diff --git a/lightningd/test/Makefile b/lightningd/test/Makefile
index e211e1ede..f6935e7e9 100644
--- a/lightningd/test/Makefile
+++ b/lightningd/test/Makefile
@@ -33,3 +33,5 @@ lightningd-test-shutdown-2: lightningd-test-2-basic\ --reconnect
 	VARIANT=2 daemon/test/scripts/shutdown.sh
 
 lightningd-blackbox-tests: lightningd-test-shutdown-0 #lightningd-test-shutdown-1 lightningd-test-shutdown-2
+
+check-source-bolt: $(LIGHTNINGD_TEST_SRC:%=bolt-check/%)
diff --git a/lightningd/test/run-commit_tx.c b/lightningd/test/run-commit_tx.c
new file mode 100644
index 000000000..2a4e8aee1
--- /dev/null
+++ b/lightningd/test/run-commit_tx.c
@@ -0,0 +1,829 @@
+#include "../key_derive.c"
+#include <inttypes.h>
+#include <stdio.h>
+#include <type_to_string.h>
+static bool print_superverbose;
+#define SUPERVERBOSE(...)					\
+	do { if (print_superverbose) printf(__VA_ARGS__); } while(0)
+#include "../commit_tx.c"
+#include "../htlc_tx.c"
+#include <bitcoin/preimage.h>
+#include <bitcoin/privkey.h>
+#include <bitcoin/pubkey.h>
+#include <ccan/str/hex/hex.h>
+#include <type_to_string.h>
+
+static struct sha256 sha256_from_hex(const char *hex)
+{
+	struct sha256 sha256;
+	if (strstarts(hex, "0x"))
+		hex += 2;
+	if (!hex_decode(hex, strlen(hex), &sha256, sizeof(sha256)))
+		abort();
+	return sha256;
+}
+
+/* bitcoind loves its backwards txids! */
+static struct sha256_double txid_from_hex(const char *hex)
+{
+	struct sha256_double sha256;
+	struct sha256 rev = sha256_from_hex(hex);
+	size_t i;
+
+	for (i = 0; i < sizeof(rev); i++)
+		sha256.sha.u.u8[sizeof(sha256) - 1 - i] = rev.u.u8[i];
+	return sha256;
+}
+
+static struct privkey privkey_from_hex(const char *hex)
+{
+	struct privkey pk;
+	size_t len;
+	if (strstarts(hex, "0x"))
+		hex += 2;
+	len = strlen(hex);
+	/* BOLT #3:
+	 *
+	 * private keys are displayed as 32 bytes plus a trailing 1 (bitcoin's
+	 * convention for "compressed" private keys, i.e. keys for which the
+	 * public key is compressed)
+	 */
+	if (len == 66 && strends(hex, "01"))
+		len -= 2;
+	if (!hex_decode(hex, len, &pk, sizeof(pk)))
+		abort();
+	return pk;
+}
+
+/* BOLT #3:
+ *
+ *    htlc 0 direction: remote->local
+ *    htlc 0 amount_msat: 1000000
+ *    htlc 0 expiry: 500
+ *    htlc 0 payment_preimage: 0000000000000000000000000000000000000000000000000000000000000000
+ *    htlc 1 direction: remote->local
+ *    htlc 1 amount_msat: 2000000
+ *    htlc 1 expiry: 501
+ *    htlc 1 payment_preimage: 0101010101010101010101010101010101010101010101010101010101010101
+ *    htlc 2 direction: local->remote
+ *    htlc 2 amount_msat: 2000000
+ *    htlc 2 expiry: 502
+ *    htlc 2 payment_preimage: 0202020202020202020202020202020202020202020202020202020202020202
+ *    htlc 3 direction: local->remote
+ *    htlc 3 amount_msat: 3000000
+ *    htlc 3 expiry: 503
+ *    htlc 3 payment_preimage: 0303030303030303030303030303030303030303030303030303030303030303
+ *    htlc 4 direction: remote->local
+ *    htlc 4 amount_msat: 4000000
+ *    htlc 4 expiry: 504
+ *    htlc 4 payment_preimage: 0404040404040404040404040404040404040404040404040404040404040404
+ */
+static const struct htlc **setup_htlcs(const tal_t *ctx)
+{
+	const struct htlc **htlcs = tal_arr(ctx, const struct htlc *, 5);
+	int i;
+
+	for (i = 0; i < 5; i++) {
+		struct htlc *htlc = tal(htlcs, struct htlc);
+
+		htlc->id = i;
+		switch (i) {
+		case 0:
+			htlc->state = RCVD_ADD_ACK_REVOCATION;
+			htlc->msatoshi = 1000000;
+			break;
+		case 1:
+			htlc->state = RCVD_ADD_ACK_REVOCATION;
+			htlc->msatoshi = 2000000;
+			break;
+		case 2:
+			htlc->state = SENT_ADD_ACK_REVOCATION;
+			htlc->msatoshi = 2000000;
+			break;
+		case 3:
+			htlc->state = SENT_ADD_ACK_REVOCATION;
+			htlc->msatoshi = 3000000;
+			break;
