def test_get_output_size(self) -> None:
pub = CPubKey(x('0378d430274f8c5ec1321338151e9f27f4c676a008bdf8638d07c0b6be9ab35c71'))
a0 = P2PKHCoinAddress.from_pubkey(pub)
self.assertEqual(P2PKHCoinAddress.get_output_size(), 34)
self.assertEqual(a0.get_output_size(), 34)
a1 = P2WPKHCoinAddress.from_pubkey(pub)
self.assertEqual(P2WPKHCoinAddress.get_output_size(), 31)
self.assertEqual(a1.get_output_size(), 31)
a2 = P2SHCoinAddress.from_redeemScript(
CScript(b'\xa9' + Hash160(pub) + b'\x87'))
self.assertEqual(P2SHCoinAddress.get_output_size(), 32)
self.assertEqual(a2.get_output_size(), 32)
a3 = P2WSHCoinAddress.from_redeemScript(
CScript(b'\xa9' + Hash160(pub) + b'\x87'))
self.assertEqual(P2WSHCoinAddress.get_output_size(), 43)
self.assertEqual(a3.get_output_size(), 43)
def get_unconfidential_address_samples(pub1, pub2):
return AddressSamples(
p2pkh=P2PKHCoinAddress.from_pubkey(pub1),
p2wpkh=P2WPKHCoinAddress.from_pubkey(pub1),
p2sh=P2SHCoinAddress.from_redeemScript(
CScript(b'\xa9' + Hash160(pub1) + b'\x87')),
p2wsh=P2WSHCoinAddress.from_redeemScript(
CScript(b'\xa9' + Hash160(pub1) + b'\x87')),
conf_p2pkh=P2PKHCoinConfidentialAddress.from_unconfidential(
P2PKHCoinAddress.from_pubkey(pub1), pub2),
conf_p2wpkh=P2WPKHCoinConfidentialAddress.from_unconfidential(
P2WPKHCoinAddress.from_pubkey(pub1), pub2),
conf_p2sh=P2SHCoinConfidentialAddress.from_unconfidential(
P2SHCoinAddress.from_redeemScript(
CScript(b'\xa9' + Hash160(pub1) + b'\x87')), pub2),
conf_p2wsh=P2WSHCoinConfidentialAddress.from_unconfidential(
P2WSHCoinAddress.from_redeemScript(
CScript(b'\xa9' + Hash160(pub1) + b'\x87')), pub2))
def try_reclaim_elt(say, elt_rpc, txid, elt_contract, key, blinding_key, die):
ensure_rpc_connected(say, elt_rpc)
# we won't return from this function, so we can just
# set the chain with select_chain_params
select_chain_params(elements_chain_name)
from_addr = P2SHCoinAddress.from_redeemScript(elt_contract)
say('Will try to reclaim my Elements bitcoin asset from {}'.format(
from_addr))
tx_json = elt_rpc.getrawtransaction(txid, 1)
confirmations = int(tx_json['confirmations'])
while confirmations < elements_contract_timeout:
tx_json = elt_rpc.getrawtransaction(txid, 1)
confirmations = int(tx_json['confirmations'])
commit_tx = CElementsTransaction.deserialize(x(tx_json['hex']))
vout_n, unblind_result = find_and_unblind_vout(say, commit_tx, from_addr,
blinding_key, die)
dst_addr = CElementsAddress(elt_rpc.getnewaddress())
say('Will reclaim my Elements asset to {}'.format(dst_addr))
reclaim_tx = create_elt_spend_tx(
dst_addr,
txid,
vout_n,
elt_contract,
die,
spend_key=key,
blinding_factor=unblind_result.blinding_factor,
asset_blinding_factor=unblind_result.asset_blinding_factor,
branch_condition=False)
say('Sending my Elements-reclaim transaction')
new_txid = elt_rpc.sendrawtransaction(b2x(reclaim_tx.serialize()))
def custom_die(msg):
say(msg)
die('Failed to reclaim by Elemets asset')
wait_confirm(say,
'Elements',
new_txid,
custom_die,
elt_rpc,
num_confirms=3)
say('Reclaimed my Elements asset. Swap failed.')
