaction')
sr_txid = elt_rpc.sendrawtransaction(b2x(elt_claim_tx.serialize()))
wait_confirm(say, 'Elements', sr_txid, die, elt_rpc, num_confirms=2)
say('Got my Elements-BTC. Swap successful (at least for me :-)')
def alice(say, recv, send, die, rpc):
"""A function that implements the logic
of the first participant of an asset atomic swap"""
# Issue two asset that we are going to swap to Bob's 1 asset
asset1_str, asset1_utxo = issue_asset(say, 1.0, rpc)
asset2_str, asset2_utxo = issue_asset(say, 1.0, rpc)
# We will need to pay a fee in an asset suitable for this
fee_utxo = find_utxo_for_fee(say, die, rpc)
say('Getting change address for fee asset')
# We don't care for blinding key of change - the node will
# have it, anyway, and we don't need to unblind the change.
fee_change_addr, _ = get_dst_addr(say, rpc)
say('Will use utxo {}:{} (amount: {}) for fee, change will go to {}'.
format(fee_utxo['txid'], fee_utxo['vout'], fee_utxo['amount'],
fee_change_addr))
say('Setting up communication with Bob')
# Tell Bob that we are ready to communicate
send('ready')
# To avoid mempool synchronization problems,
# in our example Alice is the one in charge of generating test blocks.
# Bob gives alice txid of his transaction that he wants to be confirmed.
bob_txid = recv('wait-txid-confirm')
# Make sure asset issuance transactions are confirmed
rpc.generatetoaddress(1, rpc.getnewaddress())
wait_confirm(say, asset1_utxo['txid'], die, rpc)
wait_confirm(say, asset2_utxo['txid'], die, rpc)
wait_confirm(say, bob_txid, die, rpc)
# Make sure Bob is alive and ready to communicate, and send
# him an offer for two assets
say('Sending offer to Bob')
my_offers = [
AtomicSwapOffer(asset=asset1_str,
amount=coins_to_satoshi(asset1_utxo['amount'])),
AtomicSwapOffer(asset=asset2_str,
amount=coins_to_satoshi(asset2_utxo['amount']))
]
send('offer', my_offers)
bob_offer = recv('offer')
print_asset_balances(say, my_offers + [bob_offer], rpc)
say('Bob responded with his offer: {}'.format(bob_offer))
# We unconditionally accept Bob's offer - his asset is
# equally worthless as ours :-)
# Generate an address for Bob to send his asset to.
dst_addr, blinding_key = get_dst_addr(say, rpc)
say('Sending my address and assetcommitments for my UTXOs to Bob')
# Send Bob our address, and the assetcommitments of our UTXOs
# (but not any other information about our UTXO),
# so he can construct and blind a partial transaction that
# will spend his own UTXO, to send his asset to our address.
assetcommitments = [
asset1_utxo['assetcommitment'], asset2_utxo['assetcommitment'],
fee_utxo['assetcommitment']
]
send('addr_and_assetcommitments', (str(dst_addr), assetcommitments))
partial_tx_bytes = recv('partial_blinded_tx')
say('Got partial blinded tx of size {} bytes from Bob'.format(
len(partial_tx_bytes)))
partial_tx = CTransaction.deserialize(partial_tx_bytes)
if len(partial_tx.vout) != 1:
die('unexpected number of outputs in tx from Bob: expected 1, got {}'.
format(len(partial_tx.vout)))
result = partial_tx.vout[0].unblind_confidential_pair(
blinding_key, partial_tx.wit.vtxoutwit[0].rangeproof)
if result.error:
die('cannot unblind output that should have been directed to us: {}'.
format(result.error))
if result.asset.to_hex() != bob_offer.asset:
die("asset in partial transaction from Bob {} is not the same "
"as asset in Bob's initial offer ({})".format(
result.asset.to_hex(), bob_offer.asset))
if result.amount != bob_offer.amount:
die("amount in partial transaction from Bob {} is not the same "
"as amount in Bob's initial offer ({})".format(
result.amount, bob_offer.amount))
say("Asset and amount in partial transaction matches Bob's offer")
bob_addr_list, bob_assetcommitment = recv('addr_list_and_assetcommitment')
if len(bob_addr_list) != len(my_offers):
die('unexpected address list lenth from Bob. expected {}, got {}'.
