make depends

gpg TZ
add dep
2025-04-29 14:59:27 -04:00 · 2024-02-15 21:48:15 +00:00 · 2024-01-22 05:08:12 +00:00 · 2024-01-20 12:48:15 +00:00 · 2024-01-20 12:48:15 +00:00 · 2023-12-08 17:37:12 +00:00
148 changed files with 6403 additions and 3754 deletions
--- a/.editorconfig
+++ b/.editorconfig
@ -0,0 +1,15 @@
+[*]
+charset = utf-8
+end_of_line = lf
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[*.{c,h}]
+indent_style = tab
+
+[{GNUmakefile.in,configure.ac}]
+indent_style = tab
+
+[ed25519/{ref10,amd64-51-30k,amd64-64-24k}/*.{c,h,py}]
+indent_style = space
+indent_size = 2
--- a/.gitattributes
+++ b/.gitattributes
@ -0,0 +1,2 @@
+*.c linguist-language=C
+*.h linguist-language=C
--- a/.github/workflows/docker-publish.yml
+++ b/.github/workflows/docker-publish.yml
@ -0,0 +1,85 @@
+name: Docker
+
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+on:
+  push:
+    branches: [ "master" ]
+  pull_request:
+    branches: [ "master" ]
+
+env:
+  # Use docker.io for Docker Hub if empty
+  REGISTRY: ghcr.io
+  # github.repository as <account>/<repo>
+  IMAGE_NAME: ${{ github.repository }}
+
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      # This is used to complete the identity challenge
+      # with sigstore/fulcio when running outside of PRs.
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      # Install the cosign tool except on PR
+      # https://github.com/sigstore/cosign-installer
+      - name: Install cosign
+        if: github.event_name != 'pull_request'
+        uses: sigstore/cosign-installer@v3
+
+      - name: Setup Docker buildx
+        uses: docker/setup-buildx-action@v2
+
+      # Login against a Docker registry except on PR
+      # https://github.com/docker/login-action
+      - name: Log into registry ${{ env.REGISTRY }}
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      # Extract metadata (tags, labels) for Docker
+      # https://github.com/docker/metadata-action
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      # Build and push Docker image with Buildx (don't push on PR)
+      # https://github.com/docker/build-push-action
+      - name: Build and push Docker image
+        id: build-and-push
+        uses: docker/build-push-action@v4
+        with:
+          file: ./contrib/docker/Dockerfile
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      # Sign the resulting Docker image digest except on PRs.
+      # This will only write to the public Rekor transparency log when the Docker
+      # repository is public to avoid leaking data.  If you would like to publish
+      # transparency data even for private images, pass --force to cosign below.
+      # https://github.com/sigstore/cosign
+      - name: Sign the published Docker image
+        if: ${{ github.event_name != 'pull_request' }}
+        # This step uses the identity token to provision an ephemeral certificate
+        # against the sigstore community Fulcio instance.
+        run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign --yes {}@${{ steps.build-and-push.outputs.digest }}
--- a/.gitignore
+++ b/.gitignore
@ -1,5 +1,7 @@
 # output files
 mkp224o
+calcest
+test_*
 *.o

 # generated onions
@ -7,9 +9,9 @@ mkp224o

 # garbage
 configure
-Makefile
-Makefile.in.bak
+configure~
+GNUmakefile
+GNUmakefile.in.bak
 config.status
 config.log
 *.cache
-*.swp
--- a/GNUmakefile.in
+++ b/GNUmakefile.in
@ -0,0 +1,548 @@
+
+CC= @CC@
+CSTD= @CSTD@
+CFLAGS= $(CSTD) @CFLAGS@ @CPPFLAGS@ -DED25519_@ED25519IMPL@ @PIE@ @MYDEFS@ -DVERSION='"@VERSION@"'
+ASFLAGS= @PIE@
+LDFLAGS= @LDFLAGS@
+MV= mv
+
+ED25519_DEFS= -DED25519_ref10 -DED25519_amd64_51_30k -DED25519_amd64_64_24k -DED25519_donna
+ED25519_ref10= $(patsubst @SRCDIR@/%.c,%.c.o,$(wildcard @SRCDIR@/ed25519/ref10/*.c))
+ED25519_amd64_51_30k= \
+	$(patsubst @SRCDIR@/%.c,%.c.o,$(wildcard @SRCDIR@/ed25519/amd64-51-30k/*.c)) \
+	$(patsubst @SRCDIR@/%.S,%.S.o,$(wildcard @SRCDIR@/ed25519/amd64-51-30k/*.S))
+ED25519_amd64_64_24k= \
+	$(patsubst @SRCDIR@/%.c,%.c.o,$(wildcard @SRCDIR@/ed25519/amd64-64-24k/*.c)) \
+	$(patsubst @SRCDIR@/%.S,%.S.o,$(wildcard @SRCDIR@/ed25519/amd64-64-24k/*.S))
+ED25519_donna=
+ED25519_OBJ= $(ED25519_@ED25519IMPL@)
+
+MAIN_OBJ= \
+	main.c.o \
+	worker.c.o \
+	yaml.c.o \
+	vec.c.o \
+	cpucount.c.o \
+	base32_to.c.o \
+	base32_from.c.o \
+	base64_to.c.o \
+	base64_from.c.o \
+	ioutil.c.o \
+	$(ED25519_OBJ) \
+	keccak.c.o
+
+UTIL_CALCEST_OBJ= \
+	calcest.c.o
+
+TEST_BASE64_OBJ= \
+	test_base64.c.o \
+	base64_to.c.o \
+	base64_from.c.o
+
+TEST_BASE32_OBJ= \
+	test_base32.c.o \
+	base32_to.c.o \
+	base32_from.c.o
+
+TEST_BASE16_OBJ= \
+	test_base16.c.o \
+	base16_to.c.o \
+	base16_from.c.o
+
+TEST_ED25519_OBJ= \
+	test_ed25519.c.o \
+	base16_to.c.o \
+	base16_from.c.o \
+	$(ED25519_OBJ)
+
+ALL_O= $(sort \
+	$(MAIN_OBJ) \
+	$(UTIL_CALCEST_OBJ) \
+	$(TEST_BASE64_OBJ) \
+	$(TEST_BASE32_OBJ) \
+	$(TEST_BASE16_OBJ) \
+	$(TEST_ED25519_OBJ) \
+	$(ED25519_ref10) \
+	$(ED25519_amd64_51_30k) \
+	$(ED25519_amd64_64_24k))
+
+ALL_C= $(patsubst %.c.o,%.c,$(filter %.c.o %.c,$(ALL_O)))
+CLEAN_O= $(filter %.o,$(ALL_O))
+
+MAIN_LIB= -lpthread -lsodium @MAINLIB@
+UTIL_CALCEST_LIB= -lm
+TEST_ED25519_LIB= -lsodium
+
+MAIN_TGT= mkp224o
+UTIL_TGT= calcest
+TEST_TGT= test_base64 test_base32 test_base16 test_ed25519
+
+MAIN_EXE= $(patsubst %,%@EXEEXT@,$(MAIN_TGT))
+UTIL_EXE= $(patsubst %,%@EXEEXT@,$(UTIL_TGT))
+TEST_EXE= $(patsubst %,%@EXEEXT@,$(TEST_TGT))
+
+ALL_EXE= $(MAIN_EXE) $(UTIL_EXE) $(TEST_EXE)
+
+.PHONY: default all main util test clean distclean depend
+
+default: $(MAIN_EXE)
+
+all: $(ALL_EXE)
+
+main: $(MAIN_EXE)
+
+util: $(UTIL_EXE)
+
+test: $(TEST_EXE)
+
+mkp224o@EXEEXT@: $(MAIN_OBJ)
+	$(CC) $(LDFLAGS) $(CFLAGS) -o $@.tmp $^ $(MAIN_LIB) && $(MV) $@.tmp $@
+
+calcest@EXEEXT@: $(UTIL_CALCEST_OBJ)
+	$(CC) $(LDFLAGS) $(CFLAGS) -o $@.tmp $^ $(UTIL_CALCEST_LIB) && $(MV) $@.tmp $@
+
+test_base64@EXEEXT@: $(TEST_BASE64_OBJ)
+	$(CC) $(LDFLAGS) $(CFLAGS) -o $@.tmp $^ && $(MV) $@.tmp $@
+
+test_base32@EXEEXT@: $(TEST_BASE32_OBJ)
+	$(CC) $(LDFLAGS) $(CFLAGS) -o $@.tmp $^ && $(MV) $@.tmp $@
+
+test_base16@EXEEXT@: $(TEST_BASE16_OBJ)
+	$(CC) $(LDFLAGS) $(CFLAGS) -o $@.tmp $^ && $(MV) $@.tmp $@
+
+test_ed25519@EXEEXT@: $(TEST_ED25519_OBJ)
+	$(CC) $(LDFLAGS) $(CFLAGS) -o $@.tmp $^ $(TEST_ED25519_LIB) && $(MV) $@.tmp $@
+
+clean:
+	$(RM) $(CLEAN_O)
+	$(RM) $(ALL_EXE)
+
+distclean: clean
+	$(RM) -r autom4te.cache
+	$(RM) configure config.status config.log
+	$(RM) GNUmakefile
+
+depend:
+	# makedepend from imake
+	cd "@SRCDIR@" && makedepend -Y -fGNUmakefile.in -o.c.o -- $(CSTD) $(ED25519_DEFS) -- $(ALL_C)
+
+VPATH=@SRCDIR@
+
+%.c.o: CFLAGS += \
+	-D'CRYPTO_NAMESPACETOP=crypto_sign_ed25519_@ED25519IMPL@'               \
+	-D'_CRYPTO_NAMESPACETOP=_crypto_sign_ed25519_@ED25519IMPL@'             \
+	-D'CRYPTO_NAMESPACE(name)=crypto_sign_ed25519_@ED25519IMPL@_\#\#name'   \
+	-D'_CRYPTO_NAMESPACE(name)=_crypto_sign_ed25519_@ED25519IMPL@_\#\#name' \
+
+%.S.o: ASFLAGS += \
+	-D'CRYPTO_NAMESPACETOP=crypto_sign_ed25519_@ED25519IMPL@'               \
+	-D'_CRYPTO_NAMESPACETOP=_crypto_sign_ed25519_@ED25519IMPL@'             \
+	-D'CRYPTO_NAMESPACE(name)=crypto_sign_ed25519_@ED25519IMPL@_\#\#name'   \
+	-D'_CRYPTO_NAMESPACE(name)=_crypto_sign_ed25519_@ED25519IMPL@_\#\#name' \
+
+%.c.o: %.c
+	$(CC) $(CFLAGS) -c -o $@.tmp $< && $(MV) $@.tmp $@
+
+%.S.o: %.S
+	$(CC) $(ASFLAGS) -c -o $@.tmp $< && $(MV) $@.tmp $@
+
+# DO NOT DELETE THIS LINE
+
+base16_from.c.o: types.h base16.h
+base16_to.c.o: types.h base16.h
+base32_from.c.o: types.h base32.h
+base32_to.c.o: types.h base32.h
+base64_from.c.o: types.h base64.h
+base64_to.c.o: types.h base64.h
+cpucount.c.o: cpucount.h
+ed25519/amd64-51-30k/fe25519_add.c.o: ed25519/amd64-51-30k/fe25519.h
+ed25519/amd64-51-30k/fe25519_add.c.o: ed25519/amd64-51-30k/compat.h
+ed25519/amd64-51-30k/fe25519_batchinvert.c.o: ed25519/amd64-51-30k/fe25519.h
+ed25519/amd64-51-30k/fe25519_batchinvert.c.o: ed25519/amd64-51-30k/compat.h
+ed25519/amd64-51-30k/fe25519_getparity.c.o: ed25519/amd64-51-30k/fe25519.h
+ed25519/amd64-51-30k/fe25519_getparity.c.o: ed25519/amd64-51-30k/compat.h
+ed25519/amd64-51-30k/fe25519_invert.c.o: ed25519/amd64-51-30k/fe25519.h
+ed25519/amd64-51-30k/fe25519_invert.c.o: ed25519/amd64-51-30k/compat.h
+ed25519/amd64-51-30k/fe25519_iseq.c.o: ed25519/amd64-51-30k/fe25519.h
+ed25519/amd64-51-30k/fe25519_iseq.c.o: ed25519/amd64-51-30k/compat.h
+ed25519/amd64-51-30k/fe25519_iszero.c.o: ed25519/amd64-51-30k/fe25519.h
+ed25519/amd64-51-30k/fe25519_iszero.c.o: ed25519/amd64-51-30k/compat.h
+ed25519/amd64-51-30k/fe25519_neg.c.o: ed25519/amd64-51-30k/fe25519.h
+ed25519/amd64-51-30k/fe25519_neg.c.o: ed25519/amd64-51-30k/compat.h
+ed25519/amd64-51-30k/fe25519_pack.c.o: ed25519/amd64-51-30k/fe25519.h
+ed25519/amd64-51-30k/fe25519_pack.c.o: ed25519/amd64-51-30k/compat.h
+ed25519/amd64-51-30k/fe25519_pow2523.c.o: ed25519/amd64-51-30k/fe25519.h
+ed25519/amd64-51-30k/fe25519_pow2523.c.o: ed25519/amd64-51-30k/compat.h
+ed25519/amd64-51-30k/fe25519_setint.c.o: ed25519/amd64-51-30k/fe25519.h
+ed25519/amd64-51-30k/fe25519_setint.c.o: ed25519/amd64-51-30k/compat.h
+ed25519/amd64-51-30k/fe25519_sub.c.o: ed25519/amd64-51-30k/fe25519.h
+ed25519/amd64-51-30k/fe25519_sub.c.o: ed25519/amd64-51-30k/compat.h
+ed25519/amd64-51-30k/fe25519_unpack.c.o: ed25519/amd64-51-30k/fe25519.h
+ed25519/amd64-51-30k/fe25519_unpack.c.o: ed25519/amd64-51-30k/compat.h
+ed25519/amd64-51-30k/ge25519_add.c.o: ed25519/amd64-51-30k/ge25519.h
+ed25519/amd64-51-30k/ge25519_add.c.o: ed25519/amd64-51-30k/fe25519.h
+ed25519/amd64-51-30k/ge25519_add.c.o: ed25519/amd64-51-30k/compat.h
+ed25519/amd64-51-30k/ge25519_add.c.o: ed25519/amd64-51-30k/sc25519.h
+ed25519/amd64-51-30k/ge25519_base.c.o: ed25519/amd64-51-30k/ge25519.h
+ed25519/amd64-51-30k/ge25519_base.c.o: ed25519/amd64-51-30k/fe25519.h
+ed25519/amd64-51-30k/ge25519_base.c.o: ed25519/amd64-51-30k/compat.h
+ed25519/amd64-51-30k/ge25519_base.c.o: ed25519/amd64-51-30k/sc25519.h
+ed25519/amd64-51-30k/ge25519_batchpack.c.o: ed25519/amd64-51-30k/fe25519.h
+ed25519/amd64-51-30k/ge25519_batchpack.c.o: ed25519/amd64-51-30k/compat.h
+ed25519/amd64-51-30k/ge25519_batchpack.c.o: ed25519/amd64-51-30k/ge25519.h
+ed25519/amd64-51-30k/ge25519_batchpack.c.o: ed25519/amd64-51-30k/sc25519.h
+ed25519/amd64-51-30k/ge25519_double.c.o: ed25519/amd64-51-30k/ge25519.h
+ed25519/amd64-51-30k/ge25519_double.c.o: ed25519/amd64-51-30k/fe25519.h
+ed25519/amd64-51-30k/ge25519_double.c.o: ed25519/amd64-51-30k/compat.h
+ed25519/amd64-51-30k/ge25519_double.c.o: ed25519/amd64-51-30k/sc25519.h
+ed25519/amd64-51-30k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/fe25519.h
+ed25519/amd64-51-30k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/compat.h
+ed25519/amd64-51-30k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/sc25519.h
+ed25519/amd64-51-30k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/ge25519.h
+ed25519/amd64-51-30k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/ge25519_base_slide_multiples.data
+ed25519/amd64-51-30k/ge25519_isneutral.c.o: ed25519/amd64-51-30k/fe25519.h
+ed25519/amd64-51-30k/ge25519_isneutral.c.o: ed25519/amd64-51-30k/compat.h
+ed25519/amd64-51-30k/ge25519_isneutral.c.o: ed25519/amd64-51-30k/ge25519.h
+ed25519/amd64-51-30k/ge25519_isneutral.c.o: ed25519/amd64-51-30k/sc25519.h
+ed25519/amd64-51-30k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/fe25519.h
+ed25519/amd64-51-30k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/compat.h
+ed25519/amd64-51-30k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/sc25519.h
+ed25519/amd64-51-30k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/ge25519.h
+ed25519/amd64-51-30k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/index_heap.h
+ed25519/amd64-51-30k/ge25519_pack.c.o: ed25519/amd64-51-30k/fe25519.h
+ed25519/amd64-51-30k/ge25519_pack.c.o: ed25519/amd64-51-30k/compat.h
+ed25519/amd64-51-30k/ge25519_pack.c.o: ed25519/amd64-51-30k/sc25519.h
+ed25519/amd64-51-30k/ge25519_pack.c.o: ed25519/amd64-51-30k/ge25519.h
+ed25519/amd64-51-30k/ge25519_scalarmult_base.c.o: ed25519/amd64-51-30k/fe25519.h
+ed25519/amd64-51-30k/ge25519_scalarmult_base.c.o: ed25519/amd64-51-30k/compat.h
+ed25519/amd64-51-30k/ge25519_scalarmult_base.c.o: ed25519/amd64-51-30k/sc25519.h
+ed25519/amd64-51-30k/ge25519_scalarmult_base.c.o: ed25519/amd64-51-30k/ge25519.h
+ed25519/amd64-51-30k/ge25519_scalarmult_base.c.o: ed25519/amd64-51-30k/ge25519_base_niels_smalltables.data
+ed25519/amd64-51-30k/ge25519_unpackneg.c.o: ed25519/amd64-51-30k/fe25519.h
+ed25519/amd64-51-30k/ge25519_unpackneg.c.o: ed25519/amd64-51-30k/compat.h
+ed25519/amd64-51-30k/ge25519_unpackneg.c.o: ed25519/amd64-51-30k/ge25519.h
+ed25519/amd64-51-30k/ge25519_unpackneg.c.o: ed25519/amd64-51-30k/sc25519.h
+ed25519/amd64-51-30k/hram.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h
+ed25519/amd64-51-30k/hram.c.o: ed25519/amd64-51-30k/hram.h
+ed25519/amd64-51-30k/index_heap.c.o: ed25519/amd64-51-30k/sc25519.h
+ed25519/amd64-51-30k/index_heap.c.o: ed25519/amd64-51-30k/compat.h
+ed25519/amd64-51-30k/index_heap.c.o: ed25519/amd64-51-30k/index_heap.h
+ed25519/amd64-51-30k/keypair.c.o: ed25519/amd64-51-30k/crypto_sign.h
+ed25519/amd64-51-30k/keypair.c.o: ed25519/amd64-51-30k/ed25519.h
+ed25519/amd64-51-30k/keypair.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h
+ed25519/amd64-51-30k/keypair.c.o: ed25519/amd64-51-30k/randombytes.h
+ed25519/amd64-51-30k/keypair.c.o: ed25519/amd64-51-30k/ge25519.h
+ed25519/amd64-51-30k/keypair.c.o: ed25519/amd64-51-30k/fe25519.h
+ed25519/amd64-51-30k/keypair.c.o: ed25519/amd64-51-30k/compat.h
+ed25519/amd64-51-30k/keypair.c.o: ed25519/amd64-51-30k/sc25519.h
+ed25519/amd64-51-30k/open.c.o: ed25519/amd64-51-30k/crypto_sign.h
+ed25519/amd64-51-30k/open.c.o: ed25519/amd64-51-30k/ed25519.h
+ed25519/amd64-51-30k/open.c.o: ed25519/amd64-51-30k/crypto_verify_32.h
+ed25519/amd64-51-30k/open.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h
+ed25519/amd64-51-30k/open.c.o: ed25519/amd64-51-30k/ge25519.h
+ed25519/amd64-51-30k/open.c.o: ed25519/amd64-51-30k/fe25519.h
+ed25519/amd64-51-30k/open.c.o: ed25519/amd64-51-30k/compat.h
+ed25519/amd64-51-30k/open.c.o: ed25519/amd64-51-30k/sc25519.h
+ed25519/amd64-51-30k/sc25519_from32bytes.c.o: ed25519/amd64-51-30k/sc25519.h
+ed25519/amd64-51-30k/sc25519_from32bytes.c.o: ed25519/amd64-51-30k/compat.h
+ed25519/amd64-51-30k/sc25519_from64bytes.c.o: ed25519/amd64-51-30k/sc25519.h
+ed25519/amd64-51-30k/sc25519_from64bytes.c.o: ed25519/amd64-51-30k/compat.h
+ed25519/amd64-51-30k/sc25519_from_shortsc.c.o: ed25519/amd64-51-30k/sc25519.h
+ed25519/amd64-51-30k/sc25519_from_shortsc.c.o: ed25519/amd64-51-30k/compat.h
+ed25519/amd64-51-30k/sc25519_iszero.c.o: ed25519/amd64-51-30k/sc25519.h
+ed25519/amd64-51-30k/sc25519_iszero.c.o: ed25519/amd64-51-30k/compat.h
+ed25519/amd64-51-30k/sc25519_mul.c.o: ed25519/amd64-51-30k/sc25519.h
+ed25519/amd64-51-30k/sc25519_mul.c.o: ed25519/amd64-51-30k/compat.h
+ed25519/amd64-51-30k/sc25519_mul_shortsc.c.o: ed25519/amd64-51-30k/sc25519.h
+ed25519/amd64-51-30k/sc25519_mul_shortsc.c.o: ed25519/amd64-51-30k/compat.h
+ed25519/amd64-51-30k/sc25519_slide.c.o: ed25519/amd64-51-30k/sc25519.h
+ed25519/amd64-51-30k/sc25519_slide.c.o: ed25519/amd64-51-30k/compat.h
+ed25519/amd64-51-30k/sc25519_to32bytes.c.o: ed25519/amd64-51-30k/sc25519.h
+ed25519/amd64-51-30k/sc25519_to32bytes.c.o: ed25519/amd64-51-30k/compat.h
+ed25519/amd64-51-30k/sc25519_window4.c.o: ed25519/amd64-51-30k/sc25519.h
+ed25519/amd64-51-30k/sc25519_window4.c.o: ed25519/amd64-51-30k/compat.h
+ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/crypto_sign.h
+ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/ed25519.h
+ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h
+ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/ge25519.h
+ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/fe25519.h
+ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/compat.h
+ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/sc25519.h
+ed25519/amd64-64-24k/fe25519_batchinvert.c.o: ed25519/amd64-64-24k/fe25519.h
+ed25519/amd64-64-24k/fe25519_batchinvert.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/fe25519_getparity.c.o: ed25519/amd64-64-24k/fe25519.h
+ed25519/amd64-64-24k/fe25519_getparity.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/fe25519_invert.c.o: ed25519/amd64-64-24k/fe25519.h
+ed25519/amd64-64-24k/fe25519_invert.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/fe25519_iseq.c.o: ed25519/amd64-64-24k/fe25519.h
+ed25519/amd64-64-24k/fe25519_iseq.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/fe25519_iszero.c.o: ed25519/amd64-64-24k/fe25519.h
+ed25519/amd64-64-24k/fe25519_iszero.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/fe25519_neg.c.o: ed25519/amd64-64-24k/fe25519.h
+ed25519/amd64-64-24k/fe25519_neg.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/fe25519_pack.c.o: ed25519/amd64-64-24k/fe25519.h
+ed25519/amd64-64-24k/fe25519_pack.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/fe25519_pow2523.c.o: ed25519/amd64-64-24k/fe25519.h
+ed25519/amd64-64-24k/fe25519_pow2523.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/fe25519_setint.c.o: ed25519/amd64-64-24k/fe25519.h
+ed25519/amd64-64-24k/fe25519_setint.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/fe25519_unpack.c.o: ed25519/amd64-64-24k/fe25519.h
+ed25519/amd64-64-24k/fe25519_unpack.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/ge25519_add.c.o: ed25519/amd64-64-24k/ge25519.h
+ed25519/amd64-64-24k/ge25519_add.c.o: ed25519/amd64-64-24k/fe25519.h
+ed25519/amd64-64-24k/ge25519_add.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/ge25519_add.c.o: ed25519/amd64-64-24k/sc25519.h
+ed25519/amd64-64-24k/ge25519_base.c.o: ed25519/amd64-64-24k/ge25519.h
+ed25519/amd64-64-24k/ge25519_base.c.o: ed25519/amd64-64-24k/fe25519.h
+ed25519/amd64-64-24k/ge25519_base.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/ge25519_base.c.o: ed25519/amd64-64-24k/sc25519.h
+ed25519/amd64-64-24k/ge25519_batchpack.c.o: ed25519/amd64-64-24k/fe25519.h
+ed25519/amd64-64-24k/ge25519_batchpack.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/ge25519_batchpack.c.o: ed25519/amd64-64-24k/ge25519.h
+ed25519/amd64-64-24k/ge25519_batchpack.c.o: ed25519/amd64-64-24k/sc25519.h
+ed25519/amd64-64-24k/ge25519_double.c.o: ed25519/amd64-64-24k/ge25519.h
+ed25519/amd64-64-24k/ge25519_double.c.o: ed25519/amd64-64-24k/fe25519.h
+ed25519/amd64-64-24k/ge25519_double.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/ge25519_double.c.o: ed25519/amd64-64-24k/sc25519.h
+ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-64-24k/fe25519.h
+ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-64-24k/sc25519.h
+ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-64-24k/ge25519.h
+ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-64-24k/ge25519_base_slide_multiples.data
+ed25519/amd64-64-24k/ge25519_isneutral.c.o: ed25519/amd64-64-24k/fe25519.h
+ed25519/amd64-64-24k/ge25519_isneutral.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/ge25519_isneutral.c.o: ed25519/amd64-64-24k/ge25519.h
+ed25519/amd64-64-24k/ge25519_isneutral.c.o: ed25519/amd64-64-24k/sc25519.h
+ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-64-24k/fe25519.h
+ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-64-24k/sc25519.h
+ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-64-24k/ge25519.h
+ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-64-24k/index_heap.h
+ed25519/amd64-64-24k/ge25519_pack.c.o: ed25519/amd64-64-24k/fe25519.h
+ed25519/amd64-64-24k/ge25519_pack.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/ge25519_pack.c.o: ed25519/amd64-64-24k/sc25519.h
+ed25519/amd64-64-24k/ge25519_pack.c.o: ed25519/amd64-64-24k/ge25519.h
+ed25519/amd64-64-24k/ge25519_scalarmult_base.c.o: ed25519/amd64-64-24k/fe25519.h
+ed25519/amd64-64-24k/ge25519_scalarmult_base.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/ge25519_scalarmult_base.c.o: ed25519/amd64-64-24k/sc25519.h
+ed25519/amd64-64-24k/ge25519_scalarmult_base.c.o: ed25519/amd64-64-24k/ge25519.h
+ed25519/amd64-64-24k/ge25519_scalarmult_base.c.o: ed25519/amd64-64-24k/ge25519_base_niels.data
+ed25519/amd64-64-24k/ge25519_unpackneg.c.o: ed25519/amd64-64-24k/fe25519.h
+ed25519/amd64-64-24k/ge25519_unpackneg.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/ge25519_unpackneg.c.o: ed25519/amd64-64-24k/ge25519.h
+ed25519/amd64-64-24k/ge25519_unpackneg.c.o: ed25519/amd64-64-24k/sc25519.h
+ed25519/amd64-64-24k/hram.c.o: ed25519/amd64-64-24k/crypto_hash_sha512.h
+ed25519/amd64-64-24k/hram.c.o: ed25519/amd64-64-24k/hram.h
+ed25519/amd64-64-24k/index_heap.c.o: ed25519/amd64-64-24k/sc25519.h
+ed25519/amd64-64-24k/index_heap.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/index_heap.c.o: ed25519/amd64-64-24k/index_heap.h
+ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-64-24k/crypto_sign.h
+ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-64-24k/ed25519.h
+ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-64-24k/crypto_hash_sha512.h
+ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-64-24k/randombytes.h
+ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-64-24k/ge25519.h
+ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-64-24k/fe25519.h
+ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-64-24k/sc25519.h
+ed25519/amd64-64-24k/open.c.o: ed25519/amd64-64-24k/crypto_sign.h
+ed25519/amd64-64-24k/open.c.o: ed25519/amd64-64-24k/ed25519.h
+ed25519/amd64-64-24k/open.c.o: ed25519/amd64-64-24k/crypto_verify_32.h
+ed25519/amd64-64-24k/open.c.o: ed25519/amd64-64-24k/crypto_hash_sha512.h
+ed25519/amd64-64-24k/open.c.o: ed25519/amd64-64-24k/ge25519.h
+ed25519/amd64-64-24k/open.c.o: ed25519/amd64-64-24k/fe25519.h
+ed25519/amd64-64-24k/open.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/open.c.o: ed25519/amd64-64-24k/sc25519.h
+ed25519/amd64-64-24k/sc25519_from32bytes.c.o: ed25519/amd64-64-24k/sc25519.h
+ed25519/amd64-64-24k/sc25519_from32bytes.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/sc25519_from64bytes.c.o: ed25519/amd64-64-24k/sc25519.h
+ed25519/amd64-64-24k/sc25519_from64bytes.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/sc25519_from_shortsc.c.o: ed25519/amd64-64-24k/sc25519.h
+ed25519/amd64-64-24k/sc25519_from_shortsc.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/sc25519_iszero.c.o: ed25519/amd64-64-24k/sc25519.h
+ed25519/amd64-64-24k/sc25519_iszero.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/sc25519_mul.c.o: ed25519/amd64-64-24k/sc25519.h
+ed25519/amd64-64-24k/sc25519_mul.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/sc25519_mul_shortsc.c.o: ed25519/amd64-64-24k/sc25519.h
+ed25519/amd64-64-24k/sc25519_mul_shortsc.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/sc25519_slide.c.o: ed25519/amd64-64-24k/sc25519.h
+ed25519/amd64-64-24k/sc25519_slide.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/sc25519_to32bytes.c.o: ed25519/amd64-64-24k/sc25519.h
+ed25519/amd64-64-24k/sc25519_to32bytes.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/sc25519_window4.c.o: ed25519/amd64-64-24k/sc25519.h
+ed25519/amd64-64-24k/sc25519_window4.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-64-24k/crypto_sign.h
+ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-64-24k/ed25519.h
+ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-64-24k/crypto_hash_sha512.h
+ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-64-24k/ge25519.h
+ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-64-24k/fe25519.h
+ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-64-24k/compat.h
+ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-64-24k/sc25519.h
+ed25519/ref10/fe_0.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h
+ed25519/ref10/fe_1.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h
+ed25519/ref10/fe_add.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h
+ed25519/ref10/fe_batchinvert.c.o: ed25519/ref10/fe.h
+ed25519/ref10/fe_batchinvert.c.o: ed25519/ref10/crypto_int32.h
+ed25519/ref10/fe_cmov.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h
+ed25519/ref10/fe_copy.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h
+ed25519/ref10/fe_frombytes.c.o: ed25519/ref10/fe.h
+ed25519/ref10/fe_frombytes.c.o: ed25519/ref10/crypto_int32.h
+ed25519/ref10/fe_frombytes.c.o: ed25519/ref10/crypto_int64.h
+ed25519/ref10/fe_frombytes.c.o: ed25519/ref10/crypto_uint64.h
+ed25519/ref10/fe_invert.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h
+ed25519/ref10/fe_invert.c.o: ed25519/ref10/pow225521.h
+ed25519/ref10/fe_isnegative.c.o: ed25519/ref10/fe.h
+ed25519/ref10/fe_isnegative.c.o: ed25519/ref10/crypto_int32.h
+ed25519/ref10/fe_isnonzero.c.o: ed25519/ref10/fe.h
+ed25519/ref10/fe_isnonzero.c.o: ed25519/ref10/crypto_int32.h
+ed25519/ref10/fe_isnonzero.c.o: ed25519/ref10/crypto_verify_32.h
+ed25519/ref10/fe_mul.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h
+ed25519/ref10/fe_mul.c.o: ed25519/ref10/crypto_int64.h
+ed25519/ref10/fe_neg.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h
+ed25519/ref10/fe_pow22523.c.o: ed25519/ref10/fe.h
+ed25519/ref10/fe_pow22523.c.o: ed25519/ref10/crypto_int32.h
+ed25519/ref10/fe_pow22523.c.o: ed25519/ref10/pow22523.h
+ed25519/ref10/fe_sq.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h
+ed25519/ref10/fe_sq.c.o: ed25519/ref10/crypto_int64.h
+ed25519/ref10/fe_sq2.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h
+ed25519/ref10/fe_sq2.c.o: ed25519/ref10/crypto_int64.h
+ed25519/ref10/fe_sub.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h
+ed25519/ref10/fe_tobytes.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h
+ed25519/ref10/ge_add.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h
+ed25519/ref10/ge_add.c.o: ed25519/ref10/crypto_int32.h ed25519/ref10/ge_add.h
+ed25519/ref10/ge_double_scalarmult.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h
+ed25519/ref10/ge_double_scalarmult.c.o: ed25519/ref10/crypto_int32.h
+ed25519/ref10/ge_double_scalarmult.c.o: ed25519/ref10/base2.h
+ed25519/ref10/ge_frombytes.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h
+ed25519/ref10/ge_frombytes.c.o: ed25519/ref10/crypto_int32.h
+ed25519/ref10/ge_frombytes.c.o: ed25519/ref10/d.h ed25519/ref10/sqrtm1.h
+ed25519/ref10/ge_madd.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h
+ed25519/ref10/ge_madd.c.o: ed25519/ref10/crypto_int32.h
+ed25519/ref10/ge_madd.c.o: ed25519/ref10/ge_madd.h
+ed25519/ref10/ge_msub.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h
+ed25519/ref10/ge_msub.c.o: ed25519/ref10/crypto_int32.h
+ed25519/ref10/ge_msub.c.o: ed25519/ref10/ge_msub.h
+ed25519/ref10/ge_p1p1_to_p2.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h
+ed25519/ref10/ge_p1p1_to_p2.c.o: ed25519/ref10/crypto_int32.h
+ed25519/ref10/ge_p1p1_to_p3.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h
+ed25519/ref10/ge_p1p1_to_p3.c.o: ed25519/ref10/crypto_int32.h
+ed25519/ref10/ge_p2_0.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h
+ed25519/ref10/ge_p2_0.c.o: ed25519/ref10/crypto_int32.h
+ed25519/ref10/ge_p2_dbl.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h
+ed25519/ref10/ge_p2_dbl.c.o: ed25519/ref10/crypto_int32.h
+ed25519/ref10/ge_p2_dbl.c.o: ed25519/ref10/ge_p2_dbl.h
+ed25519/ref10/ge_p3_0.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h
+ed25519/ref10/ge_p3_0.c.o: ed25519/ref10/crypto_int32.h
+ed25519/ref10/ge_p3_batchtobytes.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h
+ed25519/ref10/ge_p3_batchtobytes.c.o: ed25519/ref10/crypto_int32.h
+ed25519/ref10/ge_p3_dbl.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h
+ed25519/ref10/ge_p3_dbl.c.o: ed25519/ref10/crypto_int32.h
+ed25519/ref10/ge_p3_to_cached.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h
+ed25519/ref10/ge_p3_to_cached.c.o: ed25519/ref10/crypto_int32.h
+ed25519/ref10/ge_p3_to_cached.c.o: ed25519/ref10/d2.h
+ed25519/ref10/ge_p3_to_p2.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h
+ed25519/ref10/ge_p3_to_p2.c.o: ed25519/ref10/crypto_int32.h
+ed25519/ref10/ge_p3_tobytes.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h
+ed25519/ref10/ge_p3_tobytes.c.o: ed25519/ref10/crypto_int32.h
+ed25519/ref10/ge_precomp_0.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h
+ed25519/ref10/ge_precomp_0.c.o: ed25519/ref10/crypto_int32.h
+ed25519/ref10/ge_scalarmult_base.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h
+ed25519/ref10/ge_scalarmult_base.c.o: ed25519/ref10/crypto_int32.h
+ed25519/ref10/ge_scalarmult_base.c.o: ed25519/ref10/crypto_uint32.h
+ed25519/ref10/ge_scalarmult_base.c.o: ed25519/ref10/base.h
+ed25519/ref10/ge_sub.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h
+ed25519/ref10/ge_sub.c.o: ed25519/ref10/crypto_int32.h ed25519/ref10/ge_sub.h
+ed25519/ref10/ge_tobytes.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h
+ed25519/ref10/ge_tobytes.c.o: ed25519/ref10/crypto_int32.h
+ed25519/ref10/keypair.c.o: ed25519/ref10/randombytes.h
+ed25519/ref10/keypair.c.o: ed25519/ref10/crypto_sign.h
+ed25519/ref10/keypair.c.o: ed25519/ref10/ed25519.h
+ed25519/ref10/keypair.c.o: ed25519/ref10/crypto_hash_sha512.h
+ed25519/ref10/keypair.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h
+ed25519/ref10/keypair.c.o: ed25519/ref10/crypto_int32.h
+ed25519/ref10/open.c.o: ed25519/ref10/crypto_sign.h ed25519/ref10/ed25519.h
+ed25519/ref10/open.c.o: ed25519/ref10/crypto_hash_sha512.h
+ed25519/ref10/open.c.o: ed25519/ref10/crypto_verify_32.h ed25519/ref10/ge.h
+ed25519/ref10/open.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h
+ed25519/ref10/open.c.o: ed25519/ref10/sc.h
+ed25519/ref10/sc_muladd.c.o: ed25519/ref10/sc.h ed25519/ref10/crypto_int64.h
+ed25519/ref10/sc_muladd.c.o: ed25519/ref10/crypto_uint32.h
+ed25519/ref10/sc_muladd.c.o: ed25519/ref10/crypto_uint64.h
+ed25519/ref10/sc_reduce.c.o: ed25519/ref10/sc.h ed25519/ref10/crypto_int64.h
+ed25519/ref10/sc_reduce.c.o: ed25519/ref10/crypto_uint32.h
+ed25519/ref10/sc_reduce.c.o: ed25519/ref10/crypto_uint64.h
+ed25519/ref10/sign.c.o: ed25519/ref10/crypto_sign.h ed25519/ref10/ed25519.h
+ed25519/ref10/sign.c.o: ed25519/ref10/crypto_hash_sha512.h ed25519/ref10/ge.h
+ed25519/ref10/sign.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h
+ed25519/ref10/sign.c.o: ed25519/ref10/sc.h
+ioutil.c.o: types.h ioutil.h vec.h
+keccak.c.o: types.h keccak.h
+main.c.o: types.h vec.h base32.h cpucount.h keccak.h ioutil.h common.h yaml.h
+main.c.o: filters.h worker.h likely.h filters_inc.inc.h filters_main.inc.h
+main.c.o: filters_common.inc.h ifilter_bitsum.h
+test_base16.c.o: types.h base16.h
+test_base32.c.o: types.h base32.h
+test_base64.c.o: types.h base64.h
+test_ed25519.c.o: types.h base16.h ed25519/ed25519.h
+test_ed25519.c.o: ed25519/ed25519_impl_pre.h ed25519/ref10/crypto_sign.h
+test_ed25519.c.o: ed25519/ref10/ed25519.h ed25519/ref10/ge.h
+test_ed25519.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h
+test_ed25519.c.o: ed25519/amd64-51-30k/crypto_sign.h
+test_ed25519.c.o: ed25519/amd64-51-30k/ed25519.h
+test_ed25519.c.o: ed25519/amd64-51-30k/ge25519.h
+test_ed25519.c.o: ed25519/amd64-51-30k/fe25519.h
+test_ed25519.c.o: ed25519/amd64-51-30k/compat.h
+test_ed25519.c.o: ed25519/amd64-51-30k/sc25519.h
+test_ed25519.c.o: ed25519/amd64-64-24k/crypto_sign.h
+test_ed25519.c.o: ed25519/amd64-64-24k/ed25519.h
+test_ed25519.c.o: ed25519/amd64-64-24k/ge25519.h
+test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna.h
+test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-portable.h
+test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-portable-identify.h
+test_ed25519.c.o: ed25519/ed25519-donna/curve25519-donna-sse2.h
+test_ed25519.c.o: ed25519/ed25519-donna/curve25519-donna-64bit.h
+test_ed25519.c.o: ed25519/ed25519-donna/curve25519-donna-32bit.h
+test_ed25519.c.o: ed25519/ed25519-donna/curve25519-donna-helpers.h
+test_ed25519.c.o: ed25519/ed25519-donna/modm-donna-64bit.h
+test_ed25519.c.o: ed25519/ed25519-donna/modm-donna-32bit.h
+test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-basepoint-table.h
+test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-tables.h
+test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-x86.h
+test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-32bit-tables.h
+test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-x86-32bit.h
+test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-32bit-sse2.h
+test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-sse2.h
+test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-impl-sse2.h
+test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-impl-base.h testutil.h
+test_ed25519.c.o: ed25519/ed25519_impl_post.h
+vec.c.o: vec.h
+worker.c.o: types.h likely.h vec.h base32.h keccak.h ioutil.h common.h yaml.h
+worker.c.o: worker.h filters.h filters_inc.inc.h filters_worker.inc.h
+worker.c.o: filters_common.inc.h ed25519/ed25519.h worker_impl.inc.h
+worker.c.o: ed25519/ed25519_impl_pre.h ed25519/ref10/crypto_sign.h
+worker.c.o: ed25519/ref10/ed25519.h ed25519/ref10/ge.h ed25519/ref10/fe.h
+worker.c.o: ed25519/ref10/crypto_int32.h ed25519/amd64-51-30k/crypto_sign.h
+worker.c.o: ed25519/amd64-51-30k/ed25519.h ed25519/amd64-51-30k/ge25519.h
+worker.c.o: ed25519/amd64-51-30k/fe25519.h ed25519/amd64-51-30k/compat.h
+worker.c.o: ed25519/amd64-51-30k/sc25519.h ed25519/amd64-64-24k/crypto_sign.h
+worker.c.o: ed25519/amd64-64-24k/ed25519.h ed25519/amd64-64-24k/ge25519.h
+worker.c.o: ed25519/ed25519-donna/ed25519-donna.h
+worker.c.o: ed25519/ed25519-donna/ed25519-donna-portable.h
+worker.c.o: ed25519/ed25519-donna/ed25519-donna-portable-identify.h
+worker.c.o: ed25519/ed25519-donna/curve25519-donna-sse2.h
+worker.c.o: ed25519/ed25519-donna/curve25519-donna-64bit.h
+worker.c.o: ed25519/ed25519-donna/curve25519-donna-32bit.h
+worker.c.o: ed25519/ed25519-donna/curve25519-donna-helpers.h
+worker.c.o: ed25519/ed25519-donna/modm-donna-64bit.h
+worker.c.o: ed25519/ed25519-donna/modm-donna-32bit.h
+worker.c.o: ed25519/ed25519-donna/ed25519-donna-basepoint-table.h
+worker.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-tables.h
+worker.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-x86.h
+worker.c.o: ed25519/ed25519-donna/ed25519-donna-32bit-tables.h
+worker.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-x86-32bit.h
+worker.c.o: ed25519/ed25519-donna/ed25519-donna-32bit-sse2.h
+worker.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-sse2.h
+worker.c.o: ed25519/ed25519-donna/ed25519-donna-impl-sse2.h
+worker.c.o: ed25519/ed25519-donna/ed25519-donna-impl-base.h
+worker.c.o: worker_batch.inc.h worker_batch_pass.inc.h
+worker.c.o: ed25519/ed25519_impl_post.h
+yaml.c.o: types.h yaml.h ioutil.h base32.h base64.h common.h
--- a/Makefile.in
+++ b/Makefile.in
@ -1,405 +0,0 @@
-
-CC= @CC@
-CSTD= @CSTD@
-ifeq ($(OS),Windows_NT)
-	CSTD+= -Wno-pedantic-ms-format
-endif
-CFLAGS= $(CSTD) @CFLAGS@ @CPPFLAGS@ -DED25519_@ED25519IMPL@ @MYDEFS@
-ASFLAGS=
-LDFLAGS= @NOPIE@ @LDFLAGS@
-MV= mv
-
-ED25519_DEFS= -DED25519_ref10 -DED25519_amd64_51_30k -DED25519_amd64_64_24k -DED25519_donna
-ED25519_ref10= $(patsubst %.c,%.c.o,$(wildcard ed25519/ref10/*.c))
-ED25519_amd64_51_30k= \
-	$(patsubst %.c,%.c.o,$(wildcard ed25519/amd64-51-30k/*.c)) \
-	$(patsubst %.s,%.s.o,$(wildcard ed25519/amd64-51-30k/*.s))
-ED25519_amd64_64_24k= \
-	$(patsubst %.c,%.c.o,$(wildcard ed25519/amd64-64-24k/*.c)) \
-	$(patsubst %.s,%.s.o,$(wildcard ed25519/amd64-64-24k/*.s))
-ED25519_donna=
-ED25519OBJ= $(ED25519_@ED25519IMPL@)
-
-MAINOBJ= \
-	main.c.o \
-	vec.c.o \
-	cpucount.c.o \
-	base32_to.c.o \
-	base32_from.c.o \
-	ioutil.c.o \
-	$(ED25519OBJ) \
-	keccak.c.o
-
-TEST_BASE32OBJ= \
-	test_base32.c.o \
-	base32_to.c.o \
-	base32_from.c.o
-
-TEST_BASE16OBJ= \
-	test_base16.c.o \
-	base16_to.c.o \
-	base16_from.c.o
-
-TEST_ED25519OBJ= \
-	test_ed25519.c.o \
-	base16_to.c.o \
-	base16_from.c.o \
-	$(ED25519OBJ)
-
-ALLO= $(sort \
-	$(MAINOBJ) \
-	$(TEST_BASE32OBJ) \
-	$(TEST_BASE16OBJ) \
-	$(TEST_ED25519OBJ) \
-	$(ED25519_ref10) \
-	$(ED25519_amd64_51_30k) \
-	$(ED25519_amd64_64_24k))
-ALLC= $(patsubst %.c.o,%.c,$(filter %.c.o %.c,$(ALLO)))
-CLEANO= $(filter %.o,$(ALLO))
-
-MAINLIB= -lpthread -lsodium @MAINLIB@
-TEST_ED25519LIB= -lsodium
-
-EXE= mkp224o test_base32 test_base16 test_ed25519
-
-default: mkp224o
-
-all: $(EXE)
-
-mkp224o: $(MAINOBJ)
-	$(CC) $(LDFLAGS) $(CFLAGS) -o $@.tmp $^ $(MAINLIB) && $(MV) $@.tmp $@
-
-test_base32: $(TEST_BASE32OBJ)
-	$(CC) $(LDFLAGS) $(CFLAGS) -o $@.tmp $^ && $(MV) $@.tmp $@
-
-test_base16: $(TEST_BASE16OBJ)
-	$(CC) $(LDFLAGS) $(CFLAGS) -o $@.tmp $^ && $(MV) $@.tmp $@
-
-test_ed25519: $(TEST_ED25519OBJ)
-	$(CC) $(LDFLAGS) $(CFLAGS) -o $@.tmp $^ $(TEST_ED25519LIB) && $(MV) $@.tmp $@
-
-%.c.o: %.c
-	$(CC) $(CFLAGS) -c -o $@.tmp $< && $(MV) $@.tmp $@
-
-%.s.o: %.s
-	$(CC) $(ASFLAGS) -c -o $@.tmp $< && $(MV) $@.tmp $@
-
-clean:
-	$(RM) $(CLEANO)
-	$(RM) $(EXE)
-
-distclean:
-	$(RM) $(CLEANO)
-	$(RM) $(EXE)
-	$(RM) -r autom4te.cache
-	$(RM) configure config.status config.log
-	$(RM) Makefile
-
-depend:
-	makedepend -Y -fMakefile.in -o.c.o -- $(CSTD) $(ED25519_DEFS) -- $(ALLC)
-
-# DO NOT DELETE THIS LINE
-
-base16_from.c.o: types.h base16.h
-base16_to.c.o: types.h base16.h
-base32_from.c.o: types.h base32.h
-base32_to.c.o: types.h base32.h
-cpucount.c.o: cpucount.h
-ed25519/amd64-51-30k/batch.c.o: ed25519/amd64-51-30k/crypto_sign.h
-ed25519/amd64-51-30k/batch.c.o: ed25519/amd64-51-30k/ed25519.h
-ed25519/amd64-51-30k/batch.c.o: ed25519/amd64-51-30k/crypto_verify_32.h
-ed25519/amd64-51-30k/batch.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h
-ed25519/amd64-51-30k/batch.c.o: ed25519/amd64-51-30k/randombytes.h
-ed25519/amd64-51-30k/batch.c.o: ed25519/amd64-51-30k/ge25519.h
-ed25519/amd64-51-30k/batch.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-51-30k/batch.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-51-30k/batch.c.o: ed25519/amd64-51-30k/hram.h
-ed25519/amd64-51-30k/fe25519_add.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-51-30k/fe25519_getparity.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-51-30k/fe25519_invert.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-51-30k/fe25519_iseq.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-51-30k/fe25519_iszero.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-51-30k/fe25519_neg.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-51-30k/fe25519_pack.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-51-30k/fe25519_pow2523.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-51-30k/fe25519_setint.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-51-30k/fe25519_sub.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-51-30k/fe25519_unpack.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-51-30k/ge25519_add.c.o: ed25519/amd64-51-30k/ge25519.h
-ed25519/amd64-51-30k/ge25519_add.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-51-30k/ge25519_add.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-51-30k/ge25519_base.c.o: ed25519/amd64-51-30k/ge25519.h
-ed25519/amd64-51-30k/ge25519_base.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-51-30k/ge25519_base.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-51-30k/ge25519_double.c.o: ed25519/amd64-51-30k/ge25519.h
-ed25519/amd64-51-30k/ge25519_double.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-51-30k/ge25519_double.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-51-30k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-51-30k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-51-30k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/ge25519.h
-ed25519/amd64-51-30k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/ge25519_base_slide_multiples.data
-ed25519/amd64-51-30k/ge25519_isneutral.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-51-30k/ge25519_isneutral.c.o: ed25519/amd64-51-30k/ge25519.h
-ed25519/amd64-51-30k/ge25519_isneutral.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-51-30k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-51-30k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-51-30k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/ge25519.h
-ed25519/amd64-51-30k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/index_heap.h
-ed25519/amd64-51-30k/ge25519_pack.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-51-30k/ge25519_pack.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-51-30k/ge25519_pack.c.o: ed25519/amd64-51-30k/ge25519.h
-ed25519/amd64-51-30k/ge25519_scalarmult_base.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-51-30k/ge25519_scalarmult_base.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-51-30k/ge25519_scalarmult_base.c.o: ed25519/amd64-51-30k/ge25519.h
-ed25519/amd64-51-30k/ge25519_scalarmult_base.c.o: ed25519/amd64-51-30k/ge25519_base_niels_smalltables.data
-ed25519/amd64-51-30k/ge25519_unpackneg.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-51-30k/ge25519_unpackneg.c.o: ed25519/amd64-51-30k/ge25519.h
-ed25519/amd64-51-30k/ge25519_unpackneg.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-51-30k/hram.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h
-ed25519/amd64-51-30k/hram.c.o: ed25519/amd64-51-30k/hram.h
-ed25519/amd64-51-30k/index_heap.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-51-30k/index_heap.c.o: ed25519/amd64-51-30k/index_heap.h
-ed25519/amd64-51-30k/keypair.c.o: ed25519/amd64-51-30k/crypto_sign.h
-ed25519/amd64-51-30k/keypair.c.o: ed25519/amd64-51-30k/ed25519.h
-ed25519/amd64-51-30k/keypair.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h
-ed25519/amd64-51-30k/keypair.c.o: ed25519/amd64-51-30k/randombytes.h
-ed25519/amd64-51-30k/keypair.c.o: ed25519/amd64-51-30k/ge25519.h
-ed25519/amd64-51-30k/keypair.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-51-30k/keypair.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-51-30k/open.c.o: ed25519/amd64-51-30k/crypto_sign.h
-ed25519/amd64-51-30k/open.c.o: ed25519/amd64-51-30k/ed25519.h
-ed25519/amd64-51-30k/open.c.o: ed25519/amd64-51-30k/crypto_verify_32.h
-ed25519/amd64-51-30k/open.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h
-ed25519/amd64-51-30k/open.c.o: ed25519/amd64-51-30k/ge25519.h
-ed25519/amd64-51-30k/open.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-51-30k/open.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-51-30k/sc25519_from32bytes.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-51-30k/sc25519_from64bytes.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-51-30k/sc25519_from_shortsc.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-51-30k/sc25519_iszero.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-51-30k/sc25519_mul.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-51-30k/sc25519_mul_shortsc.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-51-30k/sc25519_slide.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-51-30k/sc25519_to32bytes.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-51-30k/sc25519_window4.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/crypto_sign.h
-ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/ed25519.h
-ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h
-ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/ge25519.h
-ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-51-30k/sign.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-64-24k/batch.c.o: ed25519/amd64-51-30k/crypto_sign.h
-ed25519/amd64-64-24k/batch.c.o: ed25519/amd64-51-30k/ed25519.h
-ed25519/amd64-64-24k/batch.c.o: ed25519/amd64-51-30k/crypto_verify_32.h
-ed25519/amd64-64-24k/batch.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h
-ed25519/amd64-64-24k/batch.c.o: ed25519/amd64-51-30k/randombytes.h
-ed25519/amd64-64-24k/batch.c.o: ed25519/amd64-51-30k/ge25519.h
-ed25519/amd64-64-24k/batch.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-64-24k/batch.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-64-24k/batch.c.o: ed25519/amd64-51-30k/hram.h
-ed25519/amd64-64-24k/fe25519_getparity.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-64-24k/fe25519_invert.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-64-24k/fe25519_iseq.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-64-24k/fe25519_iszero.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-64-24k/fe25519_neg.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-64-24k/fe25519_pack.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-64-24k/fe25519_pow2523.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-64-24k/fe25519_setint.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-64-24k/fe25519_unpack.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-64-24k/ge25519_add.c.o: ed25519/amd64-51-30k/ge25519.h
-ed25519/amd64-64-24k/ge25519_add.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-64-24k/ge25519_add.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-64-24k/ge25519_base.c.o: ed25519/amd64-51-30k/ge25519.h
-ed25519/amd64-64-24k/ge25519_base.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-64-24k/ge25519_base.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-64-24k/ge25519_double.c.o: ed25519/amd64-51-30k/ge25519.h
-ed25519/amd64-64-24k/ge25519_double.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-64-24k/ge25519_double.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/ge25519.h
-ed25519/amd64-64-24k/ge25519_double_scalarmult.c.o: ed25519/amd64-51-30k/ge25519_base_slide_multiples.data
-ed25519/amd64-64-24k/ge25519_isneutral.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-64-24k/ge25519_isneutral.c.o: ed25519/amd64-51-30k/ge25519.h
-ed25519/amd64-64-24k/ge25519_isneutral.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/ge25519.h
-ed25519/amd64-64-24k/ge25519_multi_scalarmult.c.o: ed25519/amd64-51-30k/index_heap.h
-ed25519/amd64-64-24k/ge25519_pack.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-64-24k/ge25519_pack.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-64-24k/ge25519_pack.c.o: ed25519/amd64-51-30k/ge25519.h
-ed25519/amd64-64-24k/ge25519_scalarmult_base.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-64-24k/ge25519_scalarmult_base.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-64-24k/ge25519_scalarmult_base.c.o: ed25519/amd64-51-30k/ge25519.h
-ed25519/amd64-64-24k/ge25519_scalarmult_base.c.o: ed25519/amd64-64-24k/ge25519_base_niels.data
-ed25519/amd64-64-24k/ge25519_unpackneg.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-64-24k/ge25519_unpackneg.c.o: ed25519/amd64-51-30k/ge25519.h
-ed25519/amd64-64-24k/ge25519_unpackneg.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-64-24k/hram.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h
-ed25519/amd64-64-24k/hram.c.o: ed25519/amd64-51-30k/hram.h
-ed25519/amd64-64-24k/index_heap.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-64-24k/index_heap.c.o: ed25519/amd64-51-30k/index_heap.h
-ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-51-30k/crypto_sign.h
-ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-51-30k/ed25519.h
-ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h
-ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-51-30k/randombytes.h
-ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-51-30k/ge25519.h
-ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-64-24k/keypair.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-64-24k/open.c.o: ed25519/amd64-51-30k/crypto_sign.h
-ed25519/amd64-64-24k/open.c.o: ed25519/amd64-51-30k/ed25519.h
-ed25519/amd64-64-24k/open.c.o: ed25519/amd64-51-30k/crypto_verify_32.h
-ed25519/amd64-64-24k/open.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h
-ed25519/amd64-64-24k/open.c.o: ed25519/amd64-51-30k/ge25519.h
-ed25519/amd64-64-24k/open.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-64-24k/open.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-64-24k/sc25519_from32bytes.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-64-24k/sc25519_from64bytes.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-64-24k/sc25519_from_shortsc.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-64-24k/sc25519_iszero.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-64-24k/sc25519_mul.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-64-24k/sc25519_mul_shortsc.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-64-24k/sc25519_slide.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-64-24k/sc25519_to32bytes.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-64-24k/sc25519_window4.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-51-30k/crypto_sign.h
-ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-51-30k/ed25519.h
-ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h
-ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-51-30k/ge25519.h
-ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-51-30k/fe25519.h
-ed25519/amd64-64-24k/sign.c.o: ed25519/amd64-51-30k/sc25519.h
-ed25519/ref10/fe_0.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h
-ed25519/ref10/fe_1.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h
-ed25519/ref10/fe_add.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h
-ed25519/ref10/fe_cmov.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h
-ed25519/ref10/fe_copy.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h
-ed25519/ref10/fe_frombytes.c.o: ed25519/ref10/fe.h
-ed25519/ref10/fe_frombytes.c.o: ed25519/ref10/crypto_int32.h
-ed25519/ref10/fe_frombytes.c.o: ed25519/ref10/crypto_int64.h
-ed25519/ref10/fe_frombytes.c.o: ed25519/ref10/crypto_uint64.h
-ed25519/ref10/fe_invert.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h
-ed25519/ref10/fe_invert.c.o: ed25519/ref10/pow225521.h
-ed25519/ref10/fe_isnegative.c.o: ed25519/ref10/fe.h
-ed25519/ref10/fe_isnegative.c.o: ed25519/ref10/crypto_int32.h
-ed25519/ref10/fe_isnonzero.c.o: ed25519/ref10/fe.h
-ed25519/ref10/fe_isnonzero.c.o: ed25519/ref10/crypto_int32.h
-ed25519/ref10/fe_isnonzero.c.o: ed25519/amd64-51-30k/crypto_verify_32.h
-ed25519/ref10/fe_mul.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h
-ed25519/ref10/fe_mul.c.o: ed25519/ref10/crypto_int64.h
-ed25519/ref10/fe_neg.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h
-ed25519/ref10/fe_pow22523.c.o: ed25519/ref10/fe.h
-ed25519/ref10/fe_pow22523.c.o: ed25519/ref10/crypto_int32.h
-ed25519/ref10/fe_pow22523.c.o: ed25519/ref10/pow22523.h
-ed25519/ref10/fe_sq.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h
-ed25519/ref10/fe_sq.c.o: ed25519/ref10/crypto_int64.h
-ed25519/ref10/fe_sq2.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h
-ed25519/ref10/fe_sq2.c.o: ed25519/ref10/crypto_int64.h
-ed25519/ref10/fe_sub.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h
-ed25519/ref10/fe_tobytes.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h
-ed25519/ref10/ge_add.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h
-ed25519/ref10/ge_add.c.o: ed25519/ref10/crypto_int32.h ed25519/ref10/ge_add.h
-ed25519/ref10/ge_double_scalarmult.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h
-ed25519/ref10/ge_double_scalarmult.c.o: ed25519/ref10/crypto_int32.h
-ed25519/ref10/ge_double_scalarmult.c.o: ed25519/ref10/base2.h
-ed25519/ref10/ge_frombytes.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h
-ed25519/ref10/ge_frombytes.c.o: ed25519/ref10/crypto_int32.h
-ed25519/ref10/ge_frombytes.c.o: ed25519/ref10/d.h ed25519/ref10/sqrtm1.h
-ed25519/ref10/ge_madd.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h
-ed25519/ref10/ge_madd.c.o: ed25519/ref10/crypto_int32.h
-ed25519/ref10/ge_madd.c.o: ed25519/ref10/ge_madd.h
-ed25519/ref10/ge_msub.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h
-ed25519/ref10/ge_msub.c.o: ed25519/ref10/crypto_int32.h
-ed25519/ref10/ge_msub.c.o: ed25519/ref10/ge_msub.h
-ed25519/ref10/ge_p1p1_to_p2.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h
-ed25519/ref10/ge_p1p1_to_p2.c.o: ed25519/ref10/crypto_int32.h
-ed25519/ref10/ge_p1p1_to_p3.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h
-ed25519/ref10/ge_p1p1_to_p3.c.o: ed25519/ref10/crypto_int32.h
-ed25519/ref10/ge_p2_0.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h
-ed25519/ref10/ge_p2_0.c.o: ed25519/ref10/crypto_int32.h
-ed25519/ref10/ge_p2_dbl.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h
-ed25519/ref10/ge_p2_dbl.c.o: ed25519/ref10/crypto_int32.h
-ed25519/ref10/ge_p2_dbl.c.o: ed25519/ref10/ge_p2_dbl.h
-ed25519/ref10/ge_p3_0.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h
-ed25519/ref10/ge_p3_0.c.o: ed25519/ref10/crypto_int32.h
-ed25519/ref10/ge_p3_dbl.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h
-ed25519/ref10/ge_p3_dbl.c.o: ed25519/ref10/crypto_int32.h
-ed25519/ref10/ge_p3_to_cached.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h
-ed25519/ref10/ge_p3_to_cached.c.o: ed25519/ref10/crypto_int32.h
-ed25519/ref10/ge_p3_to_cached.c.o: ed25519/ref10/d2.h
-ed25519/ref10/ge_p3_to_p2.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h
-ed25519/ref10/ge_p3_to_p2.c.o: ed25519/ref10/crypto_int32.h
-ed25519/ref10/ge_p3_tobytes.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h
-ed25519/ref10/ge_p3_tobytes.c.o: ed25519/ref10/crypto_int32.h
-ed25519/ref10/ge_precomp_0.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h
-ed25519/ref10/ge_precomp_0.c.o: ed25519/ref10/crypto_int32.h
-ed25519/ref10/ge_scalarmult_base.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h
-ed25519/ref10/ge_scalarmult_base.c.o: ed25519/ref10/crypto_int32.h
-ed25519/ref10/ge_scalarmult_base.c.o: ed25519/ref10/crypto_uint32.h
-ed25519/ref10/ge_scalarmult_base.c.o: ed25519/ref10/base.h
-ed25519/ref10/ge_sub.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h
-ed25519/ref10/ge_sub.c.o: ed25519/ref10/crypto_int32.h ed25519/ref10/ge_sub.h
-ed25519/ref10/ge_tobytes.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h
-ed25519/ref10/ge_tobytes.c.o: ed25519/ref10/crypto_int32.h
-ed25519/ref10/keypair.c.o: ed25519/amd64-51-30k/randombytes.h
-ed25519/ref10/keypair.c.o: ed25519/amd64-51-30k/crypto_sign.h
-ed25519/ref10/keypair.c.o: ed25519/amd64-51-30k/ed25519.h
-ed25519/ref10/keypair.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h
-ed25519/ref10/keypair.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h
-ed25519/ref10/keypair.c.o: ed25519/ref10/crypto_int32.h
-ed25519/ref10/open.c.o: ed25519/amd64-51-30k/crypto_sign.h
-ed25519/ref10/open.c.o: ed25519/amd64-51-30k/ed25519.h
-ed25519/ref10/open.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h
-ed25519/ref10/open.c.o: ed25519/amd64-51-30k/crypto_verify_32.h
-ed25519/ref10/open.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h
-ed25519/ref10/open.c.o: ed25519/ref10/crypto_int32.h ed25519/ref10/sc.h
-ed25519/ref10/sc_muladd.c.o: ed25519/ref10/sc.h ed25519/ref10/crypto_int64.h
-ed25519/ref10/sc_muladd.c.o: ed25519/ref10/crypto_uint32.h
-ed25519/ref10/sc_muladd.c.o: ed25519/ref10/crypto_uint64.h
-ed25519/ref10/sc_reduce.c.o: ed25519/ref10/sc.h ed25519/ref10/crypto_int64.h
-ed25519/ref10/sc_reduce.c.o: ed25519/ref10/crypto_uint32.h
-ed25519/ref10/sc_reduce.c.o: ed25519/ref10/crypto_uint64.h
-ed25519/ref10/sign.c.o: ed25519/amd64-51-30k/crypto_sign.h
-ed25519/ref10/sign.c.o: ed25519/amd64-51-30k/ed25519.h
-ed25519/ref10/sign.c.o: ed25519/amd64-51-30k/crypto_hash_sha512.h
-ed25519/ref10/sign.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h
-ed25519/ref10/sign.c.o: ed25519/ref10/crypto_int32.h ed25519/ref10/sc.h
-ioutil.c.o: types.h ioutil.h
-keccak.c.o: types.h keccak.h
-main.c.o: types.h likely.h vec.h base32.h cpucount.h keccak.h
-main.c.o: ed25519/ed25519.h ed25519/ref10/ed25519.h ed25519/ref10/ge.h
-main.c.o: ed25519/ref10/fe.h ed25519/ref10/crypto_int32.h
-main.c.o: ed25519/amd64-51-30k/ed25519.h ed25519/amd64-51-30k/ge25519.h
-main.c.o: ed25519/amd64-51-30k/fe25519.h ed25519/amd64-51-30k/sc25519.h
-main.c.o: ed25519/amd64-64-24k/ed25519.h ed25519/amd64-64-24k/ge25519.h
-main.c.o: ed25519/ed25519-donna/ed25519-donna.h
-main.c.o: ed25519/ed25519-donna/ed25519-donna-portable.h
-main.c.o: ed25519/ed25519-donna/ed25519-donna-portable-identify.h
-main.c.o: ed25519/ed25519-donna/curve25519-donna-64bit.h
-main.c.o: ed25519/ed25519-donna/curve25519-donna-helpers.h
-main.c.o: ed25519/ed25519-donna/modm-donna-64bit.h
-main.c.o: ed25519/ed25519-donna/ed25519-donna-basepoint-table.h
-main.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-tables.h
-main.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-x86.h
-main.c.o: ed25519/ed25519-donna/ed25519-donna-impl-base.h ioutil.h filters.h
-test_base16.c.o: types.h base16.h
-test_base32.c.o: types.h base32.h
-test_ed25519.c.o: types.h base16.h ed25519/ed25519.h ed25519/ref10/ed25519.h
-test_ed25519.c.o: ed25519/ref10/ge.h ed25519/ref10/fe.h
-test_ed25519.c.o: ed25519/ref10/crypto_int32.h ed25519/amd64-51-30k/ed25519.h
-test_ed25519.c.o: ed25519/amd64-51-30k/ge25519.h
-test_ed25519.c.o: ed25519/amd64-51-30k/fe25519.h
-test_ed25519.c.o: ed25519/amd64-51-30k/sc25519.h
-test_ed25519.c.o: ed25519/amd64-64-24k/ed25519.h
-test_ed25519.c.o: ed25519/amd64-64-24k/ge25519.h
-test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna.h
-test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-portable.h
-test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-portable-identify.h
-test_ed25519.c.o: ed25519/ed25519-donna/curve25519-donna-64bit.h
-test_ed25519.c.o: ed25519/ed25519-donna/curve25519-donna-helpers.h
-test_ed25519.c.o: ed25519/ed25519-donna/modm-donna-64bit.h
-test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-basepoint-table.h
-test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-tables.h
-test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-64bit-x86.h
-test_ed25519.c.o: ed25519/ed25519-donna/ed25519-donna-impl-base.h
-vec.c.o: vec.h
--- a/OPTIMISATION.txt
+++ b/OPTIMISATION.txt
@ -1,26 +1,25 @@
 This document describes configuration options which may help one to generate onions faster.
-First of all, default configuration options are tuned for portability, not performance.
+First of all, default configuration options are tuned for portability, and may be a bit suboptimal.
 User is expected to pick optimal settings depending on hardware mkp224o will run on and ammount of filters.