async def async_testnet() -> None:
select_chain_params('bitcoin/testnet')
await wait_async('regtest')
a = P2SHCoinAddress.from_redeemScript(
CScript(b'\xa9' + Hash160(pub) + b'\x87'))
assert CBase58Data(str(a))[0] == 196
check_core_modules()
ready('testnet')
await wait_async('mainnet')
self.assertEqual(get_current_chain_params().NAME,
'bitcoin/testnet')
finish('testnet')
def make_wrapped_segwit_address(cls, address_pubkey) -> CCoinAddress:
redeem_script = cls.make_wrapped_segwit_redeem_script(address_pubkey)
redeem_script_hash = Hash160(redeem_script)
script_pubkey = CScript([OP_HASH160, redeem_script_hash, OP_EQUAL])
return P2SHAddress.from_scriptPubKey(script_pubkey)
# classes. mypy does cannot know about dynamic class dispatch.
input_tx = CElementsTransaction.deserialize(x(f.readline().rstrip()))
# Read in the key, expected to be in WIF format.
with open(sys.argv[2]) as f:
key = CCoinKey(f.readline().rstrip())
# Read in the unblinding key, expected to be in HEX format.
with open(sys.argv[3]) as f:
bkey = CCoinKey.from_secret_bytes(x(f.readline().rstrip()))
dst_addr = CElementsAddress(sys.argv[4])
# Construct P2SH_P2WPKH address from the loaded key
spk = CScript([0, Hash160(key.pub)]).to_p2sh_scriptPubKey()
src_addr = P2SHCoinAddress.from_scriptPubKey(spk)
sys.stderr.write(
'\nSearching for ouptut with address {}\n'.format(src_addr))
utxo = None
fee_asset = None
# Search for output in the transaction that spends to the address that
# we have. We are going to spend the first output that we find.
for in_n, in_vout in enumerate(input_tx.vout):
if utxo is None and in_vout.scriptPubKey == src_addr.to_scriptPubKey():
utxo = in_vout
utxo_n = in_n
if in_vout.is_fee():
assert fee_asset is None or fee_asset == in_vout.nAsset,\
"expecting only one fee asset"
def bob(say, recv, send, die, btc_rpc, elt_rpc):
"""A function that implements the logic
of the Bitcoin-side participant
of confidential cross-chain atomic swap"""