+		case 4:
+			htlc->state = RCVD_ADD_ACK_REVOCATION;
+			htlc->msatoshi = 4000000;
+			break;
+		}
+		
+			
+		if (i == 0 || i == 1 || i == 4) {
+			/* direction: remote->local */
+			
+		} else {
+			/* direction: local->remote */
+			htlc->state = SENT_ADD_ACK_REVOCATION;
+		}
+		htlc->expiry.locktime = 500 + i;
+		htlc->r = tal(htlc, struct preimage);
+		memset(htlc->r, i, sizeof(*htlc->r));
+		sha256(&htlc->rhash, htlc->r, sizeof(*htlc->r));
+		htlcs[i] = htlc;
+	}
+	return htlcs;
+}
+
+#if 0
+static struct pubkey pubkey_from_hex(const char *hex)
+{
+	struct pubkey pubkey;
+
+	if (strstarts(hex, "0x"))
+		hex += 2;
+	if (!pubkey_from_hexstr(hex, strlen(hex), &pubkey))
+		abort();
+	return pubkey;
+}
+#endif
+
+static void report_htlcs(const struct bitcoin_tx *tx,
+			 const struct htlc **htlc_map,
+			 u16 to_self_delay,
+			 const struct privkey *local_secretkey,
+			 const struct pubkey *localkey,
+			 const struct pubkey *local_delayedkey,
+			 const struct privkey *x_remote_secretkey,
+			 const struct pubkey *remotekey,
+			 const struct pubkey *local_revocation_key,
+			 u64 feerate_per_kw)
+{
+	tal_t *tmpctx = tal_tmpctx(NULL);
+	size_t i, n;
+	struct sha256_double txid;
+	struct bitcoin_tx **htlc_tx;
+	secp256k1_ecdsa_signature *remotesig;
+	u8 **wscript;
+
+	htlc_tx = tal_arrz(tmpctx, struct bitcoin_tx *, tal_count(htlc_map));
+	remotesig = tal_arr(tmpctx, secp256k1_ecdsa_signature,
+			    tal_count(htlc_map));
+	wscript = tal_arr(tmpctx, u8 *, tal_count(htlc_map));
+
+	bitcoin_txid(tx, &txid);
+
+	/* First report remote signatures, in order we would receive them. */
+	n = 0;
+	for (i = 0; i < tal_count(htlc_map); i++)
+		n += (htlc_map[i] != NULL);
+
+	printf("num_htlcs: %zu\n", n);
+
+	for (i = 0; i < tal_count(htlc_map); i++) {
+		const struct htlc *htlc = htlc_map[i];
+
+		if (!htlc)
+			continue;
+
+		if (htlc_owner(htlc) == LOCAL) {
+			htlc_tx[i] = htlc_timeout_tx(htlc_tx, &txid, i,
+						     htlc, to_self_delay,
+						     local_revocation_key,
+						     local_delayedkey,
+						     feerate_per_kw);
+			wscript[i] = bitcoin_wscript_htlc_offer(tmpctx,
+								localkey,
+								remotekey,
+								&htlc->rhash);
+		} else {
+			htlc_tx[i] = htlc_success_tx(htlc_tx, &txid, i,
+						     htlc, to_self_delay,
+						     local_revocation_key,
+						     local_delayedkey,
+						     feerate_per_kw);
+			wscript[i] = bitcoin_wscript_htlc_receive(tmpctx,
+								  &htlc->expiry,
+								  localkey,
+								  remotekey,
+								  &htlc->rhash);
+		}
+		sign_tx_input(htlc_tx[i], 0,
+			      NULL,
+			      wscript[i],
+			      x_remote_secretkey, remotekey,
+			      &remotesig[i]);
+		printf("# signature for output %zi (htlc %zu)\n", i, htlc->id);
+		printf("remote_htlc_signature = %s\n",
+		       type_to_string(tmpctx, secp256k1_ecdsa_signature,
+				      &remotesig[i]));
+	}
+
+	/* For any HTLC outputs, produce htlc_tx */
+	for (i = 0; i < tal_count(htlc_map); i++) {
+		secp256k1_ecdsa_signature localsig;
+		const struct htlc *htlc = htlc_map[i];
+
+		if (!htlc)
+			continue;
+
+		sign_tx_input(htlc_tx[i], 0,
+			      NULL,
+			      wscript[i],
+			      local_secretkey, localkey,
+			      &localsig);
+		printf("# local_signature = %s\n",
+		       type_to_string(tmpctx, secp256k1_ecdsa_signature,
+				      &localsig));
+		if (htlc_owner(htlc) == LOCAL) {
+			htlc_timeout_tx_add_witness(htlc_tx[i],
+						    localkey, remotekey,
+						    &htlc->rhash,
+						    &localsig, &remotesig[i]);
+		} else {
+			htlc_success_tx_add_witness(htlc_tx[i],
+						    &htlc->expiry,
+						    localkey, remotekey,
+						    &localsig, &remotesig[i],
+						    htlc->r);
+		}
+		printf("output htlc_%s_tx %"PRIu64": %s\n",
