diff options
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 72 |
1 files changed, 37 insertions, 35 deletions
| @@ -1,8 +1,8 @@ | |||
| 1 | # secp256k1 from Scratch — Learning Plan | 1 | # secp256k1 from Scratch — Learning Plan |
| 2 | 2 | ||
| 3 | Building ECDSA on secp256k1 in Go, from first principles. | 3 | Building Schnorr signatures on secp256k1 in Go, from first principles. |
| 4 | 4 | ||
| 5 | **Goal:** Understand the math deeply, not just copy formulas. End with a working (non-production) implementation. | 5 | **Goal:** Understand the math deeply, not just copy formulas. End with a working (non-production) implementation compatible with Bitcoin Taproot and Nostr. |
| 6 | 6 | ||
| 7 | --- | 7 | --- |
| 8 | 8 | ||
| @@ -14,57 +14,59 @@ Building ECDSA on secp256k1 in Go, from first principles. | |||
| 14 | - [x] **What is an elliptic curve** — y² = x³ + 7, points as (x, y) pairs | 14 | - [x] **What is an elliptic curve** — y² = x³ + 7, points as (x, y) pairs |
| 15 | 15 | ||
| 16 | ### Part 2: Curve Operations | 16 | ### Part 2: Curve Operations |
| 17 | - [ ] **Point addition** — adding two points geometrically and algebraically | 17 | - [x] **Point addition** — adding two points geometrically and algebraically |
| 18 | - [ ] **Point doubling** — special case when adding a point to itself | 18 | - [x] **Point doubling** — special case when adding a point to itself |
| 19 | - [ ] **The point at infinity** — identity element (like zero for addition) | 19 | - [x] **The point at infinity** — identity element (like zero for addition) |
| 20 | - [ ] **Scalar multiplication** — multiplying a point by an integer (repeated addition) | 20 | - [x] **Scalar multiplication** — multiplying a point by an integer (repeated addition) |
| 21 | 21 | ||
| 22 | ### Part 3: Key Pairs | 22 | ### Part 3: Key Pairs |
| 23 | - [ ] **Generator point G** — the "starting point" everyone uses | 23 | - [x] **Generator point G** — the "starting point" everyone uses |
| 24 | - [ ] **Private key** — just a random big number | 24 | - [x] **Private key** — just a random big number |
| 25 | - [ ] **Public key** — private key × G (scalar multiplication) | 25 | - [x] **Public key** — private key × G (scalar multiplication) |
| 26 | - [ ] **Why it's hard to reverse** — the discrete log problem | 26 | - [x] **Why it's hard to reverse** — the discrete log problem |
| 27 | |||
| 28 | ### Part 4: Schnorr Signatures (BIP-340) | ||
| 29 | - [ ] **X-only public keys** — 32 bytes, implicit even y | ||
| 30 | - [ ] **The signing algorithm** — nonce, challenge, response | ||
| 31 | - [ ] **Why random nonce matters** — reuse = leaked private key | ||
| 32 | - [ ] **The verification equation** — checking without knowing the private key | ||
| 33 | - [ ] **Tagged hashes** — domain separation for security | ||
| 27 | 34 | ||
| 28 | ### Part 4: ECDSA Signing | 35 | ### Part 5: Serialization |
| 29 | - [ ] **What a signature proves** — "I know the private key for this public key" | 36 | - [ ] **Bech32 encoding** — human-readable format (npub, nsec) |
| 30 | - [ ] **The signing algorithm** — k, r, s explained | 37 | - [ ] **Hex and bytes** — raw formats |
| 31 | - [ ] **Why random k matters** — reuse = leaked private key | ||
| 32 | 38 | ||
| 33 | ### Part 5: ECDSA Verification | 39 | --- |
| 34 | - [ ] **The verification equation** — checking without knowing the private key | ||
| 35 | - [ ] **Putting it together** — sign and verify a message | ||
| 36 | 40 | ||
| 37 | ### Part 6: Implementation | 41 | ## Files |
| 38 | - [ ] **Field element type** — big.Int wrapper with mod p | 42 | |
| 39 | - [ ] **Point type** — x, y coordinates + infinity | 43 | | File | Description | |
| 40 | - [ ] **Point addition/doubling** — the core math | 44 | |------|-------------| |
| 41 | - [ ] **Scalar multiplication** — double-and-add algorithm | 45 | | `field.go` | Modular arithmetic (mod p) | |
| 42 | - [ ] **ECDSA sign/verify** — the full flow | 46 | | `point.go` | Curve points and operations | |
| 43 | - [ ] **Test against known vectors** — verify correctness | 47 | | `keys.go` | Private/public key generation | |
| 48 | | `schnorr.go` | Schnorr signing and verification (TODO) | | ||
| 44 | 49 | ||
| 45 | --- | 50 | --- |
| 46 | 51 | ||
| 47 | ## Code Location | 52 | ## Compatibility |
| 48 | 53 | ||
| 49 | `/home/ai/vault/projects/secp256k1-learn/` | 54 | This implementation targets: |
| 55 | - **Bitcoin Taproot** (BIP-340 Schnorr) | ||
| 56 | - **Nostr** (NIP-01 uses BIP-340) | ||
| 50 | 57 | ||
| 51 | We'll build incrementally: | 58 | Not implemented: ECDSA (used by legacy Bitcoin, Ethereum) |
| 52 | - `field.go` — modular arithmetic | ||
| 53 | - `point.go` — curve points and operations | ||
| 54 | - `ecdsa.go` — signing and verification | ||
| 55 | - `main.go` — demo/test harness | ||
| 56 | 59 | ||
| 57 | --- | 60 | --- |
| 58 | 61 | ||
| 59 | ## Resources | 62 | ## Resources |
| 60 | 63 | ||
| 64 | - [BIP-340: Schnorr Signatures](https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki) | ||
| 61 | - secp256k1 parameters: p, n, G coordinates | 65 | - secp256k1 parameters: p, n, G coordinates |
| 62 | - Test vectors from Bitcoin/Nostr for verification | 66 | - Test vectors from BIP-340 for verification |
| 63 | - No external crypto libraries (that's the point) | ||
| 64 | 67 | ||
| 65 | --- | 68 | --- |
| 66 | 69 | ||
| 67 | ## Notes | 70 | ## Notes |
| 68 | 71 | ||
| 69 | *Add observations, "aha" moments, or questions here as we go.* | 72 | *Learning project — do not use for real money or keys.* |
| 70 | |||