global last_wish_func
# Default chain for Bob will be Bitcoin
# To handle bitcoin-related objects, either
# `with ChainParams(elements_chain_name):` have to be used, or
# concrete classes, like CElementsAddress, CElementsTransaction, etc.
select_chain_params(bitcoin_chain_name)
say('Waiting for blinding key from Alice')
alice_btc_pub_raw, alice_elt_exit_pub_raw = recv('pubkeys')
blinding_key = CKey.from_secret_bytes(recv('blinding_key'))
say("Pubkey for blinding key: {}".format(b2x(blinding_key.pub)))
# Let's create the key that would lock the coins on Bitcoin side
contract_key = CKey.from_secret_bytes(os.urandom(32))
# And the key for Elements side
bob_elt_spend_key = CKey.from_secret_bytes(os.urandom(32))
# And the key for 'timeout' case on btc side
bob_btc_exit_key = CKey.from_secret_bytes(os.urandom(32))
key_to_reveal_pub = CPubKey.add(contract_key.pub, blinding_key.pub)
say("The pubkey of the combined key to be revealed: {}".format(
b2x(key_to_reveal_pub)))
say('Sending my pubkeys to Alice')
send('pubkeys',
(contract_key.pub, bob_elt_spend_key.pub, bob_btc_exit_key.pub))
combined_btc_spend_pubkey = CPubKey.add(contract_key.pub,
CPubKey(alice_btc_pub_raw))
say('combined_btc_spend_pubkey: {}'.format(b2x(combined_btc_spend_pubkey)))
btc_contract = make_btc_contract(combined_btc_spend_pubkey,
bob_btc_exit_key.pub)
btc_contract_addr = P2WSHCoinAddress.from_redeemScript(btc_contract)
say("Created Bitcoin-side swap contract, size: {}".format(
len(btc_contract)))
say("Contract address: {}".format(btc_contract_addr))
say('Sending {} to {}'.format(pre_agreed_amount, btc_contract_addr))
btc_txid = btc_rpc.sendtoaddress(str(btc_contract_addr), pre_agreed_amount)
def bob_last_wish_func():
try_reclaim_btc(say, btc_rpc, btc_txid, btc_contract, bob_btc_exit_key,
die)
last_wish_func = bob_last_wish_func
wait_confirm(say, 'Bitcoin', btc_txid, die, btc_rpc, num_confirms=6)
send('btc_txid', btc_txid)
elt_txid = recv('elt_txid')
elt_contract = make_elt_cntract(key_to_reveal_pub, bob_elt_spend_key.pub,
alice_elt_exit_pub_raw)
with ChainParams(elements_chain_name):
elt_contract_addr = P2SHCoinAddress.from_redeemScript(elt_contract)
say('Got Elements contract address from Alice: {}'.format(
elt_contract_addr))
say('Looking for this address in transaction {} in Elements'.format(
elt_txid))
tx_json = elt_rpc.getrawtransaction(elt_txid, 1)
if tx_json['confirmations'] < 2:
die('Transaction does not have enough confirmations')
elt_commit_tx = CElementsTransaction.deserialize(x(tx_json['hex']))
vout_n, unblind_result = find_and_unblind_vout(say, elt_commit_tx,
elt_contract_addr,
blinding_key, die)
if unblind_result.amount != coins_to_satoshi(pre_agreed_amount):
die('the amount {} found at the output in the offered transaction '
'does not match the expected amount {}'.format(
satoshi_to_coins(unblind_result.amount), pre_agreed_amount))
say('The asset and amount match expected values. lets spend it.')
with ChainParams(elements_chain_name):
dst_addr = CCoinAddress(elt_rpc.getnewaddress())
assert isinstance(dst_addr, CCoinConfidentialAddress)
say('I will claim my Elements-BTC to {}'.format(dst_addr))
elt_claim_tx = create_elt_spend_tx(
dst_addr,
elt_txid,
vout_n,
elt_contract,
die,
spend_key=bob_elt_spend_key,
contract_key=contract_key,
blinding_key=blinding_key,
blinding_factor=unblind_result.blinding_factor,
asset_blinding_factor=unblind_result.asset_blinding_factor)
# Cannot use VerifyScript for now,
# because it does not support CHECKSIGFROMSTACK yet
#
# VerifyScript(tx.vin[0].scriptSig,
# elt_contract_addr.to_scriptPubKey(),
# tx, 0, amount=amount)
say('Sending my spend-reveal transaction')
sr_txid = elt_rpc.sendrawtransaction(b2x(elt_claim_tx.serialize()))
wait_confirm(say, 'Elements', sr_txid, die, elt_rpc, num_confirms=2)
say('Got my Elements-BTC. Swap successful (at least for me :-)')
def alice(say, recv, send, die, btc_rpc, elt_rpc):
"""A function that implements the logic
of the Elements-side participant
of confidential cross-chain atomic swap"""
