This is reminds me of Ken Shirriff's 2014 "Bitcoins the Hard Way" blog post that also used Python to build a Bitcoin transaction from scratch: http://www.righto.com/2014/02/bitcoins-hard-way-using-raw-bi...

(The subtitle of the blog is "Computer history, restoring vintage computers, IC reverse engineering, and whatever" and it is full of fascinating articles, several of which have been featured here on HN)

I'm amazed that he has time for this kind of hobby work.

If you, like me, were curious about what the secret key 1 is on the mainnet, then here you are:

       1 1BgGZ9tcN4rm9KBzDn7KprQz87SZ26SAMH https://www.blockchain.com/btc/address/1BgGZ9tcN4rm9KBzDn7KprQz87SZ26SAMH

       2 1cMh228HTCiwS8ZsaakH8A8wze1JR5ZsP  https://www.blockchain.com/btc/address/1cMh228HTCiwS8ZsaakH8A8wze1JR5ZsP
       3 1CUNEBjYrCn2y1SdiUMohaKUi4wpP326Lb https://www.blockchain.com/btc/address/1CUNEBjYrCn2y1SdiUMohaKUi4wpP326Lb
      42 1EMxdcJsfN5jwtZRVRvztDns1LgquGUTwi https://www.blockchain.com/btc/address/1EMxdcJsfN5jwtZRVRvztDns1LgquGUTwi
    1337 1DN76uuAUDY1DLxABD3JAyunhhAreJbCjT https://www.blockchain.com/btc/address/1DN76uuAUDY1DLxABD3JAyunhhAreJbCjT

Implementing things from scratch is probably the ultimate test of thorough understanding. Chapeau! On another note I am amused that Mr. Karphathys name describes exactly what he is doing in his day job.

"NIST publishes recommendations on which ones to use, but people prefer to use other curves (like secp256k1) that are less likely to have backdoors built into them"

Does this make any sense? How is a curve going to have backdoors on it? Or he means a specific implementation? Or is this a joke? I'm confused

Looks like the exercise left to the reader has been completed: https://www.blockchain.com/btc-testnet/tx/182bf9202649ded3a6...

I’ve made something similar in order to learn how everything works and made it into a python library. Everything is in pure python with no dependencies, only std lib. I’ve implemented all the crypto stuff, address generation including HD, transaction serialization and even the bitcoin script. https://github.com/mcdallas/cryptotools

One little nitpick: the checksum error probability should be more like 9 nines. The checksum contains 4 bytes, not 4 bits, and so the false positive rate should be about 1 in 2^32, not 1 in 2^4.

"The raw 25 bytes of our address though contain 1 byte for a Version (the Bitcoin “main net” is b'\x00', while the Bitcoin “test net” uses b'\x6f'), then the 20 bytes from the hash digest, and finally 4 bytes for a checksum so we can throw an error with 1 - 1/2*4 = 93.75% probability in case a user messes up typing in their Bitcoin address into some textbox."

Two days in a row I see this Karpathy name on the front page of HN on two totally unrelated subjects. It almost feels like this is simulated world and something is wrong.

"...Bitcoin is a living, breathing, developing code base that is moving forward with new features to continue to scale..."

There is exactly zero progress to make it scale in the last 10+ years.

In python 3.9 you don't need to implement extended euclidean and inv, you can just do `pow(x, -1, mod)`

Kind of surprised Andrej has time to work on anything besides self-driving cars

> We don’t just get to share code, we get to share a running computer, and anyone anywhere can use it in an open and permissionless manner

Can someone explain what this means? Its not explained anywhere in the post.

Bitcoin is surprisingly easy, I'm currently working on a similar thing, but in Pharo/Smalltalk (I took it up as a project to learn Pharo). It's been pretty nice so far.

I wonder how strong would Elliptic Curve Cryptography be compared to other methods if there is a major breakthrough in quantum computing.

Andrej is an excellent teacher. I got into ML because of his blogs and Stanford's CS231n course (which he also started).

  # secret_key = random.randrange(1, bitcoin_gen.n) # this is how you _would_ do it

Taking this opportunity to promote my side project codeamigo and a tutorial I wrote for building your own Bitcoin wallet https://codeamigo.dev/lessons/start/53

Does this blog entry hang Brave on Android for anyone else? Happens on two phones for me.

That’s neat, as a case study for implementation at the very least. Thanks!

Great post. One day someone will do Bitcoin from scratch in Scratch

Super interesting and informative, I learned lots that I didn't already know. Who are the cryptominers on the testnet btw?

His implementation is missing Taproot :)

I wish people would put this much effort into learning git, which is actually useful. It's very similar.

This is great, love it.

Bitcoin is taking up all the water

This dude writes stuff hitting the sweet spot!

In Step 1, he explains how to create a cryptographic identity- the private public key pair. I came across an argument that a number cannot be property or owned because you can't legally own a number. If this is true then you can't own UTXOs associated with a private key or a cryptographic identity.

I do think that bitcoin is fundamentally too complicated to understand, mathematically, for most people- myself included. I would argue everyone needs to do this exercise, from scratch, and also understand what they are doing (the math), to have confidence in bitcoin payment network. Anyone who thinks you don't need to get it is most likely in it for speculation alone.

With something so abstract like bitcoin, it has a much larger uphill battle for understanding than a physical commodity like Gold, the precursor of paper dollars.

That's a lot of upvotes. Do you folks really spend hours going through the whole blog post? I for one can never go through the whole blog post. My brain would be shouting at me the whole time to work on something that can generate passive recurring revenue instead.