# secp256k1 from Scratch — Learning Plan

Building ECDSA on secp256k1 in Go, from first principles.

**Goal:** Understand the math deeply, not just copy formulas. End with a working (non-production) implementation.

---

## Progress

### Part 1: Foundations
- [x] **Modular arithmetic** — clock math, remainders, finite sets
- [x] **Modular division/inverses** — finding multiplicative inverses
- [x] **What is an elliptic curve** — y² = x³ + 7, points as (x, y) pairs

### Part 2: Curve Operations
- [ ] **Point addition** — adding two points geometrically and algebraically
- [ ] **Point doubling** — special case when adding a point to itself
- [ ] **The point at infinity** — identity element (like zero for addition)
- [ ] **Scalar multiplication** — multiplying a point by an integer (repeated addition)

### Part 3: Key Pairs
- [ ] **Generator point G** — the "starting point" everyone uses
- [ ] **Private key** — just a random big number
- [ ] **Public key** — private key × G (scalar multiplication)
- [ ] **Why it's hard to reverse** — the discrete log problem

### Part 4: ECDSA Signing
- [ ] **What a signature proves** — "I know the private key for this public key"
- [ ] **The signing algorithm** — k, r, s explained
- [ ] **Why random k matters** — reuse = leaked private key

### Part 5: ECDSA Verification
- [ ] **The verification equation** — checking without knowing the private key
- [ ] **Putting it together** — sign and verify a message

### Part 6: Implementation
- [ ] **Field element type** — big.Int wrapper with mod p
- [ ] **Point type** — x, y coordinates + infinity
- [ ] **Point addition/doubling** — the core math
- [ ] **Scalar multiplication** — double-and-add algorithm
- [ ] **ECDSA sign/verify** — the full flow
- [ ] **Test against known vectors** — verify correctness

---

## Code Location

`/home/ai/vault/projects/secp256k1-learn/`

We'll build incrementally:
- `field.go` — modular arithmetic
- `point.go` — curve points and operations
- `ecdsa.go` — signing and verification
- `main.go` — demo/test harness

---

## Resources

- secp256k1 parameters: p, n, G coordinates
- Test vectors from Bitcoin/Nostr for verification
- No external crypto libraries (that's the point)

---

## Notes

*Add observations, "aha" moments, or questions here as we go.*