+		       htlc_owner(htlc) == LOCAL ? "timeout" : "success",
+		       htlc->id,
+		       tal_hex(tmpctx, linearize_tx(tmpctx, htlc_tx[i])));
+	}
+	tal_free(tmpctx);
+}
+
+static void report(struct bitcoin_tx *tx,
+		   const u8 *wscript,
+		   const struct privkey *x_remote_funding_privkey,
+		   const struct pubkey *remote_funding_pubkey,
+		   const struct privkey *local_funding_privkey,
+		   const struct pubkey *local_funding_pubkey,
+		   u16 to_self_delay,
+		   const struct privkey *local_secretkey,
+		   const struct pubkey *localkey,
+		   const struct pubkey *local_delayedkey,
+		   const struct privkey *x_remote_secretkey,
+		   const struct pubkey *remotekey,
+		   const struct pubkey *local_revocation_key,
+		   u64 feerate_per_kw,
+		   const struct htlc **htlc_map)
+{
+	tal_t *tmpctx = tal_tmpctx(NULL);
+	char *txhex;
+	secp256k1_ecdsa_signature localsig, remotesig;
+
+	sign_tx_input(tx, 0,
+		      NULL,
+		      wscript,
+		      x_remote_funding_privkey, remote_funding_pubkey,
+		      &remotesig);
+	printf("remote_signature = %s\n",
+	       type_to_string(tmpctx, secp256k1_ecdsa_signature, &remotesig));
+	sign_tx_input(tx, 0,
+		      NULL,
+		      wscript,
+		      local_funding_privkey, local_funding_pubkey,
+		      &localsig);
+	printf("# local_signature = %s\n",
+	       type_to_string(tmpctx, secp256k1_ecdsa_signature, &localsig));
+	tx->input[0].witness = bitcoin_witness_2of2(tx->input,
+						    &localsig, &remotesig,
+						    local_funding_pubkey,
+						    remote_funding_pubkey);
+	txhex = tal_hex(tmpctx, linearize_tx(tx, tx));
+	printf("output commit_tx: %s\n", txhex);
+
+	report_htlcs(tx, htlc_map, to_self_delay,
+		     local_secretkey, localkey,
+		     local_delayedkey,
+		     x_remote_secretkey,
+		     remotekey,
+		     local_revocation_key,
+		     feerate_per_kw);
+	tal_free(tmpctx);
+}
+
+#ifdef DEBUG
+static u64 calc_fee(const struct bitcoin_tx *tx, u64 input_satoshi)
+{
+	size_t i;
+	u64 output_satoshi = 0;
+
+	for (i = 0; i < tal_count(tx->output); i++)
+		output_satoshi += tx->output[i].amount;
+
+	return input_satoshi - output_satoshi;
+}
+
+/* For debugging, we do brute-force increase to find thresholds */
+static u64 increase(u64 feerate_per_kw)
+{
+	return feerate_per_kw + 1;
+}
+#else
+static u64 increase(u64 feerate_per_kw)
+{
+	switch (feerate_per_kw) {
+	case 0:
+		return 679;
+	case 679:
+		return 2169;
+	case 2169:
+		return 2295;
+	case 2295:
+		return 3873;
+	case 3873:
+		return 5150;
+	case 5150:
+		return 9651181;
+	default:
+		abort();
+	}
+}
+#endif
+
+int main(void)
+{
+	tal_t *tmpctx = tal_tmpctx(NULL);
+	struct sha256_double funding_txid;
+	u64 funding_amount_satoshi, dust_limit_satoshi, feerate_per_kw;
+	u16 to_self_delay;
+	/* x_ prefix means internal vars we used to derive spec */
+	struct privkey local_funding_privkey, x_remote_funding_privkey;
+	struct privkey x_local_payment_basepoint_secret, x_remote_payment_basepoint_secret;
+	struct privkey x_local_per_commitment_secret, x_remote_per_commitment_secret;
+	struct privkey x_local_delayed_payment_basepoint_secret;
+	struct privkey x_local_revocation_basepoint_secret;
+	struct privkey local_secretkey, x_remote_secretkey;
+	struct privkey x_local_delayed_secretkey;
+	struct pubkey local_funding_pubkey, remote_funding_pubkey;
+	struct pubkey local_payment_basepoint, remote_payment_basepoint;
+	struct pubkey x_local_delayed_payment_basepoint;
+	struct pubkey x_local_revocation_basepoint;
+	struct pubkey x_local_per_commitment_point,
+		x_remote_per_commitment_point;
+	struct pubkey localkey, remotekey, tmpkey;
+	struct pubkey local_delayedkey;
+	struct pubkey local_revocation_key;
+	struct bitcoin_tx *tx;
+	u8 *wscript;
+	unsigned int funding_output_index;