global last_wish_func
# Default chain for Alice will be Elements
# To handle bitcoin-related objects, either
# `with ChainParams(bitcoin_chain_name):` have to be used, or
# concrete classes, like CBitcoinAddress, CBitcoinTransaction, etc.
select_chain_params(elements_chain_name)
# Let's create the shared blinding key
blinding_key = CKey.from_secret_bytes(os.urandom(32))
# And the key for btc spend
alice_btc_key = CKey.from_secret_bytes(os.urandom(32))
# And the key for the 'timeout' branch of the contract
alice_elt_exit_key = CKey.from_secret_bytes(os.urandom(32))
say('Sending pubkeys to Bob')
send('pubkeys', (alice_btc_key.pub, alice_elt_exit_key.pub))
say('Sending the blinding key to Bob')
send('blinding_key', blinding_key.secret_bytes)
(contract_pubkey_raw, bob_elt_pubkey_raw,
bob_btc_exit_pub_raw) = recv('pubkeys')
say("Pubkey of the key to be revealed: {}".format(
b2x(contract_pubkey_raw)))
say("Bob's Elements-side pubkey: {}".format(b2x(bob_elt_pubkey_raw)))
contract_pubkey = CPubKey(contract_pubkey_raw)
key_to_reveal_pub = CPubKey.add(contract_pubkey, blinding_key.pub)
elt_contract = make_elt_cntract(key_to_reveal_pub, bob_elt_pubkey_raw,
alice_elt_exit_key.pub)
elt_contract_addr = P2SHCoinAddress.from_redeemScript(elt_contract)
confidential_contract_addr = P2SHCoinConfidentialAddress.from_unconfidential(
elt_contract_addr, blinding_key.pub)
assert isinstance(confidential_contract_addr, CElementsConfidentialAddress)
say("Created Elemets-side swap contract, size: {}".format(
len(elt_contract)))
say("Contract address:\n\tconfidential: {}\n\tunconfidential: {}".format(
confidential_contract_addr, elt_contract_addr))
btc_txid = recv('btc_txid')
combined_btc_spend_pubkey = CPubKey.add(contract_pubkey, alice_btc_key.pub)
btc_contract = make_btc_contract(combined_btc_spend_pubkey,
bob_btc_exit_pub_raw)
tx_json = btc_rpc.getrawtransaction(btc_txid, 1)
if tx_json['confirmations'] < 6:
die('Transaction does not have enough confirmations')
# We use ChainParams, and not P2WSHBitcoinAddress here,
# because bitcoin_chain_name might be 'bitcoin/regtest', for example,
# and then the address would need to be P2WSHBitcoinRegtestAddress.
# with ChainParams we leverage the 'frontend class' magic, P2WSHCoinAddress
# will give us appropriate instance.
with ChainParams(bitcoin_chain_name):
btc_contract_addr = P2WSHCoinAddress.from_redeemScript(btc_contract)
say('Looking for this address in transaction {} in Bitcoin'.format(
btc_txid))
