ELI5: How do I programmatically create a Segwit transaction? \ stacker news ~bitcoin

ELI5: How do I programmatically create a Segwit transaction?

162 sats \ 8 comments \ @Zenul_Abidin 20 Jan bitcoin_beginners

And in particular, how do I make the sighash, also called preimage?

I know BIP143 has a lot of details on this, but I am personally having trouble creating valid transactions by following it.

Step-by-step guides in the style of https://medium.com/coinmonks/creating-and-signing-a-segwit-transaction-from-scratch-ec98577b526a are appreciated.

view all related items

100 sats \ 0 replies \ @btc101 25 Jan

The step-by-step guide mentioned in original post contains good enough info. The usage of the term "sighash" in original post seems to be incorrect. The appearance of "sighash" in the guide is what sighash usually mean.

To spend P2WPKH UTXO, the signature required is on the 10 items shown in Section 4. Just before Section 4.1.1, it lists out the exact message to be signed.

02000000
99197e88ff743aff3e453e3a7b745abd31937ccbd56f96a179266eba786833e6
82a7d5bb59fc957ff7f737ca0b8be713c705d6173783ad5edb067819bed70be8
9cb872539fbe1bc0b9c5562195095f3f35e6e13919259956c6263c9bd53b20b7 01000000
1976a914594c2e3da92d1904f7e7c856220f8cae5efb556488ac
5424000000000000
ffffffff
f3ae23c3fd63a2e0479888f95c7a8ab221b20add6ac819e9d8953edd1a0cd924
00000000
01000000

Double SHA-256 the above and you get 4876161197833dd58a1a2ba20728633677f38b9a7513a4d7d3714a7f7d3a1fa2 Assuming you use libsecp256k1, this is the byte array msghash32 for secp256k1_ecdsa_sign and secp256k1_ecdsa_verify. 48 is at offset 0, a2 is at offset 31.

In ECDSA page of Wikipedia, there is a mention of e=HASH(m). In signing P2WPKH spend, e=double_sha256(10 items). This means e=4876161197833dd58a1a2ba20728633677f38b9a7513a4d7d3714a7f7d3a1fa2 48 is most significant byte, a2 is least significant byte.

The following checks out as valid ECDSA signature.

seckey=26f85ce8b2c635ad92f6148e4443fe415f512f3f29f44ab0e2cbda819295bbd5
pubkey=02 5972a1f2532b44348501075075b31eb21c02eef276b91db99d30703f2081b773
msghash32=4876161197833dd58a1a2ba20728633677f38b9a7513a4d7d3714a7f7d3a1fa2
signature(DER)=3045022100f8dac321b0429798df2952d086e763dd5b374d031c7f400d92370ae3c5f57afd0220531207b28b1b137573941c7b3cf5384a3658ef5fc238d26150d8f75b2bcc61e7

One potential confusion might arise on the signature shown in guide is because it is not deterministic and thus not reproducible. If you use libsecp256k1 which follows RFC6979 to sign, the signature would be

r=808b91ed95d3756affdb964d685bac231ff8b48a2da209824dbe5e9dcfda5e0a
s=1bee96f19c7153b89a5c0766f66df46fda4e078fd4b7704d879841b554379e7a

which is also valid.

0 sats \ 0 replies \ @spraveenitpro 21 Jan

https://medium.com/coinmonks/creating-and-signing-a-segwit-transaction-from-scratch-ec98577b526a is what came to my mind but you have it. Also the 4th chapter of Mastering Bitcoin addresses this I believe.

0 sats \ 1 reply \ @random_ 20 Jan

https://github.com/BlockchainCommons/Learning-Bitcoin-from-the-Command-Line/blob/master/04_6_Creating_a_Segwit_Transaction.md#send-a-segwit-transaction-the-hard-way

0 sats \ 0 replies \ @Zenul_Abidin OP 21 Jan

A friend also sent me this snippet and while I will check it out, I'm not sure if it shows the sighash before creating the signature, which would be invaluable in finding exactly what is wrong with my version.

0 sats \ 3 replies \ @siggy47 20 Jan

@C_Otto is here. You can ask him!

515 sats \ 2 replies \ @C_Otto 20 Jan

I have no idea, though.

0 sats \ 1 reply \ @siggy47 20 Jan

Oops! Perhaps this post shouldn't be in bitcoin beginners.

282 sats \ 0 replies \ @Zenul_Abidin OP 21 Jan

I'm not sure if there is a bitcoin-dev section here but maybe that would've been more helpful.