Time：2020-10-7

[toc]

# brief introduction

What do wallets do in bitcoin? What are the characteristics of bitcoin trading? How can we forge bitcoin transactions? Today, let’s learn about bitcoin wallets and transactions.

# The foundation of bitcoin cryptography

As we mentioned before, bitcoin is not a new technology, but a new and ingenious application of old technologies such as P2P network, distributed system, cryptography and consensus algorithm.

In the process of wallet and transaction generation and verification, cryptographic computation is needed. Here we will first introduce several cryptography technologies that will be used in bitcoin.

See more:

• A series of tutorials from introduction to abandonment of blockchain – covering cryptography, super ledger, Ethereum, Libra, bitcoin, etc
• Spring boot 2. X Series tutorials: seven days to master spring boot – continuous update
• Spring 5. X series of tutorials: meet your imagination of spring 5 – constantly updated
• Java programmer’s road to becoming an expert (2020 Edition) – continuous update, with detailed articles and tutorials

## One way hash function (hash algorithm)

Before we introduce one-way hash functions, let’s look at what situations need to be used for one-way hash functions.

If you need to download a software from a foreign website, but for various reasons, the foreign network is so slow that it is almost impossible to download several gigabytes of data. It happens that there are mirror websites in China, which can download data from China. But how to ensure that the domestic image is not tampered with? This is where the one-way hash function is needed. Generally speaking, websites will provide MD5 or Sha values as validation values.

One way hash functions have one input and one output. The input is called a message and the output is called a hash value.

The length of the hash value has nothing to do with the length of the message. Regardless of the size of the message, a fixed length hash value is calculated.

Hash algorithm has the following characteristics:

1. It can calculate a fixed length hash value based on messages of any length.
2. The calculation speed should be fast.
3. Different messages have different hash values.

This means that a small change can cause a huge change in the entire hash value.

Because the size of the hash value is fixed, it is possible that different messages produce the same hash value. This is called a collision.

The property that is difficult to discover is called anti collision. Given the hash value of a message, it must be ensured that it is difficult to find another message with the same hash value as the message.

4. One way hash functions must be unidirectional. The so-called unidirectionality refers to the nature of the message that cannot be reversed by hash value.

The hash algorithm used in bitcoin is sha256, which is one of the secure hash algorithm (SHA-1, sha-224, sha-384, sha-512 and other variants). Sha is designed by the National Security Agency (NSA) and released by the National Institute of standards and Technology (NIST). It is mainly applicable to digital signature standard Digital signature algorithm (DSA) defined in standard DSS.

Ripemd (race integrity primitives evaluation message digest) was proposed in 1996 by Hans dobbertin and others on the basis of MD4 and MD5.

## Asymmetric encryption algorithm

Asymmetric encryption algorithm is also known as public key cryptography algorithm, which encrypts and decrypts plaintext ciphertext by generating public and private keys.

Asymmetric encryption algorithm needs two keys: public key and private key. The public key and the private key are a pair. If the public key is used to encrypt the data, only the corresponding private key can be decrypted; if the private key is used to encrypt the data, only the corresponding public key can be used to decrypt. Because encryption and decryption use two different keys, this algorithm is called asymmetric encryption algorithm.

The same result can be obtained by encrypting the ciphertext in the same way that the encryption of the ciphertext is allowed. In other words, this technology enables people to carry out operations such as retrieval and comparison in encrypted data to get correct results, without decrypting the data in the whole processing process. Its significance is to solve the problem of confidentiality when entrusting data and its operations to a third party, such as the application of various cloud computing.

The ownership of bitcoin is established by digital key, bitcoin address and digital signature. The digital key is not actually stored in the network, but generated by the user and stored in a file or a simple database, called wallet. The digital key stored in the user’s wallet is completely independent of the bitcoin protocol, and can be generated and managed by the user’s wallet software without blockchain or network connection. Key implements many interesting features of bitcoin, including decentralized trust and control, Ownership Authentication and security model based on cryptographic proof.

The bitcoin wallet contains only the private key, not bitcoin. Each user has a wallet containing multiple private keys. The wallet contains a pair of private keys and public keys. Users use these private keys to sign the transaction to prove that they have the output of the transaction (that is, bitcoin in it). Bitcoin is stored in the blockchain in the form of transaction output (usually marked as Vout or txout).

If the wallet only contains a private key, what is the wallet address? The wallet address is obtained from the hash value of the public key, as shown in the following figure:

1. First, a “private key” is generated using a random number generator. Generally speaking, this is a 256 bits number. With this string of numbers, you can operate the bitcoin in the corresponding “wallet address”, so it must be stored safely.
2. The private key is processed by secp256k1 algorithm to generate a public key. Secp256k1 is an elliptic curve algorithm. When a “private key” is known, the “public key” can be calculated, but when the “public key” is known, the “private key” cannot be calculated in reverse. This is the algorithm basis to ensure the security of bitcoin.
3. Like sha256, ripemd160 is also a hash algorithm. The public key hash can be calculated from the public key, but the reverse is not feasible.
4. Connect the address version number of one byte to the header of “public key hash” (for the pubkey address of bitcoin network, this byte is “0”), and then sha256 operations are performed twice. The first four bytes of the result are used as the check value of “public key hash” and connected at its tail.
5. Code the results of the previous step with base58 (bitcoin customized version), and the “wallet address” is obtained. For example, 1a1zp1ep5qgefi2dmpftl5ttmv7divfna.