 ED25519 implementations:
 mkp224o includes multiple implementations of ed25519 code, tuned for different processors.
-Default is ref10 implementation from SUPERCOP, which is suboptimal in many cases.
 Implementation is selected at configuration time, when running `./configure` script.
 If one already configured/compiled code and wants to change options, just re-run
 `./configure` and also run `make clean` to clear compiled files, if any.
+Note that options and CFLAGS/LDFLAGS settings won't carry over from previous configure run,
+so you have to include options you've previously configured, if you want them to remain.
 At the time of writing, these implementations are present:
-+----------------+-----------------------+-------------------------------------------------+
-| implementation | enable flag           | notes                                           |
-|----------------+-----------------------+-------------------------------------------------+
-| ref10          | --enable-ref10        | SUPERCOP' ref10, pure C, very portable, default |
-| amd64-51-30k   | --enable-amd64-51-30k | SUPERCOP' amd64-51-30k, amd64 assembler,        |
-|                |                       | only works in x86_64 architecture               |
-| amd64-64-24k   | --enable-amd64-64-24k | SUPERCOP' amd64-64-24k, amd64 assembler,        |
-|                |                       | only works in x86_64 architecture               |
-| ed25519-donna  | --enable-donna        | portable, based on amd64-51-30k, but C, not asm |
-| ed25519-donna  | --enable-donna-sse2   | uses SSE2, needs x86 architecture               |
-+----------------+-----------------------+-------------------------------------------------+
+----------------+-----------------------+----------------------------------------------------------+
+| implementation | enable flag           | notes                                                    |
+|----------------+-----------------------+----------------------------------------------------------+
+| ref10          | --enable-ref10        | SUPERCOP' ref10, pure C, very portable, previous default |
+| amd64-51-30k   | --enable-amd64-51-30k | SUPERCOP' amd64-51-30k, only works on x86_64             |
+| amd64-64-24k   | --enable-amd64-64-24k | SUPERCOP' amd64-64-24k, only works on x86_64             |
+| ed25519-donna  | --enable-donna        | based on amd64-51-30k, C, portable, current default      |
+| ed25519-donna  | --enable-donna-sse2   | uses SSE2, needs x86 architecture                        |
+----------------+-----------------------+----------------------------------------------------------+
 When to use what:
 - on 32-bit x86 architecture "--enable-donna" will probably be fastest, but one should try
   using "--enable-donna-sse2" too
@ -91,6 +90,14 @@ Current options, at the time of writing:
                          and have some random filters which may have different length.