# CTransaction subclasses do not change between mainnet/testnet/regtest,
# so we can directly use CBitcoinTransaction.
# That might not be true for other chains, though.
# You might also want to use CTransaction within `with ChainParams(...):`
btc_tx = CBitcoinTransaction.deserialize(x(tx_json['hex']))
for n, vout in enumerate(btc_tx.vout):
if vout.scriptPubKey == btc_contract_addr.to_scriptPubKey():
say("Found the address at output {}".format(n))
btc_vout_n = n
break
else:
die('Did not find contract address in transaction')
if vout.nValue != coins_to_satoshi(pre_agreed_amount):
die('the amount {} found at the output in the offered transaction '
'does not match the expected amount {}'.format(
satoshi_to_coins(vout.nValue), pre_agreed_amount))
say('Bitcoin amount match expected values')
say('Sending {} to {}'.format(pre_agreed_amount,
confidential_contract_addr))
contract_txid = elt_rpc.sendtoaddress(str(confidential_contract_addr),
pre_agreed_amount)
def alice_last_wish_func():
try_reclaim_elt(say, elt_rpc, contract_txid, elt_contract,
alice_elt_exit_key, blinding_key, die)
last_wish_func = alice_last_wish_func
wait_confirm(say, 'Elements', contract_txid, die, elt_rpc, num_confirms=2)
send('elt_txid', contract_txid)
sr_txid = wait_spend_reveal_transaction(say, contract_txid, die, elt_rpc)
say('Got txid for spend-reveal transaction from Bob ({})'.format(sr_txid))
tx_json = elt_rpc.getrawtransaction(sr_txid, 1)
wait_confirm(say, 'Elements', sr_txid, die, elt_rpc, num_confirms=2)
sr_tx = CTransaction.deserialize(x(tx_json['hex']))
for n, vin in enumerate(sr_tx.vin):
if vin.prevout.hash == lx(contract_txid)\
and vin.scriptSig[-(len(elt_contract)):] == elt_contract:
say('Transaction input {} seems to contain a script '
'we can recover the key from'.format(n))
reveal_script_iter = iter(vin.scriptSig)
break
else:
die('Spend-reveal transaction does not have input that spends '
'the contract output')
next(reveal_script_iter) # skip Bob's spend signature
try:
# 2 skipped bytes are tag and len
sig_s = ecdsa.util.string_to_number(next(reveal_script_iter)[2:])
except (ValueError, StopIteration):
die('Reveal script is invalid')
k, r = get_known_k_r()
order = ecdsa.SECP256k1.order
mhash = ecdsa.util.string_to_number(hashlib.sha256(b'\x01').digest())
r_inverse = ecdsa.numbertheory.inverse_mod(r, order)
for s in (-sig_s, sig_s):
secret_exponent = (((s * k - mhash) % order) * r_inverse) % order
recovered_key = CKey.from_secret_bytes(
ecdsa.util.number_to_string(secret_exponent, order))
if recovered_key.pub == key_to_reveal_pub:
break
else:
die('Key recovery failed. Should not happen - the sig was already '
'verified when transaction was accepted into mempool. '
'Must be a bug.')
say('recovered key pubkey: {}'.format(b2x(recovered_key.pub)))
contract_key = CKey.sub(recovered_key, blinding_key)
say('recovered unblined key pubkey: {}'.format(b2x(contract_key.pub)))
combined_btc_spend_key = CKey.add(contract_key, alice_btc_key)
say('Successfully recovered the key. Can now spend Bitcoin from {}'.format(
btc_contract_addr))
with ChainParams(bitcoin_chain_name):
dst_addr = CCoinAddress(btc_rpc.getnewaddress())
btc_claim_tx = create_btc_spend_tx(dst_addr,
btc_txid,
btc_vout_n,
btc_contract,
spend_key=combined_btc_spend_key)
say('Sending my Bitcoin-claim transaction')
btc_claim_txid = btc_rpc.sendrawtransaction(b2x(btc_claim_tx.serialize()))
wait_confirm(say, 'Bitcoin', btc_claim_txid, die, btc_rpc, num_confirms=3)
say('Got my Bitcoin. Swap successful!')
scriptSig = next_scriptSig
redeemScript = next_redeemScript
else:
padded_lines = []
if scriptSig is not None and redeemScript is not None:
scripts.append((scriptSig, redeemScript))
else:
assert scriptSig is None and redeemScript is None
# pay to the redeemScripts to make them spendable
# the 41 accounts for the size of the CTxIn itself
payments = {
str(P2SHCoinAddress.from_redeemScript(redeemScript)): int(
round(((len(scriptSig) + 41) / 1000 * args.fee_per_kb) *
CoreCoinParams.COIN))
for scriptSig, redeemScript in scripts
}
prevouts_by_scriptPubKey = None
if not args.dryrun:
txid = rpc.sendmany(
'', {
adr: float(float(amount) / CoreCoinParams.COIN)
for adr, amount in payments.items()
}, 0)
logging.info('Sent pre-pub tx: %s' % txid)