+	u64 commitment_number, cn_obscurer, to_local_msat, to_remote_msat;
+	const struct htlc **htlcs = setup_htlcs(tmpctx), **htlc_map;
+
+	secp256k1_ctx = secp256k1_context_create(SECP256K1_CONTEXT_VERIFY
+						 | SECP256K1_CONTEXT_SIGN);
+
+	/* BOLT #3:
+	 *
+	 * # Appendix C: Commitment and HTLC Transaction Test Vectors
+	 * 
+	 * In the following:
+	 * - we consider *local* transactions, which implies that all payments
+         *    to *local* are delayed
+	 * - we assume that *local* is the funder
+	 * - private keys are displayed as 32 bytes plus a trailing 1
+         *    (bitcoin's convention for "compressed" private keys, i.e. keys
+         *    for which the public key is compressed)
+	 *
+	 * - transaction signatures are all deterministic, using
+         *    RFC6979 (using HMAC-SHA256)
+	 * 
+	 * We start by defining common basic parameters for each test vector:
+	 * the HTLCs are not used for the first "simple commitment tx with no
+	 * HTLCs" test.
+	 * 
+	 *     funding_tx_id: 8984484a580b825b9972d7adb15050b3ab624ccd731946b3eeddb92f4e7ef6be
+	 *     funding_output_index: 0
+	 *     funding_amount_satoshi: 10000000
+	 *     commitment_number: 42
+	 *     local_delay: 144
+	 *     local_dust_limit_satoshi: 546
+	 */
+	funding_txid = txid_from_hex("8984484a580b825b9972d7adb15050b3ab624ccd731946b3eeddb92f4e7ef6be");
+	funding_output_index = 0;
+	funding_amount_satoshi = 10000000;
+	commitment_number = 42;
+	to_self_delay = 144;
+	dust_limit_satoshi = 546;
+
+#ifdef DEBUG
+	print_superverbose = true;
+#endif
+
+	/* BOLT #3:
+	 *
+	 * <!-- We derive the test vector values as per Key Derivation, though
+	 * it's not required for this test.  They're included here for
+	 * completeness and in case someone wants to reproduce the test
+	 * vectors themselves:
+         * 
+         * INTERNAL: remote_funding_privkey: 1552dfba4f6cf29a62a0af13c8d6981d36d0ef8d61ba10fb0fe90da7634d7e130101
+         * INTERNAL: local_payment_basepoint_secret: 111111111111111111111111111111111111111111111111111111111111111101
+         * INTERNAL: local_revocation_basepoint_secret: 222222222222222222222222222222222222222222222222222222222222222201
+         * INTERNAL: local_delayed_payment_basepoint_secret: 333333333333333333333333333333333333333333333333333333333333333301
+         * INTERNAL: remote_payment_basepoint_secret: 444444444444444444444444444444444444444444444444444444444444444401
+         * x_local_per_commitment_secret: 1f1e1d1c1b1a191817161514131211100f0e0d0c0b0a0908070605040302010001
+         * INTERNAL: remote_per_commit_secret: 444444444444444444444444444444444444444444444444444444444444444401
+         * # From local_revocation_basepoint_secret
+         * INTERNAL: local_revocation_basepoint: 02466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f27
+         * # From local_delayed_payment_basepoint_secret
+         * INTERNAL: local_delayed_payment_basepoint: 023c72addb4fdf09af94f0c94d7fe92a386a7e70cf8a1d85916386bb2535c7b1b1
+         * INTERNAL: local_per_commitment_point: 025f7117a78150fe2ef97db7cfc83bd57b2e2c0d0dd25eaf467a4a1c2a45ce1486
+         * INTERNAL: remote_per_commitment_point: 022c76692fd70814a8d1ed9dedc833318afaaed8188db4d14727e2e99bc619d325
+         * INTERNAL: remote_secretkey: 839ad0480cde69fc721fb8e919dcf20bc4f2b3374c7b27ff37f200ddfa7b0edb01
+         * # From local_delayed_payment_basepoint_secret, local_per_commitment_point and local_delayed_payment_basepoint
+         * INTERNAL: local_delayed_secretkey: adf3464ce9c2f230fd2582fda4c6965e4993ca5524e8c9580e3df0cf226981ad01
+	 */
+	local_funding_privkey = privkey_from_hex("30ff4956bbdd3222d44cc5e8a1261dab1e07957bdac5ae88fe3261ef321f374901");
+	x_remote_funding_privkey = privkey_from_hex("1552dfba4f6cf29a62a0af13c8d6981d36d0ef8d61ba10fb0fe90da7634d7e1301");