format(len(my_offers), len(bob_addr_list)))
say("Bob's addresses to receive my assets: {}".format(bob_addr_list))
# Convert Bob's addresses to address objects.
# If Bob passes invalid address, we die with with exception.
bob_addr_list = [CCoinAddress(a) for a in bob_addr_list]
# Add our own inputs and outputs to Bob's partial tx
# Create new mutable transaction from partial_tx
tx = partial_tx.to_mutable()
# We have assetcommitment for the first input,
# other data is not needed for it.
# initialize first elements of the arrays with empty/negative data.
input_descriptors = [
BlindingInputDescriptor(asset=CAsset(),
amount=-1,
blinding_factor=Uint256(),
asset_blinding_factor=Uint256())
]
# First output is already blinded, fill the slot with empty data
output_pubkeys = [CPubKey()]
# But assetcommitments array should start with Bob's asset commitment
assetcommitments = [x(bob_assetcommitment)]
# We will add our inputs for asset1 and asset2, and also an input
# that will be used to pay the fee.
# Note that the order is important: Bob blinded his transaction
# with assetcommitments in the order we send them to him,
# and we should add our inputs in the same order.
utxos_to_add = (asset1_utxo, asset2_utxo, fee_utxo)
# Add inputs for asset1 and asset2 and fee_asset and prepare input data
# for blinding
for utxo in utxos_to_add:
# When we create CMutableTransaction and pass CTxIn,
# it will be converted to CMutableTxIn. But if we append
# to tx.vin or tx.vout, we need to use mutable versions
# of the txin/txout classes, or else blinding or signing
# will fail with error, unable to modify the instances.
# COutPoint is not modified, though, so we can leave it
# immutable.
tx.vin.append(
CMutableTxIn(
prevout=COutPoint(hash=lx(utxo['txid']), n=utxo['vout'])))
input_descriptors.append(
BlindingInputDescriptor(
asset=CAsset(lx(utxo['asset'])),
amount=coins_to_satoshi(utxo['amount']),
blinding_factor=Uint256(lx(utxo['amountblinder'])),
asset_blinding_factor=Uint256(lx(utxo['assetblinder']))))
# If we are supplying asset blinders and assetblinders for
# particular input, assetcommitment data for that input do
# not need to be correct. But if we are supplying assetcommitments
# at all (auxiliary_generators argument to tx.blind()),
# then all the elements of that array must have correct
# type (bytes) and length (33). This is a requirement of the original
# Elements Core API, and python-elementstx requires this, too.
assetcommitments.append(b'\x00' * 33)
# Add outputs to give Bob all our assets, and fill output pubkeys
# for blinding the outputs to Bob's addresses
for n, offer in enumerate(my_offers):
tx.vout.append(
CMutableTxOut(nValue=CConfidentialValue(offer.amount),
nAsset=CConfidentialAsset(CAsset(lx(offer.asset))),
scriptPubKey=bob_addr_list[n].to_scriptPubKey()))
output_pubkeys.append(bob_addr_list[n].blinding_pubkey)
# Add change output for fee asset
fee_change_amount = (coins_to_satoshi(fee_utxo['amount']) -
FIXED_FEE_SATOSHI)
tx.vout.append(
CMutableTxOut(nValue=CConfidentialValue(fee_change_amount),
nAsset=CConfidentialAsset(fee_asset),
scriptPubKey=fee_change_addr.to_scriptPubKey()))
output_pubkeys.append(fee_change_addr.blinding_pubkey)
# Add fee output.
# Note that while we use CConfidentialAsset and CConfidentialValue
# to specify value and asset, they are not in fact confidential here
# - they are explicit, because we pass explicit values at creation.
# You can check if they are explicit or confidential
# with nValue.is_explicit(). If they are explicit, you can access
# the unblinded values with nValue.to_amount() and nAsset.to_asset()
tx.vout.append(
CMutableTxOut(nValue=CConfidentialValue(FIXED_FEE_SATOSHI),
nAsset=CConfidentialAsset(fee_asset)))
# Add dummy pubkey for non-blinded fee output
output_pubkeys.append(CPubKey())