+Batch mode:
+mkp224o now includes experimental key generation mode which performs certain operations in batches,
+and is around 15 times faster than current default.
+It is currently experimental, and is activated by -B run-time flag.
+Batched element count is configured by --enable-batchnum=number option at configure time,
+increasing or decreasing it may make batch mode faster or slower, depending on hardware.
+
+
 Benchmarking:
 It's always good idea to see if your settings give you desired effect.
 There currently isn't any automated way to benchmark different configuration options, but it's pretty simple to do by hand.
--- a/README.md
+++ b/README.md
@ -0,0 +1,143 @@
+## mkp224o - vanity address generator for ed25519 onion services
+
+This tool generates vanity ed25519 (hidden service version 3[^1][^2],
+formely known as proposal 224) onion addresses.
+
+### Requirements for building
+
+* C99 compatible compiler (gcc and clang should work)
+* libsodium (including headers)
+* GNU make
+* GNU autoconf (to generate configure script, needed only if not using release tarball)
+* UNIX-like platform (currently tested in Linux and OpenBSD, but should
+  also build under cygwin and msys2).
+
+For debian-like linux distros, this should be enough to prepare for building:
+
+```bash
+apt install gcc libc6-dev libsodium-dev make autoconf
+```
+
+### Building
+
+Run `./autogen.sh` to generate a configure script, if there isn't one already.
+
+Run `./configure` to generate a makefile.
+On \*BSD platforms you may need to specify extra include/library paths:
+`./configure CPPFLAGS="-I/usr/local/include" LDFLAGS="-L/usr/local/lib"`.
+
+On AMD64 platforms, you probably also want to pass something like
+`--enable-amd64-51-30k` to the configure script invocation for faster key generation;
+run `./configure --help` to see all available options.
+
+Finally, `make` to start building (`gmake` in \*BSD platforms).
+
+### Usage
+
+mkp224o needs one or more filters to work.
+You may specify them as command line arguments,
+eg `./mkp224o test`, or load them from file with `-f` switch.
+
+It makes directories with secret/public keys and hostnames
+for each discovered service. By default, the working directory is the current
+directory, but that can be overridden with `-d` switch.
+
+Use `-s` switch to enable printing of statistics, which may be useful
+when benchmarking different ed25519 implementations on your machine.
+
+Use `-h` switch to obtain all available options.
+
+I highly recommend reading [OPTIMISATION.txt][OPTIMISATION] for
+performance-related tips.
+
+### FAQ and other useful info
+
+* How do I generate address?
+
+  Once compiled, run it like `./mkp224o neko`, and it will try creating
+  keys for onions starting with "neko" in this example; use `./mkp224o
+  -d nekokeys neko` to not litter current directory and put all
+  discovered keys in directory named "nekokeys".
+
+* How do I make tor use generated keys?
+
+  Copy key folder (though technically only `hs_ed25519_secret_key` is required)
+  to where you want your service keys to reside:
+
+  ```bash
+  sudo cp -r neko54as6d54....onion /var/lib/tor/nekosvc
+  ```
+
+  You may need to adjust ownership and permissions:
+
+  ```bash
+  sudo chown -R tor: /var/lib/tor/nekosvc
+  sudo chmod -R u+rwX,og-rwx /var/lib/tor/nekosvc
+  ```
+
+  Then edit `torrc` and add new service with that folder.\
+  After reload/restart tor should pick it up.
+
+* How to generate addresses with `0-1` and `8-9` digits?
+
+  Onion addresses use base32 encoding which does not include `0,1,8,9`
+  numbers.\
+  So no, that's not possible to generate these, and mkp224o tries to
+  detect invalid filters containing them early on.
+
+* How long is it going to take?
+
+  Because of probablistic nature of brute force key generation, and
+  varience of hardware it's going to run on, it's hard to make promisses
+  about how long it's going to take, especially when the most of users
+  want just a few keys.\
+  See [this issue][#27] for very valuable discussion about this.\
+  If your machine is powerful enough, 6 character prefix shouldn't take
+  more than few tens of minutes, if using batch mode (read
+  [OPTIMISATION.txt][OPTIMISATION]) 7 characters can take hours
+  to days.\
+  No promisses though, it depends on pure luck.
+
+* Will this work with onionbalance?
+
+  It appears that onionbalance supports loading usual
+  `hs_ed25519_secret_key` key so it should work.
+
+* Is there a docker image?
+
+  Yes, if you do not wish to compile mkp224o yourself, you can use
+  the `ghcr.io/cathugger/mkp224o` image like so:
+
+  ```bash
+  docker run --rm -it -v $PWD:/keys ghcr.io/cathugger/mkp224o:master -d /keys neko
+  ```
+
+### Acknowledgements & Legal
+
+To the extent possible under law, the author(s) have dedicated all
+copyright and related and neighboring rights to this software to the
+public domain worldwide. This software is distributed without any
+warranty.
+You should have received a copy of the CC0 Public Domain Dedication
+along with this software. If not, see [CC0][].
+
+* `keccak.c` is based on [Keccak-more-compact.c][keccak.c]
+* `ed25519/{ref10,amd64-51-30k,amd64-64-24k}` are adopted from
+  [SUPERCOP][]
+* `ed25519/ed25519-donna` adopted from [ed25519-donna][]
+* Idea used in `worker_fast()` is stolen from [horse25519][]
+* base64 routines and initial YAML processing work contributed by
+  Alexander Khristoforov (heios at protonmail dot com)
+* Passphrase-based generation code and idea used in `worker_batch()`
+  contributed by [foobar2019][]
+
+[OPTIMISATION]: ./OPTIMISATION.txt
+[#27]: https://github.com/cathugger/mkp224o/issues/27
+[keccak.c]: https://github.com/XKCP/XKCP/blob/master/Standalone/CompactFIPS202/C/Keccak-more-compact.c
+[CC0]: https://creativecommons.org/publicdomain/zero/1.0/
+[SUPERCOP]: https://bench.cr.yp.to/supercop.html
+[ed25519-donna]: https://github.com/floodyberry/ed25519-donna
+[horse25519]: https://github.com/Yawning/horse25519
+[foobar2019]: https://github.com/foobar2019
+[^1]: https://spec.torproject.org/rend-spec/index.html
+[^2]: https://gitlab.torproject.org/tpo/core/torspec/-/raw/main/attic/text_formats/rend-spec-v3.txt
--- a/README.txt
+++ b/README.txt
@ -1,38 +0,0 @@
-mkp224o - vanity address generator for ed25519 onion services
-
-This tool generates vanity ed25519 (hidden service version 3) onion addresses.
-For context, see <https://gitweb.torproject.org/torspec.git/plain/rend-spec-v3.txt>.
-
-REQUIREMENTS:
-C99 compatible compiler, libsodium, GNU make, GNU autoconf, UNIX-like platform (currently tested in Linux and OpenBSD).
-
-BUILDING:
-`./autogen.sh` to generate configure script, if it's not there already.
-`./configure` to generate makefile; in *BSD platforms you probably want to use
-`./configure CPPFLAGS="-I/usr/local/include" LDFLAGS="-L/usr/local/lib"`.
-You probably also want to pass something like "--enable-amd64-51-30k"
-or "--enable-donna" to configure script for faster key generation;
-run `./configure --help` to see all available options.
-Finally, `make` to start building (`gmake` in *BSD platforms).
-
-USAGE:
-Generator needs one of more filters to work.
-It makes directory with secret/public keys and hostname
-for each discovered service. By default root is current
-directory, but that can be overridden with -d switch.
-Use -s switch to enable printing of statistics, which may be useful
-when benchmarking different ed25519 implementations on your machine.
-Use -h switch to obtain all available options.
-I highly recommend reading OPTIMISATION.txt for performance-related tips.
-
-CONTACT:
-For bug reports/questions/whatever else, email cathugger at cock dot li.
-
-ACKNOWLEDGEMENTS & LEGAL:
-To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty.
-You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see <http://creativecommons.org/publicdomain/zero/1.0/>.
-
-keccak.c is based on <https://github.com/gvanas/KeccakCodePackage/blob/master/Standalone/CompactFIPS202/Keccak-more-compact.c>.
-ed25519/{ref10,amd64-51-30k,amd64-64-24k} are adopted from SUPERCOP <https://bench.cr.yp.to/supercop.html>.
-ed25519/ed25519-donna adopted from <https://github.com/floodyberry/ed25519-donna>.
-Idea used in main.c' dofastwork() is stolen from <https://github.com/Yawning/horse25519>.
--- a/base32.h
+++ b/base32.h
@ -4,7 +4,7 @@ char *base32_to(char *dst,const u8 *src,size_t slen);
 #define BASE32_TO_LEN(l) (((l) * 8 + 4) / 5)
 // converts src string from base32
 size_t base32_from(u8 *dst,u8 *dmask,const char *src);
-// calculates length needed to store data converted from base
+// calculates length needed to store data converted from base32
 #define BASE32_FROM_LEN(l) (((l) * 5 + 7) / 8)
 // validates base32 string and optionally stores length of valid data
 // returns 1 if whole string is good, 0 if string contains invalid data
--- a/base64.h
+++ b/base64.h
@ -0,0 +1,13 @@
+// converts src[0:slen] to base64 string
+char *base64_to(char *dst,const u8 *src,size_t slen);
+// calculates length needed to store data converted to base64
+#define BASE64_TO_LEN(l) ((((l) + 2) / 3) * 4)
+// converts src string from base64
+size_t base64_from(u8 *dst,const char *src,size_t slen);
+// calculates length needed to store data converted from base64
+#define BASE64_FROM_LEN(l) ((l) / 4 * 3)
+// validates base64 string and optionally stores length of valid data
+// returns 1 if whole string is good, 0 if string contains invalid data
+int base64_valid(const char *src,size_t *count);
+// aligns data length to something base64 can represent without padding
+#define BASE64_DATA_ALIGN(l) ((((l) + 2) / 3) * 3)
--- a/base64_from.c
+++ b/base64_from.c
@ -0,0 +1,93 @@
+#include <stddef.h>
+#include <stdint.h>
+#include "types.h"
+#include "base64.h"
+
+static const u8 base64f[256] = {
+	//00    01    02    03    04    05    06    07
+	//08    09    0A    0B    0C    0D    0E    0F
+	// 0x00..0x3F
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, // 0x00
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, // 0x08
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, // 0x10
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, // 0x18
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, // 0x20
+	0xFF, 0xFF, 0xFF, 0x3E, 0xFF, 0xFF, 0xFF, 0x3F, // 0x28
+	0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, // 0x30
+	0x3C, 0x3D, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, // 0x38
+	// 0x40..0x7F
+	0xFF, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, // 0x40
+	0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, // 0x48
+	0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, // 0x50
+	0x17, 0x18, 0x19, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, // 0x58
+	0xFF, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, // 0x60
+	0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, // 0x68
+	0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, // 0x70
+	0x31, 0x32, 0x33, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, // 0x78
+	// 0x80..0xBF
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+	// 0xC0..0xFF
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+};
+
+size_t base64_from(u8 *dst,const char *src,size_t srclen)
+{
+	if (srclen % 4) {
+		return -1;
+	} else if (!srclen) {
+		return 0;
+	}
+
+	size_t dstlen = BASE64_FROM_LEN(srclen);
+	dstlen -= (src[srclen - 1] == '=');
+	dstlen -= (src[srclen - 2] == '=');
+
+	for (size_t i = 0, j = 0; i < srclen;) {
+		u32 sixbits[4];
+
+		sixbits[0] = base64f[(unsigned char)src[i++]];
+		sixbits[1] = base64f[(unsigned char)src[i++]];
+		sixbits[2] = (src[i] == '=' ? (0 & i++) : base64f[(unsigned char)src[i++]]);
+		sixbits[3] = (src[i] == '=' ? (0 & i++) : base64f[(unsigned char)src[i++]]);
+
+		u32 threebytes = 0
+			| (sixbits[0] << (3 * 6))
+			| (sixbits[1] << (2 * 6))
+			| (sixbits[2] << (1 * 6))
+			| (sixbits[3] << (0 * 6));
+
+		if (j < dstlen) dst[j++] = (threebytes >> (2 * 8));
+		if (j < dstlen) dst[j++] = (threebytes >> (1 * 8)) & 0xff;
+		if (j < dstlen) dst[j++] = (threebytes >> (0 * 8)) & 0xff;
+	}
+	return dstlen;
+}
+
+int base64_valid(const char *src,size_t *count)
+{
+	const char *p;
+
+	for (p = src;base64f[(u8)*p] != 0xFF;++p)
+		;
+
+	for (;((size_t) (p - src)) % 4 != 0 && *p == '=';++p)
+		;
+
+	if (count)
+		*count = (size_t) (p - src);
+	return !*p && ((size_t) (p - src)) % 4 == 0;
+}
--- a/base64_to.c
+++ b/base64_to.c
@ -0,0 +1,51 @@
+#include <stddef.h>
+#include <stdint.h>
+#include "types.h"
+#include "base64.h"
+
+static const char base64t[64] = {
+	'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H',
+	'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P',
+	'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X',
+	'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f',
+	'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n',
+	'o', 'p', 'q', 'r', 's', 't', 'u', 'v',
+	'w', 'x', 'y', 'z', '0', '1', '2', '3',
+	'4', '5', '6', '7', '8', '9', '+', '/',
+};
+
+char *base64_to(char *dst,const u8 *src,size_t slen)
+{
+	if (!slen) {
+		*dst = '\0';
+		return dst;
+	}
+
+	for(size_t i = 0; i < slen;) {
+		u32 threebytes = 0;
+		threebytes |= (i < slen ? (unsigned char)src[i++] : (unsigned char)0) << (2 * 8);
+		threebytes |= (i < slen ? (unsigned char)src[i++] : (unsigned char)0) << (1 * 8);
+		threebytes |= (i < slen ? (unsigned char)src[i++] : (unsigned char)0) << (0 * 8);
+
+		*dst++ = base64t[(threebytes >> (3 * 6)) & 63];
+		*dst++ = base64t[(threebytes >> (2 * 6)) & 63];
+		*dst++ = base64t[(threebytes >> (1 * 6)) & 63];
+		*dst++ = base64t[(threebytes >> (0 * 6)) & 63];
+	}
+
+	switch (slen % 3) {
+		case 0 : break;
+		case 1 : {
+			*(dst-2) = '=';
+			*(dst-1) = '=';
+			break;
+		}
+		case 2 : {
+			*(dst-1) = '=';
+			break;
+		}
+	}
+
+	*dst = '\0';
+	return dst;
+}
--- a/calcest.c
+++ b/calcest.c
@ -0,0 +1,48 @@
+#include <stdio.h>
+#include <stddef.h>
+#include <math.h>
+
+/*
+ * as per scribblemaniac's explanation:
+ * t - number of trials
+ * n - character count
+ * p - probability
+ * condition: >=1 matches
+ * formula: t = log(1-p)/log(1-1/32^n)
+ * comes from:
+ *  distribution X~Binomial(t, 1/32^n)
+ *  P(X>=1)=p
+ */
+
+const double probs[] = { 0.5, 0.8, 0.9, 0.95, 0.99 };
+const int charcounts[] = { 2, 3, 4, 5, 6, 7, 8, 9, 10 };
+
+int main(int argc,char **argv)
+{
+	// TODO
+	(void) argc;
+	(void) argv;
+
+	printf("   |");
+	for (size_t i = 0; i < sizeof(probs)/sizeof(probs[0]); ++i) {
+		printf(" %15d%% |",(int)((probs[i]*100)+0.5));
+	}
+	printf("\n");
+
+	printf("---+");
+	for (size_t i = 0; i < sizeof(probs)/sizeof(probs[0]); ++i) {
+		printf("------------------+");
+	}
+	printf("\n");
+
+	for (size_t i = 0; i < sizeof(charcounts)/sizeof(charcounts[0]); ++i) {
+		printf("%2d |",charcounts[i]);
+		for (size_t j = 0; j < sizeof(probs)/sizeof(probs[0]); ++j) {
+			double t = log2(1 - probs[j]) / log2(1 - (1 / pow(32,charcounts[i])));
+			printf(" %16.0f |",t);
+		}
+		printf("\n");
+	}
+
+	return 0;
+}
--- a/common.h
+++ b/common.h
@ -0,0 +1,25 @@
+#define SECRET_LEN 64
+#define PUBLIC_LEN 32
+#define SEED_LEN   32
+// with checksum + version num
+#define PUBONION_LEN (PUBLIC_LEN + 3)
+
+#define PKPREFIX_SIZE (29 + 3)
+#define SKPREFIX_SIZE (29 + 3)
+
+extern const char * const pkprefix;
+extern const char * const skprefix;
+
+#define FORMATTED_PUBLIC_LEN (PKPREFIX_SIZE + PUBLIC_LEN)
+#define FORMATTED_SECRET_LEN (SKPREFIX_SIZE + SECRET_LEN)
+
+// full onion address, WITHOUT newline or terminating nil char
+#define ONION_LEN 62
+
+extern pthread_mutex_t fout_mutex;
+extern FILE *fout;
+
+extern size_t onionendpos;   // end of .onion within string
+extern size_t direndpos;     // end of dir before .onion within string
+extern size_t printstartpos; // where to start printing from
+extern size_t printlen;      // precalculated, related to printstartpos
--- a/configure.ac
+++ b/configure.ac
@ -5,7 +5,45 @@ AC_CONFIG_SRCDIR([main.c])
 oldcflags="$CFLAGS"
 AC_PROG_CC

-if test "x$oldcflags" != "x$CFLAGS"
+# determine version
+ver=""
+if test -r "$srcdir/version.txt"
+then
+	ver=`cat "$srcdir/version.txt"`
+elif test -d "$srcdir/.git"
+then
+	if git --version >/dev/null 2>&1
+	then
+		# try matching exact tag
+		ver=`git -C "$srcdir" describe --tags --exact-match 2>/dev/null`
+		if test -z "$ver"
+		then
+			# otherwise obtain full commit ID
+			ver=`git -C "$srcdir" rev-parse HEAD 2>/dev/null`
+			if test -n "$ver"
+			then
+				ver=git-$ver
+			fi
+		fi
+		if test -n "$ver"
+		then
+			if ! git -C "$srcdir" diff --exit-code >/dev/null 2>&1
+			then
+				# add at the end to mark modified version
+				ver="$ver"'*'
+			fi
+		fi
+	fi
+fi
+
+if test -z "$ver"
+then
+	ver=unknown
+fi
+
+# NOTE: this script intentionally doesn't check for small details like posix functions and hard dependencies (libsodium) so you may get errors at compilation
+
+if test x"$oldcflags" != x"$CFLAGS"
 then
 	oldcflags="-O3"
 	CFLAGS="-march=native"
@ -25,41 +63,28 @@ then
 	CFLAGS="$oldcflags"
 fi

-nopie=""
+pie=""

 oldcflags="$CFLAGS"
-CFLAGS="-nopie"
-AC_MSG_CHECKING([whether CC supports -nopie])
-AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
-    [AC_MSG_RESULT([yes])]
-    [nopie="-nopie"],
-    [AC_MSG_RESULT([no])]
+CFLAGS="-fPIE -Werror"
+AC_MSG_CHECKING([whether CC supports -fPIE])
+AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
+	[AC_MSG_RESULT([yes])]
+	[pie="-fPIE"],
+	[AC_MSG_RESULT([no])]
 )
 CFLAGS="$oldcflags"

-if test "x$nopie" = "x"
-then
-	oldcflags="$CFLAGS"
-	CFLAGS="-no-pie"
-	AC_MSG_CHECKING([whether CC supports -no-pie])
-	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
-		[AC_MSG_RESULT([yes])]
-		[nopie="-no-pie"],
-		[AC_MSG_RESULT([no])]
-	)
-	CFLAGS="$oldcflags"
-fi
-
 MYDEFS=""
 MAINLIB=""

 ed25519impl=""
 AC_ARG_ENABLE([ref10],
 	[AS_HELP_STRING([--enable-ref10],
-		[use SUPERCOP ref10 ed25519 implementation @<:@default=yes@:>@])],
+		[use SUPERCOP ref10 ed25519 implementation @<:@default=no@:>@])],
 	[
-		AS_IF([test "x$ed25519impl" != "x" -a "$ed25519impl" != "ref10"],
-			[AC_ERROR([only one ed25519 implementation can be defined])])
+		AS_IF([test x"$ed25519impl" != x"" -a "$ed25519impl" != "ref10"],
+			[AC_MSG_ERROR(only one ed25519 implementation can be defined)])
 		ed25519impl="ref10"
 	],
 	[]
@ -69,8 +94,8 @@ AC_ARG_ENABLE([amd64-51-30k],
 	[AS_HELP_STRING([--enable-amd64-51-30k],
 		[use SUPERCOP amd64-51-30k ed25519 implementation @<:@default=no@:>@])],
 	[
-		AS_IF([test "x$ed25519impl" != "x" -a "$ed25519impl" != "amd64_51_30k"],
-			[AC_ERROR([only one ed25519 implementation can be defined])])
+		AS_IF([test x"$ed25519impl" != x"" -a "$ed25519impl" != "amd64_51_30k"],
+			[AC_MSG_ERROR(only one ed25519 implementation can be defined)])
 		ed25519impl="amd64_51_30k"
 	],
 	[]
@ -80,8 +105,8 @@ AC_ARG_ENABLE([amd64-64-24k],
 	[AS_HELP_STRING([--enable-amd64-64-24k],
 		[use SUPERCOP amd64-64-24k ed25519 implementation @<:@default=no@:>@])],
 	[
-		AS_IF([test "x$ed25519impl" != "x" -a "$ed25519impl" != "amd64_64_24k"],
-			[AC_ERROR([only one ed25519 implementation can be defined])])
+		AS_IF([test x"$ed25519impl" != x"" -a "$ed25519impl" != "amd64_64_24k"],
+			[AC_MSG_ERROR(only one ed25519 implementation can be defined)])
 		ed25519impl="amd64_64_24k"
 	],
 	[]
@ -89,10 +114,10 @@ AC_ARG_ENABLE([amd64-64-24k],

 AC_ARG_ENABLE([donna],
 	[AS_HELP_STRING([--enable-donna],
-		[use ed25519-donna implementation @<:@default=no@:>@])],
+		[use ed25519-donna implementation @<:@default=yes@:>@])],
 	[
-		AS_IF([test "x$ed25519impl" != "x" -a "$ed25519impl" != "donna"],
-			[AC_ERROR([only one ed25519 implementation can be defined])])
+		AS_IF([test x"$ed25519impl" != x"" -a "$ed25519impl" != "donna"],
+			[AC_MSG_ERROR(only one ed25519 implementation can be defined)])
 		ed25519impl="donna"
 	],
 	[]
@ -102,14 +127,15 @@ AC_ARG_ENABLE([donna-sse2],
 	[AS_HELP_STRING([--enable-donna-sse2],
 		[use ed25519-donna SSE2 implementation @<:@default=no@:>@])],
 	[
-		AS_IF([test "x$ed25519impl" != "x" -a "$ed25519impl" != "donna-sse2"],
-			[AC_ERROR([only one ed25519 implementation can be defined])])
+		AS_IF([test x"$ed25519impl" != x"" -a "$ed25519impl" != "donna-sse2"],
+			[AC_MSG_ERROR(only one ed25519 implementation can be defined)])
 		ed25519impl="donna-sse2"
 	],
 	[]
 )

-AS_IF([test "x$ed25519impl" == "x"],[ed25519impl=ref10])
+# default
+AS_IF([test x"$ed25519impl" = x""],[ed25519impl="donna"])

 if test "$ed25519impl" = "donna-sse2"
 then
@ -118,6 +144,8 @@ then
 	CFLAGS="$CFLAGS -msse2"
 fi

+
+
 AC_ARG_ENABLE([intfilter],
 	[AS_HELP_STRING([--enable-intfilter@<:@=(32|64|128|native)@:>@],
 		[use integers of specific size @<:@default=64@:>@ for filtering. faster but limits filter length to: 6 for 32-bit, 12 for 64-bit, 24 for 128-bit @<:@default=no@:>@])],
@ -156,25 +184,55 @@ then
 	MYDEFS="$MYDEFS -DINTFILTER -DIFT='$intfiltertype'"
 fi

+AC_ARG_ENABLE([batchnum],
+	[AS_HELP_STRING([--enable-batchnum=number],
+		[number of elements to batch when using -B @<:@default=2048@:>@])],
+	[], []
+)
+if test -n "$enable_batchnum" -a x"$enable_batchnum" != x"no"
+then
+	MYDEFS="$MYDEFS -DBATCHNUM=$enable_batchnum"
+fi
+
 cstd=""
 c99=""
 oldcflags="$CFLAGS"
+
 CFLAGS="-std=c99"
 AC_MSG_CHECKING([whether CC supports -std=c99])
 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
-    [AC_MSG_RESULT([yes])]
-    [c99="yes"]
-    [cstd="-std=c99"],
-    [AC_MSG_RESULT([no])]
+	[AC_MSG_RESULT([yes])]
+	[c99="yes"]
+	[cstd="-std=c99"],
+	[AC_MSG_RESULT([no])]
 )
+
 CFLAGS="$cstd -Wall"
 AC_MSG_CHECKING([whether CC supports -Wall])
 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
-    [AC_MSG_RESULT([yes])]
-    [cstd="$cstd -Wall"],
-    [AC_MSG_RESULT([no])]
+	[AC_MSG_RESULT([yes])]
+	[cstd="$cstd -Wall"],
+	[AC_MSG_RESULT([no])]
 )
-if test "x$c99" = "xyes" -a "x$ed25519impl" != "xdonna" -a "x$enable_intfilter" != "x128"
+
+CFLAGS="$cstd -Wextra"
+AC_MSG_CHECKING([whether CC supports -Wextra])
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
+	[AC_MSG_RESULT([yes])]
+	[cstd="$cstd -Wextra"],
+	[AC_MSG_RESULT([no])]
+)
+
+# (negative) detection on clang fails without -Werror
+CFLAGS="$cstd -Wno-maybe-uninitialized -Werror"
+AC_MSG_CHECKING([whether CC supports -Wno-maybe-uninitialized])
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
+	[AC_MSG_RESULT([yes])]
+	[cstd="$cstd -Wno-maybe-uninitialized"],
+	[AC_MSG_RESULT([no])]
+)
+
+if test x"$c99" = x"yes" -a x"$ed25519impl" != x"donna" -a x"$enable_intfilter" != x"128"
 then
 	CFLAGS="$cstd -pedantic"
 	AC_MSG_CHECKING([whether CC supports -pedantic])
@ -184,9 +242,20 @@ then
 		[AC_MSG_RESULT([no])]
 	)
 fi
-if test "x$ed25519impl" = "xdonna"
+
+CFLAGS="$cstd -Wno-format -Wno-pedantic-ms-format -Werror"
+AC_MSG_CHECKING([whether CC supports and needs -Wno-format -Wno-pedantic-ms-format])
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#ifndef _WIN32
+#error wants windows
+#endif]], [])],
+	[AC_MSG_RESULT([yes])]
+	[cstd="$cstd -Wno-format -Wno-pedantic-ms-format"],
+	[AC_MSG_RESULT([no])]
+)
+
+if test x"$ed25519impl" = x"donna"
 then
-	CFLAGS="$cstd -Wno-unused-function"
+	CFLAGS="$cstd -Wno-unused-function -Werror"
 	AC_MSG_CHECKING([whether CC supports -Wno-unused-function])
 	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
 		[AC_MSG_RESULT([yes])]
@ -194,6 +263,35 @@ then
 		[AC_MSG_RESULT([no])]
 	)
 fi
+
+if test x"$ed25519impl" = x"amd64_64_24k"
+then
+	CFLAGS="$cstd -Wno-unused-const-variable -Werror"
+	AC_MSG_CHECKING([whether CC supports -Wno-unused-const-variable])
+	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
+		[AC_MSG_RESULT([yes])]
+		[cstd="$cstd -Wno-unused-const-variable"],
+		[AC_MSG_RESULT([no])]
+	)
+fi
+
+CFLAGS="$cstd -Wmissing-prototypes -Werror"
+AC_MSG_CHECKING([whether CC supports -Wmissing-prototypes])
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
+	[AC_MSG_RESULT([yes])]
+	[cstd="$cstd -Wmissing-prototypes"],
+	[AC_MSG_RESULT([no])]
+)
+
+# XXX AC_LANG_PROGRAM produces unsuitable prototype so this check must be last one
+CFLAGS="$cstd -Wstrict-prototypes -Werror"
+AC_MSG_CHECKING([whether CC supports -Wstrict-prototypes])
+AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int main(void) { return 0; }]])],
+	[AC_MSG_RESULT([yes])]
+	[cstd="$cstd -Wstrict-prototypes"],
+	[AC_MSG_RESULT([no])]
+)
+
 CFLAGS="$oldcflags"

 AC_ARG_ENABLE([binfilterlen],
@ -201,7 +299,7 @@ AC_ARG_ENABLE([binfilterlen],
 		[set binary string filter length (if you don't use intfilter) @<:@default=32@:>@])],
 	[], [enable_binfilterlen=no]
 )
-if test "x$enable_binfilterlen" != "xyes" -a "x$enable_binfilterlen" != "xno"
+if test x"$enable_binfilterlen" != x"yes" -a x"$enable_binfilterlen" != x"no"
 then
 	MYDEFS="$MYDEFS -DBINFILTERLEN=$enable_binfilterlen"
 fi
@ -211,7 +309,7 @@ AC_ARG_ENABLE([binsearch],
 		[enable binary search algoritm; MUCH faster if there are a lot of filters @<:@default=no@:>@])],
 	[], [enable_binsearch=no]
 )
-if test "x$enable_binsearch" = "xyes"
+if test x"$enable_binsearch" = x"yes"
 then
 	MYDEFS="$MYDEFS -DBINSEARCH"
 fi
@ -221,7 +319,7 @@ AC_ARG_ENABLE([besort],
 		[force intfilter binsearch case to use big endian sorting and not omit masks from filters; useful if your filters aren't of same length @<:@default=no@:>@])],
 	[], [enable_besort=no]
 )
-if test "x$enable_besort" = "xyes"
+if test x"$enable_besort" = x"yes"
 then
 	MYDEFS="$MYDEFS -DBESORT"
 fi
@ -231,14 +329,14 @@ AC_ARG_ENABLE([statistics],
 		[collect statistics @<:@default=yes@:>@])],
 	[], [enable_statistics=yes]
 )
-if test "x$enable_statistics" = "xyes"
+if test x"$enable_statistics" = x"yes"
 then
 	MYDEFS="$MYDEFS -DSTATISTICS"
 fi

-AC_ARG_WITH([pcre2],[AC_HELP_STRING([--with-pcre2],[pcre2-config executable @<:@default=pcre2-config@:>@])],[],[with_pcre2="pcre2-config"])
+AC_ARG_WITH([pcre2],[AS_HELP_STRING([--with-pcre2],[pcre2-config executable @<:@default=pcre2-config@:>@])],[],[with_pcre2="pcre2-config"])

-AC_ARG_ENABLE([regex],[AC_HELP_STRING([--enable-regex],[whether to enable regex engine. currently possible values are "pcre2" and "yes" which defaults to "pcre2" @<:@default=no@:>@])],[],[enable_regex=no])
+AC_ARG_ENABLE([regex],[AS_HELP_STRING([--enable-regex],[whether to enable regex engine. currently possible values are "pcre2" and "yes" which defaults to "pcre2" @<:@default=no@:>@])],[],[enable_regex=no])
 case "$enable_regex" in
 no|"")
 	;;
@ -265,7 +363,7 @@ yes|pcre2)
 		fi
 	else
 		AC_MSG_RESULT([not found])
-		AC_ERROR([pcre2-config cannot be executed])
+		AC_MSG_ERROR(pcre2-config cannot be executed)
 	fi
 	;;
 *)
@ -273,9 +371,28 @@ yes|pcre2)
 	;;
 esac

+
+AC_MSG_CHECKING([whether ARGON2ID13 is supported by libsodium])
+AC_COMPILE_IFELSE(
+	[AC_LANG_PROGRAM(
+		[[#include <sodium/crypto_pwhash.h>]],
+		[[int alg = crypto_pwhash_ALG_ARGON2ID13;(void) alg;]]
+	)],
+	[AC_MSG_RESULT([yes])]
+	[MYDEFS="$MYDEFS -DPASSPHRASE"],
+	[AC_MSG_RESULT([no])]
+)
+
+
+# recreate dir tree, because otherwise gcc will fuck up
+(cd "$srcdir" && find ed25519 -type d) | xargs mkdir -p
+
 AC_SUBST(CSTD,["$cstd"])
 AC_SUBST(ED25519IMPL,["$ed25519impl"])
 AC_SUBST(MYDEFS,["$MYDEFS"])
 AC_SUBST(MAINLIB,["$MAINLIB"])
-AC_SUBST(NOPIE,["$nopie"])
-AC_OUTPUT(Makefile)
+AC_SUBST(PIE,["$pie"])
+AC_SUBST(SRCDIR,["$srcdir"])
+AC_SUBST(VERSION,["$ver"])
+AC_CONFIG_FILES([GNUmakefile])
+AC_OUTPUT
--- a/contrib/docker/Dockerfile
+++ b/contrib/docker/Dockerfile
@ -0,0 +1,14 @@
+FROM alpine:latest AS builder
+RUN apk add --no-cache gcc libc-dev libsodium-dev libsodium-static make autoconf git
+WORKDIR /app
+COPY . .
+RUN ./autogen.sh
+RUN ./configure --enable-amd64-51-30k CFLAGS="-O3 -march=x86-64 -mtune=generic -fomit-frame-pointer" LDFLAGS="-static"
+RUN make
+RUN strip mkp224o
+
+FROM scratch
+WORKDIR /app
+COPY --from=builder /app/mkp224o .
+
+ENTRYPOINT ["./mkp224o"]
--- a/contrib/docker/README.md
+++ b/contrib/docker/README.md
@ -0,0 +1,7 @@
+# Usage
+
+## Building Image Locally
+`docker build -f contrib/docker/Dockerfile -t mkp224o .`
+
+## Running Image Locally
+`docker run -it -v $(pwd):/root/data mkp224o neko`
--- a/contrib/release-scripts/.gitignore
+++ b/contrib/release-scripts/.gitignore
@ -0,0 +1,2 @@
+/build
+/out
--- a/contrib/release-scripts/README.md
+++ b/contrib/release-scripts/README.md
@ -0,0 +1,2 @@
+packages that work on archlinux:
+wine-wow64 mingw-w64-toolchain mingw-w64-ldd mingw-w64-pcre2 mingw-w64-libsodium zip zopfli
--- a/contrib/release-scripts/release.sh
+++ b/contrib/release-scripts/release.sh
@ -0,0 +1,80 @@
+#!/bin/sh
+set -eux
+
+V=$1
+
+D=$(realpath "$0")
+D=$(dirname "$D")
+cd "$D"
+
+export TZ=UTC
+
+mkdir -p build
+
+export WINEARCH=win64
+export WINEPREFIX=$(realpath ./build/winepfx)
+OPATH=$PATH
+
+rm -rf out
+mkdir -p out
+
+# prepare source
+SV=mkp224o-$V
+SO=$(realpath ./out/$SV)
+git clone ../../ "$SO"
+git -C ../../ diff | git -C "$SO" apply --allow-empty
+cd "$SO"
+rm -rf .git
+./autogen.sh
+rm -rf *.cache
+echo v$V > version.txt
+cd ../..
+
+# build windows bins
+B=$(realpath ./build)
+for w in x86_64 i686
+do
+	cd "$B"
+	rm -rf $w
+	mkdir $w
+	cd $w
+	p=$w-w64-mingw32
+
+	case $w in
+		i686)
+			CFLAGS="-march=i686 -mtune=generic"
+			W=32
+			;;
+		x86_64)
+			CFLAGS="-march=x86-64 -mtune=generic"
+			W=64
+			;;
+	esac
+	CFLAGS="-O3 $CFLAGS -fomit-frame-pointer"
+
+	export PATH=/usr/$p/bin:$OPATH
+	../../out/$SV/configure --enable-regex --enable-donna --with-pcre2="/usr/$p/bin/pcre2-config" CC="${p}-gcc" CFLAGS="$CFLAGS"
+	make main util
+	$p-strip mkp224o.exe
+	$p-strip calcest.exe
+	cd ..
+
+	BO="$SO-w$W"
+	mkdir -p "$BO"
+	cp $w/mkp224o.exe "$BO/"
+	cp $w/calcest.exe "$BO/"
+	cd "$BO"
+	$p-ldd mkp224o.exe | grep -v 'not found' | awk '{print $3}' | xargs -r cp -v -t ./
+done
+export PATH=$OPATH
+
+# compress stuff
+cd "$D/out"
+
+tar --portability --no-acls --no-selinux --no-xattrs --owner root:0 --group=root:0 --sort=name -c -f $SV-src.tar $SV
+zopfli -i100 -c $SV-src.tar  > $SV-src.tar.gz
+zstd   -19   -f $SV-src.tar -o $SV-src.tar.zst
+rm $SV-src.tar
+
+zip -9 -X -r $SV-w32.zip $SV-w32
+zip -9 -X -r $SV-w64.zip $SV-w64
--- a/contrib/release-scripts/sign.sh
+++ b/contrib/release-scripts/sign.sh
@ -0,0 +1,20 @@
+#!/bin/sh
+
+if [ x"$1" = x ]
+then
+	echo "Usage: $0 key-id" >&2
+	exit 1
+fi
+
+D=$(realpath "$0")
+D=$(dirname "$D")
+cd "$D"
+
+export TZ=UTC
+
+cd out
+
+gpg --detach-sign -u "$1" mkp224o-*-src.tar.gz
+gpg --detach-sign -u "$1" mkp224o-*-src.tar.zst
+gpg --detach-sign -u "$1" mkp224o-*-w32.zip
+gpg --detach-sign -u "$1" mkp224o-*-w64.zip
--- a/contrib/vagrant/Vagrantfile
+++ b/contrib/vagrant/Vagrantfile
@ -0,0 +1,46 @@
+
+# set this to choose the starting prefix of the onion name
+filter = "prefix"
+
+Vagrant.configure("2") do |config|
+  config.vm.box = "debian/bullseye64"
+  config.vm.provider :libvirt do |libvirt|
+    libvirt.cpus = 2
+  end
+  config.vm.synced_folder '.', '/vagrant', disabled: true
+  config.vm.provision :shell, inline: <<-SHELL
+    set -ex
+
+    sed -i s,http:,https:, /etc/apt/sources.list
+    apt-get update
+    apt-get -qy dist-upgrade
+    apt-get -qy install --no-install-recommends git gcc libc-dev libsodium-dev make autoconf htop screen
+SHELL
+
+  config.vm.provision :shell, privileged: false, inline: <<-SHELL
+      git clone https://github.com/cathugger/mkp224o.git /home/vagrant/mkp224o
+SHELL
+
+  # disable internet access
+  config.vm.provision "shell",
+                      run: "always",
+                      inline: "ip route del default || true"
+
+  # disable root
+  config.vm.provision "shell", inline: "passwd --lock root"
+  config.vm.provision "shell", inline: "SUDO_FORCE_REMOVE=yes dpkg --purge sudo"
+
+  config.vm.provision :shell, privileged: false, inline: <<-SHELL
+      set -ex
+
+      cd mkp224o
+      ./autogen.sh
+      ./configure
+      make
+      ./mkp224o -h
+
+      mkdir ~/#{filter}
+      cd ~/#{filter}
+      screen -d -m -L -Logfile #{filter}.log -S run-#{filter} nice ~/mkp224o/mkp224o -S 300 #{filter}
+SHELL
+end
--- a/cpucount.c
+++ b/cpucount.c
@ -124,6 +124,7 @@ int cpucount(void)
 #endif
 #ifdef __linux__
 	// try parsing /proc/cpuinfo
+	// NOTE seems cygwin can provide this too, idk if need tho
 	ncpu = parsecpuinfo();
 	if (ncpu > 0)
 		return ncpu;
--- a/ed25519/amd64-51-30k/batch.c
+++ b/ed25519/amd64-51-30k/batch.c
@ -1,94 +0,0 @@
-#include "crypto_sign.h"
-
-#include "crypto_verify_32.h"
-#include "crypto_hash_sha512.h"
-#include "randombytes.h"
-
-#include "ge25519.h"
-#include "hram.h"
-
-#define MAXBATCH 64
-
-int crypto_sign_open_batch(
-    unsigned char* const m[],unsigned long long mlen[],
-    unsigned char* const sm[],const unsigned long long smlen[],
-    unsigned char* const pk[], 
-    unsigned long long num
-    )
-{
-  int ret = 0;
-  unsigned long long i, j;
-  shortsc25519 r[MAXBATCH];
-  sc25519 scalars[2*MAXBATCH+1];
-  ge25519 points[2*MAXBATCH+1];
-  unsigned char hram[crypto_hash_sha512_BYTES];
-  unsigned long long batchsize;
-
-  for (i = 0;i < num;++i) mlen[i] = -1;
-
-  while (num >= 3) {
-    batchsize = num;
-    if (batchsize > MAXBATCH) batchsize = MAXBATCH;
-
-    for (i = 0;i < batchsize;++i)
-      if (smlen[i] < 64) goto fallback;
-
-    randombytes((unsigned char*)r,sizeof(shortsc25519) * batchsize);
-
-    /* Computing scalars[0] = ((r1s1 + r2s2 + ...)) */
-    for(i=0;i<batchsize;i++)
-    {
-      sc25519_from32bytes(&scalars[i], sm[i]+32); 
-      sc25519_mul_shortsc(&scalars[i], &scalars[i], &r[i]);
-    }
-    for(i=1;i<batchsize;i++)
-      sc25519_add(&scalars[0], &scalars[0], &scalars[i]);
-    
-    /* Computing scalars[1] ... scalars[batchsize] as r[i]*H(R[i],A[i],m[i]) */
-    for(i=0;i<batchsize;i++)
-    {
-      get_hram(hram, sm[i], pk[i], m[i], smlen[i]);
-      sc25519_from64bytes(&scalars[i+1],hram);
-      sc25519_mul_shortsc(&scalars[i+1],&scalars[i+1],&r[i]);
-    }
-    /* Setting scalars[batchsize+1] ... scalars[2*batchsize] to r[i] */
-    for(i=0;i<batchsize;i++)
-      sc25519_from_shortsc(&scalars[batchsize+i+1],&r[i]);
-  
-    /* Computing points */
-    points[0] = ge25519_base;
-  
-    for(i=0;i<batchsize;i++)
-      if (ge25519_unpackneg_vartime(&points[i+1], pk[i])) goto fallback;
-    for(i=0;i<batchsize;i++)
-      if (ge25519_unpackneg_vartime(&points[batchsize+i+1], sm[i])) goto fallback;
-  
-    ge25519_multi_scalarmult_vartime(points, points, scalars, 2*batchsize+1);
-  
-    if (ge25519_isneutral_vartime(points)) {
-      for(i=0;i<batchsize;i++)
-      {
-        for(j=0;j<smlen[i]-64;j++)
-          m[i][j] = sm[i][j + 64];
-        mlen[i] = smlen[i]-64;
-      }
-    } else {
-      fallback:
-
-      for (i = 0;i < batchsize;++i)
-        ret |= crypto_sign_open(m[i], &mlen[i], sm[i], smlen[i], pk[i]);
-    }
-
-    m += batchsize;
-    mlen += batchsize;
-    sm += batchsize;
-    smlen += batchsize;
-    pk += batchsize;
-    num -= batchsize;
-  }
-
-  for (i = 0;i < num;++i)
-    ret |= crypto_sign_open(m[i], &mlen[i], sm[i], smlen[i], pk[i]);
-
-  return ret;
-}
--- a/ed25519/amd64-51-30k/choose_t.S
+++ b/ed25519/amd64-51-30k/choose_t.S
@ -105,13 +105,13 @@

 # qhasm:   stack64 caller7_stack

-# qhasm: enter crypto_sign_ed25519_amd64_51_30k_batch_choose_t
+# qhasm: enter CRYPTO_NAMESPACE(batch_choose_t)
 .text
 .p2align 5
-.globl _crypto_sign_ed25519_amd64_51_30k_batch_choose_t
-.globl crypto_sign_ed25519_amd64_51_30k_batch_choose_t
-_crypto_sign_ed25519_amd64_51_30k_batch_choose_t:
-crypto_sign_ed25519_amd64_51_30k_batch_choose_t:
+.globl _CRYPTO_NAMESPACE(batch_choose_t)
+.globl CRYPTO_NAMESPACE(batch_choose_t)
+_CRYPTO_NAMESPACE(batch_choose_t):
+CRYPTO_NAMESPACE(batch_choose_t):
 mov %rsp,%r11
 and $31,%r11
 add $64,%r11
@ -1677,30 +1677,30 @@ movq   952(%rcx,%rdi),%rdi
 # asm 2: cmove <t=%rdi,<tt2d4=%r11
 cmove %rdi,%r11

-# qhasm: tt0 = *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P0
-# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_2P0,>tt0=int64#1
-# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_2P0,>tt0=%rdi
-movq crypto_sign_ed25519_amd64_51_30k_batch_2P0,%rdi
+# qhasm: tt0 = *(uint64 *)&CRYPTO_NAMESPACE(batch_2P0)
+# asm 1: movq CRYPTO_NAMESPACE(batch_2P0),>tt0=int64#1
+# asm 2: movq CRYPTO_NAMESPACE(batch_2P0),>tt0=%rdi
+movq CRYPTO_NAMESPACE(batch_2P0)(%rip),%rdi

-# qhasm: tt1 = *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>tt1=int64#4
-# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>tt1=%rcx
-movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%rcx
+# qhasm: tt1 = *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: movq CRYPTO_NAMESPACE(batch_2P1234),>tt1=int64#4
+# asm 2: movq CRYPTO_NAMESPACE(batch_2P1234),>tt1=%rcx
+movq CRYPTO_NAMESPACE(batch_2P1234)(%rip),%rcx

-# qhasm: tt2 = *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>tt2=int64#5
-# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>tt2=%r8
-movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r8
+# qhasm: tt2 = *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: movq CRYPTO_NAMESPACE(batch_2P1234),>tt2=int64#5
+# asm 2: movq CRYPTO_NAMESPACE(batch_2P1234),>tt2=%r8
+movq CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r8

-# qhasm: tt3 = *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>tt3=int64#10
-# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>tt3=%r12
-movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r12
+# qhasm: tt3 = *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: movq CRYPTO_NAMESPACE(batch_2P1234),>tt3=int64#10
+# asm 2: movq CRYPTO_NAMESPACE(batch_2P1234),>tt3=%r12
+movq CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r12

-# qhasm: tt4 = *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>tt4=int64#11
-# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>tt4=%r13
-movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r13
+# qhasm: tt4 = *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: movq CRYPTO_NAMESPACE(batch_2P1234),>tt4=int64#11
+# asm 2: movq CRYPTO_NAMESPACE(batch_2P1234),>tt4=%r13
+movq CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r13

