diff --git a/README.md b/README.md
new file mode 100644
index 0000000000..d4aad247c2
--- /dev/null
+++ b/README.md
@@ -0,0 +1,29 @@
+libsecp256k1
+============
+
+Optimized C library for EC operations on curve secp256k1
+
+This library is experimental, so use at your own risk.
+
+Implementation details
+----------------------
+
+* General
+  * Avoid dynamic memory usage almost everywhere.
+* Field operations
+  * Optimized implementation of arithmetic modulo the curve's field size (2^256 - 0x1000003D1).
+    * Using 5 52-bit limbs (including hand-optimized assembly for x86_64, by Diederik Huys).
+    * Using 10 26-bit limbs.
+    * Using GMP.
+  * Field inverses and square roots using a sliding window over blocks of 1s (by Peter Dettman).
+* Group operations
+  * Point addition formula specifically simplified for the curve equation (y^2 = x^3 + 7).
+  * Use addition between points in Jacobian and affine coordinates where possible.
+* Point multiplication for verification (a*P + b*G).
+  * Use wNAF notation for point multiplicands.
+  * Use a much larger window for multiples of G, using precomputed multiples.
+  * Use Shamir's trick to do the multiplication with the public key and the generator simultaneously.
+  * Optionally use secp256k1's efficiently-computable endomorphism to split the multiplicands into 4 half-sized ones first.
+* Point multiplication for signing
+  * Use a precomputed table of multiples of powers of 16 multiplied with the generator, so general multiplication becomes a series of additions.
+  * Slice the precomputed table in memory per byte, so memory access to the table becomes uniform.