+	SUPERVERBOSE("INTERNAL: remote_funding_privkey: %s01\n",
+		     type_to_string(tmpctx, struct privkey,
+				    &x_remote_funding_privkey));
+	x_local_payment_basepoint_secret = privkey_from_hex("1111111111111111111111111111111111111111111111111111111111111111");
+	SUPERVERBOSE("INTERNAL: local_payment_basepoint_secret: %s\n",
+		     type_to_string(tmpctx, struct privkey,
+				    &x_local_payment_basepoint_secret));
+	x_local_revocation_basepoint_secret = privkey_from_hex("2222222222222222222222222222222222222222222222222222222222222222");
+	SUPERVERBOSE("INTERNAL: local_revocation_basepoint_secret: %s\n",
+		     type_to_string(tmpctx, struct privkey,
+				    &x_local_revocation_basepoint_secret));
+	x_local_delayed_payment_basepoint_secret = privkey_from_hex("3333333333333333333333333333333333333333333333333333333333333333");
+	SUPERVERBOSE("INTERNAL: local_delayed_payment_basepoint_secret: %s\n",
+		     type_to_string(tmpctx, struct privkey,
+				    &x_local_delayed_payment_basepoint_secret));
+	x_remote_payment_basepoint_secret = privkey_from_hex("4444444444444444444444444444444444444444444444444444444444444444");
+	SUPERVERBOSE("INTERNAL: remote_payment_basepoint_secret: %s\n",
+		     type_to_string(tmpctx, struct privkey,
+				    &x_remote_payment_basepoint_secret));
+	x_local_per_commitment_secret = privkey_from_hex("0x1f1e1d1c1b1a191817161514131211100f0e0d0c0b0a09080706050403020100");
+	SUPERVERBOSE("x_local_per_commitment_secret: %s\n",
+		     type_to_string(tmpctx, struct privkey,
+				    &x_local_per_commitment_secret));
+	x_remote_per_commitment_secret = privkey_from_hex("0x0f0e0d0c0b0a090807060504030201001f1e1d1c1b1a19181716151413121110");
+	SUPERVERBOSE("INTERNAL: remote_per_commit_secret: %s\n",
+		     type_to_string(tmpctx, struct privkey,
+				    &x_remote_payment_basepoint_secret));
+
+	if (!pubkey_from_privkey(&x_local_revocation_basepoint_secret,
+				 &x_local_revocation_basepoint))
+		abort();
+	SUPERVERBOSE("# From local_revocation_basepoint_secret\n"
+		     "INTERNAL: local_revocation_basepoint: %s\n",
+		     type_to_string(tmpctx, struct pubkey,
+				    &x_local_revocation_basepoint));
+
+	if (!pubkey_from_privkey(&x_local_delayed_payment_basepoint_secret,
+				 &x_local_delayed_payment_basepoint))
+		abort();
+	SUPERVERBOSE("# From local_delayed_payment_basepoint_secret\n"
+		     "INTERNAL: local_delayed_payment_basepoint: %s\n",
+		     type_to_string(tmpctx, struct pubkey,
+				    &x_local_delayed_payment_basepoint));
+
+	if (!pubkey_from_privkey(&x_local_per_commitment_secret,
+				 &x_local_per_commitment_point))
+		abort();
+	SUPERVERBOSE("INTERNAL: local_per_commitment_point: %s\n",
+		     type_to_string(tmpctx, struct pubkey,
+				    &x_local_per_commitment_point));
+
+	if (!pubkey_from_privkey(&x_remote_per_commitment_secret,
+				 &x_remote_per_commitment_point))
+		abort();
+	SUPERVERBOSE("INTERNAL: remote_per_commitment_point: %s\n",
+		     type_to_string(tmpctx, struct pubkey,
+				    &x_remote_per_commitment_point));
+
+	if (!pubkey_from_privkey(&x_local_payment_basepoint_secret,
+				 &local_payment_basepoint))
+		abort();
+
+	if (!pubkey_from_privkey(&x_remote_payment_basepoint_secret,
+				 &remote_payment_basepoint))
+		abort();
+
+	if (!derive_simple_privkey(&x_remote_payment_basepoint_secret,
+				   &remote_payment_basepoint,
+				   &x_remote_per_commitment_point,
+				   &x_remote_secretkey))
+		abort();
+	SUPERVERBOSE("INTERNAL: remote_secretkey: %s\n",
+		     type_to_string(tmpctx, struct privkey, &x_remote_secretkey));
+
+	if (!derive_simple_privkey(&x_local_delayed_payment_basepoint_secret,
+				   &x_local_delayed_payment_basepoint,
+				   &x_local_per_commitment_point,