Therefore, the relationship between private key, public key and wallet address is shown in the following figure:

What do you think of the wallet address 1a1zp1ep5qgefi2dmpftl5ttmv7divfna?

Someone must be thinking, such a long string of letters and numbers is too bad to remember. Can you produce a more memorable wallet address? For example, myname is Han Meimei… What about the address at the beginning?

Of course, it’s called pretty address, but it requires a lot of computing power.

# Transactions in bitcoin

Simply put, the transaction is to inform the whole network that the holder of bitcoin has authorized the transfer of bitcoin to someone else. The new holder can re authorize and transfer it to others in the bitcoin ownership chain.

Note that there are no accounts or balances in the bitcoin world, only utxo (unspent transaction outputs) distributed in the blockchain.

How to understand this utxo? There is no account and no balance. How to calculate the amount in your wallet?

Don’t worry. Let’s come together.

In other words, in bitcoin, the transfer between bitcoin wallets is realized through transaction.

Let’s look at a standard trading process.

So the question is, where did the world’s first bitcoin come from?

A. It’s from mining. Well, our 001 transaction represents a mining process. In this transaction, the input is mining, the output number is 1, the number of BTCs is 50, and the destination address is a, which means that the 50 BTCs are given to a.

Next, a wants to send 25 BTCs to B. how to construct this transaction?

Similarly, we need an input. This input is output 1 of transaction 001, which is represented by 001.1. The output is divided into two parts. The first output number is 1, which means that 25 BTCs should be paid to B. The second output number 2 indicates that the remaining BTC should be returned to a.

You may ask, input is 50btc, two outputs add up to 45 BTCs, it seems that there are five BTCs missing? Yes, the five BTCs are the mining income for the miners.

Next, a continues to transfer money to C. in the same way, it connects the transactions one by one.

From the above example, we can see that money is actually stored in one transaction record, and the unused output is called utxo (unspent transaction outputs).

So how to ensure that the money transferred to B will not be consumed by other people? This involves the encryption of transactions.

Let’s take a single input and output as an example to understand in detail the composition of the transaction:

In the figure above, the input of the transaction is txid, that is, the transaction ID generated before and the output of which has not been spent. The output index is the output ID of the transaction.

A very important scriptsig is the validation of the input transaction, indicating that the user has transfer authority for the account.

The output is a script, which can only be spent by people who meet the conditions for the script to run. This is what scriptsig needs to verify.

Let’s take a look at how scripts do authentication.

There are two standard forms of bitcoin output. Pay to public key hash (p2pkh) and pay to script hash (p2sh). The difference between the two is that one is to output hash to public key, and the other is to output hash to any script.

In order to ensure that the output can only be spent by a specific person, it is usually directly output to the public key hash of the other party. Because only the private key owned by the other party can generate the public key hash, that is to say, only the other party can verify the output.

However, it is troublesome to know the public key hash of the other party every time. A simpler way is to output a specific hash value directly by the sender, as long as the other party can generate the hash.

The following example is a script form of P2P Kh.

The output of P2P KH is a script, in which an important value is PK hash.

How to verify it?

The verifier provides two values, one is SIG and the other is pubkey. Because the virtual machine of bitcoin is stack structured, we put these two values on the stack first.

Then call OP_. DUP copies the top PubKey, then calls OP_. Hash 160 algorithm is used to calculate the PK hash, and then the PK hash saved by the sender is put on the stack. Next, call Op_ Equiverify compared the two PK hashes.

The last step is to verify if the matching is successful.

If both are successful, it indicates that the receiver is indeed the owner of the PK hash. Then the other party can use it.

Alan Turin, who was the founder of modern computer with von Neumann, put forward the standard of judging whether the computer can actually “think” like human in 1950, which is the famous “Turing test”.

He envisions a supercomputer and a person hiding behind the scenes to answer questions from questioners who are trying to tell which is a person and which is a computer.

Turing argued that if the computer was so disguised that no one could actually distinguish it from a real person, then we could claim that the computer was as capable of thinking, or consciousness (his original word was “wisdom”).

In computability theory, if a series of rules (such as instruction set, programming language, cellular automata) can calculate the results in a certain order, it is called Turing complete.

Bitcoin scripting language is not Turing complete and has certain limitations. It has no loop statements and complex conditional control statements.

# summary

This paper introduces the concept of bitcoin wallet and transaction, I hope you can like it.