// SPDX-License-Identifier: MIT
pragma solidity =0.8.4;

import "./RP/RangeProofMath.sol";

contract SchnorrSignature is RangeProofMath {
	struct SlotSchnorrSignature {
		string message;
		PointEC publicKey;
		PointEC ecR;
		uint256 s;
	}

	/**
	 * @dev Returns the result of schnorr signature verify..
	 * @param message signed message.
	 * @param publicKey public key with which message was signed.
	 * @param ecR signature part R.
	 * @param s signature part s.
	 * @return verifying result.
	 */
	function SchnorrSignatureVerify(
		string memory message,
		PointEC memory publicKey,
		PointEC memory ecR,
		uint256 s
	) public pure returns (bool) {
		uint256 messageHash;
		PointEC memory ecG;
		PointEC memory ecLeft;
		PointEC memory ecRight;

		require(
			eIsOnCurve(publicKey.x, publicKey.y) && eIsOnCurve(ecR.x, ecR.y),
			"Invalid input parametrs to verify the Schnorr signature"
		);

		// c = H (X, R, m)
		messageHash = uint256(
			sha256(abi.encodePacked(publicKey.x, publicKey.y, ecR.x, ecR.y, message))
		);
		//s*G
		ecG.x = gx;
		ecG.y = gy;

		(ecLeft.x, ecLeft.y) = eMul(s, ecG.x, ecG.y);
		//R + c*X
		(ecRight.x, ecRight.y) = eMul(messageHash, publicKey.x, publicKey.y);
		(ecRight.x, ecRight.y) = eAdd(ecRight.x, ecRight.y, ecR.x, ecR.y);
		return _equalPointEC(ecLeft, ecRight);
	}
}