+				   &x_local_delayed_secretkey))
+		abort();
+	SUPERVERBOSE("# From local_delayed_payment_basepoint_secret, local_per_commitment_point and local_delayed_payment_basepoint\n"
+		     "INTERNAL: local_delayed_secretkey: %s\n",
+		     type_to_string(tmpctx, struct privkey,
+				    &x_local_delayed_secretkey));
+
+	/* These two needed to calculate obscuring factor */
+	printf("local_payment_basepoint: %s\n",
+	       type_to_string(tmpctx, struct pubkey, &local_payment_basepoint));
+	printf("remote_payment_basepoint: %s\n",
+	       type_to_string(tmpctx, struct pubkey,&remote_payment_basepoint));
+	cn_obscurer = commit_number_obscurer(&local_payment_basepoint,
+					     &remote_payment_basepoint);
+	printf("# obscured commitment transaction number = 0x%"PRIx64" ^ %"PRIu64"\n",
+	       cn_obscurer, commitment_number);
+
+
+	printf("local_funding_privkey: %s01\n",
+	       type_to_string(tmpctx, struct privkey, &local_funding_privkey));
+	if (!pubkey_from_privkey(&local_funding_privkey, &local_funding_pubkey))
+		abort();
+	printf("local_funding_pubkey: %s\n",
+	       type_to_string(tmpctx, struct pubkey, &local_funding_pubkey));
+	
+	if (!pubkey_from_privkey(&x_remote_funding_privkey, &remote_funding_pubkey))
+		abort();
+	printf("remote_funding_pubkey: %s\n",
+	       type_to_string(tmpctx, struct pubkey, &remote_funding_pubkey));
+
+	if (!derive_simple_privkey(&x_local_payment_basepoint_secret,
+				   &local_payment_basepoint,
+				   &x_local_per_commitment_point,
+				   &local_secretkey))
+		abort();
+	printf("local_secretkey: %s\n",
+	       type_to_string(tmpctx, struct privkey, &local_secretkey));
+
+	if (!pubkey_from_privkey(&local_secretkey, &localkey))
+		abort();
+	if (!derive_simple_key(&local_payment_basepoint,
+			       &x_local_per_commitment_point,
+			       &tmpkey))
+		abort();
+	assert(pubkey_eq(&tmpkey, &localkey));
+	printf("localkey: %s\n",
+	       type_to_string(tmpctx, struct pubkey, &localkey));
+
+	if (!derive_simple_key(&remote_payment_basepoint,
+			       &x_remote_per_commitment_point,
+			       &remotekey))
+		abort();
+	printf("remotekey: %s\n",
+	       type_to_string(tmpctx, struct pubkey, &remotekey));
+
+
+	if (!pubkey_from_privkey(&x_local_delayed_secretkey, &local_delayedkey))
+		abort();
+	if (!derive_simple_key(&x_local_delayed_payment_basepoint,
+			       &x_local_per_commitment_point,
+			       &tmpkey))
+		abort();
+	assert(pubkey_eq(&tmpkey, &local_delayedkey));
+	printf("local_delayedkey: %s\n",
+	       type_to_string(tmpctx, struct pubkey, &local_delayedkey));
+
+	if (!derive_revocation_key(&x_local_revocation_basepoint,
+				   &x_local_per_commitment_point,
+				   &local_revocation_key))
+		abort();
+	printf("local_revocation_key: %s\n",
+	       type_to_string(tmpctx, struct pubkey, &local_revocation_key));
+
+	wscript = bitcoin_redeem_2of2(tmpctx, &local_funding_pubkey,
+				      &remote_funding_pubkey);
+	printf("# funding wscript = %s\n", tal_hex(tmpctx, wscript));
+
+	/* BOLT #3:
+	 *
+	 *    name: simple commitment tx with no HTLCs
+	 *    to_local_msat: 7000000000
+	 *    to_remote_msat: 3000000000
+	 *    feerate_per_kw: 15000
+	 */
+	to_local_msat = 7000000000;
+	to_remote_msat = 3000000000;
+	feerate_per_kw = 15000;
+	printf("\n"
+	       "name: simple commitment tx with no HTLCs\n"
+	       "to_local_msat: %"PRIu64"\n"
+	       "to_remote_msat: %"PRIu64"\n"
+	       "feerate_per_kw: %"PRIu64"\n",
+	       to_local_msat, to_remote_msat, feerate_per_kw);
+
+	print_superverbose = true;
+	tx = commit_tx(tmpctx, &funding_txid, funding_output_index,
+		       funding_amount_satoshi,
+		       LOCAL, to_self_delay,
+		       &local_revocation_key,
+		       &local_delayedkey,
+		       &localkey,