# Our transaction lacks txin witness instances for the added inputs,
# and txout witness instances for added outputs.
# If transaction already have witness data attached, transaction
# serialization code will require in/out witness array length
# to be equal to vin/vout array length
# Therefore we need to add dummy txin and txout witnesses for each
# input and output that we added to transaction
# we added one input and one output per asset, and an additional
# input/change-output for fee asset.
for _ in utxos_to_add:
tx.wit.vtxinwit.append(CMutableTxInWitness())
tx.wit.vtxoutwit.append(CMutableTxOutWitness())
# And one extra dummy txout witness for fee output
tx.wit.vtxoutwit.append(CMutableTxOutWitness())
# And blind the combined transaction
blind_result = tx.blind(input_descriptors=input_descriptors,
output_pubkeys=output_pubkeys,
auxiliary_generators=assetcommitments)
# The blinding must succeed!
if blind_result.error:
die('blind failed: {}'.format(blind_result.error))
# And must blind exactly three outputs (two to Bob, one fee asset change)
if blind_result.num_successfully_blinded != 3:
die('blinded {} outputs, expected to be 3'.format(
blind_result.num_successfully_blinded))
say('Successfully blinded the combined transaction, will now sign')
# Sign two new asset inputs, and fee asset input
for n, utxo in enumerate(utxos_to_add):
# We specify input_index as 1+n because we skip first (Bob's) input
sign_input(tx, 1 + n, utxo)
say('Signed my inputs, sending partially-signed transaction to Bob')
send('partially_signed_tx', tx.serialize())
# Note that at this point both participants can still opt out of the swap:
# Alice by double-spending her inputs to the transaction,
# and Bob by not signing or not broadcasting the transaction.
# Bob still have tiny advantage, because
# he can pretend to have 'difficulties' in broadcasting and try to exploit
# Alice's patience. If Alice does not reclaim her funds in the case Bob's
# behaviour deviates from expected, then Bob will have free option to
# exectute the swap at the time convenient to him.
# Get the swap transaction from Bob.
# Bob is expected to broadcast this transaction, and could just send txid
# here, but then there would be a period of uncertainty: if Alice do not
# see the txid at her own node, she does not know if this is because Bob
# did not actually broadcast, and is just taking his time watching asset
# prices, or the transaction just takes long time to propagate. If the
# protocol requires Bob to send the transaction, the timeout required for
# Alice to wait can be defined much more certainly.
try:
signed_tx_raw = recv('final-signed-tx', timeout=ALICE_PATIENCE_LIMIT)
signed_tx = CTransaction.deserialize(x(signed_tx_raw))
# Check that this transaction spends the same inputs as the transacton
# previously agreed upon
for n, vin in enumerate(signed_tx.vin):
if vin.prevout != tx.vin[n].prevout:
die('Inputs of transaction received from Bob do not match '
'the agreed-upon transaction')
# Send the transaction from our side
txid = rpc.sendrawtransaction(b2x(signed_tx.serialize()))
except Exception as e:
# If there is any problem, including communication timeout or invalid
# communication, or invalid transaction encoding, then Alice will try
# to claim her funds back, so Bob won't have an option to execute the
# swap at the time convenient to him. He should execute it immediately.
say('Unexpected problem on receiving final signed transaction '
'from Bob: {}'.format(e))
say('This is suspicious. I will try to reclaim my funds now')
claim_funds_back(say, utxos_to_add, die, rpc)
say("Claimed my funds back. Screw Bob!")
