import "ecc/edwardsAdd" as add;
import "ecc/edwardsScalarMult" as multiply;
import "utils/pack/bool/nonStrictUnpack256" as unpack256;
from "ecc/babyjubjubParams" import BabyJubJubParams;

/// Verifies match of a given public/private keypair.
///
///    Checks if the following equation holds for the provided keypair:
///    pk = sk*G
///    where G is the chosen base point of the subgroup
///    and * denotes scalar multiplication in the subgroup
///
/// Arguments:
///    pk: Curve point. Public key.
///    sk: Field element. Private key.
///    context: Curve parameters (including generator G) used to create keypair.
///
/// Returns:
///     Return true for pk/sk being a valid keypair, false otherwise.
def main(field[2] pk, field sk, BabyJubJubParams context) -> bool {
    field[2] G = [context.Gu, context.Gv];

    bool[256] skBits = unpack256(sk);
    field[2] ptExp = multiply(skBits, G, context);

    bool out = ptExp[0] == pk[0] && ptExp[1] == pk[1];
    return out;
}