Update README: pivot to Schnorr, drop ECDSA

author: Clawd <ai@clawd.bot> 2026-02-19 21:15:11 -0800
committer: Clawd <ai@clawd.bot> 2026-02-19 21:15:11 -0800
commit: 6c7f038d359e98172500252d320db9384c3f59d1 (patch)
tree: 458f2c0057773fa8441f9e3078da3238c277623d /README.md
parent: e5fa7c1a85e9dd44ee92cb5da1797c82a0268fdb (diff)
1 files changed, 37 insertions, 35 deletions
diff --git a/README.md b/README.md
index 445968a..3e777d6 100644
--- a/README.md
+++ b/README.md
@@ -1,8 +1,8 @@
 # secp256k1 from Scratch — Learning Plan
-Building ECDSA on secp256k1 in Go, from first principles.
+Building Schnorr signatures on secp256k1 in Go, from first principles.
-**Goal:** Understand the math deeply, not just copy formulas. End with a working (non-production) implementation.
+**Goal:** Understand the math deeply, not just copy formulas. End with a working (non-production) implementation compatible with Bitcoin Taproot and Nostr.
 ---
@@ -14,57 +14,59 @@ Building ECDSA on secp256k1 in Go, from first principles.
 - [x] **What is an elliptic curve** — y² = x³ + 7, points as (x, y) pairs
 ### Part 2: Curve Operations
- [ ] **Point addition** — adding two points geometrically and algebraically
+- [x] **Point addition** — adding two points geometrically and algebraically
- [ ] **Point doubling** — special case when adding a point to itself
+- [x] **Point doubling** — special case when adding a point to itself
- [ ] **The point at infinity** — identity element (like zero for addition)
+- [x] **The point at infinity** — identity element (like zero for addition)
- [ ] **Scalar multiplication** — multiplying a point by an integer (repeated addition)
+- [x] **Scalar multiplication** — multiplying a point by an integer (repeated addition)
 ### Part 3: Key Pairs
- [ ] **Generator point G** — the "starting point" everyone uses
+- [x] **Generator point G** — the "starting point" everyone uses
- [ ] **Private key** — just a random big number
+- [x] **Private key** — just a random big number
- [ ] **Public key** — private key × G (scalar multiplication)
+- [x] **Public key** — private key × G (scalar multiplication)
- [ ] **Why it's hard to reverse** — the discrete log problem
+- [x] **Why it's hard to reverse** — the discrete log problem
+### Part 4: Schnorr Signatures (BIP-340)
+- [ ] **X-only public keys** — 32 bytes, implicit even y
+- [ ] **The signing algorithm** — nonce, challenge, response
+- [ ] **Why random nonce matters** — reuse = leaked private key
+- [ ] **The verification equation** — checking without knowing the private key
+- [ ] **Tagged hashes** — domain separation for security
-### Part 4: ECDSA Signing
+### Part 5: Serialization
- [ ] **What a signature proves** — "I know the private key for this public key"
+- [ ] **Bech32 encoding** — human-readable format (npub, nsec)
- [ ] **The signing algorithm** — k, r, s explained
+- [ ] **Hex and bytes** — raw formats
- [ ] **Why random k matters** — reuse = leaked private key
-### Part 5: ECDSA Verification
+---
- [ ] **The verification equation** — checking without knowing the private key
- [ ] **Putting it together** — sign and verify a message
-### Part 6: Implementation
+## Files
- [ ] **Field element type** — big.Int wrapper with mod p
- [ ] **Point type** — x, y coordinates + infinity
+| File | Description |
- [ ] **Point addition/doubling** — the core math
+|------|-------------|
- [ ] **Scalar multiplication** — double-and-add algorithm
+| `field.go` | Modular arithmetic (mod p) |
- [ ] **ECDSA sign/verify** — the full flow
+| `point.go` | Curve points and operations |
- [ ] **Test against known vectors** — verify correctness
+| `keys.go` | Private/public key generation |
+| `schnorr.go` | Schnorr signing and verification (TODO) |
 ---
-## Code Location
+## Compatibility
-`/home/ai/vault/projects/secp256k1-learn/`
+This implementation targets:
+- **Bitcoin Taproot** (BIP-340 Schnorr)
+- **Nostr** (NIP-01 uses BIP-340)
-We'll build incrementally:
+Not implemented: ECDSA (used by legacy Bitcoin, Ethereum)
- `field.go` — modular arithmetic
- `point.go` — curve points and operations
- `ecdsa.go` — signing and verification
- `main.go` — demo/test harness
 ---
 ## Resources
+- [BIP-340: Schnorr Signatures](https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki)
 - secp256k1 parameters: p, n, G coordinates
- Test vectors from Bitcoin/Nostr for verification
+- Test vectors from BIP-340 for verification
- No external crypto libraries (that's the point)
 ---
 ## Notes
-*Add observations, "aha" moments, or questions here as we go.*
+*Learning project — do not use for real money or keys.*
author	Clawd <ai@clawd.bot>	2026-02-19 21:15:11 -0800
committer	Clawd <ai@clawd.bot>	2026-02-19 21:15:11 -0800
commit	6c7f038d359e98172500252d320db9384c3f59d1 (patch)
tree	458f2c0057773fa8441f9e3078da3238c277623d /README.md
parent	e5fa7c1a85e9dd44ee92cb5da1797c82a0268fdb (diff)

diff --git a/README.md b/README.md index 445968a..3e777d6 100644 --- a/README.md +++ b/README.md
@@ -1,8 +1,8 @@
1	# secp256k1 from Scratch — Learning Plan	1	# secp256k1 from Scratch — Learning Plan
2		2
3	Building ECDSA on secp256k1 in Go, from first principles.	3	Building Schnorr signatures on secp256k1 in Go, from first principles.
