// Copyright 2023-present Space and Time Labs, Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
extern crate blitzar;
extern crate curve25519_dalek;

use blitzar::compute::*;
use curve25519_dalek::{ristretto::RistrettoPoint, scalar::Scalar};

fn main() {
    /////////////////////////////////////////////
    // For the following data, we have:
    //     commitment[0] = gs[0]*data[4] + gs[1]*data[5] + gs[2]*data[6]
    //                   = gs[0]*99 + gs[1]*123 + gs[2]*456
    //
    // Those generators `gs` are automatically generated by our CPU/GPU code.
    // So we provide an interface to access them. We use the offset to get only
    // a subset of the generated used in the gpu/cpu code.
    /////////////////////////////////////////////
    let data: &[u16] = &[0, 0, 0, 0, 99, 123, 456, 0, 0, 0];

    /////////////////////////////////////////////
    // obtain the automatically generated generator points
    // We want the 3 generators from the [4, 6] index range
    /////////////////////////////////////////////
    let offset_generators: usize = 4;
    let generators_len = 3;
    let mut gs = vec![Default::default(); generators_len];
    get_curve25519_generators(&mut gs, offset_generators as u64);

    /////////////////////////////////////////////
    // Do the actual commitment computation
    /////////////////////////////////////////////
    let mut commitments = vec![Default::default(); 1];
    compute_curve25519_commitments(&mut commitments, &[data.into()], 0);

    /////////////////////////////////////////////
    // Then we use the above generators `gs`,
    // as well as the data as scalars
    // to verify that those generators `gs`
    // are indeed the ones used during the
    // commitment computation
    /////////////////////////////////////////////
    let expected_commit: RistrettoPoint = data
        .iter()
        .skip(offset_generators)
        .zip(gs)
        .map(|(d, g)| Scalar::from(*d) * g)
        .sum();

    /////////////////////////////////////////////
    // Compare the manual computation and our CPU/GPU commitment
    /////////////////////////////////////////////
    assert_eq!(expected_commit.compress(), commitments[0]);
}