I am reading about ECDSA, and I find that the private key must be in (0,n), with n = FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE BAAEDCE6 AF48A03B BFD25E8C D0364141.
Is n the total number of points on the secp256k1 curve? (plus the 0 point)
And how does n limit the range of private keys?
What if a private key is bigger than n?
n is the number of points on the curve (including the point at infinity). Private keys are numbers between 1 and n-1, inclusive. 0 is not a valid private key, because its corresponding point would be the point at infinity.
If you'd naively try to compute the public key corresponding to private key d and private key d+n, you'd obtain the same public keys. That means the public key for private key n would also be infinity (same as for private key 0).
For this reason, private keys are restricted to range 1 to n-1: that guarantees that for every non-infinity point on the curve there is exactly one private key.
If you pick a key > N it will map to another key in the (0, N) range. For example N + 100 is the exact same private key as 100 for all effects and purposes. That's how modular arithmetic works
Yes, the order of an elliptic curve group gives the number of points in that group and n is the order of secp256k1. If an addition were to result in something larger than the group's order, you apply n as a modulo, and the result lands back within the order. It follows that the private key n+5 is effectively the same as the private key 5 on secp256k1.
For example, while operating in the natural numbers ℕ we know that 13 + 15 = 28. But if we do the same addition on the field ℤ17 (which is limited via mod 17), the same addition would result in 13 + 15 = 11 (28 mod 17). Likewise, you'd get 16 + 16 + 16 = 14 (48 mod 17) in ℤ17.
As Pieter points out, the private key 0 is not valid as it produces the neutral element on secp256k1, the point at infinity.
You may also be interested in this explanation what secp256k1 looks like.