sys.exit(0)
# Make sure the final transaction is confirmed
rpc.generatetoaddress(1, rpc.getnewaddress())
wait_confirm(say, txid, die, rpc)
# Check that everything went smoothly
balance = coins_to_satoshi(rpc.getbalance("*", 1, False, bob_offer.asset))
if balance != bob_offer.amount:
die('something went wrong, balance of Bob\'s asset after swap '
'should be {} satoshi, but it is {} satoshi'.format(
balance, bob_offer.amount))
print_asset_balances(say, my_offers + [bob_offer], rpc)
# Wait for alice to politely end the conversation
send('thanks-goodbye')
say('Asset atomic swap completed successfully')
def bob(say, recv, send, die, rpc):
"""A function that implements the logic
of the second participant of an asset atomic swap"""
# Issue an asset that we are going to swap
asset_str, asset_utxo = issue_asset(say, 1.0, rpc)
asset_amount_satoshi = coins_to_satoshi(asset_utxo['amount'])
say('Setting up communication with Alice')
# Wait for Alice to start communication
recv('ready')
# To avoid mempool synchronization problems in two-node regtest setup,
# in our example Alice is the one in charge of generating test blocks.
# Send txid of asset issuance to alice so she can ensure it is confirmed.
send('wait-txid-confirm', asset_utxo['txid'])
say('Waiting for Alice to send us an offer array')
alice_offers = recv('offer')
# We unconditionally accept Alice's offer - her assets are
# equally worthless as our asset :-)
say("Alice's offers are {}, sending my offer".format(alice_offers))
my_offer = AtomicSwapOffer(amount=asset_amount_satoshi, asset=asset_str)
send('offer', my_offer)
say('Waiting for Alice\'s address and assetcommitments')
alice_addr_str, alice_assetcommitments = recv('addr_and_assetcommitments')
print_asset_balances(say, alice_offers + [my_offer], rpc)
# Convert Alice's address to address object.
# If Alice passes invalid address, we die with we die with exception.
alice_addr = CCoinAddress(alice_addr_str)
say('Alice\'s address: {}'.format(alice_addr))
say('Alice\'s assetcommitments: {}'.format(alice_assetcommitments))
# Create asset commitments array. First goes our own asset commitment,
# because our UTXO will be first.
assetcommitments = [x(asset_utxo['assetcommitment'])]
for ac in alice_assetcommitments:
# If Alice sends non-hex data, we will die while converting.
assetcommitments.append(x(ac))
# Let's create our part of the transaction. We need to create
# mutable transaction, because blind() method only works for mutable.
partial_tx = CMutableTransaction(
vin=[
CTxIn(prevout=COutPoint(hash=lx(asset_utxo['txid']),
n=asset_utxo['vout']))
],
vout=[
CTxOut(nValue=CConfidentialValue(asset_amount_satoshi),
nAsset=CConfidentialAsset(CAsset(lx(asset_str))),
scriptPubKey=alice_addr.to_scriptPubKey())
])
# Blind our part of transaction, specifying assetcommitments
# (Incliding those received from Alice) as auxiliary_generators.
# Note that we could get the blinding factors if we retrieve
# the transaction that we spend from, deserialize it, and unblind
# the output that we are going to spend.
# We could do everything here (besides issuing the asset and sending
# the transactions) without using Elements RPC, if we get our data
# from files or database, etc. But to simplify our demonstration,
# we will use the values we got from RPC.
# See 'spend-to-confidential-address.py' example for the code
# that does the unblinding itself, and uses the unblinded values
# to create a spending transaction.
blind_result = partial_tx.blind(
input_descriptors=[
BlindingInputDescriptor(
asset=CAsset(lx(asset_utxo['asset'])),
amount=asset_amount_satoshi,
blinding_factor=Uint256(lx(asset_utxo['amountblinder'])),
asset_blinding_factor=Uint256(lx(asset_utxo['assetblinder'])))
],
output_pubkeys=[alice_addr.blinding_pubkey],
auxiliary_generators=assetcommitments)
# The blinding must succeed!
if blind_result.error:
die('blind failed: {}'.format(blind_result.error))
# And must blind exactly one output
if blind_result.num_successfully_blinded != 1:
die('blinded {} outputs, expected to be 1'.format(
blind_result.num_successfully_blinded))
say('Successfully blinded partial transaction, sending it to Alice')
send('partial_blinded_tx', partial_tx.serialize())
say("Generating addresses to receive Alice's assets")