 # qhasm: tt0 -= tt2d0
 # asm 1: sub  <tt2d0=int64#2,<tt0=int64#1
--- a/ed25519/amd64-51-30k/compat.h
+++ b/ed25519/amd64-51-30k/compat.h
@ -0,0 +1,10 @@
+#ifndef COMPAT_H
+#define COMPAT_H
+
+#if defined(_WIN32) && defined(__GNUC__)
+#define SYSVABI __attribute__((sysv_abi))
+#else
+#define SYSVABI
+#endif
+
+#endif
--- a/ed25519/amd64-51-30k/consts.S
+++ b/ed25519/amd64-51-30k/consts.S
@ -0,0 +1,51 @@
+#ifndef __APPLE__
+.section .rodata
+#else
+.const
+#endif
+
+.globl CRYPTO_NAMESPACE(batch_REDMASK51)
+.globl CRYPTO_NAMESPACE(batch_121666_213)
+.globl CRYPTO_NAMESPACE(batch_2P0)
+.globl CRYPTO_NAMESPACE(batch_2P1234)
+.globl CRYPTO_NAMESPACE(batch_4P0)
+.globl CRYPTO_NAMESPACE(batch_4P1234)
+.globl CRYPTO_NAMESPACE(batch_MU0)
+.globl CRYPTO_NAMESPACE(batch_MU1)
+.globl CRYPTO_NAMESPACE(batch_MU2)
+.globl CRYPTO_NAMESPACE(batch_MU3)
+.globl CRYPTO_NAMESPACE(batch_MU4)
+.globl CRYPTO_NAMESPACE(batch_ORDER0)
+.globl CRYPTO_NAMESPACE(batch_ORDER1)
+.globl CRYPTO_NAMESPACE(batch_ORDER2)
+.globl CRYPTO_NAMESPACE(batch_ORDER3)
+.globl CRYPTO_NAMESPACE(batch_EC2D0)
+.globl CRYPTO_NAMESPACE(batch_EC2D1)
+.globl CRYPTO_NAMESPACE(batch_EC2D2)
+.globl CRYPTO_NAMESPACE(batch_EC2D3)
+.globl CRYPTO_NAMESPACE(batch_EC2D4)
+.globl CRYPTO_NAMESPACE(batch__38)
+
+.p2align 4
+
+CRYPTO_NAMESPACE(batch_REDMASK51):   .quad 0x0007FFFFFFFFFFFF
+CRYPTO_NAMESPACE(batch_121666_213): .quad 996687872
+CRYPTO_NAMESPACE(batch_2P0):        .quad 0xFFFFFFFFFFFDA
+CRYPTO_NAMESPACE(batch_2P1234):     .quad 0xFFFFFFFFFFFFE
+CRYPTO_NAMESPACE(batch_4P0):        .quad 0x1FFFFFFFFFFFB4
+CRYPTO_NAMESPACE(batch_4P1234):     .quad 0x1FFFFFFFFFFFFC
+CRYPTO_NAMESPACE(batch_MU0):         .quad 0xED9CE5A30A2C131B
+CRYPTO_NAMESPACE(batch_MU1):         .quad 0x2106215D086329A7
+CRYPTO_NAMESPACE(batch_MU2):         .quad 0xFFFFFFFFFFFFFFEB
+CRYPTO_NAMESPACE(batch_MU3):         .quad 0xFFFFFFFFFFFFFFFF
+CRYPTO_NAMESPACE(batch_MU4):         .quad 0x000000000000000F
+CRYPTO_NAMESPACE(batch_ORDER0):      .quad 0x5812631A5CF5D3ED
+CRYPTO_NAMESPACE(batch_ORDER1):      .quad 0x14DEF9DEA2F79CD6
+CRYPTO_NAMESPACE(batch_ORDER2):      .quad 0x0000000000000000
+CRYPTO_NAMESPACE(batch_ORDER3):      .quad 0x1000000000000000
+CRYPTO_NAMESPACE(batch_EC2D0):       .quad 1859910466990425
+CRYPTO_NAMESPACE(batch_EC2D1):       .quad 932731440258426
+CRYPTO_NAMESPACE(batch_EC2D2):       .quad 1072319116312658
+CRYPTO_NAMESPACE(batch_EC2D3):       .quad 1815898335770999
+CRYPTO_NAMESPACE(batch_EC2D4):       .quad 633789495995903
+CRYPTO_NAMESPACE(batch__38):         .quad 38
--- a/ed25519/amd64-51-30k/consts.s
+++ b/ed25519/amd64-51-30k/consts.s
@ -1,47 +0,0 @@
-.data
-
-.globl crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
-.globl crypto_sign_ed25519_amd64_51_30k_batch_121666_213
-.globl crypto_sign_ed25519_amd64_51_30k_batch_2P0
-.globl crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-.globl crypto_sign_ed25519_amd64_51_30k_batch_4P0
-.globl crypto_sign_ed25519_amd64_51_30k_batch_4P1234
-.globl crypto_sign_ed25519_amd64_51_30k_batch_MU0
-.globl crypto_sign_ed25519_amd64_51_30k_batch_MU1
-.globl crypto_sign_ed25519_amd64_51_30k_batch_MU2
-.globl crypto_sign_ed25519_amd64_51_30k_batch_MU3
-.globl crypto_sign_ed25519_amd64_51_30k_batch_MU4
-.globl crypto_sign_ed25519_amd64_51_30k_batch_ORDER0
-.globl crypto_sign_ed25519_amd64_51_30k_batch_ORDER1
-.globl crypto_sign_ed25519_amd64_51_30k_batch_ORDER2
-.globl crypto_sign_ed25519_amd64_51_30k_batch_ORDER3
-.globl crypto_sign_ed25519_amd64_51_30k_batch_EC2D0
-.globl crypto_sign_ed25519_amd64_51_30k_batch_EC2D1
-.globl crypto_sign_ed25519_amd64_51_30k_batch_EC2D2
-.globl crypto_sign_ed25519_amd64_51_30k_batch_EC2D3
-.globl crypto_sign_ed25519_amd64_51_30k_batch_EC2D4
-.globl crypto_sign_ed25519_amd64_51_30k_batch__38
-
-.p2align 4
-
-crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51:   .quad 0x0007FFFFFFFFFFFF
-crypto_sign_ed25519_amd64_51_30k_batch_121666_213: .quad 996687872
-crypto_sign_ed25519_amd64_51_30k_batch_2P0:        .quad 0xFFFFFFFFFFFDA
-crypto_sign_ed25519_amd64_51_30k_batch_2P1234:     .quad 0xFFFFFFFFFFFFE
-crypto_sign_ed25519_amd64_51_30k_batch_4P0:        .quad 0x1FFFFFFFFFFFB4
-crypto_sign_ed25519_amd64_51_30k_batch_4P1234:     .quad 0x1FFFFFFFFFFFFC
-crypto_sign_ed25519_amd64_51_30k_batch_MU0:         .quad 0xED9CE5A30A2C131B
-crypto_sign_ed25519_amd64_51_30k_batch_MU1:         .quad 0x2106215D086329A7
-crypto_sign_ed25519_amd64_51_30k_batch_MU2:         .quad 0xFFFFFFFFFFFFFFEB
-crypto_sign_ed25519_amd64_51_30k_batch_MU3:         .quad 0xFFFFFFFFFFFFFFFF
-crypto_sign_ed25519_amd64_51_30k_batch_MU4:         .quad 0x000000000000000F
-crypto_sign_ed25519_amd64_51_30k_batch_ORDER0:      .quad 0x5812631A5CF5D3ED
-crypto_sign_ed25519_amd64_51_30k_batch_ORDER1:      .quad 0x14DEF9DEA2F79CD6
-crypto_sign_ed25519_amd64_51_30k_batch_ORDER2:      .quad 0x0000000000000000
-crypto_sign_ed25519_amd64_51_30k_batch_ORDER3:      .quad 0x1000000000000000
-crypto_sign_ed25519_amd64_51_30k_batch_EC2D0:       .quad 1859910466990425
-crypto_sign_ed25519_amd64_51_30k_batch_EC2D1:       .quad 932731440258426
-crypto_sign_ed25519_amd64_51_30k_batch_EC2D2:       .quad 1072319116312658
-crypto_sign_ed25519_amd64_51_30k_batch_EC2D3:       .quad 1815898335770999
-crypto_sign_ed25519_amd64_51_30k_batch_EC2D4:       .quad 633789495995903
-crypto_sign_ed25519_amd64_51_30k_batch__38:         .quad 38
--- a/ed25519/amd64-51-30k/crypto_sign.h
+++ b/ed25519/amd64-51-30k/crypto_sign.h
@ -1,9 +1,9 @@
-#define crypto_sign ed25519_amd64_51_30k_sign
-#define crypto_sign_keypair ed25519_amd64_51_30k_keygen
-#define crypto_sign_seckey ed25519_ramd64_51_30k_seckey
-#define crypto_sign_seckey_expand ed25519_amd64_51_30k_seckey_expand
-#define crypto_sign_pubkey ed25519_amd64_51_30k_pubkey
-#define crypto_sign_open ed25519_amd64_51_30k_open
-#define crypto_sign_open_batch ed25519_amd64_51_30k_open_batch
+#define crypto_sign               CRYPTO_NAMESPACE(sign)
+#define crypto_sign_keypair       CRYPTO_NAMESPACE(keygen)
+#define crypto_sign_seckey        CRYPTO_NAMESPACE(seckey)
+#define crypto_sign_seckey_expand CRYPTO_NAMESPACE(seckey_expand)
+#define crypto_sign_pubkey        CRYPTO_NAMESPACE(pubkey)
+#define crypto_sign_open          CRYPTO_NAMESPACE(open)
+#define crypto_sign_open_batch    CRYPTO_NAMESPACE(open_batch)

 #include "ed25519.h"
--- a/ed25519/amd64-51-30k/ed25519.h
+++ b/ed25519/amd64-51-30k/ed25519.h
@ -1,20 +1,20 @@
-int ed25519_amd64_51_30k_seckey(unsigned char *sk);
-int ed25519_amd64_51_30k_seckey_expand(unsigned char *sk,const unsigned char *seed);
-int ed25519_amd64_51_30k_pubkey(unsigned char *pk,const unsigned char *sk);
-int ed25519_amd64_51_30k_keygen(unsigned char *pk,unsigned char *sk);
-int ed25519_amd64_51_30k_sign(
+int crypto_sign_seckey(unsigned char *sk);
+int crypto_sign_seckey_expand(unsigned char *sk,const unsigned char *seed);
+int crypto_sign_pubkey(unsigned char *pk,const unsigned char *sk);
+int crypto_sign_keypair(unsigned char *pk,unsigned char *sk);
+int crypto_sign(
    unsigned char *sm,unsigned long long *smlen,
    const unsigned char *m,unsigned long long mlen,
    const unsigned char *sk
 );
-int ed25519_amd64_51_30k_open(
+int crypto_sign_open(
    unsigned char *m,unsigned long long *mlen,
    const unsigned char *sm,unsigned long long smlen,
    const unsigned char *pk
 );
-int ed25519_amd64_51_30k_batch(
+int crypto_sign_open_batch(
    unsigned char* const m[],unsigned long long mlen[],
    unsigned char* const sm[],const unsigned long long smlen[],
-    unsigned char* const pk[], 
+    unsigned char* const pk[],
    unsigned long long num
 );
--- a/ed25519/amd64-51-30k/fe25519.h
+++ b/ed25519/amd64-51-30k/fe25519.h
@ -1,32 +1,35 @@
 #ifndef FE25519_H
 #define FE25519_H

-#define fe25519              crypto_sign_ed25519_amd64_51_30k_batch_fe25519
-#define fe25519_freeze       crypto_sign_ed25519_amd64_51_30k_batch_fe25519_freeze
-#define fe25519_unpack       crypto_sign_ed25519_amd64_51_30k_batch_fe25519_unpack
-#define fe25519_pack         crypto_sign_ed25519_amd64_51_30k_batch_fe25519_pack
-#define fe25519_iszero_vartime       crypto_sign_ed25519_amd64_51_30k_batch_fe25519_iszero_vartime
-#define fe25519_iseq_vartime crypto_sign_ed25519_amd64_51_30k_batch_fe25519_iseq_vartime
-#define fe25519_cmov         crypto_sign_ed25519_amd64_51_30k_batch_fe25519_cmov
-#define fe25519_setint       crypto_sign_ed25519_amd64_51_30k_batch_fe25519_setint
-#define fe25519_neg          crypto_sign_ed25519_amd64_51_30k_batch_fe25519_neg
-#define fe25519_getparity    crypto_sign_ed25519_amd64_51_30k_batch_fe25519_getparity
-#define fe25519_add          crypto_sign_ed25519_amd64_51_30k_batch_fe25519_add
-#define fe25519_sub          crypto_sign_ed25519_amd64_51_30k_batch_fe25519_sub
-#define fe25519_mul          crypto_sign_ed25519_amd64_51_30k_batch_fe25519_mul
-#define fe25519_mul121666    crypto_sign_ed25519_amd64_51_30k_batch_fe25519_mul121666
-#define fe25519_square       crypto_sign_ed25519_amd64_51_30k_batch_fe25519_square
-#define fe25519_nsquare       crypto_sign_ed25519_amd64_51_30k_batch_fe25519_nsquare
-#define fe25519_invert       crypto_sign_ed25519_amd64_51_30k_batch_fe25519_invert
-#define fe25519_pow2523      crypto_sign_ed25519_amd64_51_30k_batch_fe25519_pow2523
+#include <stddef.h>
+#include "compat.h"

-typedef struct 
+#define fe25519              CRYPTO_NAMESPACE(batch_fe25519)
+#define fe25519_freeze       CRYPTO_NAMESPACE(batch_fe25519_freeze)
+#define fe25519_unpack       CRYPTO_NAMESPACE(batch_fe25519_unpack)
+#define fe25519_pack         CRYPTO_NAMESPACE(batch_fe25519_pack)
+#define fe25519_iszero_vartime       CRYPTO_NAMESPACE(batch_fe25519_iszero_vartime)
+#define fe25519_iseq_vartime CRYPTO_NAMESPACE(batch_fe25519_iseq_vartime)
+#define fe25519_cmov         CRYPTO_NAMESPACE(batch_fe25519_cmov)
+#define fe25519_setint       CRYPTO_NAMESPACE(batch_fe25519_setint)
+#define fe25519_neg          CRYPTO_NAMESPACE(batch_fe25519_neg)
+#define fe25519_getparity    CRYPTO_NAMESPACE(batch_fe25519_getparity)
+#define fe25519_add          CRYPTO_NAMESPACE(batch_fe25519_add)
+#define fe25519_sub          CRYPTO_NAMESPACE(batch_fe25519_sub)
+#define fe25519_mul          CRYPTO_NAMESPACE(batch_fe25519_mul)
+#define fe25519_square       CRYPTO_NAMESPACE(batch_fe25519_square)
+#define fe25519_nsquare       CRYPTO_NAMESPACE(batch_fe25519_nsquare)
+#define fe25519_invert       CRYPTO_NAMESPACE(batch_fe25519_invert)
+#define fe25519_batchinvert  CRYPTO_NAMESPACE(batch_fe25519_batchinvert)
+#define fe25519_pow2523      CRYPTO_NAMESPACE(batch_fe25519_pow2523)
+
+typedef struct
 {
-  unsigned long long v[5]; 
+  unsigned long long v[5];
 }
 fe25519;

-void fe25519_freeze(fe25519 *r);
+void fe25519_freeze(fe25519 *r) SYSVABI;

 void fe25519_unpack(fe25519 *r, const unsigned char x[32]);

@ -50,16 +53,16 @@ void fe25519_add(fe25519 *r, const fe25519 *x, const fe25519 *y);

 void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y);

-void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y);
+void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y) SYSVABI;

-void fe25519_mul121666(fe25519 *r, const fe25519 *x);
+void fe25519_square(fe25519 *r, const fe25519 *x) SYSVABI;

-void fe25519_square(fe25519 *r, const fe25519 *x);
-
-void fe25519_nsquare(fe25519 *r, unsigned long long n);
+void fe25519_nsquare(fe25519 *r, unsigned long long n) SYSVABI;

 void fe25519_invert(fe25519 *r, const fe25519 *x);

+void fe25519_batchinvert(fe25519 *out, const fe25519 *in, fe25519 *tmp, size_t num, size_t offset);
+
 void fe25519_pow2523(fe25519 *r, const fe25519 *x);

 #endif
--- a/ed25519/amd64-51-30k/fe25519_batchinvert.c
+++ b/ed25519/amd64-51-30k/fe25519_batchinvert.c
@ -0,0 +1,34 @@
+#include "fe25519.h"
+
+// tmp MUST != out or in
+// in MAY == out
+void fe25519_batchinvert(fe25519 *out, const fe25519 *in, fe25519 *tmp, size_t num, size_t offset)
+{
+  fe25519 acc;
+  fe25519 tmpacc;
+  size_t i;
+  const fe25519 *inp;
+  fe25519 *outp;
+
+  fe25519_setint(&acc,1);
+
+  inp = in;
+  for (i = 0;i < num;++i) {
+    tmp[i] = acc;
+    fe25519_mul(&acc,&acc,inp);
+    inp = (const fe25519 *)((const char *)inp + offset);
+  }
+
+  fe25519_invert(&acc,&acc);
+
+  i = num;
+  inp = (const fe25519 *)((const char *)in + offset * num);
+  outp = (fe25519 *)((char *)out + offset * num);
+  while (i--) {
+    inp = (const fe25519 *)((const char *)inp - offset);
+    outp = (fe25519 *)((char *)outp - offset);
+    fe25519_mul(&tmpacc,&acc,inp);
+    fe25519_mul(outp,&acc,&tmp[i]);
+    acc = tmpacc;
+  }
+}
--- a/ed25519/amd64-51-30k/fe25519_freeze.S
+++ b/ed25519/amd64-51-30k/fe25519_freeze.S
@ -63,13 +63,13 @@

 # qhasm:   stack64 caller7_stack

-# qhasm: enter crypto_sign_ed25519_amd64_51_30k_batch_fe25519_freeze
+# qhasm: enter CRYPTO_NAMESPACE(batch_fe25519_freeze)
 .text
 .p2align 5
-.globl _crypto_sign_ed25519_amd64_51_30k_batch_fe25519_freeze
-.globl crypto_sign_ed25519_amd64_51_30k_batch_fe25519_freeze
-_crypto_sign_ed25519_amd64_51_30k_batch_fe25519_freeze:
-crypto_sign_ed25519_amd64_51_30k_batch_fe25519_freeze:
+.globl _CRYPTO_NAMESPACE(batch_fe25519_freeze)
+.globl CRYPTO_NAMESPACE(batch_fe25519_freeze)
+_CRYPTO_NAMESPACE(batch_fe25519_freeze):
+CRYPTO_NAMESPACE(batch_fe25519_freeze):
 mov %rsp,%r11
 and $31,%r11
 add $64,%r11
@ -135,10 +135,10 @@ movq   24(%rdi),%r8
 # asm 2: movq   32(<rp=%rdi),>r4=%r9
 movq   32(%rdi),%r9

-# qhasm: two51minus1 = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
-# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>two51minus1=int64#7
-# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>two51minus1=%rax
-movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rax
+# qhasm: two51minus1 = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
+# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>two51minus1=int64#7
+# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>two51minus1=%rax
+movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rax

 # qhasm: two51minus19 = two51minus1
 # asm 1: mov  <two51minus1=int64#7,>two51minus19=int64#8
--- a/ed25519/amd64-51-30k/fe25519_mul.S
+++ b/ed25519/amd64-51-30k/fe25519_mul.S
@ -97,13 +97,13 @@

 # qhasm: stack64 mulx419_stack

-# qhasm: enter crypto_sign_ed25519_amd64_51_30k_batch_fe25519_mul
+# qhasm: enter CRYPTO_NAMESPACE(batch_fe25519_mul)
 .text
 .p2align 5
-.globl _crypto_sign_ed25519_amd64_51_30k_batch_fe25519_mul
-.globl crypto_sign_ed25519_amd64_51_30k_batch_fe25519_mul
-_crypto_sign_ed25519_amd64_51_30k_batch_fe25519_mul:
-crypto_sign_ed25519_amd64_51_30k_batch_fe25519_mul:
+.globl _CRYPTO_NAMESPACE(batch_fe25519_mul)
+.globl CRYPTO_NAMESPACE(batch_fe25519_mul)
+_CRYPTO_NAMESPACE(batch_fe25519_mul):
+CRYPTO_NAMESPACE(batch_fe25519_mul):
 mov %rsp,%r11
 and $31,%r11
 add $96,%r11
@ -689,10 +689,10 @@ add  %rax,%r14
 # asm 2: adc <mulrdx=%rdx,<mulr31=%r15
 adc %rdx,%r15

-# qhasm:   mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
-# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#2
-# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rsi
-movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rsi
+# qhasm:   mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
+# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#2
+# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rsi
+movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rsi

 # qhasm:   mulr01 = (mulr01.r0) << 13
 # asm 1: shld $13,<r0=int64#5,<mulr01=int64#6
--- a/ed25519/amd64-51-30k/fe25519_nsquare.S
+++ b/ed25519/amd64-51-30k/fe25519_nsquare.S
@ -87,13 +87,13 @@

 # qhasm: stack64 n_stack

-# qhasm: enter crypto_sign_ed25519_amd64_51_30k_batch_fe25519_nsquare
+# qhasm: enter CRYPTO_NAMESPACE(batch_fe25519_nsquare)
 .text
 .p2align 5
-.globl _crypto_sign_ed25519_amd64_51_30k_batch_fe25519_nsquare
-.globl crypto_sign_ed25519_amd64_51_30k_batch_fe25519_nsquare
-_crypto_sign_ed25519_amd64_51_30k_batch_fe25519_nsquare:
-crypto_sign_ed25519_amd64_51_30k_batch_fe25519_nsquare:
+.globl _CRYPTO_NAMESPACE(batch_fe25519_nsquare)
+.globl CRYPTO_NAMESPACE(batch_fe25519_nsquare)
+_CRYPTO_NAMESPACE(batch_fe25519_nsquare):
+CRYPTO_NAMESPACE(batch_fe25519_nsquare):
 mov %rsp,%r11
 and $31,%r11
 add $64,%r11
@ -497,10 +497,10 @@ add  %rax,%r13
 # asm 2: adc <squarerdx=%rdx,<squarer31=%r14
 adc %rdx,%r14

-# qhasm:   squareredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
-# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>squareredmask=int64#3
-# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>squareredmask=%rdx
-movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
+# qhasm:   squareredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
+# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=int64#3
+# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=%rdx
+movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx

 # qhasm:   squarer01 = (squarer01.r0) << 13
 # asm 1: shld $13,<r0=int64#4,<squarer01=int64#5
--- a/ed25519/amd64-51-30k/fe25519_square.S
+++ b/ed25519/amd64-51-30k/fe25519_square.S
@ -85,13 +85,13 @@

 # qhasm: int64 squareredmask

-# qhasm: enter crypto_sign_ed25519_amd64_51_30k_batch_fe25519_square
+# qhasm: enter CRYPTO_NAMESPACE(batch_fe25519_square)
 .text
 .p2align 5
-.globl _crypto_sign_ed25519_amd64_51_30k_batch_fe25519_square
-.globl crypto_sign_ed25519_amd64_51_30k_batch_fe25519_square
-_crypto_sign_ed25519_amd64_51_30k_batch_fe25519_square:
-crypto_sign_ed25519_amd64_51_30k_batch_fe25519_square:
+.globl _CRYPTO_NAMESPACE(batch_fe25519_square)
+.globl CRYPTO_NAMESPACE(batch_fe25519_square)
+_CRYPTO_NAMESPACE(batch_fe25519_square):
+CRYPTO_NAMESPACE(batch_fe25519_square):
 mov %rsp,%r11
 and $31,%r11
 add $64,%r11
@ -492,10 +492,10 @@ add  %rax,%r13
 # asm 2: adc <squarerdx=%rdx,<squarer31=%r14
 adc %rdx,%r14

-# qhasm:   squareredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
-# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>squareredmask=int64#2
-# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>squareredmask=%rsi
-movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rsi
+# qhasm:   squareredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
+# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=int64#2
+# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=%rsi
+movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rsi

 # qhasm:   squarer01 = (squarer01.r0) << 13
 # asm 1: shld $13,<r0=int64#4,<squarer01=int64#5
--- a/ed25519/amd64-51-30k/ge25519.h
+++ b/ed25519/amd64-51-30k/ge25519.h
@ -11,27 +11,27 @@

 #include "fe25519.h"
 #include "sc25519.h"
+#include "compat.h"

-#define ge25519                           crypto_sign_ed25519_amd64_51_30k_batch_ge25519
-#define ge25519_base                      crypto_sign_ed25519_amd64_51_30k_batch_ge25519_base
-#define ge25519_unpackneg_vartime         crypto_sign_ed25519_amd64_51_30k_batch_unpackneg_vartime
-#define ge25519_pack                      crypto_sign_ed25519_amd64_51_30k_batch_pack
-#define ge25519_isneutral_vartime         crypto_sign_ed25519_amd64_51_30k_batch_isneutral_vartime
-#define ge25519_add                       crypto_sign_ed25519_amd64_51_30k_batch_ge25519_add
-#define ge25519_double                    crypto_sign_ed25519_amd64_51_30k_batch_ge25519_double
-#define ge25519_double_scalarmult_vartime crypto_sign_ed25519_amd64_51_30k_batch_double_scalarmult_vartime
-#define ge25519_multi_scalarmult_vartime  crypto_sign_ed25519_amd64_51_30k_batch_ge25519_multi_scalarmult_vartime
-#define ge25519_scalarmult_base           crypto_sign_ed25519_amd64_51_30k_batch_scalarmult_base
-#define ge25519_p1p1_to_p2                crypto_sign_ed25519_amd64_51_30k_batch_ge25519_p1p1_to_p2
-#define ge25519_p1p1_to_p3                crypto_sign_ed25519_amd64_51_30k_batch_ge25519_p1p1_to_p3
-#define ge25519_p1p1_to_pniels            crypto_sign_ed25519_amd64_51_30k_batch_ge25519_p1p1_to_pniels
-#define ge25519_add_p1p1                  crypto_sign_ed25519_amd64_51_30k_batch_ge25519_add_p1p1
-#define ge25519_dbl_p1p1                  crypto_sign_ed25519_amd64_51_30k_batch_ge25519_dbl_p1p1
-#define choose_t                          crypto_sign_ed25519_amd64_51_30k_batch_choose_t
-#define choose_t_smultq                   crypto_sign_ed25519_amd64_51_30k_batch_choose_t_smultq
-#define ge25519_nielsadd2                 crypto_sign_ed25519_amd64_51_30k_batch_ge25519_nielsadd2
-#define ge25519_nielsadd_p1p1             crypto_sign_ed25519_amd64_51_30k_batch_ge25519_nielsadd_p1p1
-#define ge25519_pnielsadd_p1p1            crypto_sign_ed25519_amd64_51_30k_batch_ge25519_pnielsadd_p1p1
+#define ge25519                           CRYPTO_NAMESPACE(batch_ge25519)
+#define ge25519_base                      CRYPTO_NAMESPACE(batch_ge25519_base)
+#define ge25519_unpackneg_vartime         CRYPTO_NAMESPACE(batch_unpackneg_vartime)
+#define ge25519_pack                      CRYPTO_NAMESPACE(batch_pack)
+#define ge25519_isneutral_vartime         CRYPTO_NAMESPACE(batch_isneutral_vartime)
+#define ge25519_add                       CRYPTO_NAMESPACE(batch_ge25519_add)
+#define ge25519_double                    CRYPTO_NAMESPACE(batch_ge25519_double)
+#define ge25519_double_scalarmult_vartime CRYPTO_NAMESPACE(batch_double_scalarmult_vartime)
+#define ge25519_multi_scalarmult_vartime  CRYPTO_NAMESPACE(batch_ge25519_multi_scalarmult_vartime)
+#define ge25519_scalarmult_base           CRYPTO_NAMESPACE(batch_scalarmult_base)
+#define ge25519_p1p1_to_p2                CRYPTO_NAMESPACE(batch_ge25519_p1p1_to_p2)
+#define ge25519_p1p1_to_p3                CRYPTO_NAMESPACE(batch_ge25519_p1p1_to_p3)
+#define ge25519_p1p1_to_pniels            CRYPTO_NAMESPACE(batch_ge25519_p1p1_to_pniels)
+#define ge25519_add_p1p1                  CRYPTO_NAMESPACE(batch_ge25519_add_p1p1)
+#define ge25519_dbl_p1p1                  CRYPTO_NAMESPACE(batch_ge25519_dbl_p1p1)
+#define choose_t                          CRYPTO_NAMESPACE(batch_choose_t)
+#define ge25519_nielsadd2                 CRYPTO_NAMESPACE(batch_ge25519_nielsadd2)
+#define ge25519_nielsadd_p1p1             CRYPTO_NAMESPACE(batch_ge25519_nielsadd_p1p1)
+#define ge25519_pnielsadd_p1p1            CRYPTO_NAMESPACE(batch_ge25519_pnielsadd_p1p1)

 #define ge25519_p3 ge25519

@ -73,16 +73,17 @@ typedef struct
  fe25519 t2d;
 } ge25519_pniels;

-extern void ge25519_p1p1_to_p2(ge25519_p2 *r, const ge25519_p1p1 *p);
-extern void ge25519_p1p1_to_p3(ge25519_p3 *r, const ge25519_p1p1 *p);
-extern void ge25519_p1p1_to_pniels(ge25519_pniels *r, const ge25519_p1p1 *p);
-extern void ge25519_add_p1p1(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_p3 *q);
-extern void ge25519_dbl_p1p1(ge25519_p1p1 *r, const ge25519_p2 *p);
-extern void choose_t(ge25519_niels *t, unsigned long long pos, signed long long b, const ge25519_niels *base_multiples);
-extern void choose_t_smultq(ge25519_pniels *t, signed long long b, const ge25519_pniels *pre);
-extern void ge25519_nielsadd2(ge25519_p3 *r, const ge25519_niels *q);
-extern void ge25519_nielsadd_p1p1(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_niels *q);
-extern void ge25519_pnielsadd_p1p1(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_pniels *q);
+typedef unsigned char bytes32[32];
+
+extern void ge25519_p1p1_to_p2(ge25519_p2 *r, const ge25519_p1p1 *p) SYSVABI;
+extern void ge25519_p1p1_to_p3(ge25519_p3 *r, const ge25519_p1p1 *p) SYSVABI;
+extern void ge25519_p1p1_to_pniels(ge25519_pniels *r, const ge25519_p1p1 *p) SYSVABI;
+extern void ge25519_add_p1p1(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_p3 *q) SYSVABI;
+extern void ge25519_dbl_p1p1(ge25519_p1p1 *r, const ge25519_p2 *p) SYSVABI;
+extern void choose_t(ge25519_niels *t, unsigned long long pos, signed long long b, const ge25519_niels *base_multiples) SYSVABI;
+extern void ge25519_nielsadd2(ge25519_p3 *r, const ge25519_niels *q) SYSVABI;
+extern void ge25519_nielsadd_p1p1(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_niels *q) SYSVABI;
+extern void ge25519_pnielsadd_p1p1(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_pniels *q) SYSVABI;

 extern const ge25519 ge25519_base;

@ -90,6 +91,9 @@ extern int ge25519_unpackneg_vartime(ge25519 *r, const unsigned char p[32]);

 extern void ge25519_pack(unsigned char r[32], const ge25519 *p);

+extern void ge25519_batchpack_destructive_1(bytes32 *out, ge25519_p3 *in, fe25519 *tmp, size_t num);
+extern void ge25519_batchpack_destructive_finish(bytes32 out, ge25519_p3 *unf);
+
 extern int ge25519_isneutral_vartime(const ge25519 *p);

 extern void ge25519_add(ge25519 *r, const ge25519 *p, const ge25519 *q);
--- a/ed25519/amd64-51-30k/ge25519_add_p1p1.S
+++ b/ed25519/amd64-51-30k/ge25519_add_p1p1.S
@ -247,13 +247,13 @@

 # qhasm: stack64 mulx419_stack

-# qhasm: enter crypto_sign_ed25519_amd64_51_30k_batch_ge25519_add_p1p1
+# qhasm: enter CRYPTO_NAMESPACE(batch_ge25519_add_p1p1)
 .text
 .p2align 5
-.globl _crypto_sign_ed25519_amd64_51_30k_batch_ge25519_add_p1p1
-.globl crypto_sign_ed25519_amd64_51_30k_batch_ge25519_add_p1p1
-_crypto_sign_ed25519_amd64_51_30k_batch_ge25519_add_p1p1:
-crypto_sign_ed25519_amd64_51_30k_batch_ge25519_add_p1p1:
+.globl _CRYPTO_NAMESPACE(batch_ge25519_add_p1p1)
+.globl CRYPTO_NAMESPACE(batch_ge25519_add_p1p1)
+_CRYPTO_NAMESPACE(batch_ge25519_add_p1p1):
+CRYPTO_NAMESPACE(batch_ge25519_add_p1p1):
 mov %rsp,%r11
 and $31,%r11
 add $256,%r11
@ -329,10 +329,10 @@ movq   72(%rsi),%r10
 # asm 2: mov  <a0=%rdx,>b0=%r11
 mov  %rdx,%r11

-# qhasm: a0 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P0
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P0,<a0=int64#3
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P0,<a0=%rdx
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P0,%rdx
+# qhasm: a0 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P0)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P0),<a0=int64#3
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P0),<a0=%rdx
+add  CRYPTO_NAMESPACE(batch_2P0)(%rip),%rdx

 # qhasm: x0 = *(uint64 *)(pp + 0)
 # asm 1: movq   0(<pp=int64#2),>x0=int64#10
@ -354,10 +354,10 @@ sub  %r12,%rdx
 # asm 2: mov  <a1=%r8,>b1=%r12
 mov  %r8,%r12

-# qhasm: a1 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a1=int64#5
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a1=%r8
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r8
+# qhasm: a1 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<a1=int64#5
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<a1=%r8
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r8

 # qhasm: x1 = *(uint64 *)(pp + 8)
 # asm 1: movq   8(<pp=int64#2),>x1=int64#11
@ -379,10 +379,10 @@ sub  %r13,%r8
 # asm 2: mov  <a2=%r9,>b2=%r13
 mov  %r9,%r13

-# qhasm: a2 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a2=int64#6
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a2=%r9
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r9
+# qhasm: a2 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<a2=int64#6
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<a2=%r9
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r9

 # qhasm: x2 = *(uint64 *)(pp + 16)
 # asm 1: movq   16(<pp=int64#2),>x2=int64#12
@ -404,10 +404,10 @@ sub  %r14,%r9
 # asm 2: mov  <a3=%rax,>b3=%r14
 mov  %rax,%r14

-# qhasm: a3 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a3=int64#7
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a3=%rax
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%rax
+# qhasm: a3 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<a3=int64#7
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<a3=%rax
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%rax

 # qhasm: x3 = *(uint64 *)(pp + 24)
 # asm 1: movq   24(<pp=int64#2),>x3=int64#13
@ -429,10 +429,10 @@ sub  %r15,%rax
 # asm 2: mov  <a4=%r10,>b4=%r15
 mov  %r10,%r15

-# qhasm: a4 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a4=int64#8
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a4=%r10
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r10
+# qhasm: a4 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<a4=int64#8
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<a4=%r10
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r10

 # qhasm: x4 = *(uint64 *)(pp + 32)
 # asm 1: movq   32(<pp=int64#2),>x4=int64#14
@ -529,10 +529,10 @@ movq   72(%rcx),%r10
 # asm 2: mov  <t10=%rdx,>t20=%r11
 mov  %rdx,%r11

-# qhasm: t10 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P0
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P0,<t10=int64#3
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P0,<t10=%rdx
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P0,%rdx
+# qhasm: t10 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P0)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P0),<t10=int64#3
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P0),<t10=%rdx
+add  CRYPTO_NAMESPACE(batch_2P0)(%rip),%rdx

 # qhasm: rx0 = *(uint64 *) (qp + 0)
 # asm 1: movq   0(<qp=int64#4),>rx0=int64#10
@ -554,10 +554,10 @@ sub  %r12,%rdx
 # asm 2: mov  <t11=%r8,>t21=%r12
 mov  %r8,%r12

-# qhasm: t11 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<t11=int64#5
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<t11=%r8
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r8
+# qhasm: t11 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<t11=int64#5
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<t11=%r8
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r8

 # qhasm: rx1 = *(uint64 *) (qp + 8)
 # asm 1: movq   8(<qp=int64#4),>rx1=int64#11
@ -579,10 +579,10 @@ sub  %r13,%r8
 # asm 2: mov  <t12=%r9,>t22=%r13
 mov  %r9,%r13

-# qhasm: t12 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<t12=int64#6
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<t12=%r9
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r9
+# qhasm: t12 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<t12=int64#6
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<t12=%r9
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r9

 # qhasm: rx2 = *(uint64 *) (qp + 16)
 # asm 1: movq   16(<qp=int64#4),>rx2=int64#12
@ -604,10 +604,10 @@ sub  %r14,%r9
 # asm 2: mov  <t13=%rax,>t23=%r14
 mov  %rax,%r14

-# qhasm: t13 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<t13=int64#7
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<t13=%rax
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%rax
+# qhasm: t13 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<t13=int64#7
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<t13=%rax
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%rax

 # qhasm: rx3 = *(uint64 *) (qp + 24)
 # asm 1: movq   24(<qp=int64#4),>rx3=int64#13
@ -629,10 +629,10 @@ sub  %r15,%rax
 # asm 2: mov  <t14=%r10,>t24=%r15
 mov  %r10,%r15

-# qhasm: t14 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<t14=int64#8
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<t14=%r10
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r10
+# qhasm: t14 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<t14=int64#8
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<t14=%r10
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r10

 # qhasm: rx4 = *(uint64 *) (qp + 32)
 # asm 1: movq   32(<qp=int64#4),>rx4=int64#14
@ -1234,10 +1234,10 @@ add  %rax,%r14
 # asm 2: adc <mulrdx=%rdx,<mulr31=%r15
 adc %rdx,%r15

-# qhasm:   mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
-# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#3
-# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx
-movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
+# qhasm:   mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
+# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3
+# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx
+movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx

 # qhasm:   mulr01 = (mulr01.a0) << 13
 # asm 1: shld $13,<a0=int64#5,<mulr01=int64#6
@ -1984,10 +1984,10 @@ add  %rax,%r14
 # asm 2: adc <mulrdx=%rdx,<mulr31=%r15
 adc %rdx,%r15

-# qhasm:   mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
-# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#3
-# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx
-movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
+# qhasm:   mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
+# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3
+# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx
+movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx

 # qhasm:   mulr01 = (mulr01.rx0) << 13
 # asm 1: shld $13,<rx0=int64#5,<mulr01=int64#6
@ -2199,30 +2199,30 @@ mov  %r11,%r14
 # asm 2: mov  <rx4=%r12,>ry4=%r15
 mov  %r12,%r15

-# qhasm: rx0 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P0
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P0,<rx0=int64#5
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P0,<rx0=%r8
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P0,%r8
+# qhasm: rx0 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P0)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P0),<rx0=int64#5
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P0),<rx0=%r8
+add  CRYPTO_NAMESPACE(batch_2P0)(%rip),%r8

