From 6c7f038d359e98172500252d320db9384c3f59d1 Mon Sep 17 00:00:00 2001 From: Clawd Date: Thu, 19 Feb 2026 21:15:11 -0800 Subject: Update README: pivot to Schnorr, drop ECDSA --- README.md | 72 ++++++++++++++++++++++++++++++++------------------------------- 1 file changed, 37 insertions(+), 35 deletions(-) diff --git a/README.md b/README.md index 445968a..3e777d6 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,8 @@ # secp256k1 from Scratch — Learning Plan -Building ECDSA on secp256k1 in Go, from first principles. +Building Schnorr signatures on secp256k1 in Go, from first principles. -**Goal:** Understand the math deeply, not just copy formulas. End with a working (non-production) implementation. +**Goal:** Understand the math deeply, not just copy formulas. End with a working (non-production) implementation compatible with Bitcoin Taproot and Nostr. --- @@ -14,57 +14,59 @@ Building ECDSA on secp256k1 in Go, from first principles. - [x] **What is an elliptic curve** — y² = x³ + 7, points as (x, y) pairs ### Part 2: Curve Operations -- [ ] **Point addition** — adding two points geometrically and algebraically -- [ ] **Point doubling** — special case when adding a point to itself -- [ ] **The point at infinity** — identity element (like zero for addition) -- [ ] **Scalar multiplication** — multiplying a point by an integer (repeated addition) +- [x] **Point addition** — adding two points geometrically and algebraically +- [x] **Point doubling** — special case when adding a point to itself +- [x] **The point at infinity** — identity element (like zero for addition) +- [x] **Scalar multiplication** — multiplying a point by an integer (repeated addition) ### Part 3: Key Pairs -- [ ] **Generator point G** — the "starting point" everyone uses -- [ ] **Private key** — just a random big number -- [ ] **Public key** — private key × G (scalar multiplication) -- [ ] **Why it's hard to reverse** — the discrete log problem +- [x] **Generator point G** — the "starting point" everyone uses +- [x] **Private key** — just a random big number +- [x] **Public key** — private key × G (scalar multiplication) +- [x] **Why it's hard to reverse** — the discrete log problem + +### Part 4: Schnorr Signatures (BIP-340) +- [ ] **X-only public keys** — 32 bytes, implicit even y +- [ ] **The signing algorithm** — nonce, challenge, response +- [ ] **Why random nonce matters** — reuse = leaked private key +- [ ] **The verification equation** — checking without knowing the private key +- [ ] **Tagged hashes** — domain separation for security -### Part 4: ECDSA Signing -- [ ] **What a signature proves** — "I know the private key for this public key" -- [ ] **The signing algorithm** — k, r, s explained -- [ ] **Why random k matters** — reuse = leaked private key +### Part 5: Serialization +- [ ] **Bech32 encoding** — human-readable format (npub, nsec) +- [ ] **Hex and bytes** — raw formats -### Part 5: ECDSA Verification -- [ ] **The verification equation** — checking without knowing the private key -- [ ] **Putting it together** — sign and verify a message +--- -### Part 6: Implementation -- [ ] **Field element type** — big.Int wrapper with mod p -- [ ] **Point type** — x, y coordinates + infinity -- [ ] **Point addition/doubling** — the core math -- [ ] **Scalar multiplication** — double-and-add algorithm -- [ ] **ECDSA sign/verify** — the full flow -- [ ] **Test against known vectors** — verify correctness +## Files + +| File | Description | +|------|-------------| +| `field.go` | Modular arithmetic (mod p) | +| `point.go` | Curve points and operations | +| `keys.go` | Private/public key generation | +| `schnorr.go` | Schnorr signing and verification (TODO) | --- -## Code Location +## Compatibility -`/home/ai/vault/projects/secp256k1-learn/` +This implementation targets: +- **Bitcoin Taproot** (BIP-340 Schnorr) +- **Nostr** (NIP-01 uses BIP-340) -We'll build incrementally: -- `field.go` — modular arithmetic -- `point.go` — curve points and operations -- `ecdsa.go` — signing and verification -- `main.go` — demo/test harness +Not implemented: ECDSA (used by legacy Bitcoin, Ethereum) --- ## Resources +- [BIP-340: Schnorr Signatures](https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki) - secp256k1 parameters: p, n, G coordinates -- Test vectors from Bitcoin/Nostr for verification -- No external crypto libraries (that's the point) +- Test vectors from BIP-340 for verification --- ## Notes -*Add observations, "aha" moments, or questions here as we go.* - +*Learning project — do not use for real money or keys.* -- cgit v1.2.3