# Generate as many destination addresses as there are assets
# in Alice's offer. Record blinding keys for the addresses.
our_addrs = []
blinding_keys = []
for _ in alice_offers:
addr, blinding_key = get_dst_addr(say, rpc)
our_addrs.append(str(addr))
blinding_keys.append(blinding_key)
say("Sending my addresses and assetcommitment to Alice")
send('addr_list_and_assetcommitment',
(our_addrs, asset_utxo['assetcommitment']))
semi_signed_tx_bytes = recv('partially_signed_tx')
say('Got partially signed tx of size {} bytes from Alice'.format(
len(semi_signed_tx_bytes)))
semi_signed_tx = CTransaction.deserialize(semi_signed_tx_bytes)
# Transaction should have 3 extra outputs - one output to Alice,
# fee output, and fee asset change output
if len(semi_signed_tx.vout) != len(alice_offers) + 3:
die('unexpected number of outputs in tx from Alice: '
'expected {}, got {}'.format(
len(alice_offers) + 3, len(semi_signed_tx.vout)))
if not semi_signed_tx.vout[-1].is_fee():
die('Last output in tx from Alice '
'is expected to be fee output, but it is not')
# Unblind outputs that should be directed to us and check
# that they match the offer. We use n+1 as output index
# because we skip our own output, which is at index 0.
for n, offer in enumerate(alice_offers):
result = semi_signed_tx.vout[n + 1].unblind_confidential_pair(
blinding_keys[n], semi_signed_tx.wit.vtxoutwit[n + 1].rangeproof)
if result.error:
die('cannot unblind output {} that should have been '
'directed to us: {}'.format(n + 1, result.error))
if result.asset.to_hex() != offer.asset:
die("asset at position {} (vout {}) in partial transaction "
"from Alice {} is not the same as asset in Alice's "
"initial offer ({})".format(n, n + 1, result.asset.to_hex(),
offer.asset))
if result.amount != offer.amount:
die("amount at position {} (vout {}) in partial transaction "
"from Alice {} is not the same as amount in Alice's "
"initial offer ({})".format(n, n + 1, result.amount,
offer.amount))
say("Assets and amounts in partially signed transaction "
"match Alice's offer")
# Signing will change the tx, so i
tx = semi_signed_tx.to_mutable()
# Our input is at index 0
sign_input(tx, 0, asset_utxo)
# Note that at this point both participants can still opt out of the swap:
# Bob by not broadcasting the transaction, and Alice by double-spending
# her inputs to the transaction. Bob still have tiny advantage, because
# he can pretend to have 'difficulties' in broadcasting and try to exploit
# Alice's patience
say('Signed the transaction from my side, ready to send')
tx_hex = b2x(tx.serialize())
if bob_be_sneaky:
say('Hey! I am now in control of the final transaction. '
'I have the option to exectue the swap or abort. ')
say('Why not wait a bit and watch asset prices, and execute '
'the swap only if it is profitable')
say('I will reduce my risk a bit by doing that.')
# Bob takes his time and is not sending the final
# transaction to Alice for some time...
time.sleep(ALICE_PATIENCE_LIMIT + 2)
say('OK, I am willing to execute the swap now')
# Send the final transaction to Alice, so she can be sure that
# we is not cheating
send('final-signed-tx', tx_hex)
txid = rpc.sendrawtransaction(tx_hex)
say('Sent with txid {}'.format(txid))
# Wait for alice to politely end the conversation
recv('thanks-goodbye')
print_asset_balances(say, alice_offers + [my_offer], rpc)
for i, offer in enumerate(alice_offers):
balance = coins_to_satoshi(rpc.getbalance("*", 1, False, offer.asset))
if balance != offer.amount:
die('something went wrong, asset{} balance after swap should be '
'{} satoshi, but it is {} satoshi'.format(
i, balance, offer.amount))
say('Asset atomic swap completed successfully')
# Iterate through transaction ouptputs, and unblind what we can.
print("")
for n, vout in enumerate(tx.vout):