-# qhasm: rx1 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rx1=int64#7
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rx1=%rax
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%rax
+# qhasm: rx1 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<rx1=int64#7
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<rx1=%rax
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%rax

-# qhasm: rx2 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rx2=int64#8
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rx2=%r10
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r10
+# qhasm: rx2 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<rx2=int64#8
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<rx2=%r10
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r10

-# qhasm: rx3 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rx3=int64#9
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rx3=%r11
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r11
+# qhasm: rx3 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<rx3=int64#9
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<rx3=%r11
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r11

-# qhasm: rx4 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rx4=int64#10
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rx4=%r12
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r12
+# qhasm: rx4 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<rx4=int64#10
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<rx4=%r12
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r12

 # qhasm: ry0 += a0_stack
 # asm 1: addq <a0_stack=stack64#8,<ry0=int64#3
@ -2859,10 +2859,10 @@ add  %rax,%r14
 # asm 2: adc <mulrdx=%rdx,<mulr31=%r15
 adc %rdx,%r15

-# qhasm:   mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
-# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#3
-# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx
-movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
+# qhasm:   mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
+# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3
+# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx
+movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx

 # qhasm:   mulr01 = (mulr01.c0) << 13
 # asm 1: shld $13,<c0=int64#5,<mulr01=int64#6
@ -3089,8 +3089,8 @@ imulq  $19,%rdx,%rax
 # asm 2: movq <mulrax=%rax,>mulx319_stack=96(%rsp)
 movq %rax,96(%rsp)

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D2
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_EC2D2
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D2)
+mulq CRYPTO_NAMESPACE(batch_EC2D2)(%rip)

 # qhasm:   c0 = mulrax
 # asm 1: mov  <mulrax=int64#7,>c0=int64#5
@ -3117,8 +3117,8 @@ imulq  $19,%rdx,%rax
 # asm 2: movq <mulrax=%rax,>mulx419_stack=104(%rsp)
 movq %rax,104(%rsp)

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D1
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_EC2D1
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D1)
+mulq CRYPTO_NAMESPACE(batch_EC2D1)(%rip)

 # qhasm:   carry? c0 += mulrax
 # asm 1: add  <mulrax=int64#7,<c0=int64#5
@ -3135,8 +3135,8 @@ adc %rdx,%r9
 # asm 2: movq <c0_stack=56(%rsp),>mulrax=%rax
 movq 56(%rsp),%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D0
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_EC2D0
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D0)
+mulq CRYPTO_NAMESPACE(batch_EC2D0)(%rip)

 # qhasm:   carry? c0 += mulrax
 # asm 1: add  <mulrax=int64#7,<c0=int64#5
@ -3153,8 +3153,8 @@ adc %rdx,%r9
 # asm 2: movq <c0_stack=56(%rsp),>mulrax=%rax
 movq 56(%rsp),%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D1
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_EC2D1
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D1)
+mulq CRYPTO_NAMESPACE(batch_EC2D1)(%rip)

 # qhasm:   c1 = mulrax
 # asm 1: mov  <mulrax=int64#7,>c1=int64#8
@ -3171,8 +3171,8 @@ mov  %rdx,%r11
 # asm 2: movq <c0_stack=56(%rsp),>mulrax=%rax
 movq 56(%rsp),%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D2
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_EC2D2
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D2)
+mulq CRYPTO_NAMESPACE(batch_EC2D2)(%rip)

 # qhasm:   c2 = mulrax
 # asm 1: mov  <mulrax=int64#7,>c2=int64#10
@ -3189,8 +3189,8 @@ mov  %rdx,%r13
 # asm 2: movq <c0_stack=56(%rsp),>mulrax=%rax
 movq 56(%rsp),%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D3
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_EC2D3
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D3)
+mulq CRYPTO_NAMESPACE(batch_EC2D3)(%rip)

 # qhasm:   c3 = mulrax
 # asm 1: mov  <mulrax=int64#7,>c3=int64#12
@ -3207,8 +3207,8 @@ mov  %rdx,%r15
 # asm 2: movq <c0_stack=56(%rsp),>mulrax=%rax
 movq 56(%rsp),%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D4
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_EC2D4
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D4)
+mulq CRYPTO_NAMESPACE(batch_EC2D4)(%rip)

 # qhasm:   c4 = mulrax
 # asm 1: mov  <mulrax=int64#7,>c4=int64#14
@ -3225,8 +3225,8 @@ mov  %rdx,%rbp
 # asm 2: movq <c1_stack=64(%rsp),>mulrax=%rax
 movq 64(%rsp),%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D0
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_EC2D0
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D0)
+mulq CRYPTO_NAMESPACE(batch_EC2D0)(%rip)

 # qhasm:   carry? c1 += mulrax
 # asm 1: add  <mulrax=int64#7,<c1=int64#8
@ -3243,8 +3243,8 @@ adc %rdx,%r11
 # asm 2: movq <c1_stack=64(%rsp),>mulrax=%rax
 movq 64(%rsp),%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D1
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_EC2D1
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D1)
+mulq CRYPTO_NAMESPACE(batch_EC2D1)(%rip)

 # qhasm:   carry? c2 += mulrax
 # asm 1: add  <mulrax=int64#7,<c2=int64#10
@ -3261,8 +3261,8 @@ adc %rdx,%r13
 # asm 2: movq <c1_stack=64(%rsp),>mulrax=%rax
 movq 64(%rsp),%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D2
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_EC2D2
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D2)
+mulq CRYPTO_NAMESPACE(batch_EC2D2)(%rip)

 # qhasm:   carry? c3 += mulrax
 # asm 1: add  <mulrax=int64#7,<c3=int64#12
@ -3279,8 +3279,8 @@ adc %rdx,%r15
 # asm 2: movq <c1_stack=64(%rsp),>mulrax=%rax
 movq 64(%rsp),%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D3
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_EC2D3
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D3)
+mulq CRYPTO_NAMESPACE(batch_EC2D3)(%rip)

 # qhasm:   carry? c4 += mulrax
 # asm 1: add  <mulrax=int64#7,<c4=int64#14
@ -3302,8 +3302,8 @@ movq 64(%rsp),%rdx
 # asm 2: imulq  $19,<mulrax=%rdx,>mulrax=%rax
 imulq  $19,%rdx,%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D4
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_EC2D4
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D4)
+mulq CRYPTO_NAMESPACE(batch_EC2D4)(%rip)

 # qhasm:   carry? c0 += mulrax
 # asm 1: add  <mulrax=int64#7,<c0=int64#5
@ -3320,8 +3320,8 @@ adc %rdx,%r9
 # asm 2: movq <c2_stack=72(%rsp),>mulrax=%rax
 movq 72(%rsp),%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D0
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_EC2D0
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D0)
+mulq CRYPTO_NAMESPACE(batch_EC2D0)(%rip)

 # qhasm:   carry? c2 += mulrax
 # asm 1: add  <mulrax=int64#7,<c2=int64#10
@ -3338,8 +3338,8 @@ adc %rdx,%r13
 # asm 2: movq <c2_stack=72(%rsp),>mulrax=%rax
 movq 72(%rsp),%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D1
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_EC2D1
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D1)
+mulq CRYPTO_NAMESPACE(batch_EC2D1)(%rip)

 # qhasm:   carry? c3 += mulrax
 # asm 1: add  <mulrax=int64#7,<c3=int64#12
@ -3356,8 +3356,8 @@ adc %rdx,%r15
 # asm 2: movq <c2_stack=72(%rsp),>mulrax=%rax
 movq 72(%rsp),%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D2
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_EC2D2
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D2)
+mulq CRYPTO_NAMESPACE(batch_EC2D2)(%rip)

 # qhasm:   carry? c4 += mulrax
 # asm 1: add  <mulrax=int64#7,<c4=int64#14
@ -3379,8 +3379,8 @@ movq 72(%rsp),%rdx
 # asm 2: imulq  $19,<mulrax=%rdx,>mulrax=%rax
 imulq  $19,%rdx,%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D3
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_EC2D3
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D3)
+mulq CRYPTO_NAMESPACE(batch_EC2D3)(%rip)

 # qhasm:   carry? c0 += mulrax
 # asm 1: add  <mulrax=int64#7,<c0=int64#5
@ -3402,8 +3402,8 @@ movq 72(%rsp),%rdx
 # asm 2: imulq  $19,<mulrax=%rdx,>mulrax=%rax
 imulq  $19,%rdx,%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D4
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_EC2D4
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D4)
+mulq CRYPTO_NAMESPACE(batch_EC2D4)(%rip)

 # qhasm:   carry? c1 += mulrax
 # asm 1: add  <mulrax=int64#7,<c1=int64#8
@ -3420,8 +3420,8 @@ adc %rdx,%r11
 # asm 2: movq <c3_stack=80(%rsp),>mulrax=%rax
 movq 80(%rsp),%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D0
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_EC2D0
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D0)
+mulq CRYPTO_NAMESPACE(batch_EC2D0)(%rip)

 # qhasm:   carry? c3 += mulrax
 # asm 1: add  <mulrax=int64#7,<c3=int64#12
@ -3438,8 +3438,8 @@ adc %rdx,%r15
 # asm 2: movq <c3_stack=80(%rsp),>mulrax=%rax
 movq 80(%rsp),%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D1
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_EC2D1
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D1)
+mulq CRYPTO_NAMESPACE(batch_EC2D1)(%rip)

 # qhasm:   carry? c4 += mulrax
 # asm 1: add  <mulrax=int64#7,<c4=int64#14
@ -3456,8 +3456,8 @@ adc %rdx,%rbp
 # asm 2: movq <mulx319_stack=96(%rsp),>mulrax=%rax
 movq 96(%rsp),%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D3
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_EC2D3
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D3)
+mulq CRYPTO_NAMESPACE(batch_EC2D3)(%rip)

 # qhasm:   carry? c1 += mulrax
 # asm 1: add  <mulrax=int64#7,<c1=int64#8
@ -3474,8 +3474,8 @@ adc %rdx,%r11
 # asm 2: movq <mulx319_stack=96(%rsp),>mulrax=%rax
 movq 96(%rsp),%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D4
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_EC2D4
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D4)
+mulq CRYPTO_NAMESPACE(batch_EC2D4)(%rip)

 # qhasm:   carry? c2 += mulrax
 # asm 1: add  <mulrax=int64#7,<c2=int64#10
@ -3492,8 +3492,8 @@ adc %rdx,%r13
 # asm 2: movq <c4_stack=88(%rsp),>mulrax=%rax
 movq 88(%rsp),%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D0
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_EC2D0
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D0)
+mulq CRYPTO_NAMESPACE(batch_EC2D0)(%rip)

 # qhasm:   carry? c4 += mulrax
 # asm 1: add  <mulrax=int64#7,<c4=int64#14
@ -3510,8 +3510,8 @@ adc %rdx,%rbp
 # asm 2: movq <mulx419_stack=104(%rsp),>mulrax=%rax
 movq 104(%rsp),%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D2
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_EC2D2
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D2)
+mulq CRYPTO_NAMESPACE(batch_EC2D2)(%rip)

 # qhasm:   carry? c1 += mulrax
 # asm 1: add  <mulrax=int64#7,<c1=int64#8
@ -3528,8 +3528,8 @@ adc %rdx,%r11
 # asm 2: movq <mulx419_stack=104(%rsp),>mulrax=%rax
 movq 104(%rsp),%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D3
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_EC2D3
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D3)
+mulq CRYPTO_NAMESPACE(batch_EC2D3)(%rip)

 # qhasm:   carry? c2 += mulrax
 # asm 1: add  <mulrax=int64#7,<c2=int64#10
@ -3546,8 +3546,8 @@ adc %rdx,%r13
 # asm 2: movq <mulx419_stack=104(%rsp),>mulrax=%rax
 movq 104(%rsp),%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D4
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_EC2D4
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D4)
+mulq CRYPTO_NAMESPACE(batch_EC2D4)(%rip)

 # qhasm:   carry? c3 += mulrax
 # asm 1: add  <mulrax=int64#7,<c3=int64#12
@ -3559,10 +3559,10 @@ add  %rax,%r14
 # asm 2: adc <mulrdx=%rdx,<mulr31=%r15
 adc %rdx,%r15

-# qhasm:   mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
-# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#3
-# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx
-movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
+# qhasm:   mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
+# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3
+# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx
+movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx

 # qhasm:   mulr01 = (mulr01.c0) << 13
 # asm 1: shld $13,<c0=int64#5,<mulr01=int64#6
@ -4309,10 +4309,10 @@ add  %rax,%r14
 # asm 2: adc <mulrdx=%rdx,<mulr31=%r15
 adc %rdx,%r15

-# qhasm:   mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
-# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#2
-# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rsi
-movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rsi
+# qhasm:   mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
+# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#2
+# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rsi
+movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rsi

 # qhasm:   mulr01 = (mulr01.rt0) << 13
 # asm 1: shld $13,<rt0=int64#5,<mulr01=int64#6
@ -4549,30 +4549,30 @@ mov  %rax,%r12
 # asm 2: mov  <rt4=%r10,>rz4=%r13
 mov  %r10,%r13

-# qhasm: rt0 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P0
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P0,<rt0=int64#5
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P0,<rt0=%r8
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P0,%r8
+# qhasm: rt0 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P0)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P0),<rt0=int64#5
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P0),<rt0=%r8
+add  CRYPTO_NAMESPACE(batch_2P0)(%rip),%r8

-# qhasm: rt1 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rt1=int64#4
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rt1=%rcx
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%rcx
+# qhasm: rt1 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<rt1=int64#4
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<rt1=%rcx
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%rcx

-# qhasm: rt2 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rt2=int64#6
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rt2=%r9
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r9
+# qhasm: rt2 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<rt2=int64#6
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<rt2=%r9
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r9

-# qhasm: rt3 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rt3=int64#7
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rt3=%rax
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%rax
+# qhasm: rt3 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<rt3=int64#7
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<rt3=%rax
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%rax

-# qhasm: rt4 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rt4=int64#8
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rt4=%r10
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r10
+# qhasm: rt4 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<rt4=int64#8
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<rt4=%r10
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r10

 # qhasm: rz0 += c0_stack
 # asm 1: addq <c0_stack=stack64#8,<rz0=int64#2
--- a/ed25519/amd64-51-30k/ge25519_base_niels_smalltables.data
+++ b/ed25519/amd64-51-30k/ge25519_base_niels_smalltables.data
@ -765,4 +765,4 @@
 {{0x000448327b95d543, 0x0000146681e3a4ba, 0x00038714adc34e0c, 0x0004f26f0e298e30, 0x000272224512c7de}}},
 {{{0x000492af49c5342e, 0x0002365cdf5a0357, 0x00032138a7ffbb60, 0x0002a1f7d14646fe, 0x00011b5df18a44cc}},
 {{0x0003bb8a42a975fc, 0x0006f2d5b46b17ef, 0x0007b6a9223170e5, 0x000053713fe3b7e6, 0x00019735fd7f6bc2}},
- {{0x000390d042c84266, 0x0001efe32a8fdc75, 0x0006925ee7ae1238, 0x0004af9281d0e832, 0x0000fef911191df8}}}
+ {{0x000390d042c84266, 0x0001efe32a8fdc75, 0x0006925ee7ae1238, 0x0004af9281d0e832, 0x0000fef911191df8}}}
--- a/ed25519/amd64-51-30k/ge25519_base_slide_multiples.data
+++ b/ed25519/amd64-51-30k/ge25519_base_slide_multiples.data
@ -93,4 +93,4 @@
 {{0x0004d5107f18c781, 0x00064a4fd3a51a5e, 0x0004f4cd0448bb37, 0x000671d38543151e, 0x0001db7778911914}}},
 {{{0x000352397c6bc26f, 0x00018a7aa0227bbe, 0x0005e68cc1ea5f8b, 0x0006fe3e3a7a1d5f, 0x00031ad97ad26e2a}},
 {{0x00014769dd701ab6, 0x00028339f1b4b667, 0x0004ab214b8ae37b, 0x00025f0aefa0b0fe, 0x0007ae2ca8a017d2}},
- {{0x000017ed0920b962, 0x000187e33b53b6fd, 0x00055829907a1463, 0x000641f248e0a792, 0x0001ed1fc53a6622}}}
+ {{0x000017ed0920b962, 0x000187e33b53b6fd, 0x00055829907a1463, 0x000641f248e0a792, 0x0001ed1fc53a6622}}}
--- a/ed25519/amd64-51-30k/ge25519_batchpack.c
+++ b/ed25519/amd64-51-30k/ge25519_batchpack.c
@ -0,0 +1,23 @@
+#include "fe25519.h"
+#include "ge25519.h"
+
+// NOTE: leaves in unfinished state
+void ge25519_batchpack_destructive_1(bytes32 *out, ge25519_p3 *in, fe25519 *tmp, size_t num)
+{
+  fe25519 ty;
+
+  fe25519_batchinvert(&in->z, &in->z, tmp, num, sizeof(ge25519_p3));
+
+  for (size_t i = 0; i < num; ++i) {
+    fe25519_mul(&ty, &in[i].y, &in[i].z);
+    fe25519_pack(out[i], &ty);
+  }
+}
+
+void ge25519_batchpack_destructive_finish(bytes32 out, ge25519_p3 *unf)
+{
+  fe25519 tx;
+  // z of unfinished is inverted
+  fe25519_mul(&tx, &unf->x, &unf->z);
+  out[31] ^= fe25519_getparity(&tx) << 7;
+}
--- a/ed25519/amd64-51-30k/ge25519_dbl_p1p1.S
+++ b/ed25519/amd64-51-30k/ge25519_dbl_p1p1.S
@ -241,13 +241,13 @@

 # qhasm:   stack64 caller7_stack

-# qhasm: enter crypto_sign_ed25519_amd64_51_30k_batch_ge25519_dbl_p1p1
+# qhasm: enter CRYPTO_NAMESPACE(batch_ge25519_dbl_p1p1)
 .text
 .p2align 5
-.globl _crypto_sign_ed25519_amd64_51_30k_batch_ge25519_dbl_p1p1
-.globl crypto_sign_ed25519_amd64_51_30k_batch_ge25519_dbl_p1p1
-_crypto_sign_ed25519_amd64_51_30k_batch_ge25519_dbl_p1p1:
-crypto_sign_ed25519_amd64_51_30k_batch_ge25519_dbl_p1p1:
+.globl _CRYPTO_NAMESPACE(batch_ge25519_dbl_p1p1)
+.globl CRYPTO_NAMESPACE(batch_ge25519_dbl_p1p1)
+_CRYPTO_NAMESPACE(batch_ge25519_dbl_p1p1):
+CRYPTO_NAMESPACE(batch_ge25519_dbl_p1p1):
 mov %rsp,%r11
 and $31,%r11
 add $224,%r11
@ -648,10 +648,10 @@ add  %rax,%r13
 # asm 2: adc <squarerdx=%rdx,<squarer31=%r14
 adc %rdx,%r14

-# qhasm:   squareredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
-# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>squareredmask=int64#3
-# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>squareredmask=%rdx
-movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
+# qhasm:   squareredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
+# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=int64#3
+# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=%rdx
+movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx

 # qhasm:   squarer01 = (squarer01.a0) << 13
 # asm 1: shld $13,<a0=int64#4,<squarer01=int64#5
@ -1223,10 +1223,10 @@ add  %rax,%r13
 # asm 2: adc <squarerdx=%rdx,<squarer31=%r14
 adc %rdx,%r14

-# qhasm:   squareredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
-# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>squareredmask=int64#3
-# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>squareredmask=%rdx
-movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
+# qhasm:   squareredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
+# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=int64#3
+# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=%rdx
+movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx

 # qhasm:   squarer01 = (squarer01.b0) << 13
 # asm 1: shld $13,<b0=int64#4,<squarer01=int64#5
@ -1798,10 +1798,10 @@ add  %rax,%r13
 # asm 2: adc <squarerdx=%rdx,<squarer31=%r14
 adc %rdx,%r14

-# qhasm:   squareredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
-# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>squareredmask=int64#3
-# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>squareredmask=%rdx
-movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
+# qhasm:   squareredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
+# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=int64#3
+# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=%rdx
+movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx

 # qhasm:   squarer01 = (squarer01.c0) << 13
 # asm 1: shld $13,<c0=int64#4,<squarer01=int64#5
@ -2038,30 +2038,30 @@ movq %r10,160(%rsp)
 # asm 2: movq <c4=%r11,>c4_stack=168(%rsp)
 movq %r11,168(%rsp)

-# qhasm: d0 = *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P0
-# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_2P0,>d0=int64#3
-# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_2P0,>d0=%rdx
-movq crypto_sign_ed25519_amd64_51_30k_batch_2P0,%rdx
+# qhasm: d0 = *(uint64 *)&CRYPTO_NAMESPACE(batch_2P0)
+# asm 1: movq CRYPTO_NAMESPACE(batch_2P0),>d0=int64#3
+# asm 2: movq CRYPTO_NAMESPACE(batch_2P0),>d0=%rdx
+movq CRYPTO_NAMESPACE(batch_2P0)(%rip),%rdx

-# qhasm: d1 = *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>d1=int64#4
-# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>d1=%rcx
-movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%rcx
+# qhasm: d1 = *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: movq CRYPTO_NAMESPACE(batch_2P1234),>d1=int64#4
+# asm 2: movq CRYPTO_NAMESPACE(batch_2P1234),>d1=%rcx
+movq CRYPTO_NAMESPACE(batch_2P1234)(%rip),%rcx

-# qhasm: d2 = *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>d2=int64#5
-# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>d2=%r8
-movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r8
+# qhasm: d2 = *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: movq CRYPTO_NAMESPACE(batch_2P1234),>d2=int64#5
+# asm 2: movq CRYPTO_NAMESPACE(batch_2P1234),>d2=%r8
+movq CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r8

-# qhasm: d3 = *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>d3=int64#6
-# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>d3=%r9
-movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r9
+# qhasm: d3 = *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: movq CRYPTO_NAMESPACE(batch_2P1234),>d3=int64#6
+# asm 2: movq CRYPTO_NAMESPACE(batch_2P1234),>d3=%r9
+movq CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r9

-# qhasm: d4 = *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>d4=int64#7
-# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,>d4=%rax
-movq crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%rax
+# qhasm: d4 = *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: movq CRYPTO_NAMESPACE(batch_2P1234),>d4=int64#7
+# asm 2: movq CRYPTO_NAMESPACE(batch_2P1234),>d4=%rax
+movq CRYPTO_NAMESPACE(batch_2P1234)(%rip),%rax

 # qhasm: e0 = d0
 # asm 1: mov  <d0=int64#3,>e0=int64#8
@ -2263,30 +2263,30 @@ movq   %r13,64(%rdi)
 # asm 2: movq   <rz4=%r14,72(<rp=%rdi)
 movq   %r14,72(%rdi)

-# qhasm: d0 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P0
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P0,<d0=int64#3
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P0,<d0=%rdx
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P0,%rdx
+# qhasm: d0 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P0)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P0),<d0=int64#3
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P0),<d0=%rdx
+add  CRYPTO_NAMESPACE(batch_2P0)(%rip),%rdx

-# qhasm: d1 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<d1=int64#4
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<d1=%rcx
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%rcx
+# qhasm: d1 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<d1=int64#4
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<d1=%rcx
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%rcx

-# qhasm: d2 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<d2=int64#5
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<d2=%r8
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r8
+# qhasm: d2 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<d2=int64#5
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<d2=%r8
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r8

-# qhasm: d3 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<d3=int64#6
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<d3=%r9
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r9
+# qhasm: d3 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<d3=int64#6
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<d3=%r9
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r9

-# qhasm: d4 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<d4=int64#7
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<d4=%rax
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%rax
+# qhasm: d4 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<d4=int64#7
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<d4=%rax
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%rax

 # qhasm: d0 -= b0_stack
 # asm 1: subq <b0_stack=stack64#13,<d0=int64#3
@ -2338,30 +2338,30 @@ movq   %r9,104(%rdi)
 # asm 2: movq   <d4=%rax,112(<rp=%rdi)
 movq   %rax,112(%rdi)

-# qhasm: rz0 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_4P0
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_4P0,<rz0=int64#8
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_4P0,<rz0=%r10
-add  crypto_sign_ed25519_amd64_51_30k_batch_4P0,%r10
+# qhasm: rz0 += *(uint64 *)&CRYPTO_NAMESPACE(batch_4P0)
+# asm 1: add  CRYPTO_NAMESPACE(batch_4P0),<rz0=int64#8
+# asm 2: add  CRYPTO_NAMESPACE(batch_4P0),<rz0=%r10
+add  CRYPTO_NAMESPACE(batch_4P0)(%rip),%r10

-# qhasm: rz1 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_4P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_4P1234,<rz1=int64#9
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_4P1234,<rz1=%r11
-add  crypto_sign_ed25519_amd64_51_30k_batch_4P1234,%r11
+# qhasm: rz1 += *(uint64 *)&CRYPTO_NAMESPACE(batch_4P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_4P1234),<rz1=int64#9
+# asm 2: add  CRYPTO_NAMESPACE(batch_4P1234),<rz1=%r11
+add  CRYPTO_NAMESPACE(batch_4P1234)(%rip),%r11

-# qhasm: rz2 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_4P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_4P1234,<rz2=int64#10
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_4P1234,<rz2=%r12
-add  crypto_sign_ed25519_amd64_51_30k_batch_4P1234,%r12
+# qhasm: rz2 += *(uint64 *)&CRYPTO_NAMESPACE(batch_4P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_4P1234),<rz2=int64#10
+# asm 2: add  CRYPTO_NAMESPACE(batch_4P1234),<rz2=%r12
+add  CRYPTO_NAMESPACE(batch_4P1234)(%rip),%r12

-# qhasm: rz3 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_4P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_4P1234,<rz3=int64#11
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_4P1234,<rz3=%r13
-add  crypto_sign_ed25519_amd64_51_30k_batch_4P1234,%r13
+# qhasm: rz3 += *(uint64 *)&CRYPTO_NAMESPACE(batch_4P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_4P1234),<rz3=int64#11
+# asm 2: add  CRYPTO_NAMESPACE(batch_4P1234),<rz3=%r13
+add  CRYPTO_NAMESPACE(batch_4P1234)(%rip),%r13

-# qhasm: rz4 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_4P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_4P1234,<rz4=int64#12
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_4P1234,<rz4=%r14
-add  crypto_sign_ed25519_amd64_51_30k_batch_4P1234,%r14
+# qhasm: rz4 += *(uint64 *)&CRYPTO_NAMESPACE(batch_4P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_4P1234),<rz4=int64#12
+# asm 2: add  CRYPTO_NAMESPACE(batch_4P1234),<rz4=%r14
+add  CRYPTO_NAMESPACE(batch_4P1234)(%rip),%r14

 # qhasm: rz0 -= c0_stack
 # asm 1: subq <c0_stack=stack64#18,<rz0=int64#8
@ -2848,10 +2848,10 @@ add  %rax,%r12
 # asm 2: adc <squarerdx=%rdx,<squarer31=%r13
 adc %rdx,%r13

-# qhasm:   squareredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
-# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>squareredmask=int64#3
-# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>squareredmask=%rdx
-movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
+# qhasm:   squareredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
+# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=int64#3
+# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>squareredmask=%rdx
+movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx

 # qhasm:   squarer01 = (squarer01.rx0) << 13
 # asm 1: shld $13,<rx0=int64#2,<squarer01=int64#4
--- a/ed25519/amd64-51-30k/ge25519_double_scalarmult.c
+++ b/ed25519/amd64-51-30k/ge25519_double_scalarmult.c
@ -7,7 +7,7 @@
 #define S2_SWINDOWSIZE 7
 #define PRE2_SIZE (1<<(S2_SWINDOWSIZE-2))

-ge25519_niels pre2[PRE2_SIZE] = {
+static const ge25519_niels pre2[PRE2_SIZE] = {
 #include "ge25519_base_slide_multiples.data"
 };

--- a/ed25519/amd64-51-30k/ge25519_nielsadd2.S
+++ b/ed25519/amd64-51-30k/ge25519_nielsadd2.S
@ -333,13 +333,13 @@

 # qhasm: stack64 mulx419_stack

-# qhasm: enter crypto_sign_ed25519_amd64_51_30k_batch_ge25519_nielsadd2
+# qhasm: enter CRYPTO_NAMESPACE(batch_ge25519_nielsadd2)
 .text
 .p2align 5
-.globl _crypto_sign_ed25519_amd64_51_30k_batch_ge25519_nielsadd2
-.globl crypto_sign_ed25519_amd64_51_30k_batch_ge25519_nielsadd2
-_crypto_sign_ed25519_amd64_51_30k_batch_ge25519_nielsadd2:
-crypto_sign_ed25519_amd64_51_30k_batch_ge25519_nielsadd2:
+.globl _CRYPTO_NAMESPACE(batch_ge25519_nielsadd2)
+.globl CRYPTO_NAMESPACE(batch_ge25519_nielsadd2)
+_CRYPTO_NAMESPACE(batch_ge25519_nielsadd2):
+CRYPTO_NAMESPACE(batch_ge25519_nielsadd2):
 mov %rsp,%r11
 and $31,%r11
 add $256,%r11
@ -430,30 +430,30 @@ mov  %r9,%r13
 # asm 2: mov  <a4=%rax,>b4=%r14
 mov  %rax,%r14

-# qhasm: a0 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P0
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P0,<a0=int64#3
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P0,<a0=%rdx
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P0,%rdx
+# qhasm: a0 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P0)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P0),<a0=int64#3
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P0),<a0=%rdx
+add  CRYPTO_NAMESPACE(batch_2P0)(%rip),%rdx

-# qhasm: a1 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a1=int64#4
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a1=%rcx
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%rcx
+# qhasm: a1 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<a1=int64#4
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<a1=%rcx
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%rcx

-# qhasm: a2 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a2=int64#5
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a2=%r8
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r8
+# qhasm: a2 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<a2=int64#5
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<a2=%r8
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r8

-# qhasm: a3 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a3=int64#6
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a3=%r9
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r9
+# qhasm: a3 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<a3=int64#6
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<a3=%r9
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r9

-# qhasm: a4 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a4=int64#7
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a4=%rax
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%rax
+# qhasm: a4 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<a4=int64#7
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<a4=%rax
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%rax

 # qhasm: b0 += *(uint64 *) (rp + 0)
 # asm 1: addq 0(<rp=int64#1),<b0=int64#8
@ -1090,10 +1090,10 @@ add  %rax,%r13
 # asm 2: adc <mulrdx=%rdx,<mulr31=%r14
 adc %rdx,%r14

-# qhasm:   mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
-# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#3
-# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx
-movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
+# qhasm:   mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
+# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3
+# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx
+movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx

 # qhasm:   mulr01 = (mulr01.a0) << 13
 # asm 1: shld $13,<a0=int64#4,<mulr01=int64#5
@ -1840,10 +1840,10 @@ add  %rax,%r13
 # asm 2: adc <mulrdx=%rdx,<mulr31=%r14
 adc %rdx,%r14

-# qhasm:   mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
-# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#3
-# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx
-movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
+# qhasm:   mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
+# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3
+# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx
+movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx

 # qhasm:   mulr01 = (mulr01.e0) << 13
 # asm 1: shld $13,<e0=int64#4,<mulr01=int64#5
@ -2055,30 +2055,30 @@ mov  %r10,%r13
 # asm 2: mov  <e4=%r11,>h4=%r14
 mov  %r11,%r14

-# qhasm: e0 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P0
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P0,<e0=int64#4
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P0,<e0=%rcx
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P0,%rcx
+# qhasm: e0 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P0)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P0),<e0=int64#4
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P0),<e0=%rcx
+add  CRYPTO_NAMESPACE(batch_2P0)(%rip),%rcx

-# qhasm: e1 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<e1=int64#6
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<e1=%r9
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r9
+# qhasm: e1 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<e1=int64#6
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<e1=%r9
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r9

-# qhasm: e2 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<e2=int64#7
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<e2=%rax
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%rax
+# qhasm: e2 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<e2=int64#7
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<e2=%rax
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%rax

-# qhasm: e3 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<e3=int64#8
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<e3=%r10
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r10
+# qhasm: e3 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<e3=int64#8
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<e3=%r10
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r10

-# qhasm: e4 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<e4=int64#9
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<e4=%r11
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r11
+# qhasm: e4 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<e4=int64#9
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<e4=%r11
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r11

 # qhasm: h0 += a0_stack
 # asm 1: addq <a0_stack=stack64#8,<h0=int64#3
@ -2715,10 +2715,10 @@ add  %rax,%r13
 # asm 2: adc <mulrdx=%rdx,<mulr31=%r14
 adc %rdx,%r14

-# qhasm:   mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
-# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#2
-# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rsi
-movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rsi
+# qhasm:   mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
+# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#2
+# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rsi
+movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rsi

 # qhasm:   mulr01 = (mulr01.c0) << 13
 # asm 1: shld $13,<c0=int64#4,<mulr01=int64#5
@ -2985,30 +2985,30 @@ mov  %r11,%rbx
 # asm 2: mov  <f4=%r12,>g4=%rbp
 mov  %r12,%rbp

-# qhasm: f0 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P0
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P0,<f0=int64#2
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P0,<f0=%rsi
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P0,%rsi
+# qhasm: f0 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P0)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P0),<f0=int64#2
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P0),<f0=%rsi
+add  CRYPTO_NAMESPACE(batch_2P0)(%rip),%rsi

-# qhasm: f1 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<f1=int64#3
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<f1=%rdx
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%rdx
+# qhasm: f1 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<f1=int64#3
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<f1=%rdx
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%rdx

-# qhasm: f2 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<f2=int64#4
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<f2=%rcx
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%rcx
+# qhasm: f2 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<f2=int64#4
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<f2=%rcx
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%rcx

-# qhasm: f3 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<f3=int64#9
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<f3=%r11
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r11
+# qhasm: f3 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<f3=int64#9
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<f3=%r11
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r11

-# qhasm: f4 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<f4=int64#10
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<f4=%r12
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r12
+# qhasm: f4 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<f4=int64#10
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<f4=%r12
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r12

 # qhasm: g0 += c0_stack
 # asm 1: addq <c0_stack=stack64#18,<g0=int64#11
@ -3645,10 +3645,10 @@ add  %rax,%r12
 # asm 2: adc <mulrdx=%rdx,<mulr31=%r13
 adc %rdx,%r13

-# qhasm:   mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
-# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#3
-# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx
-movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
+# qhasm:   mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
+# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3
+# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx
+movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx

 # qhasm:   mulr01 = (mulr01.rx0) << 13
 # asm 1: shld $13,<rx0=int64#2,<mulr01=int64#4
@ -4395,10 +4395,10 @@ add  %rax,%r12
 # asm 2: adc <mulrdx=%rdx,<mulr31=%r13
 adc %rdx,%r13

-# qhasm:   mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
-# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#3
-# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx
-movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
+# qhasm:   mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
+# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3
+# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx
+movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx

 # qhasm:   mulr01 = (mulr01.ry0) << 13
 # asm 1: shld $13,<ry0=int64#2,<mulr01=int64#4
@ -5145,10 +5145,10 @@ add  %rax,%r12
 # asm 2: adc <mulrdx=%rdx,<mulr31=%r13
 adc %rdx,%r13

-# qhasm:   mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
-# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#3
-# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx
-movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
+# qhasm:   mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
+# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3
+# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx
+movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx

 # qhasm:   mulr01 = (mulr01.rz0) << 13
 # asm 1: shld $13,<rz0=int64#2,<mulr01=int64#4
@ -5895,10 +5895,10 @@ add  %rax,%r12
 # asm 2: adc <mulrdx=%rdx,<mulr31=%r13
 adc %rdx,%r13

-# qhasm:   mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
-# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#3
-# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx
-movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
+# qhasm:   mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
+# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3
+# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx
+movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx

 # qhasm:   mulr01 = (mulr01.rt0) << 13
 # asm 1: shld $13,<rt0=int64#2,<mulr01=int64#4
--- a/ed25519/amd64-51-30k/ge25519_nielsadd_p1p1.S
+++ b/ed25519/amd64-51-30k/ge25519_nielsadd_p1p1.S
@ -337,13 +337,13 @@

 # qhasm: stack64 mulx419_stack

-# qhasm: enter crypto_sign_ed25519_amd64_51_30k_batch_ge25519_nielsadd_p1p1
+# qhasm: enter CRYPTO_NAMESPACE(batch_ge25519_nielsadd_p1p1)
 .text
 .p2align 5
-.globl _crypto_sign_ed25519_amd64_51_30k_batch_ge25519_nielsadd_p1p1
-.globl crypto_sign_ed25519_amd64_51_30k_batch_ge25519_nielsadd_p1p1
-_crypto_sign_ed25519_amd64_51_30k_batch_ge25519_nielsadd_p1p1:
-crypto_sign_ed25519_amd64_51_30k_batch_ge25519_nielsadd_p1p1:
+.globl _CRYPTO_NAMESPACE(batch_ge25519_nielsadd_p1p1)
+.globl CRYPTO_NAMESPACE(batch_ge25519_nielsadd_p1p1)
+_CRYPTO_NAMESPACE(batch_ge25519_nielsadd_p1p1):
+CRYPTO_NAMESPACE(batch_ge25519_nielsadd_p1p1):
 mov %rsp,%r11
 and $31,%r11
 add $160,%r11
@ -439,30 +439,30 @@ mov  %rax,%r14
 # asm 2: mov  <a4=%r10,>b4=%r15
 mov  %r10,%r15

-# qhasm: a0 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P0
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P0,<a0=int64#3
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P0,<a0=%rdx
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P0,%rdx
+# qhasm: a0 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P0)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P0),<a0=int64#3
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P0),<a0=%rdx
+add  CRYPTO_NAMESPACE(batch_2P0)(%rip),%rdx

-# qhasm: a1 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a1=int64#5
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a1=%r8
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r8
+# qhasm: a1 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<a1=int64#5
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<a1=%r8
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r8

-# qhasm: a2 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a2=int64#6
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a2=%r9
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r9
+# qhasm: a2 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<a2=int64#6
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<a2=%r9
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r9

-# qhasm: a3 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a3=int64#7
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a3=%rax
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%rax
+# qhasm: a3 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<a3=int64#7
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<a3=%rax
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%rax

-# qhasm: a4 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a4=int64#8
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a4=%r10
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r10
+# qhasm: a4 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<a4=int64#8
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<a4=%r10
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r10

 # qhasm: b0 += *(uint64 *) (pp + 0)
 # asm 1: addq 0(<pp=int64#2),<b0=int64#9
@ -1099,10 +1099,10 @@ add  %rax,%r14
 # asm 2: adc <mulrdx=%rdx,<mulr31=%r15
 adc %rdx,%r15

-# qhasm:   mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
-# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#3
-# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx
-movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
+# qhasm:   mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
+# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3
+# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx
+movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx

 # qhasm:   mulr01 = (mulr01.a0) << 13
 # asm 1: shld $13,<a0=int64#5,<mulr01=int64#6
@ -1849,10 +1849,10 @@ add  %rax,%r14
 # asm 2: adc <mulrdx=%rdx,<mulr31=%r15
 adc %rdx,%r15

-# qhasm:   mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
-# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#3
-# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx
-movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
+# qhasm:   mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
+# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3
+# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx
+movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx

 # qhasm:   mulr01 = (mulr01.e0) << 13
 # asm 1: shld $13,<e0=int64#5,<mulr01=int64#6
@ -2064,30 +2064,30 @@ mov  %r11,%r14
 # asm 2: mov  <e4=%r12,>h4=%r15
 mov  %r12,%r15

-# qhasm: e0 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P0
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P0,<e0=int64#5
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P0,<e0=%r8
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P0,%r8
+# qhasm: e0 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P0)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P0),<e0=int64#5
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P0),<e0=%r8
+add  CRYPTO_NAMESPACE(batch_2P0)(%rip),%r8

-# qhasm: e1 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<e1=int64#7
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<e1=%rax
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%rax
+# qhasm: e1 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<e1=int64#7
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<e1=%rax
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%rax

-# qhasm: e2 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<e2=int64#8
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<e2=%r10
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r10
+# qhasm: e2 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<e2=int64#8
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<e2=%r10
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r10

-# qhasm: e3 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<e3=int64#9
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<e3=%r11
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r11
+# qhasm: e3 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<e3=int64#9
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<e3=%r11
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r11

-# qhasm: e4 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<e4=int64#10
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<e4=%r12
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r12
+# qhasm: e4 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<e4=int64#10
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<e4=%r12
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r12

 # qhasm: h0 += a0_stack
 # asm 1: addq <a0_stack=stack64#8,<h0=int64#3
@ -2724,10 +2724,10 @@ add  %rax,%r14
 # asm 2: adc <mulrdx=%rdx,<mulr31=%r15
 adc %rdx,%r15

-# qhasm:   mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
-# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#3
-# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx
-movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
+# qhasm:   mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
+# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3
+# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx
+movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx

 # qhasm:   mulr01 = (mulr01.c0) << 13
 # asm 1: shld $13,<c0=int64#5,<mulr01=int64#6
@ -2994,30 +2994,30 @@ mov  %r12,%rbx
 # asm 2: mov  <f4=%rsi,>g4=%rbp
 mov  %rsi,%rbp

-# qhasm: f0 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P0
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P0,<f0=int64#3
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P0,<f0=%rdx
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P0,%rdx
+# qhasm: f0 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P0)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P0),<f0=int64#3
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P0),<f0=%rdx
+add  CRYPTO_NAMESPACE(batch_2P0)(%rip),%rdx

-# qhasm: f1 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<f1=int64#4
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<f1=%rcx
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%rcx
+# qhasm: f1 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<f1=int64#4
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<f1=%rcx
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%rcx

-# qhasm: f2 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<f2=int64#5
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<f2=%r8
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r8
+# qhasm: f2 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<f2=int64#5
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<f2=%r8
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r8

-# qhasm: f3 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<f3=int64#10
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<f3=%r12
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r12
+# qhasm: f3 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<f3=int64#10
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<f3=%r12
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r12

-# qhasm: f4 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<f4=int64#2
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<f4=%rsi
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%rsi
+# qhasm: f4 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<f4=int64#2
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<f4=%rsi
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%rsi

 # qhasm: g0 += c0_stack
 # asm 1: addq <c0_stack=stack64#8,<g0=int64#11
--- a/ed25519/amd64-51-30k/ge25519_p1p1_to_p2.S
+++ b/ed25519/amd64-51-30k/ge25519_p1p1_to_p2.S
@ -103,13 +103,13 @@

 # qhasm: stack64 mulx419_stack

-# qhasm: enter crypto_sign_ed25519_amd64_51_30k_batch_ge25519_p1p1_to_p2
+# qhasm: enter CRYPTO_NAMESPACE(batch_ge25519_p1p1_to_p2)
 .text
 .p2align 5
-.globl _crypto_sign_ed25519_amd64_51_30k_batch_ge25519_p1p1_to_p2
-.globl crypto_sign_ed25519_amd64_51_30k_batch_ge25519_p1p1_to_p2
-_crypto_sign_ed25519_amd64_51_30k_batch_ge25519_p1p1_to_p2:
-crypto_sign_ed25519_amd64_51_30k_batch_ge25519_p1p1_to_p2:
+.globl _CRYPTO_NAMESPACE(batch_ge25519_p1p1_to_p2)
+.globl CRYPTO_NAMESPACE(batch_ge25519_p1p1_to_p2)
+_CRYPTO_NAMESPACE(batch_ge25519_p1p1_to_p2):
+CRYPTO_NAMESPACE(batch_ge25519_p1p1_to_p2):
 mov %rsp,%r11
 and $31,%r11
 add $96,%r11
@ -685,10 +685,10 @@ add  %rax,%r13
 # asm 2: adc <mulrdx=%rdx,<mulr31=%r14
 adc %rdx,%r14

-# qhasm:   mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
-# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#3
-# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx
-movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
+# qhasm:   mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
+# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3
+# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx
+movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx

 # qhasm:   mulr01 = (mulr01.rx0) << 13
 # asm 1: shld $13,<rx0=int64#4,<mulr01=int64#5
@ -1435,10 +1435,10 @@ add  %rax,%r13
 # asm 2: adc <mulrdx=%rdx,<mulr31=%r14
 adc %rdx,%r14

-# qhasm:   mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
-# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#3
-# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx
-movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
+# qhasm:   mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
+# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3
+# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx
+movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx

 # qhasm:   mulr01 = (mulr01.ry0) << 13
 # asm 1: shld $13,<ry0=int64#4,<mulr01=int64#5
@ -2185,10 +2185,10 @@ add  %rax,%r13
 # asm 2: adc <mulrdx=%rdx,<mulr31=%r14
 adc %rdx,%r14

-# qhasm:   mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
-# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#2
-# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rsi
-movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rsi
+# qhasm:   mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
+# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#2
+# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rsi
+movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rsi

 # qhasm:   mulr01 = (mulr01.rz0) << 13
 # asm 1: shld $13,<rz0=int64#4,<mulr01=int64#5
--- a/ed25519/amd64-51-30k/ge25519_p1p1_to_p3.S
+++ b/ed25519/amd64-51-30k/ge25519_p1p1_to_p3.S
@ -113,13 +113,13 @@

 # qhasm: stack64 mulx419_stack

-# qhasm: enter crypto_sign_ed25519_amd64_51_30k_batch_ge25519_p1p1_to_p3
+# qhasm: enter CRYPTO_NAMESPACE(batch_ge25519_p1p1_to_p3)
 .text
 .p2align 5
-.globl _crypto_sign_ed25519_amd64_51_30k_batch_ge25519_p1p1_to_p3
-.globl crypto_sign_ed25519_amd64_51_30k_batch_ge25519_p1p1_to_p3
-_crypto_sign_ed25519_amd64_51_30k_batch_ge25519_p1p1_to_p3:
-crypto_sign_ed25519_amd64_51_30k_batch_ge25519_p1p1_to_p3:
+.globl _CRYPTO_NAMESPACE(batch_ge25519_p1p1_to_p3)
+.globl CRYPTO_NAMESPACE(batch_ge25519_p1p1_to_p3)
+_CRYPTO_NAMESPACE(batch_ge25519_p1p1_to_p3):
+CRYPTO_NAMESPACE(batch_ge25519_p1p1_to_p3):
 mov %rsp,%r11
 and $31,%r11
 add $96,%r11
@ -695,10 +695,10 @@ add  %rax,%r13
 # asm 2: adc <mulrdx=%rdx,<mulr31=%r14
 adc %rdx,%r14

-# qhasm:   mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
-# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#3
-# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx
-movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
+# qhasm:   mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
+# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3
+# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx
+movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx

 # qhasm:   mulr01 = (mulr01.rx0) << 13
 # asm 1: shld $13,<rx0=int64#4,<mulr01=int64#5
@ -1445,10 +1445,10 @@ add  %rax,%r13
 # asm 2: adc <mulrdx=%rdx,<mulr31=%r14
 adc %rdx,%r14

-# qhasm:   mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
-# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#3
-# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx
-movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
+# qhasm:   mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
+# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3
+# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx
+movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx

 # qhasm:   mulr01 = (mulr01.ry0) << 13
 # asm 1: shld $13,<ry0=int64#4,<mulr01=int64#5
@ -2195,10 +2195,10 @@ add  %rax,%r13
 # asm 2: adc <mulrdx=%rdx,<mulr31=%r14
 adc %rdx,%r14

-# qhasm:   mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
-# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#3
-# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx
-movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
+# qhasm:   mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
+# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3
+# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx
+movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx

 # qhasm:   mulr01 = (mulr01.rz0) << 13
 # asm 1: shld $13,<rz0=int64#4,<mulr01=int64#5
@ -2945,10 +2945,10 @@ add  %rax,%r13
 # asm 2: adc <mulrdx=%rdx,<mulr31=%r14
 adc %rdx,%r14

-# qhasm:   mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
-# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#2
-# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rsi
-movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rsi
+# qhasm:   mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
+# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#2
+# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rsi
+movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rsi

 # qhasm:   mulr01 = (mulr01.rt0) << 13
 # asm 1: shld $13,<rt0=int64#4,<mulr01=int64#5
--- a/ed25519/amd64-51-30k/ge25519_p1p1_to_pniels.S
+++ b/ed25519/amd64-51-30k/ge25519_p1p1_to_pniels.S
@ -171,13 +171,13 @@

 # qhasm: stack64 mulx419_stack

-# qhasm: enter crypto_sign_ed25519_amd64_51_30k_batch_ge25519_p1p1_to_pniels
+# qhasm: enter CRYPTO_NAMESPACE(batch_ge25519_p1p1_to_pniels)
 .text
 .p2align 5
-.globl _crypto_sign_ed25519_amd64_51_30k_batch_ge25519_p1p1_to_pniels
-.globl crypto_sign_ed25519_amd64_51_30k_batch_ge25519_p1p1_to_pniels
-_crypto_sign_ed25519_amd64_51_30k_batch_ge25519_p1p1_to_pniels:
-crypto_sign_ed25519_amd64_51_30k_batch_ge25519_p1p1_to_pniels:
+.globl _CRYPTO_NAMESPACE(batch_ge25519_p1p1_to_pniels)
+.globl CRYPTO_NAMESPACE(batch_ge25519_p1p1_to_pniels)
+_CRYPTO_NAMESPACE(batch_ge25519_p1p1_to_pniels):
+CRYPTO_NAMESPACE(batch_ge25519_p1p1_to_pniels):
 mov %rsp,%r11
 and $31,%r11
 add $128,%r11
@ -753,10 +753,10 @@ add  %rax,%r13
 # asm 2: adc <mulrdx=%rdx,<mulr31=%r14
 adc %rdx,%r14

-# qhasm:   mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
-# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#3
-# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx
-movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
+# qhasm:   mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
+# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3
+# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx
+movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx

 # qhasm:   mulr01 = (mulr01.x0) << 13
 # asm 1: shld $13,<x0=int64#4,<mulr01=int64#5
@ -1503,10 +1503,10 @@ add  %rax,%r13
 # asm 2: adc <mulrdx=%rdx,<mulr31=%r14
 adc %rdx,%r14

-# qhasm:   mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
-# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#3
-# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx
-movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
+# qhasm:   mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
+# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3
+# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx
+movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx

 # qhasm:   mulr01 = (mulr01.y0) << 13
 # asm 1: shld $13,<y0=int64#4,<mulr01=int64#5
@ -1718,30 +1718,30 @@ mov  %r10,%r13
 # asm 2: mov  <y4=%r11,>ysubx4=%r14
 mov  %r11,%r14

-# qhasm: ysubx0 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P0
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P0,<ysubx0=int64#3
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P0,<ysubx0=%rdx
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P0,%rdx
+# qhasm: ysubx0 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P0)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P0),<ysubx0=int64#3
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P0),<ysubx0=%rdx
+add  CRYPTO_NAMESPACE(batch_2P0)(%rip),%rdx

-# qhasm: ysubx1 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<ysubx1=int64#5
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<ysubx1=%r8
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r8
+# qhasm: ysubx1 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<ysubx1=int64#5
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<ysubx1=%r8
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r8

-# qhasm: ysubx2 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<ysubx2=int64#10
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<ysubx2=%r12
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r12
+# qhasm: ysubx2 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<ysubx2=int64#10
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<ysubx2=%r12
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r12

-# qhasm: ysubx3 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<ysubx3=int64#11
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<ysubx3=%r13
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r13
+# qhasm: ysubx3 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<ysubx3=int64#11
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<ysubx3=%r13
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r13

-# qhasm: ysubx4 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<ysubx4=int64#12
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<ysubx4=%r14
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r14
+# qhasm: ysubx4 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<ysubx4=int64#12
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<ysubx4=%r14
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r14

 # qhasm: x0 = stackx0
 # asm 1: movq <stackx0=stack64#8,>x0=int64#13
@ -2403,10 +2403,10 @@ add  %rax,%r13
 # asm 2: adc <mulrdx=%rdx,<mulr31=%r14
 adc %rdx,%r14

-# qhasm:   mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
-# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#3
-# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx
-movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
+# qhasm:   mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
+# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3
+# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx
+movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx

 # qhasm:   mulr01 = (mulr01.rz0) << 13
 # asm 1: shld $13,<rz0=int64#4,<mulr01=int64#5
@ -3153,10 +3153,10 @@ add  %rax,%r13
 # asm 2: adc <mulrdx=%rdx,<mulr31=%r14
 adc %rdx,%r14

-# qhasm:   mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
-# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#2
-# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rsi
-movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rsi
+# qhasm:   mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
+# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#2
+# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rsi
+movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rsi

 # qhasm:   mulr01 = (mulr01.t0) << 13
 # asm 1: shld $13,<t0=int64#4,<mulr01=int64#5
@ -3383,8 +3383,8 @@ imulq  $19,%rsi,%rax
 # asm 2: movq <mulrax=%rax,>mulx319_stack=96(%rsp)
 movq %rax,96(%rsp)

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D2
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_EC2D2
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D2)
+mulq CRYPTO_NAMESPACE(batch_EC2D2)(%rip)

 # qhasm:   t2d0 = mulrax
 # asm 1: mov  <mulrax=int64#7,>t2d0=int64#2
@ -3411,8 +3411,8 @@ imulq  $19,%rdx,%rax
 # asm 2: movq <mulrax=%rax,>mulx419_stack=104(%rsp)
 movq %rax,104(%rsp)

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D1
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_EC2D1
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D1)
+mulq CRYPTO_NAMESPACE(batch_EC2D1)(%rip)

 # qhasm:   carry? t2d0 += mulrax
 # asm 1: add  <mulrax=int64#7,<t2d0=int64#2
@ -3429,8 +3429,8 @@ adc %rdx,%rcx
 # asm 2: movq <stackt0=56(%rsp),>mulrax=%rax
 movq 56(%rsp),%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D0
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_EC2D0
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D0)
+mulq CRYPTO_NAMESPACE(batch_EC2D0)(%rip)

 # qhasm:   carry? t2d0 += mulrax
 # asm 1: add  <mulrax=int64#7,<t2d0=int64#2
@ -3447,8 +3447,8 @@ adc %rdx,%rcx
 # asm 2: movq <stackt0=56(%rsp),>mulrax=%rax
 movq 56(%rsp),%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D1
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_EC2D1
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D1)
+mulq CRYPTO_NAMESPACE(batch_EC2D1)(%rip)

 # qhasm:   t2d1 = mulrax
 # asm 1: mov  <mulrax=int64#7,>t2d1=int64#5
@ -3465,8 +3465,8 @@ mov  %rdx,%r9
 # asm 2: movq <stackt0=56(%rsp),>mulrax=%rax
 movq 56(%rsp),%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D2
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_EC2D2
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D2)
+mulq CRYPTO_NAMESPACE(batch_EC2D2)(%rip)

 # qhasm:   t2d2 = mulrax
 # asm 1: mov  <mulrax=int64#7,>t2d2=int64#8
@ -3483,8 +3483,8 @@ mov  %rdx,%r11
 # asm 2: movq <stackt0=56(%rsp),>mulrax=%rax
 movq 56(%rsp),%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D3
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_EC2D3
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D3)
+mulq CRYPTO_NAMESPACE(batch_EC2D3)(%rip)

 # qhasm:   t2d3 = mulrax
 # asm 1: mov  <mulrax=int64#7,>t2d3=int64#10
@ -3501,8 +3501,8 @@ mov  %rdx,%r13
 # asm 2: movq <stackt0=56(%rsp),>mulrax=%rax
 movq 56(%rsp),%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D4
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_EC2D4
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D4)
+mulq CRYPTO_NAMESPACE(batch_EC2D4)(%rip)

 # qhasm:   t2d4 = mulrax
 # asm 1: mov  <mulrax=int64#7,>t2d4=int64#12
@ -3519,8 +3519,8 @@ mov  %rdx,%r15
 # asm 2: movq <stackt1=64(%rsp),>mulrax=%rax
 movq 64(%rsp),%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D0
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_EC2D0
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D0)
+mulq CRYPTO_NAMESPACE(batch_EC2D0)(%rip)

 # qhasm:   carry? t2d1 += mulrax
 # asm 1: add  <mulrax=int64#7,<t2d1=int64#5
@ -3537,8 +3537,8 @@ adc %rdx,%r9
 # asm 2: movq <stackt1=64(%rsp),>mulrax=%rax
 movq 64(%rsp),%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D1
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_EC2D1
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D1)
+mulq CRYPTO_NAMESPACE(batch_EC2D1)(%rip)

 # qhasm:   carry? t2d2 += mulrax
 # asm 1: add  <mulrax=int64#7,<t2d2=int64#8
@ -3555,8 +3555,8 @@ adc %rdx,%r11
 # asm 2: movq <stackt1=64(%rsp),>mulrax=%rax
 movq 64(%rsp),%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D2
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_EC2D2
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D2)
+mulq CRYPTO_NAMESPACE(batch_EC2D2)(%rip)

 # qhasm:   carry? t2d3 += mulrax
 # asm 1: add  <mulrax=int64#7,<t2d3=int64#10
@ -3573,8 +3573,8 @@ adc %rdx,%r13
 # asm 2: movq <stackt1=64(%rsp),>mulrax=%rax
 movq 64(%rsp),%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D3
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_EC2D3
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D3)
+mulq CRYPTO_NAMESPACE(batch_EC2D3)(%rip)

 # qhasm:   carry? t2d4 += mulrax
 # asm 1: add  <mulrax=int64#7,<t2d4=int64#12
@ -3596,8 +3596,8 @@ movq 64(%rsp),%rdx
 # asm 2: imulq  $19,<mulrax=%rdx,>mulrax=%rax
 imulq  $19,%rdx,%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D4
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_EC2D4
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D4)
+mulq CRYPTO_NAMESPACE(batch_EC2D4)(%rip)

 # qhasm:   carry? t2d0 += mulrax
 # asm 1: add  <mulrax=int64#7,<t2d0=int64#2
@ -3614,8 +3614,8 @@ adc %rdx,%rcx
 # asm 2: movq <stackt2=72(%rsp),>mulrax=%rax
 movq 72(%rsp),%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D0
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_EC2D0
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D0)
+mulq CRYPTO_NAMESPACE(batch_EC2D0)(%rip)

 # qhasm:   carry? t2d2 += mulrax
 # asm 1: add  <mulrax=int64#7,<t2d2=int64#8
@ -3632,8 +3632,8 @@ adc %rdx,%r11
 # asm 2: movq <stackt2=72(%rsp),>mulrax=%rax
 movq 72(%rsp),%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D1
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_EC2D1
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D1)
+mulq CRYPTO_NAMESPACE(batch_EC2D1)(%rip)

 # qhasm:   carry? t2d3 += mulrax
 # asm 1: add  <mulrax=int64#7,<t2d3=int64#10
@ -3650,8 +3650,8 @@ adc %rdx,%r13
 # asm 2: movq <stackt2=72(%rsp),>mulrax=%rax
 movq 72(%rsp),%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D2
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_EC2D2
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D2)
+mulq CRYPTO_NAMESPACE(batch_EC2D2)(%rip)

 # qhasm:   carry? t2d4 += mulrax
 # asm 1: add  <mulrax=int64#7,<t2d4=int64#12
@ -3673,8 +3673,8 @@ movq 72(%rsp),%rdx
 # asm 2: imulq  $19,<mulrax=%rdx,>mulrax=%rax
 imulq  $19,%rdx,%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D3
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_EC2D3
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D3)
+mulq CRYPTO_NAMESPACE(batch_EC2D3)(%rip)

 # qhasm:   carry? t2d0 += mulrax
 # asm 1: add  <mulrax=int64#7,<t2d0=int64#2
@ -3696,8 +3696,8 @@ movq 72(%rsp),%rdx
 # asm 2: imulq  $19,<mulrax=%rdx,>mulrax=%rax
 imulq  $19,%rdx,%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D4
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_EC2D4
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D4)
+mulq CRYPTO_NAMESPACE(batch_EC2D4)(%rip)

 # qhasm:   carry? t2d1 += mulrax
 # asm 1: add  <mulrax=int64#7,<t2d1=int64#5
@ -3714,8 +3714,8 @@ adc %rdx,%r9
 # asm 2: movq <stackt3=80(%rsp),>mulrax=%rax
 movq 80(%rsp),%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D0
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_EC2D0
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D0)
+mulq CRYPTO_NAMESPACE(batch_EC2D0)(%rip)

 # qhasm:   carry? t2d3 += mulrax
 # asm 1: add  <mulrax=int64#7,<t2d3=int64#10
@ -3732,8 +3732,8 @@ adc %rdx,%r13
 # asm 2: movq <stackt3=80(%rsp),>mulrax=%rax
 movq 80(%rsp),%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D1
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_EC2D1
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D1)
+mulq CRYPTO_NAMESPACE(batch_EC2D1)(%rip)

 # qhasm:   carry? t2d4 += mulrax
 # asm 1: add  <mulrax=int64#7,<t2d4=int64#12
@ -3750,8 +3750,8 @@ adc %rdx,%r15
 # asm 2: movq <mulx319_stack=96(%rsp),>mulrax=%rax
 movq 96(%rsp),%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D3
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_EC2D3
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D3)
+mulq CRYPTO_NAMESPACE(batch_EC2D3)(%rip)

 # qhasm:   carry? t2d1 += mulrax
 # asm 1: add  <mulrax=int64#7,<t2d1=int64#5
@ -3768,8 +3768,8 @@ adc %rdx,%r9
 # asm 2: movq <mulx319_stack=96(%rsp),>mulrax=%rax
 movq 96(%rsp),%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D4
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_EC2D4
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D4)
+mulq CRYPTO_NAMESPACE(batch_EC2D4)(%rip)

 # qhasm:   carry? t2d2 += mulrax
 # asm 1: add  <mulrax=int64#7,<t2d2=int64#8
@ -3786,8 +3786,8 @@ adc %rdx,%r11
 # asm 2: movq <stackt4=88(%rsp),>mulrax=%rax
 movq 88(%rsp),%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D0
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_EC2D0
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D0)
+mulq CRYPTO_NAMESPACE(batch_EC2D0)(%rip)

 # qhasm:   carry? t2d4 += mulrax
 # asm 1: add  <mulrax=int64#7,<t2d4=int64#12
@ -3804,8 +3804,8 @@ adc %rdx,%r15
 # asm 2: movq <mulx419_stack=104(%rsp),>mulrax=%rax
 movq 104(%rsp),%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D2
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_EC2D2
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D2)
+mulq CRYPTO_NAMESPACE(batch_EC2D2)(%rip)

 # qhasm:   carry? t2d1 += mulrax
 # asm 1: add  <mulrax=int64#7,<t2d1=int64#5
@ -3822,8 +3822,8 @@ adc %rdx,%r9
 # asm 2: movq <mulx419_stack=104(%rsp),>mulrax=%rax
 movq 104(%rsp),%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D3
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_EC2D3
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D3)
+mulq CRYPTO_NAMESPACE(batch_EC2D3)(%rip)

 # qhasm:   carry? t2d2 += mulrax
 # asm 1: add  <mulrax=int64#7,<t2d2=int64#8
@ -3840,8 +3840,8 @@ adc %rdx,%r11
 # asm 2: movq <mulx419_stack=104(%rsp),>mulrax=%rax
 movq 104(%rsp),%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_EC2D4
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_EC2D4
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(batch_EC2D4)
+mulq CRYPTO_NAMESPACE(batch_EC2D4)(%rip)

 # qhasm:   carry? t2d3 += mulrax
 # asm 1: add  <mulrax=int64#7,<t2d3=int64#10
@ -3853,10 +3853,10 @@ add  %rax,%r12
 # asm 2: adc <mulrdx=%rdx,<mulr31=%r13
 adc %rdx,%r13

-# qhasm:   mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
-# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#3
-# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx
-movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
+# qhasm:   mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
+# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3
+# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx
+movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx

 # qhasm:   mulr01 = (mulr01.t2d0) << 13
 # asm 1: shld $13,<t2d0=int64#2,<mulr01=int64#4
--- a/ed25519/amd64-51-30k/ge25519_pnielsadd_p1p1.S
+++ b/ed25519/amd64-51-30k/ge25519_pnielsadd_p1p1.S
@ -247,13 +247,13 @@

 # qhasm: stack64 mulx419_stack

-# qhasm: enter crypto_sign_ed25519_amd64_51_30k_batch_ge25519_pnielsadd_p1p1
+# qhasm: enter CRYPTO_NAMESPACE(batch_ge25519_pnielsadd_p1p1)
 .text
 .p2align 5
-.globl _crypto_sign_ed25519_amd64_51_30k_batch_ge25519_pnielsadd_p1p1
-.globl crypto_sign_ed25519_amd64_51_30k_batch_ge25519_pnielsadd_p1p1
-_crypto_sign_ed25519_amd64_51_30k_batch_ge25519_pnielsadd_p1p1:
-crypto_sign_ed25519_amd64_51_30k_batch_ge25519_pnielsadd_p1p1:
+.globl _CRYPTO_NAMESPACE(batch_ge25519_pnielsadd_p1p1)
+.globl CRYPTO_NAMESPACE(batch_ge25519_pnielsadd_p1p1)
+_CRYPTO_NAMESPACE(batch_ge25519_pnielsadd_p1p1):
+CRYPTO_NAMESPACE(batch_ge25519_pnielsadd_p1p1):
 mov %rsp,%r11
 and $31,%r11
 add $160,%r11
@ -349,30 +349,30 @@ mov  %rax,%r14
 # asm 2: mov  <a4=%r10,>b4=%r15
 mov  %r10,%r15

-# qhasm: a0 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P0
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P0,<a0=int64#3
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P0,<a0=%rdx
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P0,%rdx
+# qhasm: a0 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P0)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P0),<a0=int64#3
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P0),<a0=%rdx
+add  CRYPTO_NAMESPACE(batch_2P0)(%rip),%rdx

-# qhasm: a1 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a1=int64#5
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a1=%r8
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r8
+# qhasm: a1 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<a1=int64#5
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<a1=%r8
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r8

-# qhasm: a2 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a2=int64#6
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a2=%r9
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r9
+# qhasm: a2 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<a2=int64#6
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<a2=%r9
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r9

-# qhasm: a3 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a3=int64#7
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a3=%rax
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%rax
+# qhasm: a3 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<a3=int64#7
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<a3=%rax
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%rax

-# qhasm: a4 += *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a4=int64#8
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<a4=%r10
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r10
+# qhasm: a4 += *(uint64 *) &CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<a4=int64#8
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<a4=%r10
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r10

 # qhasm: b0 += *(uint64 *) (pp + 0)
 # asm 1: addq 0(<pp=int64#2),<b0=int64#9
@ -1009,10 +1009,10 @@ add  %rax,%r14
 # asm 2: adc <mulrdx=%rdx,<mulr31=%r15
 adc %rdx,%r15

-# qhasm:   mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
-# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#3
-# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx
-movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
+# qhasm:   mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
+# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3
+# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx
+movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx

 # qhasm:   mulr01 = (mulr01.a0) << 13
 # asm 1: shld $13,<a0=int64#5,<mulr01=int64#6
@ -1759,10 +1759,10 @@ add  %rax,%r14
 # asm 2: adc <mulrdx=%rdx,<mulr31=%r15
 adc %rdx,%r15

-# qhasm:   mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
-# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#3
-# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx
-movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
+# qhasm:   mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
+# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3
+# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx
+movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx

 # qhasm:   mulr01 = (mulr01.rx0) << 13
 # asm 1: shld $13,<rx0=int64#5,<mulr01=int64#6
@ -1974,30 +1974,30 @@ mov  %r11,%r14
 # asm 2: mov  <rx4=%r12,>ry4=%r15
 mov  %r12,%r15

-# qhasm: rx0 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P0
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P0,<rx0=int64#5
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P0,<rx0=%r8
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P0,%r8
+# qhasm: rx0 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P0)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P0),<rx0=int64#5
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P0),<rx0=%r8
+add  CRYPTO_NAMESPACE(batch_2P0)(%rip),%r8

-# qhasm: rx1 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rx1=int64#7
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rx1=%rax
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%rax
+# qhasm: rx1 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<rx1=int64#7
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<rx1=%rax
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%rax

-# qhasm: rx2 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rx2=int64#8
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rx2=%r10
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r10
+# qhasm: rx2 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<rx2=int64#8
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<rx2=%r10
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r10

-# qhasm: rx3 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rx3=int64#9
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rx3=%r11
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r11
+# qhasm: rx3 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<rx3=int64#9
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<rx3=%r11
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r11

-# qhasm: rx4 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rx4=int64#10
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rx4=%r12
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r12
+# qhasm: rx4 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<rx4=int64#10
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<rx4=%r12
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r12

 # qhasm: ry0 += a0_stack
 # asm 1: addq <a0_stack=stack64#8,<ry0=int64#3
@ -2634,10 +2634,10 @@ add  %rax,%r14
 # asm 2: adc <mulrdx=%rdx,<mulr31=%r15
 adc %rdx,%r15

-# qhasm:   mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
-# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#3
-# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rdx
-movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rdx
+# qhasm:   mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
+# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#3
+# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rdx
+movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rdx

 # qhasm:   mulr01 = (mulr01.c0) << 13
 # asm 1: shld $13,<c0=int64#5,<mulr01=int64#6
@ -3384,10 +3384,10 @@ add  %rax,%r14
 # asm 2: adc <mulrdx=%rdx,<mulr31=%r15
 adc %rdx,%r15

-# qhasm:   mulredmask = *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51
-# asm 1: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=int64#2
-# asm 2: movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,>mulredmask=%rsi
-movq crypto_sign_ed25519_amd64_51_30k_batch_REDMASK51,%rsi
+# qhasm:   mulredmask = *(uint64 *) &CRYPTO_NAMESPACE(batch_REDMASK51)
+# asm 1: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=int64#2
+# asm 2: movq CRYPTO_NAMESPACE(batch_REDMASK51),>mulredmask=%rsi
+movq CRYPTO_NAMESPACE(batch_REDMASK51)(%rip),%rsi

 # qhasm:   mulr01 = (mulr01.rt0) << 13
 # asm 1: shld $13,<rt0=int64#5,<mulr01=int64#6
@ -3624,30 +3624,30 @@ mov  %rax,%r12
 # asm 2: mov  <rt4=%r10,>rz4=%r13
 mov  %r10,%r13

-# qhasm: rt0 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P0
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P0,<rt0=int64#5
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P0,<rt0=%r8
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P0,%r8
+# qhasm: rt0 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P0)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P0),<rt0=int64#5
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P0),<rt0=%r8
+add  CRYPTO_NAMESPACE(batch_2P0)(%rip),%r8

-# qhasm: rt1 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rt1=int64#4
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rt1=%rcx
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%rcx
+# qhasm: rt1 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<rt1=int64#4
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<rt1=%rcx
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%rcx

-# qhasm: rt2 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rt2=int64#6
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rt2=%r9
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r9
+# qhasm: rt2 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<rt2=int64#6
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<rt2=%r9
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r9

-# qhasm: rt3 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rt3=int64#7
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rt3=%rax
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%rax
+# qhasm: rt3 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<rt3=int64#7
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<rt3=%rax
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%rax

-# qhasm: rt4 += *(uint64 *)&crypto_sign_ed25519_amd64_51_30k_batch_2P1234
-# asm 1: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rt4=int64#8
-# asm 2: add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,<rt4=%r10
-add  crypto_sign_ed25519_amd64_51_30k_batch_2P1234,%r10
+# qhasm: rt4 += *(uint64 *)&CRYPTO_NAMESPACE(batch_2P1234)
+# asm 1: add  CRYPTO_NAMESPACE(batch_2P1234),<rt4=int64#8
+# asm 2: add  CRYPTO_NAMESPACE(batch_2P1234),<rt4=%r10
+add  CRYPTO_NAMESPACE(batch_2P1234)(%rip),%r10

 # qhasm: rz0 += c0_stack
 # asm 1: addq <c0_stack=stack64#8,<rz0=int64#2
--- a/ed25519/amd64-51-30k/heap_rootreplaced.S
+++ b/ed25519/amd64-51-30k/heap_rootreplaced.S
@ -93,13 +93,13 @@

 # qhasm:   stack64 caller7_stack

-# qhasm: enter crypto_sign_ed25519_amd64_64_heap_rootreplaced
+# qhasm: enter CRYPTO_NAMESPACE(batch_heap_rootreplaced)
 .text
 .p2align 5
-.globl _crypto_sign_ed25519_amd64_64_heap_rootreplaced
-.globl crypto_sign_ed25519_amd64_64_heap_rootreplaced
-_crypto_sign_ed25519_amd64_64_heap_rootreplaced:
-crypto_sign_ed25519_amd64_64_heap_rootreplaced:
+.globl _CRYPTO_NAMESPACE(batch_heap_rootreplaced)
+.globl CRYPTO_NAMESPACE(batch_heap_rootreplaced)
+_CRYPTO_NAMESPACE(batch_heap_rootreplaced):
+CRYPTO_NAMESPACE(batch_heap_rootreplaced):
 mov %rsp,%r11
 and $31,%r11
 add $64,%r11
--- a/ed25519/amd64-51-30k/heap_rootreplaced_1limb.S
+++ b/ed25519/amd64-51-30k/heap_rootreplaced_1limb.S
@ -93,13 +93,13 @@

 # qhasm:   stack64 caller7_stack

-# qhasm: enter crypto_sign_ed25519_amd64_64_heap_rootreplaced_1limb
+# qhasm: enter CRYPTO_NAMESPACE(batch_heap_rootreplaced_1limb)
 .text
 .p2align 5
-.globl _crypto_sign_ed25519_amd64_64_heap_rootreplaced_1limb
-.globl crypto_sign_ed25519_amd64_64_heap_rootreplaced_1limb
-_crypto_sign_ed25519_amd64_64_heap_rootreplaced_1limb:
-crypto_sign_ed25519_amd64_64_heap_rootreplaced_1limb:
+.globl _CRYPTO_NAMESPACE(batch_heap_rootreplaced_1limb)
+.globl CRYPTO_NAMESPACE(batch_heap_rootreplaced_1limb)
+_CRYPTO_NAMESPACE(batch_heap_rootreplaced_1limb):
+CRYPTO_NAMESPACE(batch_heap_rootreplaced_1limb):
 mov %rsp,%r11
 and $31,%r11
 add $64,%r11
--- a/ed25519/amd64-51-30k/heap_rootreplaced_2limbs.S
+++ b/ed25519/amd64-51-30k/heap_rootreplaced_2limbs.S
@ -93,13 +93,13 @@

 # qhasm:   stack64 caller7_stack

-# qhasm: enter crypto_sign_ed25519_amd64_64_heap_rootreplaced_2limbs
+# qhasm: enter CRYPTO_NAMESPACE(batch_heap_rootreplaced_2limbs)
 .text
 .p2align 5
-.globl _crypto_sign_ed25519_amd64_64_heap_rootreplaced_2limbs
-.globl crypto_sign_ed25519_amd64_64_heap_rootreplaced_2limbs
-_crypto_sign_ed25519_amd64_64_heap_rootreplaced_2limbs:
-crypto_sign_ed25519_amd64_64_heap_rootreplaced_2limbs:
+.globl _CRYPTO_NAMESPACE(batch_heap_rootreplaced_2limbs)
+.globl CRYPTO_NAMESPACE(batch_heap_rootreplaced_2limbs)
+_CRYPTO_NAMESPACE(batch_heap_rootreplaced_2limbs):
+CRYPTO_NAMESPACE(batch_heap_rootreplaced_2limbs):
 mov %rsp,%r11
 and $31,%r11
 add $64,%r11
--- a/ed25519/amd64-51-30k/heap_rootreplaced_3limbs.S
+++ b/ed25519/amd64-51-30k/heap_rootreplaced_3limbs.S
@ -93,13 +93,13 @@

 # qhasm:   stack64 caller7_stack

-# qhasm: enter crypto_sign_ed25519_amd64_64_heap_rootreplaced_3limbs
+# qhasm: enter CRYPTO_NAMESPACE(batch_heap_rootreplaced_3limbs)
 .text
 .p2align 5
-.globl _crypto_sign_ed25519_amd64_64_heap_rootreplaced_3limbs
-.globl crypto_sign_ed25519_amd64_64_heap_rootreplaced_3limbs
-_crypto_sign_ed25519_amd64_64_heap_rootreplaced_3limbs:
-crypto_sign_ed25519_amd64_64_heap_rootreplaced_3limbs:
+.globl _CRYPTO_NAMESPACE(batch_heap_rootreplaced_3limbs)
+.globl CRYPTO_NAMESPACE(batch_heap_rootreplaced_3limbs)
+_CRYPTO_NAMESPACE(batch_heap_rootreplaced_3limbs):
+CRYPTO_NAMESPACE(batch_heap_rootreplaced_3limbs):
 mov %rsp,%r11
 and $31,%r11
 add $64,%r11
--- a/ed25519/amd64-51-30k/hram.h
+++ b/ed25519/amd64-51-30k/hram.h
@ -1,7 +1,7 @@
 #ifndef HRAM_H
 #define HRAM_H

-#define get_hram crypto_sign_ed25519_amd64_51_30k_batch_get_hram
+#define get_hram CRYPTO_NAMESPACE(batch_get_hram)

 extern void get_hram(unsigned char *hram, const unsigned char *sm, const unsigned char *pk, unsigned char *playground, unsigned long long smlen);

--- a/ed25519/amd64-51-30k/index_heap.h
+++ b/ed25519/amd64-51-30k/index_heap.h
@ -2,16 +2,17 @@
 #define INDEX_HEAP_H

 #include "sc25519.h"
+#include "compat.h"