4		4
5	Goal: Understand the math deeply, not just copy formulas. End with a working (non-production) implementation.	5	Goal: Understand the math deeply, not just copy formulas. End with a working (non-production) implementation compatible with Bitcoin Taproot and Nostr.
6		6
7	---	7	---
8		8
@@ -14,57 +14,59 @@ Building ECDSA on secp256k1 in Go, from first principles.
14	- [x] What is an elliptic curve — y² = x³ + 7, points as (x, y) pairs	14	- [x] What is an elliptic curve — y² = x³ + 7, points as (x, y) pairs
15		15
16	### Part 2: Curve Operations	16	### Part 2: Curve Operations
17	- [ ] Point addition — adding two points geometrically and algebraically	17	- [x] Point addition — adding two points geometrically and algebraically
18	- [ ] Point doubling — special case when adding a point to itself	18	- [x] Point doubling — special case when adding a point to itself
19	- [ ] The point at infinity — identity element (like zero for addition)	19	- [x] The point at infinity — identity element (like zero for addition)
20	- [ ] Scalar multiplication — multiplying a point by an integer (repeated addition)	20	- [x] Scalar multiplication — multiplying a point by an integer (repeated addition)
21		21
22	### Part 3: Key Pairs	22	### Part 3: Key Pairs
23	- [ ] Generator point G — the "starting point" everyone uses	23	- [x] Generator point G — the "starting point" everyone uses
24	- [ ] Private key — just a random big number	24	- [x] Private key — just a random big number
25	- [ ] Public key — private key × G (scalar multiplication)	25	- [x] Public key — private key × G (scalar multiplication)
26	- [ ] Why it's hard to reverse — the discrete log problem	26	- [x] Why it's hard to reverse — the discrete log problem
		27
		28	### Part 4: Schnorr Signatures (BIP-340)
		29	- [ ] X-only public keys — 32 bytes, implicit even y
		30	- [ ] The signing algorithm — nonce, challenge, response
		31	- [ ] Why random nonce matters — reuse = leaked private key
		32	- [ ] The verification equation — checking without knowing the private key
		33	- [ ] Tagged hashes — domain separation for security
27		34
28	### Part 4: ECDSA Signing	35	### Part 5: Serialization
29	- [ ] What a signature proves — "I know the private key for this public key"	36	- [ ] Bech32 encoding — human-readable format (npub, nsec)
30	- [ ] The signing algorithm — k, r, s explained	37	- [ ] Hex and bytes — raw formats
31	- [ ] Why random k matters — reuse = leaked private key
32		38
33	### Part 5: ECDSA Verification	39	---
34	- [ ] The verification equation — checking without knowing the private key
35	- [ ] Putting it together — sign and verify a message
36		40
37	### Part 6: Implementation	41	## Files
38	- [ ] Field element type — big.Int wrapper with mod p	42
39	- [ ] Point type — x, y coordinates + infinity	43	\| File \| Description \|
40	- [ ] Point addition/doubling — the core math	44	\|------\|-------------\|
41	- [ ] Scalar multiplication — double-and-add algorithm	45	\| `field.go` \| Modular arithmetic (mod p) \|
42	- [ ] ECDSA sign/verify — the full flow	46	\| `point.go` \| Curve points and operations \|
43	- [ ] Test against known vectors — verify correctness	47	\| `keys.go` \| Private/public key generation \|
		48	\| `schnorr.go` \| Schnorr signing and verification (TODO) \|
44		49
45	---	50	---
46		51
47	## Code Location	52	## Compatibility
48		53
49	`/home/ai/vault/projects/secp256k1-learn/`	54	This implementation targets:
		55	- Bitcoin Taproot (BIP-340 Schnorr)
		56	- Nostr (NIP-01 uses BIP-340)
50		57
51	We'll build incrementally:	58	Not implemented: ECDSA (used by legacy Bitcoin, Ethereum)
52	- `field.go` — modular arithmetic
53	- `point.go` — curve points and operations
54	- `ecdsa.go` — signing and verification
55	- `main.go` — demo/test harness
56		59
57	---	60	---
58		61
59	## Resources	62	## Resources
60		63
		64	- [BIP-340: Schnorr Signatures](https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki)
61	- secp256k1 parameters: p, n, G coordinates	65	- secp256k1 parameters: p, n, G coordinates
62	- Test vectors from Bitcoin/Nostr for verification	66	- Test vectors from BIP-340 for verification
63	- No external crypto libraries (that's the point)
64		67
65	---	68	---
66		69
67	## Notes	70	## Notes
68		71
69	Add observations, "aha" moments, or questions here as we go.	72	Learning project — do not use for real money or keys.
70