# Note that nValue of vout in Elements is not a simple int,
# but CConfidentialValue, which can either be explicit, and can be
# converted to satoshis with to_amount(), or it can be blinded, in
# which case you need to unblind the output to know its value.
if vout.nValue.is_explicit():
# The output is not blinded, we can access the values right away
assert vout.nAsset.is_explicit(), "unblinding just the asset is not supported"
if vout.is_fee():
print("vout {}: fee".format(n))
else:
print("vout {}: explicit".format(n))
print(" destination address:",
CCoinAddress.from_scriptPubKey(tx.vout[n].scriptPubKey))
print(" amount:\t\t", satoshi_to_coins(vout.nValue.to_amount()))
print(" asset:\t\t", vout.nAsset.to_asset())
else:
# Try to unblind the output with the given blinding key
result = vout.unblind_confidential_pair(
bkey, tx.wit.vtxoutwit[n].rangeproof)
if result.error:
# Nope, our blinding key is not good for this output
print("vout {}: cannot unblind: {}".format(n, result.error))
print(" destination address:",
CCoinAddress.from_scriptPubKey(tx.vout[n].scriptPubKey))
if not tx.wit.is_null():
rpinfo = tx.wit.vtxoutwit[n].get_rangeproof_info()
if rpinfo:
def check_serialize_deserialize(self, tx, tx_bytes, tx_decoded):
self.assertEqual(tx_bytes, tx.serialize())
self.assertEqual(tx_bytes,
CTransaction.deserialize(tx.serialize()).serialize())
self.assertEqual(tx_bytes, tx.to_mutable().to_immutable().serialize())
self.assertEqual(tx_decoded['version'], tx.nVersion)
self.assertEqual(tx_decoded['locktime'], tx.nLockTime)
# we ignore withash field - we do not have ComputeWitnessHash() function
# as it is only relevant for blocks, not transactions
self.assertEqual(tx_decoded['hash'], b2lx(tx.GetHash()))
self.assertEqual(tx_decoded['txid'], b2lx(tx.GetTxid()))
for n, vout in enumerate(tx_decoded['vout']):
if 'amountcommitment' in vout:
self.assertEqual(x(vout['amountcommitment']),
tx.vout[n].nValue.commitment)
if 'assetcommitment' in vout:
self.assertEqual(x(vout['assetcommitment']),
tx.vout[n].nAsset.commitment)
if 'asset' in vout:
self.assertEqual(vout['asset'],
tx.vout[n].nAsset.to_asset().to_hex())
if 'scriptPubKey' in vout:
spk = vout['scriptPubKey']
self.assertEqual(x(spk['hex']), tx.vout[n].scriptPubKey)
if 'pegout_type' in spk:
self.assertEqual(spk['type'], 'nulldata')
self.assertTrue(tx.vout[n].scriptPubKey.is_pegout())
genesis_hash, pegout_scriptpubkey = tx.vout[
n].scriptPubKey.get_pegout_data()
if spk['pegout_type'] != 'nonstandard':
assert spk['pegout_type'] in ('pubkeyhash',
'scripthash')
addr = CCoinAddress.from_scriptPubKey(
pegout_scriptpubkey)
self.assertEqual(len(spk['pegout_addresses']), 1)
self.assertEqual(spk['pegout_addresses'][0], str(addr))
self.assertEqual(spk['pegout_hex'],
b2x(pegout_scriptpubkey))
self.assertEqual(spk['pegout_chain'], b2lx(genesis_hash))
if spk['type'] in ('pubkeyhash', 'scripthash'):
self.assertEqual(len(spk['addresses']), 1)
addr = CCoinAddress.from_scriptPubKey(
tx.vout[n].scriptPubKey)
self.assertEqual(spk['addresses'][0], str(addr))
elif spk['type'] == 'nulldata':
self.assertEqual(tx.vout[n].scriptPubKey, x(spk['hex']))
else:
self.assertEqual(spk['type'], 'fee')
self.assertEqual(len(tx.vout[n].scriptPubKey), 0)
if secp256k1_has_zkp:
if tx.wit.is_null():
rpinfo = None
else:
rpinfo = tx.wit.vtxoutwit[n].get_rangeproof_info()
if 'value-minimum' in vout:
self.assertIsNotNone(rpinfo)
self.assertEqual(vout['ct-exponent'], rpinfo.exp)
self.assertEqual(vout['ct-bits'], rpinfo.mantissa)
self.assertEqual(
coins_to_satoshi(vout['value-minimum'],
check_range=False), rpinfo.value_min)
self.assertEqual(
coins_to_satoshi(vout['value-maximum'],
check_range=False), rpinfo.value_max)
else:
self.assertTrue(rpinfo is None or rpinfo.exp == -1)
if rpinfo is None:
value = tx.vout[n].nValue.to_amount()
else:
value = rpinfo.value_min
self.assertEqual(coins_to_satoshi(vout['value']), value)
else:
warn_zkp_unavailable()
if 'value' in vout and tx.vout[n].nValue.is_explicit():
self.assertEqual(coins_to_satoshi(vout['value']),
tx.vout[n].nValue.to_amount())
for n, vin in enumerate(tx_decoded['vin']):
if 'scripSig' in vin:
self.assertEqual(
x(vin['scriptSig']['hex'], tx.vin[n].scriptSig))
if 'txid' in vin:
self.assertEqual(vin['txid'], b2lx(tx.vin[n].prevout.hash))
if 'vout' in vin:
self.assertEqual(vin['vout'], tx.vin[n].prevout.n)
if 'is_pegin' in vin:
self.assertEqual(vin['is_pegin'], tx.vin[n].is_pegin)
if vin['is_pegin'] is False:
if 'scriptWitness' in vin:
self.assertTrue(
tx.wit.vtxinwit[n].scriptWitness.is_null())
if 'pegin_witness' in vin:
self.assertTrue(
tx.wit.vtxinwit[n].pegin_witness.is_null())
else:
for stack_index, stack_item in enumerate(
vin['scriptWitness']):
self.assertTrue(
stack_item,
b2x(tx.wit.vtxinwit[n].scriptWitness.
stack[stack_index]))
for stack_index, stack_item in enumerate(
vin['pegin_witness']):
self.assertTrue(
stack_item,
b2x(tx.wit.vtxinwit[n].pegin_witness.
stack[stack_index]))
if 'sequence' in vin:
self.assertEqual(vin['sequence'], tx.vin[n].nSequence)
if 'coinbase' in vin:
self.assertTrue(tx.is_coinbase())
if 'issuance' in vin:
iss = vin['issuance']
self.assertEqual(
iss['assetBlindingNonce'],
tx.vin[n].assetIssuance.assetBlindingNonce.to_hex())
if 'asset' in iss:
if iss['isreissuance']:
self.assertTrue(not tx.vin[n].assetIssuance.
assetBlindingNonce.is_null())
self.assertEqual(
iss['assetEntropy'],
tx.vin[n].assetIssuance.assetEntropy.to_hex())
asset = calculate_asset(
tx.vin[n].assetIssuance.assetEntropy)
else:
entropy = generate_asset_entropy(
tx.vin[n].prevout,
tx.vin[n].assetIssuance.assetEntropy)
self.assertEqual(iss['assetEntropy'], entropy.to_hex())
asset = calculate_asset(entropy)
reiss_token = calculate_reissuance_token(
entropy,
tx.vin[n].assetIssuance.nAmount.is_commitment())
self.assertEqual(iss['token'], reiss_token.to_hex())
self.assertEqual(iss['asset'], asset.to_hex())
if 'assetamount' in iss:
self.assertEqual(
coins_to_satoshi(iss['assetamount']),
tx.vin[n].assetIssuance.nAmount.to_amount())
elif 'assetamountcommitment' in iss:
self.assertEqual(
iss['assetamountcommitment'],
b2x(tx.vin[n].assetIssuance.nAmount.commitment))
if 'tokenamount' in iss:
self.assertEqual(
coins_to_satoshi(iss['tokenamount']),
tx.vin[n].assetIssuance.nInflationKeys.to_amount())
elif 'tokenamountcommitment' in iss:
self.assertEqual(
iss['tokenamountcommitment'],
b2x(tx.vin[n].assetIssuance.nInflationKeys.commitment))
def assemble_transaction_spend_output(self, recipient: ExternalAddress,
selection: CoinSelection):
return TxOut(selection.target_value, recipient.to_scriptPubKey())