-#define heap_init                crypto_sign_ed25519_amd64_51_30k_batch_heap_init
-#define heap_extend              crypto_sign_ed25519_amd64_51_30k_batch_heap_extend
-#define heap_pop                 crypto_sign_ed25519_amd64_51_30k_batch_heap_pop
-#define heap_push                crypto_sign_ed25519_amd64_51_30k_batch_heap_push
-#define heap_get2max             crypto_sign_ed25519_amd64_51_30k_batch_heap_get2max
-#define heap_rootreplaced        crypto_sign_ed25519_amd64_51_30k_batch_heap_rootreplaced
-#define heap_rootreplaced_3limbs crypto_sign_ed25519_amd64_51_30k_batch_heap_rootreplaced_3limbs
-#define heap_rootreplaced_2limbs crypto_sign_ed25519_amd64_51_30k_batch_heap_rootreplaced_2limbs
-#define heap_rootreplaced_1limb  crypto_sign_ed25519_amd64_51_30k_batch_heap_rootreplaced_1limb
+#define heap_init                CRYPTO_NAMESPACE(batch_heap_init)
+#define heap_extend              CRYPTO_NAMESPACE(batch_heap_extend)
+#define heap_pop                 CRYPTO_NAMESPACE(batch_heap_pop)
+#define heap_push                CRYPTO_NAMESPACE(batch_heap_push)
+#define heap_get2max             CRYPTO_NAMESPACE(batch_heap_get2max)
+#define heap_rootreplaced        CRYPTO_NAMESPACE(batch_heap_rootreplaced)
+#define heap_rootreplaced_3limbs CRYPTO_NAMESPACE(batch_heap_rootreplaced_3limbs)
+#define heap_rootreplaced_2limbs CRYPTO_NAMESPACE(batch_heap_rootreplaced_2limbs)
+#define heap_rootreplaced_1limb  CRYPTO_NAMESPACE(batch_heap_rootreplaced_1limb)

 void heap_init(unsigned long long *h, unsigned long long hlen, sc25519 *scalars);

@ -23,9 +24,9 @@ void heap_push(unsigned long long *h, unsigned long long *hlen, unsigned long lo

 void heap_get2max(unsigned long long *h, unsigned long long *max1, unsigned long long *max2, sc25519 *scalars);

-void heap_rootreplaced(unsigned long long *h, unsigned long long hlen, sc25519 *scalars);
-void heap_rootreplaced_3limbs(unsigned long long *h, unsigned long long hlen, sc25519 *scalars);
-void heap_rootreplaced_2limbs(unsigned long long *h, unsigned long long hlen, sc25519 *scalars);
-void heap_rootreplaced_1limb(unsigned long long *h, unsigned long long hlen, sc25519 *scalars);
+void heap_rootreplaced(unsigned long long *h, unsigned long long hlen, sc25519 *scalars) SYSVABI;
+void heap_rootreplaced_3limbs(unsigned long long *h, unsigned long long hlen, sc25519 *scalars) SYSVABI;
+void heap_rootreplaced_2limbs(unsigned long long *h, unsigned long long hlen, sc25519 *scalars) SYSVABI;
+void heap_rootreplaced_1limb(unsigned long long *h, unsigned long long hlen, sc25519 *scalars) SYSVABI;

 #endif
--- a/ed25519/amd64-51-30k/sc25519.h
+++ b/ed25519/amd64-51-30k/sc25519.h
@ -1,35 +1,37 @@
 #ifndef SC25519_H
 #define SC25519_H

-#define sc25519                  crypto_sign_ed25519_amd64_51_30k_batch_sc25519
-#define shortsc25519             crypto_sign_ed25519_amd64_51_30k_batch_shortsc25519
-#define sc25519_from32bytes      crypto_sign_ed25519_amd64_51_30k_batch_sc25519_from32bytes
-#define shortsc25519_from16bytes crypto_sign_ed25519_amd64_51_30k_batch_shortsc25519_from16bytes
-#define sc25519_from64bytes      crypto_sign_ed25519_amd64_51_30k_batch_sc25519_from64bytes
-#define sc25519_from_shortsc     crypto_sign_ed25519_amd64_51_30k_batch_sc25519_from_shortsc
-#define sc25519_to32bytes        crypto_sign_ed25519_amd64_51_30k_batch_sc25519_to32bytes
-#define sc25519_iszero_vartime   crypto_sign_ed25519_amd64_51_30k_batch_sc25519_iszero_vartime
-#define sc25519_isshort_vartime  crypto_sign_ed25519_amd64_51_30k_batch_sc25519_isshort_vartime
-#define sc25519_lt               crypto_sign_ed25519_amd64_51_30k_batch_sc25519_lt
-#define sc25519_add              crypto_sign_ed25519_amd64_51_30k_batch_sc25519_add
-#define sc25519_sub_nored        crypto_sign_ed25519_amd64_51_30k_batch_sc25519_sub_nored
-#define sc25519_mul              crypto_sign_ed25519_amd64_51_30k_batch_sc25519_mul
-#define sc25519_mul_shortsc      crypto_sign_ed25519_amd64_51_30k_batch_sc25519_mul_shortsc
-#define sc25519_window4          crypto_sign_ed25519_amd64_51_30k_batch_sc25519_window4
-#define sc25519_window5          crypto_sign_ed25519_amd64_51_30k_batch_sc25519_window5
-#define sc25519_slide           crypto_sign_ed25519_amd64_51_30k_batch_sc25519_slide
-#define sc25519_2interleave2     crypto_sign_ed25519_amd64_51_30k_batch_sc25519_2interleave2
-#define sc25519_barrett crypto_sign_ed25519_amd64_51_30k_batch_sc25519_barrett
+#include "compat.h"

-typedef struct 
+#define sc25519                  CRYPTO_NAMESPACE(batch_sc25519)
+#define shortsc25519             CRYPTO_NAMESPACE(batch_shortsc25519)
+#define sc25519_from32bytes      CRYPTO_NAMESPACE(batch_sc25519_from32bytes)
+#define shortsc25519_from16bytes CRYPTO_NAMESPACE(batch_shortsc25519_from16bytes)
+#define sc25519_from64bytes      CRYPTO_NAMESPACE(batch_sc25519_from64bytes)
+#define sc25519_from_shortsc     CRYPTO_NAMESPACE(batch_sc25519_from_shortsc)
+#define sc25519_to32bytes        CRYPTO_NAMESPACE(batch_sc25519_to32bytes)
+#define sc25519_iszero_vartime   CRYPTO_NAMESPACE(batch_sc25519_iszero_vartime)
+#define sc25519_isshort_vartime  CRYPTO_NAMESPACE(batch_sc25519_isshort_vartime)
+#define sc25519_lt               CRYPTO_NAMESPACE(batch_sc25519_lt)
+#define sc25519_add              CRYPTO_NAMESPACE(batch_sc25519_add)
+#define sc25519_sub_nored        CRYPTO_NAMESPACE(batch_sc25519_sub_nored)
+#define sc25519_mul              CRYPTO_NAMESPACE(batch_sc25519_mul)
+#define sc25519_mul_shortsc      CRYPTO_NAMESPACE(batch_sc25519_mul_shortsc)
+#define sc25519_window4          CRYPTO_NAMESPACE(batch_sc25519_window4)
+#define sc25519_window5          CRYPTO_NAMESPACE(batch_sc25519_window5)
+#define sc25519_slide           CRYPTO_NAMESPACE(batch_sc25519_slide)
+#define sc25519_2interleave2     CRYPTO_NAMESPACE(batch_sc25519_2interleave2)
+#define sc25519_barrett CRYPTO_NAMESPACE(batch_sc25519_barrett)
+
+typedef struct
 {
-  unsigned long long v[4]; 
+  unsigned long long v[4];
 }
 sc25519;

-typedef struct 
+typedef struct
 {
-  unsigned long long v[2]; 
+  unsigned long long v[2];
 }
 shortsc25519;

@ -43,11 +45,11 @@ void sc25519_to32bytes(unsigned char r[32], const sc25519 *x);

 int sc25519_iszero_vartime(const sc25519 *x);

-int sc25519_lt(const sc25519 *x, const sc25519 *y);
+int sc25519_lt(const sc25519 *x, const sc25519 *y) SYSVABI;

-void sc25519_add(sc25519 *r, const sc25519 *x, const sc25519 *y);
+void sc25519_add(sc25519 *r, const sc25519 *x, const sc25519 *y) SYSVABI;

-void sc25519_sub_nored(sc25519 *r, const sc25519 *x, const sc25519 *y);
+void sc25519_sub_nored(sc25519 *r, const sc25519 *x, const sc25519 *y) SYSVABI;

 void sc25519_mul(sc25519 *r, const sc25519 *x, const sc25519 *y);

@ -64,6 +66,6 @@ void sc25519_slide(signed char r[256], const sc25519 *s, int swindowsize);

 void sc25519_2interleave2(unsigned char r[127], const sc25519 *s1, const sc25519 *s2);

-void sc25519_barrett(sc25519 *r, unsigned long long x[8]);
+void sc25519_barrett(sc25519 *r, unsigned long long x[8]) SYSVABI;

 #endif
--- a/ed25519/amd64-51-30k/sc25519_add.S
+++ b/ed25519/amd64-51-30k/sc25519_add.S
@ -63,13 +63,13 @@

 # qhasm:   stack64 caller7_stack

-# qhasm: enter crypto_sign_ed25519_amd64_64_sc25519_add
+# qhasm: enter CRYPTO_NAMESPACE(batch_sc25519_add)
 .text
 .p2align 5
-.globl _crypto_sign_ed25519_amd64_64_sc25519_add
-.globl crypto_sign_ed25519_amd64_64_sc25519_add
-_crypto_sign_ed25519_amd64_64_sc25519_add:
-crypto_sign_ed25519_amd64_64_sc25519_add:
+.globl _CRYPTO_NAMESPACE(batch_sc25519_add)
+.globl CRYPTO_NAMESPACE(batch_sc25519_add)
+_CRYPTO_NAMESPACE(batch_sc25519_add):
+CRYPTO_NAMESPACE(batch_sc25519_add):
 mov %rsp,%r11
 and $31,%r11
 add $32,%r11
@ -150,25 +150,25 @@ mov  %r9,%r10
 # asm 2: mov  <r3=%rsi,>t3=%r14
 mov  %rsi,%r14

-# qhasm: carry? t0 -= *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER0
-# asm 1: sub  crypto_sign_ed25519_amd64_64_ORDER0,<t0=int64#3
-# asm 2: sub  crypto_sign_ed25519_amd64_64_ORDER0,<t0=%rdx
-sub  crypto_sign_ed25519_amd64_64_ORDER0,%rdx
+# qhasm: carry? t0 -= *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER0)
+# asm 1: sub  CRYPTO_NAMESPACE(batch_ORDER0),<t0=int64#3
+# asm 2: sub  CRYPTO_NAMESPACE(batch_ORDER0),<t0=%rdx
+sub  CRYPTO_NAMESPACE(batch_ORDER0)(%rip),%rdx

-# qhasm: carry? t1 -= *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER1 - carry
-# asm 1: sbb  crypto_sign_ed25519_amd64_64_ORDER1,<t1=int64#7
-# asm 2: sbb  crypto_sign_ed25519_amd64_64_ORDER1,<t1=%rax
-sbb  crypto_sign_ed25519_amd64_64_ORDER1,%rax
+# qhasm: carry? t1 -= *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER1) - carry
+# asm 1: sbb  CRYPTO_NAMESPACE(batch_ORDER1),<t1=int64#7
+# asm 2: sbb  CRYPTO_NAMESPACE(batch_ORDER1),<t1=%rax
+sbb  CRYPTO_NAMESPACE(batch_ORDER1)(%rip),%rax

-# qhasm: carry? t2 -= *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER2 - carry
-# asm 1: sbb  crypto_sign_ed25519_amd64_64_ORDER2,<t2=int64#8
-# asm 2: sbb  crypto_sign_ed25519_amd64_64_ORDER2,<t2=%r10
-sbb  crypto_sign_ed25519_amd64_64_ORDER2,%r10
+# qhasm: carry? t2 -= *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER2) - carry
+# asm 1: sbb  CRYPTO_NAMESPACE(batch_ORDER2),<t2=int64#8
+# asm 2: sbb  CRYPTO_NAMESPACE(batch_ORDER2),<t2=%r10
+sbb  CRYPTO_NAMESPACE(batch_ORDER2)(%rip),%r10

-# qhasm: unsigned<? t3 -= *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER3 - carry
-# asm 1: sbb  crypto_sign_ed25519_amd64_64_ORDER3,<t3=int64#12
-# asm 2: sbb  crypto_sign_ed25519_amd64_64_ORDER3,<t3=%r14
-sbb  crypto_sign_ed25519_amd64_64_ORDER3,%r14
+# qhasm: unsigned<? t3 -= *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER3) - carry
+# asm 1: sbb  CRYPTO_NAMESPACE(batch_ORDER3),<t3=int64#12
+# asm 2: sbb  CRYPTO_NAMESPACE(batch_ORDER3),<t3=%r14
+sbb  CRYPTO_NAMESPACE(batch_ORDER3)(%rip),%r14

 # qhasm: r0 = t0 if !unsigned<
 # asm 1: cmovae <t0=int64#3,<r0=int64#4
--- a/ed25519/amd64-51-30k/sc25519_barrett.S
+++ b/ed25519/amd64-51-30k/sc25519_barrett.S
@ -107,13 +107,13 @@

 # qhasm: stack64 q33_stack

-# qhasm: enter crypto_sign_ed25519_amd64_64_sc25519_barrett
+# qhasm: enter CRYPTO_NAMESPACE(batch_sc25519_barrett)
 .text
 .p2align 5
-.globl _crypto_sign_ed25519_amd64_64_sc25519_barrett
-.globl crypto_sign_ed25519_amd64_64_sc25519_barrett
-_crypto_sign_ed25519_amd64_64_sc25519_barrett:
-crypto_sign_ed25519_amd64_64_sc25519_barrett:
+.globl _CRYPTO_NAMESPACE(batch_sc25519_barrett)
+.globl CRYPTO_NAMESPACE(batch_sc25519_barrett)
+_CRYPTO_NAMESPACE(batch_sc25519_barrett):
+CRYPTO_NAMESPACE(batch_sc25519_barrett):
 mov %rsp,%r11
 and $31,%r11
 add $96,%r11
@ -184,8 +184,8 @@ xor  %r11,%r11
 # asm 2: movq   24(<xp=%rsi),>rax=%rax
 movq   24(%rsi),%rax

-# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU3
-mulq  crypto_sign_ed25519_amd64_64_MU3
+# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU3)
+mulq CRYPTO_NAMESPACE(batch_MU3)(%rip)

 # qhasm: q23 = rax
 # asm 1: mov  <rax=int64#7,>q23=int64#10
@ -202,8 +202,8 @@ mov  %rdx,%r13
 # asm 2: movq   24(<xp=%rsi),>rax=%rax
 movq   24(%rsi),%rax

-# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU4
-mulq  crypto_sign_ed25519_amd64_64_MU4
+# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU4)
+mulq CRYPTO_NAMESPACE(batch_MU4)(%rip)

 # qhasm: q24 = rax
 # asm 1: mov  <rax=int64#7,>q24=int64#12
@ -225,8 +225,8 @@ adc %rdx,%r8
 # asm 2: movq   32(<xp=%rsi),>rax=%rax
 movq   32(%rsi),%rax

-# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU2
-mulq  crypto_sign_ed25519_amd64_64_MU2
+# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU2)
+mulq CRYPTO_NAMESPACE(batch_MU2)(%rip)

 # qhasm: carry? q23 += rax
 # asm 1: add  <rax=int64#7,<q23=int64#10
@ -248,8 +248,8 @@ adc %rdx,%r13
 # asm 2: movq   32(<xp=%rsi),>rax=%rax
 movq   32(%rsi),%rax

-# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU3
-mulq  crypto_sign_ed25519_amd64_64_MU3
+# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU3)
+mulq CRYPTO_NAMESPACE(batch_MU3)(%rip)

 # qhasm: carry? q24 += rax
 # asm 1: add  <rax=int64#7,<q24=int64#12
@ -281,8 +281,8 @@ adc %rdx,%r13
 # asm 2: movq   32(<xp=%rsi),>rax=%rax
 movq   32(%rsi),%rax

-# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU4
-mulq  crypto_sign_ed25519_amd64_64_MU4
+# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU4)
+mulq CRYPTO_NAMESPACE(batch_MU4)(%rip)

 # qhasm: carry? q30 += rax 
 # asm 1: add  <rax=int64#7,<q30=int64#5
@ -309,8 +309,8 @@ adc %rdx,%r9
 # asm 2: movq   40(<xp=%rsi),>rax=%rax
 movq   40(%rsi),%rax

-# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU1
-mulq  crypto_sign_ed25519_amd64_64_MU1
+# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU1)
+mulq CRYPTO_NAMESPACE(batch_MU1)(%rip)

 # qhasm: carry? q23 += rax
 # asm 1: add  <rax=int64#7,<q23=int64#10
@ -332,8 +332,8 @@ adc %rdx,%r13
 # asm 2: movq   40(<xp=%rsi),>rax=%rax
 movq   40(%rsi),%rax

-# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU2
-mulq  crypto_sign_ed25519_amd64_64_MU2
+# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU2)
+mulq CRYPTO_NAMESPACE(batch_MU2)(%rip)

 # qhasm: carry? q24 += rax
 # asm 1: add  <rax=int64#7,<q24=int64#12
@ -365,8 +365,8 @@ adc %rdx,%r13
 # asm 2: movq   40(<xp=%rsi),>rax=%rax
 movq   40(%rsi),%rax

-# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU3
-mulq  crypto_sign_ed25519_amd64_64_MU3
+# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU3)
+mulq CRYPTO_NAMESPACE(batch_MU3)(%rip)

 # qhasm: carry? q30 += rax
 # asm 1: add  <rax=int64#7,<q30=int64#5
@ -398,8 +398,8 @@ adc %rdx,%r13
 # asm 2: movq   40(<xp=%rsi),>rax=%rax
 movq   40(%rsi),%rax

-# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU4
-mulq  crypto_sign_ed25519_amd64_64_MU4
+# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU4)
+mulq CRYPTO_NAMESPACE(batch_MU4)(%rip)

 # qhasm: carry? q31 += rax 
 # asm 1: add  <rax=int64#7,<q31=int64#6
@ -426,8 +426,8 @@ adc %rdx,%r10
 # asm 2: movq   48(<xp=%rsi),>rax=%rax
 movq   48(%rsi),%rax

-# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU0
-mulq  crypto_sign_ed25519_amd64_64_MU0
+# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU0)
+mulq CRYPTO_NAMESPACE(batch_MU0)(%rip)

 # qhasm: carry? q23 += rax
 # asm 1: add  <rax=int64#7,<q23=int64#10
@ -449,8 +449,8 @@ adc %rdx,%r12
 # asm 2: movq   48(<xp=%rsi),>rax=%rax
 movq   48(%rsi),%rax

-# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU1
-mulq  crypto_sign_ed25519_amd64_64_MU1
+# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU1)
+mulq CRYPTO_NAMESPACE(batch_MU1)(%rip)

 # qhasm: carry? q24 += rax
 # asm 1: add  <rax=int64#7,<q24=int64#12
@ -482,8 +482,8 @@ adc %rdx,%r12
 # asm 2: movq   48(<xp=%rsi),>rax=%rax
 movq   48(%rsi),%rax

-# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU2
-mulq  crypto_sign_ed25519_amd64_64_MU2
+# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU2)
+mulq CRYPTO_NAMESPACE(batch_MU2)(%rip)

 # qhasm: carry? q30 += rax
 # asm 1: add  <rax=int64#7,<q30=int64#5
@ -515,8 +515,8 @@ adc %rdx,%r12
 # asm 2: movq   48(<xp=%rsi),>rax=%rax
 movq   48(%rsi),%rax

-# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU3
-mulq  crypto_sign_ed25519_amd64_64_MU3
+# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU3)
+mulq CRYPTO_NAMESPACE(batch_MU3)(%rip)

 # qhasm: carry? q31 += rax
 # asm 1: add  <rax=int64#7,<q31=int64#6
@ -548,8 +548,8 @@ adc %rdx,%r12
 # asm 2: movq   48(<xp=%rsi),>rax=%rax
 movq   48(%rsi),%rax

-# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU4
-mulq  crypto_sign_ed25519_amd64_64_MU4
+# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU4)
+mulq CRYPTO_NAMESPACE(batch_MU4)(%rip)

 # qhasm: carry? q32 += rax 
 # asm 1: add  <rax=int64#7,<q32=int64#8
@ -576,8 +576,8 @@ adc %rdx,%r11
 # asm 2: movq   56(<xp=%rsi),>rax=%rax
 movq   56(%rsi),%rax

-# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU0
-mulq  crypto_sign_ed25519_amd64_64_MU0
+# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU0)
+mulq CRYPTO_NAMESPACE(batch_MU0)(%rip)

 # qhasm: carry? q24 += rax
 # asm 1: add  <rax=int64#7,<q24=int64#12
@ -601,8 +601,8 @@ adc %rdx,%r12
 # asm 2: movq   56(<xp=%rsi),>rax=%rax
 movq   56(%rsi),%rax

-# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU1
-mulq  crypto_sign_ed25519_amd64_64_MU1
+# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU1)
+mulq CRYPTO_NAMESPACE(batch_MU1)(%rip)

 # qhasm: carry? q30 += rax
 # asm 1: add  <rax=int64#7,<q30=int64#5
@ -639,8 +639,8 @@ movq %r8,56(%rsp)
 # asm 2: movq   56(<xp=%rsi),>rax=%rax
 movq   56(%rsi),%rax

-# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU2
-mulq  crypto_sign_ed25519_amd64_64_MU2
+# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU2)
+mulq CRYPTO_NAMESPACE(batch_MU2)(%rip)

 # qhasm: carry? q31 += rax
 # asm 1: add  <rax=int64#7,<q31=int64#6
@ -677,8 +677,8 @@ movq %r9,64(%rsp)
 # asm 2: movq   56(<xp=%rsi),>rax=%rax
 movq   56(%rsi),%rax

-# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU3
-mulq  crypto_sign_ed25519_amd64_64_MU3
+# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU3)
+mulq CRYPTO_NAMESPACE(batch_MU3)(%rip)

 # qhasm: carry? q32 += rax
 # asm 1: add  <rax=int64#7,<q32=int64#8
@ -715,8 +715,8 @@ movq %r10,72(%rsp)
 # asm 2: movq   56(<xp=%rsi),>rax=%rax
 movq   56(%rsi),%rax

-# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_MU4
-mulq  crypto_sign_ed25519_amd64_64_MU4
+# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_MU4)
+mulq CRYPTO_NAMESPACE(batch_MU4)(%rip)

 # qhasm: carry? q33 += rax 
 # asm 1: add  <rax=int64#7,<q33=int64#9
@ -743,8 +743,8 @@ movq %r11,80(%rsp)
 # asm 2: movq <q30_stack=56(%rsp),>rax=%rax
 movq 56(%rsp),%rax

-# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER0
-mulq  crypto_sign_ed25519_amd64_64_ORDER0
+# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER0)
+mulq CRYPTO_NAMESPACE(batch_ORDER0)(%rip)

 # qhasm: r20 = rax
 # asm 1: mov  <rax=int64#7,>r20=int64#5
@ -761,8 +761,8 @@ mov  %rdx,%r9
 # asm 2: movq <q30_stack=56(%rsp),>rax=%rax
 movq 56(%rsp),%rax

-# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER1
-mulq  crypto_sign_ed25519_amd64_64_ORDER1
+# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER1)
+mulq CRYPTO_NAMESPACE(batch_ORDER1)(%rip)

 # qhasm: r21 = rax
 # asm 1: mov  <rax=int64#7,>r21=int64#8
@ -789,8 +789,8 @@ adc %rdx,%r9
 # asm 2: movq <q30_stack=56(%rsp),>rax=%rax
 movq 56(%rsp),%rax

-# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER2
-mulq  crypto_sign_ed25519_amd64_64_ORDER2
+# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER2)
+mulq CRYPTO_NAMESPACE(batch_ORDER2)(%rip)

 # qhasm: r22 = rax
 # asm 1: mov  <rax=int64#7,>r22=int64#9
@ -817,8 +817,8 @@ adc %rdx,%r9
 # asm 2: movq <q30_stack=56(%rsp),>rax=%rax
 movq 56(%rsp),%rax

-# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER3
-mulq  crypto_sign_ed25519_amd64_64_ORDER3
+# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER3)
+mulq CRYPTO_NAMESPACE(batch_ORDER3)(%rip)

 # qhasm: free rdx

@ -837,8 +837,8 @@ add  %r9,%r12
 # asm 2: movq <q31_stack=64(%rsp),>rax=%rax
 movq 64(%rsp),%rax

-# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER0
-mulq  crypto_sign_ed25519_amd64_64_ORDER0
+# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER0)
+mulq CRYPTO_NAMESPACE(batch_ORDER0)(%rip)

 # qhasm: carry? r21 += rax
 # asm 1: add  <rax=int64#7,<r21=int64#8
@ -860,8 +860,8 @@ adc %rdx,%r9
 # asm 2: movq <q31_stack=64(%rsp),>rax=%rax
 movq 64(%rsp),%rax

-# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER1
-mulq  crypto_sign_ed25519_amd64_64_ORDER1
+# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER1)
+mulq CRYPTO_NAMESPACE(batch_ORDER1)(%rip)

 # qhasm: carry? r22 += rax
 # asm 1: add  <rax=int64#7,<r22=int64#9
@ -893,8 +893,8 @@ adc %rdx,%rcx
 # asm 2: movq <q31_stack=64(%rsp),>rax=%rax
 movq 64(%rsp),%rax

-# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER2
-mulq  crypto_sign_ed25519_amd64_64_ORDER2
+# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER2)
+mulq CRYPTO_NAMESPACE(batch_ORDER2)(%rip)

 # qhasm: free rdx

@ -913,8 +913,8 @@ add  %rcx,%r12
 # asm 2: movq <q32_stack=72(%rsp),>rax=%rax
 movq 72(%rsp),%rax

-# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER0
-mulq  crypto_sign_ed25519_amd64_64_ORDER0
+# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER0)
+mulq CRYPTO_NAMESPACE(batch_ORDER0)(%rip)

 # qhasm: carry? r22 += rax
 # asm 1: add  <rax=int64#7,<r22=int64#9
@ -936,8 +936,8 @@ adc %rdx,%rcx
 # asm 2: movq <q32_stack=72(%rsp),>rax=%rax
 movq 72(%rsp),%rax

-# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER1
-mulq  crypto_sign_ed25519_amd64_64_ORDER1
+# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER1)
+mulq CRYPTO_NAMESPACE(batch_ORDER1)(%rip)

 # qhasm: free rdx

@ -956,8 +956,8 @@ add  %rcx,%r12
 # asm 2: movq <q33_stack=80(%rsp),>rax=%rax
 movq 80(%rsp),%rax

-# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER0
-mulq  crypto_sign_ed25519_amd64_64_ORDER0
+# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER0)
+mulq CRYPTO_NAMESPACE(batch_ORDER0)(%rip)

 # qhasm: free rdx

@ -1026,25 +1026,25 @@ sbb  %r12,%rsi
 # asm 2: mov  <r3=%rsi,>t3=%r11
 mov  %rsi,%r11

-# qhasm: carry? t0 -= *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER0
-# asm 1: sub  crypto_sign_ed25519_amd64_64_ORDER0,<t0=int64#4
-# asm 2: sub  crypto_sign_ed25519_amd64_64_ORDER0,<t0=%rcx
-sub  crypto_sign_ed25519_amd64_64_ORDER0,%rcx
+# qhasm: carry? t0 -= *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER0)
+# asm 1: sub  CRYPTO_NAMESPACE(batch_ORDER0),<t0=int64#4
+# asm 2: sub  CRYPTO_NAMESPACE(batch_ORDER0),<t0=%rcx
+sub  CRYPTO_NAMESPACE(batch_ORDER0)(%rip),%rcx

-# qhasm: carry? t1 -= *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER1 - carry
-# asm 1: sbb  crypto_sign_ed25519_amd64_64_ORDER1,<t1=int64#6
-# asm 2: sbb  crypto_sign_ed25519_amd64_64_ORDER1,<t1=%r9
-sbb  crypto_sign_ed25519_amd64_64_ORDER1,%r9
+# qhasm: carry? t1 -= *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER1) - carry
+# asm 1: sbb  CRYPTO_NAMESPACE(batch_ORDER1),<t1=int64#6
+# asm 2: sbb  CRYPTO_NAMESPACE(batch_ORDER1),<t1=%r9
+sbb  CRYPTO_NAMESPACE(batch_ORDER1)(%rip),%r9

-# qhasm: carry? t2 -= *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER2 - carry
-# asm 1: sbb  crypto_sign_ed25519_amd64_64_ORDER2,<t2=int64#8
-# asm 2: sbb  crypto_sign_ed25519_amd64_64_ORDER2,<t2=%r10
-sbb  crypto_sign_ed25519_amd64_64_ORDER2,%r10
+# qhasm: carry? t2 -= *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER2) - carry
+# asm 1: sbb  CRYPTO_NAMESPACE(batch_ORDER2),<t2=int64#8
+# asm 2: sbb  CRYPTO_NAMESPACE(batch_ORDER2),<t2=%r10
+sbb  CRYPTO_NAMESPACE(batch_ORDER2)(%rip),%r10

-# qhasm: unsigned<? t3 -= *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER3 - carry
-# asm 1: sbb  crypto_sign_ed25519_amd64_64_ORDER3,<t3=int64#9
-# asm 2: sbb  crypto_sign_ed25519_amd64_64_ORDER3,<t3=%r11
-sbb  crypto_sign_ed25519_amd64_64_ORDER3,%r11
+# qhasm: unsigned<? t3 -= *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER3) - carry
+# asm 1: sbb  CRYPTO_NAMESPACE(batch_ORDER3),<t3=int64#9
+# asm 2: sbb  CRYPTO_NAMESPACE(batch_ORDER3),<t3=%r11
+sbb  CRYPTO_NAMESPACE(batch_ORDER3)(%rip),%r11

 # qhasm: r0 = t0 if !unsigned<
 # asm 1: cmovae <t0=int64#4,<r0=int64#3
@ -1086,25 +1086,25 @@ cmovae %r11,%rsi
 # asm 2: mov  <r3=%rsi,>t3=%r11
 mov  %rsi,%r11

-# qhasm: carry? t0 -= *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER0
-# asm 1: sub  crypto_sign_ed25519_amd64_64_ORDER0,<t0=int64#4
-# asm 2: sub  crypto_sign_ed25519_amd64_64_ORDER0,<t0=%rcx
-sub  crypto_sign_ed25519_amd64_64_ORDER0,%rcx
+# qhasm: carry? t0 -= *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER0)
+# asm 1: sub  CRYPTO_NAMESPACE(batch_ORDER0),<t0=int64#4
+# asm 2: sub  CRYPTO_NAMESPACE(batch_ORDER0),<t0=%rcx
+sub  CRYPTO_NAMESPACE(batch_ORDER0)(%rip),%rcx

-# qhasm: carry? t1 -= *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER1 - carry
-# asm 1: sbb  crypto_sign_ed25519_amd64_64_ORDER1,<t1=int64#6
-# asm 2: sbb  crypto_sign_ed25519_amd64_64_ORDER1,<t1=%r9
-sbb  crypto_sign_ed25519_amd64_64_ORDER1,%r9
+# qhasm: carry? t1 -= *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER1) - carry
+# asm 1: sbb  CRYPTO_NAMESPACE(batch_ORDER1),<t1=int64#6
+# asm 2: sbb  CRYPTO_NAMESPACE(batch_ORDER1),<t1=%r9
+sbb  CRYPTO_NAMESPACE(batch_ORDER1)(%rip),%r9

-# qhasm: carry? t2 -= *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER2 - carry
-# asm 1: sbb  crypto_sign_ed25519_amd64_64_ORDER2,<t2=int64#8
-# asm 2: sbb  crypto_sign_ed25519_amd64_64_ORDER2,<t2=%r10
-sbb  crypto_sign_ed25519_amd64_64_ORDER2,%r10
+# qhasm: carry? t2 -= *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER2) - carry
+# asm 1: sbb  CRYPTO_NAMESPACE(batch_ORDER2),<t2=int64#8
+# asm 2: sbb  CRYPTO_NAMESPACE(batch_ORDER2),<t2=%r10
+sbb  CRYPTO_NAMESPACE(batch_ORDER2)(%rip),%r10

-# qhasm: unsigned<? t3 -= *(uint64 *) &crypto_sign_ed25519_amd64_64_ORDER3 - carry
-# asm 1: sbb  crypto_sign_ed25519_amd64_64_ORDER3,<t3=int64#9
-# asm 2: sbb  crypto_sign_ed25519_amd64_64_ORDER3,<t3=%r11
-sbb  crypto_sign_ed25519_amd64_64_ORDER3,%r11
+# qhasm: unsigned<? t3 -= *(uint64 *) &CRYPTO_NAMESPACE(batch_ORDER3) - carry
+# asm 1: sbb  CRYPTO_NAMESPACE(batch_ORDER3),<t3=int64#9
+# asm 2: sbb  CRYPTO_NAMESPACE(batch_ORDER3),<t3=%r11
+sbb  CRYPTO_NAMESPACE(batch_ORDER3)(%rip),%r11

 # qhasm: r0 = t0 if !unsigned<
 # asm 1: cmovae <t0=int64#4,<r0=int64#3
--- a/ed25519/amd64-51-30k/sc25519_lt.S
+++ b/ed25519/amd64-51-30k/sc25519_lt.S
@ -57,13 +57,13 @@

 # qhasm:   stack64 caller7_stack

-# qhasm: enter crypto_sign_ed25519_amd64_64_sc25519_lt
+# qhasm: enter CRYPTO_NAMESPACE(batch_sc25519_lt)
 .text
 .p2align 5
-.globl _crypto_sign_ed25519_amd64_64_sc25519_lt
-.globl crypto_sign_ed25519_amd64_64_sc25519_lt
-_crypto_sign_ed25519_amd64_64_sc25519_lt:
-crypto_sign_ed25519_amd64_64_sc25519_lt:
+.globl _CRYPTO_NAMESPACE(batch_sc25519_lt)
+.globl CRYPTO_NAMESPACE(batch_sc25519_lt)
+_CRYPTO_NAMESPACE(batch_sc25519_lt):
+CRYPTO_NAMESPACE(batch_sc25519_lt):
 mov %rsp,%r11
 and $31,%r11
 add $0,%r11
--- a/ed25519/amd64-51-30k/sc25519_mul.c
+++ b/ed25519/amd64-51-30k/sc25519_mul.c
@ -1,8 +1,9 @@
 #include "sc25519.h"
+#include "compat.h"

-#define ull4_mul        crypto_sign_ed25519_amd64_51_30k_batch_ull4_mul
+#define ull4_mul        CRYPTO_NAMESPACE(batch_ull4_mul)

-extern void ull4_mul(unsigned long long r[8], const unsigned long long x[4], const unsigned long long y[4]);
+extern void ull4_mul(unsigned long long r[8], const unsigned long long x[4], const unsigned long long y[4]) SYSVABI;

 void sc25519_mul(sc25519 *r, const sc25519 *x, const sc25519 *y)
 {
--- a/ed25519/amd64-51-30k/sc25519_sub_nored.S
+++ b/ed25519/amd64-51-30k/sc25519_sub_nored.S
@ -63,13 +63,13 @@

 # qhasm:   stack64 caller7_stack

-# qhasm: enter crypto_sign_ed25519_amd64_64_sc25519_sub_nored
+# qhasm: enter CRYPTO_NAMESPACE(batch_sc25519_sub_nored)
 .text
 .p2align 5
-.globl _crypto_sign_ed25519_amd64_64_sc25519_sub_nored
-.globl crypto_sign_ed25519_amd64_64_sc25519_sub_nored
-_crypto_sign_ed25519_amd64_64_sc25519_sub_nored:
-crypto_sign_ed25519_amd64_64_sc25519_sub_nored:
+.globl _CRYPTO_NAMESPACE(batch_sc25519_sub_nored)
+.globl CRYPTO_NAMESPACE(batch_sc25519_sub_nored)
+_CRYPTO_NAMESPACE(batch_sc25519_sub_nored):
+CRYPTO_NAMESPACE(batch_sc25519_sub_nored):
 mov %rsp,%r11
 and $31,%r11
 add $0,%r11
--- a/ed25519/amd64-51-30k/ull4_mul.S
+++ b/ed25519/amd64-51-30k/ull4_mul.S
@ -77,13 +77,13 @@

 # qhasm:   stack64 caller7_stack

-# qhasm: enter crypto_sign_ed25519_amd64_64_ull4_mul 
+# qhasm: enter CRYPTO_NAMESPACE(batch_ull4_mul) 
 .text
 .p2align 5
-.globl _crypto_sign_ed25519_amd64_64_ull4_mul
-.globl crypto_sign_ed25519_amd64_64_ull4_mul
-_crypto_sign_ed25519_amd64_64_ull4_mul:
-crypto_sign_ed25519_amd64_64_ull4_mul:
+.globl _CRYPTO_NAMESPACE(batch_ull4_mul)
+.globl CRYPTO_NAMESPACE(batch_ull4_mul)
+_CRYPTO_NAMESPACE(batch_ull4_mul):
+CRYPTO_NAMESPACE(batch_ull4_mul):
 mov %rsp,%r11
 and $31,%r11
 add $64,%r11
--- a/ed25519/amd64-64-24k/batch.c
+++ b/ed25519/amd64-64-24k/batch.c
@ -1,94 +0,0 @@
-#include "crypto_sign.h"
-
-#include "crypto_verify_32.h"
-#include "crypto_hash_sha512.h"
-#include "randombytes.h"
-
-#include "ge25519.h"
-#include "hram.h"
-
-#define MAXBATCH 64
-
-int crypto_sign_open_batch(
-    unsigned char* const m[],unsigned long long mlen[],
-    unsigned char* const sm[],const unsigned long long smlen[],
-    unsigned char* const pk[], 
-    unsigned long long num
-    )
-{
-  int ret = 0;
-  unsigned long long i, j;
-  shortsc25519 r[MAXBATCH];
-  sc25519 scalars[2*MAXBATCH+1];
-  ge25519 points[2*MAXBATCH+1];
-  unsigned char hram[crypto_hash_sha512_BYTES];
-  unsigned long long batchsize;
-
-  for (i = 0;i < num;++i) mlen[i] = -1;
-
-  while (num >= 3) {
-    batchsize = num;
-    if (batchsize > MAXBATCH) batchsize = MAXBATCH;
-
-    for (i = 0;i < batchsize;++i)
-      if (smlen[i] < 64) goto fallback;
-
-    randombytes((unsigned char*)r,sizeof(shortsc25519) * batchsize);
-
-    /* Computing scalars[0] = ((r1s1 + r2s2 + ...)) */
-    for(i=0;i<batchsize;i++)
-    {
-      sc25519_from32bytes(&scalars[i], sm[i]+32); 
-      sc25519_mul_shortsc(&scalars[i], &scalars[i], &r[i]);
-    }
-    for(i=1;i<batchsize;i++)
-      sc25519_add(&scalars[0], &scalars[0], &scalars[i]);
-    
-    /* Computing scalars[1] ... scalars[batchsize] as r[i]*H(R[i],A[i],m[i]) */
-    for(i=0;i<batchsize;i++)
-    {
-      get_hram(hram, sm[i], pk[i], m[i], smlen[i]);
-      sc25519_from64bytes(&scalars[i+1],hram);
-      sc25519_mul_shortsc(&scalars[i+1],&scalars[i+1],&r[i]);
-    }
-    /* Setting scalars[batchsize+1] ... scalars[2*batchsize] to r[i] */
-    for(i=0;i<batchsize;i++)
-      sc25519_from_shortsc(&scalars[batchsize+i+1],&r[i]);
-  
-    /* Computing points */
-    points[0] = ge25519_base;
-  
-    for(i=0;i<batchsize;i++)
-      if (ge25519_unpackneg_vartime(&points[i+1], pk[i])) goto fallback;
-    for(i=0;i<batchsize;i++)
-      if (ge25519_unpackneg_vartime(&points[batchsize+i+1], sm[i])) goto fallback;
-  
-    ge25519_multi_scalarmult_vartime(points, points, scalars, 2*batchsize+1);
-  
-    if (ge25519_isneutral_vartime(points)) {
-      for(i=0;i<batchsize;i++)
-      {
-        for(j=0;j<smlen[i]-64;j++)
-          m[i][j] = sm[i][j + 64];
-        mlen[i] = smlen[i]-64;
-      }
-    } else {
-      fallback:
-
-      for (i = 0;i < batchsize;++i)
-        ret |= crypto_sign_open(m[i], &mlen[i], sm[i], smlen[i], pk[i]);
-    }
-
-    m += batchsize;
-    mlen += batchsize;
-    sm += batchsize;
-    smlen += batchsize;
-    pk += batchsize;
-    num -= batchsize;
-  }
-
-  for (i = 0;i < num;++i)
-    ret |= crypto_sign_open(m[i], &mlen[i], sm[i], smlen[i], pk[i]);
-
-  return ret;
-}
--- a/ed25519/amd64-64-24k/choose_t.S
+++ b/ed25519/amd64-64-24k/choose_t.S
@ -101,13 +101,13 @@