+		       &remotekey,
+		       feerate_per_kw,
+		       dust_limit_satoshi,
+		       to_local_msat,
+		       to_remote_msat,
+		       NULL, &htlc_map, commitment_number ^ cn_obscurer);
+	report(tx, wscript, &x_remote_funding_privkey, &remote_funding_pubkey,
+	       &local_funding_privkey, &local_funding_pubkey,
+	       to_self_delay,
+	       &local_secretkey,
+	       &localkey,
+	       &local_delayedkey,
+	       &x_remote_secretkey,
+	       &remotekey,
+	       &local_revocation_key,
+	       feerate_per_kw,
+	       htlc_map);
+
+	/* BOLT #3:
+	 *
+	 *    name: commitment tx with all 5 htlcs untrimmed (minimum feerate)
+	 *    to_local_msat: 6988000000
+	 *    to_remote_msat: 3000000000
+	 *    local_feerate_per_kw: 0
+	 */
+	to_local_msat = 6988000000;
+	to_remote_msat = 3000000000;
+	feerate_per_kw = 0;
+	printf("\n"
+	       "name: commitment tx with all 5 htlcs untrimmed (minimum feerate)\n"
+	       "to_local_msat: %"PRIu64"\n"
+	       "to_remote_msat: %"PRIu64"\n"
+	       "local_feerate_per_kw: %"PRIu64"\n",
+	       to_local_msat, to_remote_msat, feerate_per_kw);
+
+	print_superverbose = true;
+	tx = commit_tx(tmpctx, &funding_txid, funding_output_index,
+		       funding_amount_satoshi,
+		       LOCAL, to_self_delay,
+		       &local_revocation_key,
+		       &local_delayedkey,
+		       &localkey,
+		       &remotekey,
+		       feerate_per_kw,
+		       dust_limit_satoshi,
+		       to_local_msat,
+		       to_remote_msat,
+		       htlcs, &htlc_map, commitment_number ^ cn_obscurer);
+	report(tx, wscript, &x_remote_funding_privkey, &remote_funding_pubkey,
+	       &local_funding_privkey, &local_funding_pubkey,
+	       to_self_delay,
+	       &local_secretkey,
+	       &localkey,
+	       &local_delayedkey,
+	       &x_remote_secretkey,
+	       &remotekey,
+	       &local_revocation_key,
+	       feerate_per_kw,
+	       htlc_map);
+
+	do {
+		struct bitcoin_tx *newtx;
+
+		feerate_per_kw = increase(feerate_per_kw);
+		print_superverbose = false;
+		newtx = commit_tx(tmpctx, &funding_txid, funding_output_index,
+				  funding_amount_satoshi,
+				  LOCAL, to_self_delay,
+				  &local_revocation_key,
+				  &local_delayedkey,
+				  &localkey,
+				  &remotekey,
+				  feerate_per_kw,
+				  dust_limit_satoshi,
+				  to_local_msat,
+				  to_remote_msat,
+				  htlcs, &htlc_map,
+				  commitment_number ^ cn_obscurer);
+#ifdef DEBUG
+		if (feerate_per_kw % 100000 == 0)
+			printf("feerate_per_kw = %"PRIu64", fees = %"PRIu64"\n",
+			       feerate_per_kw, calc_fee(newtx, funding_amount_satoshi));
+		if (tal_count(newtx->output) == tal_count(tx->output)) {
+			tal_free(newtx);
+			continue;
+		}
+#endif
+		printf("\n"
+		       "name: commitment tx with %zu output%s untrimmed (maximum feerate)\n"
+		       "to_local_msat: %"PRIu64"\n"
+		       "to_remote_msat: %"PRIu64"\n"
+		       "local_feerate_per_kw: %"PRIu64"\n",
+		       tal_count(tx->output),
+		       tal_count(tx->output) > 1 ? "s" : "",
+		       to_local_msat, to_remote_msat, feerate_per_kw-1);
+		/* Recalc with verbosity on */
+		print_superverbose = true;
+		tx = commit_tx(tmpctx, &funding_txid, funding_output_index,
+			       funding_amount_satoshi,
+			       LOCAL, to_self_delay,
+			       &local_revocation_key,
+			       &local_delayedkey,
+			       &localkey,
+			       &remotekey,
+			       feerate_per_kw-1,
+			       dust_limit_satoshi,
+			       to_local_msat,
+			       to_remote_msat,
+			       htlcs, &htlc_map,
+			       commitment_number ^ cn_obscurer);
+		report(tx, wscript,
+		       &x_remote_funding_privkey, &remote_funding_pubkey,
+		       &local_funding_privkey, &local_funding_pubkey,
+		       to_self_delay,
+		       &local_secretkey,
+		       &localkey,
+		       &local_delayedkey,
+		       &x_remote_secretkey,
+		       &remotekey,
+		       &local_revocation_key,
+		       feerate_per_kw,
+		       htlc_map);
+
+		printf("\n"
+		       "name: commitment tx with %zu output%s untrimmed (minimum feerate)\n"
+		       "to_local_msat: %"PRIu64"\n"
+		       "to_remote_msat: %"PRIu64"\n"
+		       "local_feerate_per_kw: %"PRIu64"\n",
+		       tal_count(newtx->output),
+		       tal_count(newtx->output) > 1 ? "s" : "",
+		       to_local_msat, to_remote_msat, feerate_per_kw);
+		/* Recalc with verbosity on */
+		print_superverbose = true;
+		newtx = commit_tx(tmpctx, &funding_txid, funding_output_index,
+				  funding_amount_satoshi,
+				  LOCAL, to_self_delay,
+				  &local_revocation_key,
+				  &local_delayedkey,
+				  &localkey,
+				  &remotekey,
+				  feerate_per_kw,
+				  dust_limit_satoshi,
+				  to_local_msat,
+				  to_remote_msat,
+				  htlcs, &htlc_map,
+				  commitment_number ^ cn_obscurer);
+		report(newtx, wscript,
+		       &x_remote_funding_privkey, &remote_funding_pubkey,
+		       &local_funding_privkey, &local_funding_pubkey,
+		       to_self_delay,
+		       &local_secretkey,
+		       &localkey,
+		       &local_delayedkey,
+		       &x_remote_secretkey,
+		       &remotekey,
+		       &local_revocation_key,
+		       feerate_per_kw,
+		       htlc_map);
+
+		assert(tal_count(newtx->output) != tal_count(tx->output));
+
+		tal_free(tx);
+		tx = newtx;
+	} while (tal_count(tx->output) > 1);
+
+	/* Now make sure we cover case where funder can't afford the fee;
+	 * its output cannot go negative! */
+	for (;;) {
+		u64 base_fee_msat = commit_tx_base_fee(feerate_per_kw, 0)
+			* 1000;
+
+		if (base_fee_msat <= to_local_msat) {
+			feerate_per_kw++;
+			continue;
+		}
+
+		printf("\n"
+		       "name: commitment tx with fee greater than funder amount\n"
+		       "to_local_msat: %"PRIu64"\n"
+		       "to_remote_msat: %"PRIu64"\n"
+		       "local_feerate_per_kw: %"PRIu64"\n",
+		       to_local_msat, to_remote_msat, feerate_per_kw);
+		tx = commit_tx(tmpctx, &funding_txid, funding_output_index,
+			       funding_amount_satoshi,
+			       LOCAL, to_self_delay,
+			       &local_revocation_key,
+			       &local_delayedkey,
+			       &localkey,
+			       &remotekey,
+			       feerate_per_kw,
+			       dust_limit_satoshi,
+			       to_local_msat,
+			       to_remote_msat,
+			       htlcs, &htlc_map,
+			       commitment_number ^ cn_obscurer);
+		report(tx, wscript,
+		       &x_remote_funding_privkey, &remote_funding_pubkey,
+		       &local_funding_privkey, &local_funding_pubkey,
+		       to_self_delay,
+		       &local_secretkey,
+		       &localkey,
+		       &local_delayedkey,
+		       &x_remote_secretkey,
+		       &remotekey,
+		       &local_revocation_key,
+		       feerate_per_kw,
+		       htlc_map);
+		break;
+	} 
+	
+	/* No memory leaks please */
+	secp256k1_context_destroy(secp256k1_ctx);
+	tal_free(tmpctx);
+
+	/* FIXME: Do BOLT comparison! */
+	return 0;
+}
diff --git a/lightningd/test/run-funding_tx.c b/lightningd/test/run-funding_tx.c
index 3b0df0215..d43c1e629 100644
--- a/lightningd/test/run-funding_tx.c
+++ b/lightningd/test/run-funding_tx.c
@@ -64,7 +64,8 @@ int main(void)
 	assert(input);
 
 	/* BOLT #3:
-	 * Block 1 coinbase privkey: cRCH7YNcarfvaiY1GWUKQrRGmoezvfAiqHtdRvxe16shzbd7LDMz
+	 *    Block 1 coinbase privkey: 6bd078650fcee8444e4e09825227b801a1ca928debb750eb36e6d56124bb20e80101
+	 *    # privkey in base58: cRCH7YNcarfvaiY1GWUKQrRGmoezvfAiqHtdRvxe16shzbd7LDMz
 	 */
 	if (!key_from_base58("cRCH7YNcarfvaiY1GWUKQrRGmoezvfAiqHtdRvxe16shzbd7LDMz", strlen("cRCH7YNcarfvaiY1GWUKQrRGmoezvfAiqHtdRvxe16shzbd7LDMz"),
 			     &testnet, &input_privkey, &inputkey))