 # qhasm:   stack64 caller7_stack

-# qhasm: enter crypto_sign_ed25519_amd64_64_choose_t
+# qhasm: enter CRYPTO_NAMESPACE(choose_t)
 .text
 .p2align 5
-.globl _crypto_sign_ed25519_amd64_64_choose_t
-.globl crypto_sign_ed25519_amd64_64_choose_t
-_crypto_sign_ed25519_amd64_64_choose_t:
-crypto_sign_ed25519_amd64_64_choose_t:
+.globl _CRYPTO_NAMESPACE(choose_t)
+.globl CRYPTO_NAMESPACE(choose_t)
+_CRYPTO_NAMESPACE(choose_t):
+CRYPTO_NAMESPACE(choose_t):
 mov %rsp,%r11
 and $31,%r11
 add $64,%r11
--- a/ed25519/amd64-64-24k/compat.h
+++ b/ed25519/amd64-64-24k/compat.h
@ -0,0 +1,10 @@
+#ifndef COMPAT_H
+#define COMPAT_H
+
+#if defined(_WIN32) && defined(__GNUC__)
+#define SYSVABI __attribute__((sysv_abi))
+#else
+#define SYSVABI
+#endif
+
+#endif
--- a/ed25519/amd64-64-24k/consts.S
+++ b/ed25519/amd64-64-24k/consts.S
@ -0,0 +1,43 @@
+#ifndef __APPLE__
+.section .rodata
+#else
+.const
+#endif
+
+.globl CRYPTO_NAMESPACE(121666)
+.globl CRYPTO_NAMESPACE(MU0)
+.globl CRYPTO_NAMESPACE(MU1)
+.globl CRYPTO_NAMESPACE(MU2)
+.globl CRYPTO_NAMESPACE(MU3)
+.globl CRYPTO_NAMESPACE(MU4)
+.globl CRYPTO_NAMESPACE(ORDER0)
+.globl CRYPTO_NAMESPACE(ORDER1)
+.globl CRYPTO_NAMESPACE(ORDER2)
+.globl CRYPTO_NAMESPACE(ORDER3)
+.globl CRYPTO_NAMESPACE(EC2D0)
+.globl CRYPTO_NAMESPACE(EC2D1)
+.globl CRYPTO_NAMESPACE(EC2D2)
+.globl CRYPTO_NAMESPACE(EC2D3)
+.globl CRYPTO_NAMESPACE(38)
+
+.p2align 4
+
+CRYPTO_NAMESPACE(121666):     .quad 121666
+
+CRYPTO_NAMESPACE(MU0):         .quad 0xED9CE5A30A2C131B
+CRYPTO_NAMESPACE(MU1):         .quad 0x2106215D086329A7
+CRYPTO_NAMESPACE(MU2):         .quad 0xFFFFFFFFFFFFFFEB
+CRYPTO_NAMESPACE(MU3):         .quad 0xFFFFFFFFFFFFFFFF
+CRYPTO_NAMESPACE(MU4):         .quad 0x000000000000000F
+
+CRYPTO_NAMESPACE(ORDER0):      .quad 0x5812631A5CF5D3ED
+CRYPTO_NAMESPACE(ORDER1):      .quad 0x14DEF9DEA2F79CD6
+CRYPTO_NAMESPACE(ORDER2):      .quad 0x0000000000000000
+CRYPTO_NAMESPACE(ORDER3):      .quad 0x1000000000000000
+
+CRYPTO_NAMESPACE(EC2D0):       .quad 0xEBD69B9426B2F146
+CRYPTO_NAMESPACE(EC2D1):       .quad 0x00E0149A8283B156
+CRYPTO_NAMESPACE(EC2D2):       .quad 0x198E80F2EEF3D130
+CRYPTO_NAMESPACE(EC2D3):       .quad 0xA406D9DC56DFFCE7
+
+CRYPTO_NAMESPACE(38):         .quad 38
--- a/ed25519/amd64-64-24k/consts.s
+++ b/ed25519/amd64-64-24k/consts.s
@ -1,39 +0,0 @@
-.data
-
-.globl crypto_sign_ed25519_amd64_64_121666
-.globl crypto_sign_ed25519_amd64_64_MU0
-.globl crypto_sign_ed25519_amd64_64_MU1
-.globl crypto_sign_ed25519_amd64_64_MU2
-.globl crypto_sign_ed25519_amd64_64_MU3
-.globl crypto_sign_ed25519_amd64_64_MU4
-.globl crypto_sign_ed25519_amd64_64_ORDER0
-.globl crypto_sign_ed25519_amd64_64_ORDER1
-.globl crypto_sign_ed25519_amd64_64_ORDER2
-.globl crypto_sign_ed25519_amd64_64_ORDER3
-.globl crypto_sign_ed25519_amd64_64_EC2D0
-.globl crypto_sign_ed25519_amd64_64_EC2D1
-.globl crypto_sign_ed25519_amd64_64_EC2D2
-.globl crypto_sign_ed25519_amd64_64_EC2D3
-.globl crypto_sign_ed25519_amd64_64_38
-
-.p2align 4
-
-crypto_sign_ed25519_amd64_64_121666:     .quad 121666
-
-crypto_sign_ed25519_amd64_64_MU0:         .quad 0xED9CE5A30A2C131B
-crypto_sign_ed25519_amd64_64_MU1:         .quad 0x2106215D086329A7
-crypto_sign_ed25519_amd64_64_MU2:         .quad 0xFFFFFFFFFFFFFFEB
-crypto_sign_ed25519_amd64_64_MU3:         .quad 0xFFFFFFFFFFFFFFFF
-crypto_sign_ed25519_amd64_64_MU4:         .quad 0x000000000000000F
-
-crypto_sign_ed25519_amd64_64_ORDER0:      .quad 0x5812631A5CF5D3ED
-crypto_sign_ed25519_amd64_64_ORDER1:      .quad 0x14DEF9DEA2F79CD6
-crypto_sign_ed25519_amd64_64_ORDER2:      .quad 0x0000000000000000
-crypto_sign_ed25519_amd64_64_ORDER3:      .quad 0x1000000000000000
-
-crypto_sign_ed25519_amd64_64_EC2D0:       .quad 0xEBD69B9426B2F146
-crypto_sign_ed25519_amd64_64_EC2D1:       .quad 0x00E0149A8283B156
-crypto_sign_ed25519_amd64_64_EC2D2:       .quad 0x198E80F2EEF3D130
-crypto_sign_ed25519_amd64_64_EC2D3:       .quad 0xA406D9DC56DFFCE7
-
-crypto_sign_ed25519_amd64_64_38:         .quad 38
--- a/ed25519/amd64-64-24k/crypto_sign.h
+++ b/ed25519/amd64-64-24k/crypto_sign.h
@ -1,9 +1,9 @@
-#define crypto_sign ed25519_amd64_64_sign
-#define crypto_sign_keypair ed25519_amd64_64_keygen
-#define crypto_sign_seckey ed25519_amd64_64_seckey
-#define crypto_sign_seckey_expand ed25519_amd64_64_seckey_expand
-#define crypto_sign_pubkey ed25519_amd64_64_pubkey
-#define crypto_sign_open ed25519_amd64_64_open
-#define crypto_sign_open_batch ed25519_amd64_64_open_batch
+#define crypto_sign               CRYPTO_NAMESPACE(sign)
+#define crypto_sign_keypair       CRYPTO_NAMESPACE(keygen)
+#define crypto_sign_seckey        CRYPTO_NAMESPACE(seckey)
+#define crypto_sign_seckey_expand CRYPTO_NAMESPACE(seckey_expand)
+#define crypto_sign_pubkey        CRYPTO_NAMESPACE(pubkey)
+#define crypto_sign_open          CRYPTO_NAMESPACE(open)
+#define crypto_sign_open_batch    CRYPTO_NAMESPACE(open_batch)

 #include "ed25519.h"
--- a/ed25519/amd64-64-24k/ed25519.h
+++ b/ed25519/amd64-64-24k/ed25519.h
@ -1,20 +1,20 @@
-int ed25519_amd64_64_seckey(unsigned char *sk);
-int ed25519_amd64_64_seckey_expand(unsigned char *sk,const unsigned char *seed);
-int ed25519_amd64_64_pubkey(unsigned char *pk,const unsigned char *sk);
-int ed25519_amd64_64_keygen(unsigned char *pk,unsigned char *sk);
-int ed25519_amd64_64_sign(
+int crypto_sign_seckey(unsigned char *sk);
+int crypto_sign_seckey_expand(unsigned char *sk,const unsigned char *seed);
+int crypto_sign_pubkey(unsigned char *pk,const unsigned char *sk);
+int crypto_sign_keypair(unsigned char *pk,unsigned char *sk);
+int crypto_sign(
    unsigned char *sm,unsigned long long *smlen,
    const unsigned char *m,unsigned long long mlen,
    const unsigned char *sk
 );
-int ed25519_amd64_64_open(
+int crypto_sign_open(
    unsigned char *m,unsigned long long *mlen,
    const unsigned char *sm,unsigned long long smlen,
    const unsigned char *pk
 );
-int ed25519_amd64_64_open_batch(
+int crypto_sign_open_batch(
    unsigned char* const m[],unsigned long long mlen[],
    unsigned char* const sm[],const unsigned long long smlen[],
-    unsigned char* const pk[], 
+    unsigned char* const pk[],
    unsigned long long num
 );
--- a/ed25519/amd64-64-24k/fe25519.h
+++ b/ed25519/amd64-64-24k/fe25519.h
@ -1,31 +1,34 @@
 #ifndef FE25519_H
 #define FE25519_H

-#define fe25519                crypto_sign_ed25519_amd64_64_fe25519
-#define fe25519_freeze         crypto_sign_ed25519_amd64_64_fe25519_freeze
-#define fe25519_unpack         crypto_sign_ed25519_amd64_64_fe25519_unpack
-#define fe25519_pack           crypto_sign_ed25519_amd64_64_fe25519_pack
-#define fe25519_iszero_vartime crypto_sign_ed25519_amd64_64_fe25519_iszero_vartime
-#define fe25519_iseq_vartime   crypto_sign_ed25519_amd64_64_fe25519_iseq_vartime
-#define fe25519_cmov           crypto_sign_ed25519_amd64_64_fe25519_cmov
-#define fe25519_setint         crypto_sign_ed25519_amd64_64_fe25519_setint
-#define fe25519_neg            crypto_sign_ed25519_amd64_64_fe25519_neg
-#define fe25519_getparity      crypto_sign_ed25519_amd64_64_fe25519_getparity
-#define fe25519_add            crypto_sign_ed25519_amd64_64_fe25519_add
-#define fe25519_sub            crypto_sign_ed25519_amd64_64_fe25519_sub
-#define fe25519_mul            crypto_sign_ed25519_amd64_64_fe25519_mul
-#define fe25519_mul121666      crypto_sign_ed25519_amd64_64_fe25519_mul121666
-#define fe25519_square         crypto_sign_ed25519_amd64_64_fe25519_square
-#define fe25519_invert         crypto_sign_ed25519_amd64_64_fe25519_invert
-#define fe25519_pow2523        crypto_sign_ed25519_amd64_64_fe25519_pow2523
+#include <stddef.h>
+#include "compat.h"

-typedef struct 
+#define fe25519                CRYPTO_NAMESPACE(fe25519)
+#define fe25519_freeze         CRYPTO_NAMESPACE(fe25519_freeze)
+#define fe25519_unpack         CRYPTO_NAMESPACE(fe25519_unpack)
+#define fe25519_pack           CRYPTO_NAMESPACE(fe25519_pack)
+#define fe25519_iszero_vartime CRYPTO_NAMESPACE(fe25519_iszero_vartime)
+#define fe25519_iseq_vartime   CRYPTO_NAMESPACE(fe25519_iseq_vartime)
+#define fe25519_cmov           CRYPTO_NAMESPACE(fe25519_cmov)
+#define fe25519_setint         CRYPTO_NAMESPACE(fe25519_setint)
+#define fe25519_neg            CRYPTO_NAMESPACE(fe25519_neg)
+#define fe25519_getparity      CRYPTO_NAMESPACE(fe25519_getparity)
+#define fe25519_add            CRYPTO_NAMESPACE(fe25519_add)
+#define fe25519_sub            CRYPTO_NAMESPACE(fe25519_sub)
+#define fe25519_mul            CRYPTO_NAMESPACE(fe25519_mul)
+#define fe25519_square         CRYPTO_NAMESPACE(fe25519_square)
+#define fe25519_invert         CRYPTO_NAMESPACE(fe25519_invert)
+#define fe25519_batchinvert    CRYPTO_NAMESPACE(fe25519_batchinvert)
+#define fe25519_pow2523        CRYPTO_NAMESPACE(fe25519_pow2523)
+
+typedef struct
 {
-  unsigned long long v[4]; 
+  unsigned long long v[4];
 }
 fe25519;

-void fe25519_freeze(fe25519 *r);
+void fe25519_freeze(fe25519 *r) SYSVABI;

 void fe25519_unpack(fe25519 *r, const unsigned char x[32]);

@ -45,20 +48,20 @@ int fe25519_iszero_vartime(const fe25519 *x);

 int fe25519_iseq_vartime(const fe25519 *x, const fe25519 *y);

-void fe25519_add(fe25519 *r, const fe25519 *x, const fe25519 *y);
+void fe25519_add(fe25519 *r, const fe25519 *x, const fe25519 *y) SYSVABI;

-void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y);
+void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y) SYSVABI;

-void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y);
+void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y) SYSVABI;

-void fe25519_mul121666(fe25519 *r, const fe25519 *x);
-
-void fe25519_square(fe25519 *r, const fe25519 *x);
+void fe25519_square(fe25519 *r, const fe25519 *x) SYSVABI;

 void fe25519_pow(fe25519 *r, const fe25519 *x, const unsigned char *e);

 void fe25519_invert(fe25519 *r, const fe25519 *x);

+void fe25519_batchinvert(fe25519 *out, const fe25519 *in, fe25519 *tmp, size_t num, size_t offset);
+
 void fe25519_pow2523(fe25519 *r, const fe25519 *x);

 #endif
--- a/ed25519/amd64-64-24k/fe25519_add.S
+++ b/ed25519/amd64-64-24k/fe25519_add.S
@ -65,13 +65,13 @@

 # qhasm:   stack64 caller7_stack

-# qhasm: enter crypto_sign_ed25519_amd64_64_fe25519_add
+# qhasm: enter CRYPTO_NAMESPACE(fe25519_add)
 .text
 .p2align 5
-.globl _crypto_sign_ed25519_amd64_64_fe25519_add
-.globl crypto_sign_ed25519_amd64_64_fe25519_add
-_crypto_sign_ed25519_amd64_64_fe25519_add:
-crypto_sign_ed25519_amd64_64_fe25519_add:
+.globl _CRYPTO_NAMESPACE(fe25519_add)
+.globl CRYPTO_NAMESPACE(fe25519_add)
+_CRYPTO_NAMESPACE(fe25519_add):
+CRYPTO_NAMESPACE(fe25519_add):
 mov %rsp,%r11
 and $31,%r11
 add $0,%r11
--- a/ed25519/amd64-64-24k/fe25519_batchinvert.c
+++ b/ed25519/amd64-64-24k/fe25519_batchinvert.c
@ -0,0 +1,34 @@
+#include "fe25519.h"
+
+// tmp MUST != out or in
+// in MAY == out
+void fe25519_batchinvert(fe25519 *out, const fe25519 *in, fe25519 *tmp, size_t num, size_t offset)
+{
+  fe25519 acc;
+  fe25519 tmpacc;
+  size_t i;
+  const fe25519 *inp;
+  fe25519 *outp;
+
+  fe25519_setint(&acc,1);
+
+  inp = in;
+  for (i = 0;i < num;++i) {
+    tmp[i] = acc;
+    fe25519_mul(&acc,&acc,inp);
+    inp = (const fe25519 *)((const char *)inp + offset);
+  }
+
+  fe25519_invert(&acc,&acc);
+
+  i = num;
+  inp = (const fe25519 *)((const char *)in + offset * num);
+  outp = (fe25519 *)((char *)out + offset * num);
+  while (i--) {
+    inp = (const fe25519 *)((const char *)inp - offset);
+    outp = (fe25519 *)((char *)outp - offset);
+    fe25519_mul(&tmpacc,&acc,inp);
+    fe25519_mul(outp,&acc,&tmp[i]);
+    acc = tmpacc;
+  }
+}
--- a/ed25519/amd64-64-24k/fe25519_freeze.S
+++ b/ed25519/amd64-64-24k/fe25519_freeze.S
@ -63,13 +63,13 @@

 # qhasm:   stack64 caller7_stack

-# qhasm: enter crypto_sign_ed25519_amd64_64_fe25519_freeze
+# qhasm: enter CRYPTO_NAMESPACE(fe25519_freeze)
 .text
 .p2align 5
-.globl _crypto_sign_ed25519_amd64_64_fe25519_freeze
-.globl crypto_sign_ed25519_amd64_64_fe25519_freeze
-_crypto_sign_ed25519_amd64_64_fe25519_freeze:
-crypto_sign_ed25519_amd64_64_fe25519_freeze:
+.globl _CRYPTO_NAMESPACE(fe25519_freeze)
+.globl CRYPTO_NAMESPACE(fe25519_freeze)
+_CRYPTO_NAMESPACE(fe25519_freeze):
+CRYPTO_NAMESPACE(fe25519_freeze):
 mov %rsp,%r11
 and $31,%r11
 add $64,%r11
--- a/ed25519/amd64-64-24k/fe25519_mul.S
+++ b/ed25519/amd64-64-24k/fe25519_mul.S
@ -89,13 +89,13 @@

 # qhasm: int64 muli38

-# qhasm: enter crypto_sign_ed25519_amd64_64_fe25519_mul
+# qhasm: enter CRYPTO_NAMESPACE(fe25519_mul)
 .text
 .p2align 5
-.globl _crypto_sign_ed25519_amd64_64_fe25519_mul
-.globl crypto_sign_ed25519_amd64_64_fe25519_mul
-_crypto_sign_ed25519_amd64_64_fe25519_mul:
-crypto_sign_ed25519_amd64_64_fe25519_mul:
+.globl _CRYPTO_NAMESPACE(fe25519_mul)
+.globl CRYPTO_NAMESPACE(fe25519_mul)
+_CRYPTO_NAMESPACE(fe25519_mul):
+CRYPTO_NAMESPACE(fe25519_mul):
 mov %rsp,%r11
 and $31,%r11
 add $64,%r11
@ -651,8 +651,8 @@ adc %rdx,%r11
 # asm 2: mov  <mulr4=%r8,>mulrax=%rax
 mov  %r8,%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   mulr4 = mulrax
 # asm 1: mov  <mulrax=int64#7,>mulr4=int64#2
@ -669,8 +669,8 @@ mov  %r9,%rax
 # asm 2: mov  <mulrdx=%rdx,>mulr5=%rcx
 mov  %rdx,%rcx

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr5 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr5=int64#4
@ -692,8 +692,8 @@ mov  $0,%r8
 # asm 2: adc <mulrdx=%rdx,<mulr6=%r8
 adc %rdx,%r8

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr6 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr6=int64#5
@ -715,8 +715,8 @@ mov  $0,%r9
 # asm 2: adc <mulrdx=%rdx,<mulr7=%r9
 adc %rdx,%r9

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr7 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr7=int64#6
--- a/ed25519/amd64-64-24k/fe25519_square.S
+++ b/ed25519/amd64-64-24k/fe25519_square.S
@ -83,13 +83,13 @@

 # qhasm: int64 squarei38

-# qhasm: enter crypto_sign_ed25519_amd64_64_fe25519_square
+# qhasm: enter CRYPTO_NAMESPACE(fe25519_square)
 .text
 .p2align 5
-.globl _crypto_sign_ed25519_amd64_64_fe25519_square
-.globl crypto_sign_ed25519_amd64_64_fe25519_square
-_crypto_sign_ed25519_amd64_64_fe25519_square:
-crypto_sign_ed25519_amd64_64_fe25519_square:
+.globl _CRYPTO_NAMESPACE(fe25519_square)
+.globl CRYPTO_NAMESPACE(fe25519_square)
+_CRYPTO_NAMESPACE(fe25519_square):
+CRYPTO_NAMESPACE(fe25519_square):
 mov %rsp,%r11
 and $31,%r11
 add $64,%r11
@ -425,8 +425,8 @@ adc %rdx,%rcx
 # asm 2: mov  <squarer4=%r11,>squarerax=%rax
 mov  %r11,%rax

-# qhasm:   (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   squarer4 = squarerax
 # asm 1: mov  <squarerax=int64#7,>squarer4=int64#2
@ -443,8 +443,8 @@ mov  %r12,%rax
 # asm 2: mov  <squarerdx=%rdx,>squarer5=%r11
 mov  %rdx,%r11

-# qhasm:   (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? squarer5 += squarerax
 # asm 1: add  <squarerax=int64#7,<squarer5=int64#9
@ -466,8 +466,8 @@ mov  $0,%r12
 # asm 2: adc <squarerdx=%rdx,<squarer6=%r12
 adc %rdx,%r12

-# qhasm:   (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? squarer6 += squarerax
 # asm 1: add  <squarerax=int64#7,<squarer6=int64#10
@ -489,8 +489,8 @@ mov  $0,%rcx
 # asm 2: adc <squarerdx=%rdx,<squarer7=%rcx
 adc %rdx,%rcx

-# qhasm:   (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? squarer7 += squarerax
 # asm 1: add  <squarerax=int64#7,<squarer7=int64#4
--- a/ed25519/amd64-64-24k/fe25519_sub.S
+++ b/ed25519/amd64-64-24k/fe25519_sub.S
@ -65,13 +65,13 @@

 # qhasm:   stack64 caller7_stack

-# qhasm: enter crypto_sign_ed25519_amd64_64_fe25519_sub
+# qhasm: enter CRYPTO_NAMESPACE(fe25519_sub)
 .text
 .p2align 5
-.globl _crypto_sign_ed25519_amd64_64_fe25519_sub
-.globl crypto_sign_ed25519_amd64_64_fe25519_sub
-_crypto_sign_ed25519_amd64_64_fe25519_sub:
-crypto_sign_ed25519_amd64_64_fe25519_sub:
+.globl _CRYPTO_NAMESPACE(fe25519_sub)
+.globl CRYPTO_NAMESPACE(fe25519_sub)
+_CRYPTO_NAMESPACE(fe25519_sub):
+CRYPTO_NAMESPACE(fe25519_sub):
 mov %rsp,%r11
 and $31,%r11
 add $0,%r11
--- a/ed25519/amd64-64-24k/ge25519.h
+++ b/ed25519/amd64-64-24k/ge25519.h
@ -3,25 +3,26 @@

 #include "fe25519.h"
 #include "sc25519.h"
+#include "compat.h"

-#define ge25519                           crypto_sign_ed25519_amd64_64_ge25519
-#define ge25519_base                      crypto_sign_ed25519_amd64_64_ge25519_base
-#define ge25519_unpackneg_vartime         crypto_sign_ed25519_amd64_64_unpackneg_vartime
-#define ge25519_pack                      crypto_sign_ed25519_amd64_64_pack
-#define ge25519_isneutral_vartime         crypto_sign_ed25519_amd64_64_isneutral_vartime
-#define ge25519_add                       crypto_sign_ed25519_amd64_64_ge25519_add
-#define ge25519_double                    crypto_sign_ed25519_amd64_64_ge25519_double
-#define ge25519_double_scalarmult_vartime crypto_sign_ed25519_amd64_64_double_scalarmult_vartime
-#define ge25519_multi_scalarmult_vartime  crypto_sign_ed25519_amd64_64_ge25519_multi_scalarmult_vartime
-#define ge25519_scalarmult_base           crypto_sign_ed25519_amd64_64_scalarmult_base
-#define ge25519_p1p1_to_p2                crypto_sign_ed25519_amd64_64_ge25519_p1p1_to_p2
-#define ge25519_p1p1_to_p3                crypto_sign_ed25519_amd64_64_ge25519_p1p1_to_p3
-#define ge25519_add_p1p1                  crypto_sign_ed25519_amd64_64_ge25519_add_p1p1
-#define ge25519_dbl_p1p1                  crypto_sign_ed25519_amd64_64_ge25519_dbl_p1p1
-#define choose_t                          crypto_sign_ed25519_amd64_64_choose_t
-#define ge25519_nielsadd2                 crypto_sign_ed25519_amd64_64_ge25519_nielsadd2
-#define ge25519_nielsadd_p1p1             crypto_sign_ed25519_amd64_64_ge25519_nielsadd_p1p1
-#define ge25519_pnielsadd_p1p1            crypto_sign_ed25519_amd64_64_ge25519_pnielsadd_p1p1
+#define ge25519                           CRYPTO_NAMESPACE(ge25519)
+#define ge25519_base                      CRYPTO_NAMESPACE(ge25519_base)
+#define ge25519_unpackneg_vartime         CRYPTO_NAMESPACE(unpackneg_vartime)
+#define ge25519_pack                      CRYPTO_NAMESPACE(pack)
+#define ge25519_isneutral_vartime         CRYPTO_NAMESPACE(isneutral_vartime)
+#define ge25519_add                       CRYPTO_NAMESPACE(ge25519_add)
+#define ge25519_double                    CRYPTO_NAMESPACE(ge25519_double)
+#define ge25519_double_scalarmult_vartime CRYPTO_NAMESPACE(double_scalarmult_vartime)
+#define ge25519_multi_scalarmult_vartime  CRYPTO_NAMESPACE(ge25519_multi_scalarmult_vartime)
+#define ge25519_scalarmult_base           CRYPTO_NAMESPACE(scalarmult_base)
+#define ge25519_p1p1_to_p2                CRYPTO_NAMESPACE(ge25519_p1p1_to_p2)
+#define ge25519_p1p1_to_p3                CRYPTO_NAMESPACE(ge25519_p1p1_to_p3)
+#define ge25519_add_p1p1                  CRYPTO_NAMESPACE(ge25519_add_p1p1)
+#define ge25519_dbl_p1p1                  CRYPTO_NAMESPACE(ge25519_dbl_p1p1)
+#define choose_t                          CRYPTO_NAMESPACE(choose_t)
+#define ge25519_nielsadd2                 CRYPTO_NAMESPACE(ge25519_nielsadd2)
+#define ge25519_nielsadd_p1p1             CRYPTO_NAMESPACE(ge25519_nielsadd_p1p1)
+#define ge25519_pnielsadd_p1p1            CRYPTO_NAMESPACE(ge25519_pnielsadd_p1p1)


 #define ge25519_p3 ge25519
@ -64,14 +65,16 @@ typedef struct
  fe25519 t2d;
 } ge25519_pniels;

-extern void ge25519_p1p1_to_p2(ge25519_p2 *r, const ge25519_p1p1 *p);
-extern void ge25519_p1p1_to_p3(ge25519_p3 *r, const ge25519_p1p1 *p);
-extern void ge25519_add_p1p1(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_p3 *q);
-extern void ge25519_dbl_p1p1(ge25519_p1p1 *r, const ge25519_p2 *p);
-extern void choose_t(ge25519_niels *t, unsigned long long pos, signed long long b, const ge25519_niels *base_multiples);
-extern void ge25519_nielsadd2(ge25519_p3 *r, const ge25519_niels *q);
-extern void ge25519_nielsadd_p1p1(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_niels *q);
-extern void ge25519_pnielsadd_p1p1(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_pniels *q);
+typedef unsigned char bytes32[32];
+
+extern void ge25519_p1p1_to_p2(ge25519_p2 *r, const ge25519_p1p1 *p) SYSVABI;
+extern void ge25519_p1p1_to_p3(ge25519_p3 *r, const ge25519_p1p1 *p) SYSVABI;
+extern void ge25519_add_p1p1(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_p3 *q) SYSVABI;
+extern void ge25519_dbl_p1p1(ge25519_p1p1 *r, const ge25519_p2 *p) SYSVABI;
+extern void choose_t(ge25519_niels *t, unsigned long long pos, signed long long b, const ge25519_niels *base_multiples) SYSVABI;
+extern void ge25519_nielsadd2(ge25519_p3 *r, const ge25519_niels *q) SYSVABI;
+extern void ge25519_nielsadd_p1p1(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_niels *q) SYSVABI;
+extern void ge25519_pnielsadd_p1p1(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_pniels *q) SYSVABI;

 extern const ge25519 ge25519_base;

@ -79,6 +82,9 @@ extern int ge25519_unpackneg_vartime(ge25519 *r, const unsigned char p[32]);

 extern void ge25519_pack(unsigned char r[32], const ge25519 *p);

+extern void ge25519_batchpack_destructive_1(bytes32 *out, ge25519_p3 *in, fe25519 *tmp, size_t num);
+extern void ge25519_batchpack_destructive_finish(bytes32 out, ge25519_p3 *unf);
+
 extern int ge25519_isneutral_vartime(const ge25519 *p);

 extern void ge25519_add(ge25519 *r, const ge25519 *p, const ge25519 *q);
--- a/ed25519/amd64-64-24k/ge25519_add_p1p1.S
+++ b/ed25519/amd64-64-24k/ge25519_add_p1p1.S
@ -225,13 +225,13 @@

 # qhasm: int64 subt1

-# qhasm: enter crypto_sign_ed25519_amd64_64_ge25519_add_p1p1
+# qhasm: enter CRYPTO_NAMESPACE(ge25519_add_p1p1)
 .text
 .p2align 5
-.globl _crypto_sign_ed25519_amd64_64_ge25519_add_p1p1
-.globl crypto_sign_ed25519_amd64_64_ge25519_add_p1p1
-_crypto_sign_ed25519_amd64_64_ge25519_add_p1p1:
-crypto_sign_ed25519_amd64_64_ge25519_add_p1p1:
+.globl _CRYPTO_NAMESPACE(ge25519_add_p1p1)
+.globl CRYPTO_NAMESPACE(ge25519_add_p1p1)
+_CRYPTO_NAMESPACE(ge25519_add_p1p1):
+CRYPTO_NAMESPACE(ge25519_add_p1p1):
 mov %rsp,%r11
 and $31,%r11
 add $192,%r11
@ -1207,8 +1207,8 @@ adc %rdx,%r11
 # asm 2: mov  <mulr4=%r8,>mulrax=%rax
 mov  %r8,%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   mulr4 = mulrax
 # asm 1: mov  <mulrax=int64#7,>mulr4=int64#5
@ -1225,8 +1225,8 @@ mov  %r9,%rax
 # asm 2: mov  <mulrdx=%rdx,>mulr5=%r9
 mov  %rdx,%r9

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr5 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr5=int64#6
@ -1248,8 +1248,8 @@ mov  $0,%r10
 # asm 2: adc <mulrdx=%rdx,<mulr6=%r10
 adc %rdx,%r10

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr6 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr6=int64#8
@ -1271,8 +1271,8 @@ mov  $0,%r11
 # asm 2: adc <mulrdx=%rdx,<mulr7=%r11
 adc %rdx,%r11

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr7 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr7=int64#9
@ -1889,8 +1889,8 @@ adc %rdx,%r11
 # asm 2: mov  <mulr4=%r8,>mulrax=%rax
 mov  %r8,%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   mulr4 = mulrax
 # asm 1: mov  <mulrax=int64#7,>mulr4=int64#5
@ -1907,8 +1907,8 @@ mov  %r9,%rax
 # asm 2: mov  <mulrdx=%rdx,>mulr5=%r9
 mov  %rdx,%r9

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr5 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr5=int64#6
@ -1930,8 +1930,8 @@ mov  $0,%r10
 # asm 2: adc <mulrdx=%rdx,<mulr6=%r10
 adc %rdx,%r10

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr6 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr6=int64#8
@ -1953,8 +1953,8 @@ mov  $0,%r11
 # asm 2: adc <mulrdx=%rdx,<mulr7=%r11
 adc %rdx,%r11

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr7 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr7=int64#9
@ -2741,8 +2741,8 @@ adc %rdx,%r11
 # asm 2: mov  <mulr4=%r8,>mulrax=%rax
 mov  %r8,%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   mulr4 = mulrax
 # asm 1: mov  <mulrax=int64#7,>mulr4=int64#5
@ -2759,8 +2759,8 @@ mov  %r9,%rax
 # asm 2: mov  <mulrdx=%rdx,>mulr5=%r9
 mov  %rdx,%r9

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr5 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr5=int64#6
@ -2782,8 +2782,8 @@ mov  $0,%r10
 # asm 2: adc <mulrdx=%rdx,<mulr6=%r10
 adc %rdx,%r10

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr6 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr6=int64#8
@ -2805,8 +2805,8 @@ mov  $0,%r11
 # asm 2: adc <mulrdx=%rdx,<mulr7=%r11
 adc %rdx,%r11

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr7 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr7=int64#9
@ -2938,10 +2938,10 @@ mov  $0,%r11
 # asm 2: movq <c0_stack=56(%rsp),>mulx0=%r12
 movq 56(%rsp),%r12

-# qhasm:   mulrax = *(uint64 *)&crypto_sign_ed25519_amd64_64_EC2D0
-# asm 1: movq crypto_sign_ed25519_amd64_64_EC2D0,>mulrax=int64#7
-# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D0,>mulrax=%rax
-movq crypto_sign_ed25519_amd64_64_EC2D0,%rax
+# qhasm:   mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D0)
+# asm 1: movq CRYPTO_NAMESPACE(EC2D0),>mulrax=int64#7
+# asm 2: movq CRYPTO_NAMESPACE(EC2D0),>mulrax=%rax
+movq CRYPTO_NAMESPACE(EC2D0)(%rip),%rax

 # qhasm:   (uint128) mulrdx mulrax = mulrax * mulx0
 # asm 1: mul  <mulx0=int64#10
@ -2958,10 +2958,10 @@ mov  %rax,%r13
 # asm 2: mov  <mulrdx=%rdx,>c1=%r14
 mov  %rdx,%r14

-# qhasm:   mulrax = *(uint64 *)&crypto_sign_ed25519_amd64_64_EC2D1
-# asm 1: movq crypto_sign_ed25519_amd64_64_EC2D1,>mulrax=int64#7
-# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D1,>mulrax=%rax
-movq crypto_sign_ed25519_amd64_64_EC2D1,%rax
+# qhasm:   mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D1)
+# asm 1: movq CRYPTO_NAMESPACE(EC2D1),>mulrax=int64#7
+# asm 2: movq CRYPTO_NAMESPACE(EC2D1),>mulrax=%rax
+movq CRYPTO_NAMESPACE(EC2D1)(%rip),%rax

 # qhasm:   (uint128) mulrdx mulrax = mulrax * mulx0
 # asm 1: mul  <mulx0=int64#10
@ -2983,10 +2983,10 @@ mov  $0,%r15
 # asm 2: adc <mulrdx=%rdx,<c2=%r15
 adc %rdx,%r15

-# qhasm:   mulrax = *(uint64 *)&crypto_sign_ed25519_amd64_64_EC2D2
-# asm 1: movq crypto_sign_ed25519_amd64_64_EC2D2,>mulrax=int64#7
-# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D2,>mulrax=%rax
-movq crypto_sign_ed25519_amd64_64_EC2D2,%rax
+# qhasm:   mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D2)
+# asm 1: movq CRYPTO_NAMESPACE(EC2D2),>mulrax=int64#7
+# asm 2: movq CRYPTO_NAMESPACE(EC2D2),>mulrax=%rax
+movq CRYPTO_NAMESPACE(EC2D2)(%rip),%rax

 # qhasm:   (uint128) mulrdx mulrax = mulrax * mulx0
 # asm 1: mul  <mulx0=int64#10
@ -3008,10 +3008,10 @@ mov  $0,%rbx
 # asm 2: adc <mulrdx=%rdx,<c3=%rbx
 adc %rdx,%rbx

-# qhasm:   mulrax = *(uint64 *)&crypto_sign_ed25519_amd64_64_EC2D3
-# asm 1: movq crypto_sign_ed25519_amd64_64_EC2D3,>mulrax=int64#7
-# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D3,>mulrax=%rax
-movq crypto_sign_ed25519_amd64_64_EC2D3,%rax
+# qhasm:   mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D3)
+# asm 1: movq CRYPTO_NAMESPACE(EC2D3),>mulrax=int64#7
+# asm 2: movq CRYPTO_NAMESPACE(EC2D3),>mulrax=%rax
+movq CRYPTO_NAMESPACE(EC2D3)(%rip),%rax

 # qhasm:   (uint128) mulrdx mulrax = mulrax * mulx0
 # asm 1: mul  <mulx0=int64#10
@ -3033,10 +3033,10 @@ adc %rdx,%r8
 # asm 2: movq <c1_stack=64(%rsp),>mulx1=%r12
 movq 64(%rsp),%r12

-# qhasm:   mulrax = *(uint64 *)&crypto_sign_ed25519_amd64_64_EC2D0
-# asm 1: movq crypto_sign_ed25519_amd64_64_EC2D0,>mulrax=int64#7
-# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D0,>mulrax=%rax
-movq crypto_sign_ed25519_amd64_64_EC2D0,%rax
+# qhasm:   mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D0)
+# asm 1: movq CRYPTO_NAMESPACE(EC2D0),>mulrax=int64#7
+# asm 2: movq CRYPTO_NAMESPACE(EC2D0),>mulrax=%rax
+movq CRYPTO_NAMESPACE(EC2D0)(%rip),%rax

 # qhasm:   (uint128) mulrdx mulrax = mulrax * mulx1
 # asm 1: mul  <mulx1=int64#10
@ -3058,10 +3058,10 @@ mov  $0,%rbp
 # asm 2: adc <mulrdx=%rdx,<mulc=%rbp
 adc %rdx,%rbp

-# qhasm:   mulrax = *(uint64 *)&crypto_sign_ed25519_amd64_64_EC2D1
-# asm 1: movq crypto_sign_ed25519_amd64_64_EC2D1,>mulrax=int64#7
-# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D1,>mulrax=%rax
-movq crypto_sign_ed25519_amd64_64_EC2D1,%rax
+# qhasm:   mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D1)
+# asm 1: movq CRYPTO_NAMESPACE(EC2D1),>mulrax=int64#7
+# asm 2: movq CRYPTO_NAMESPACE(EC2D1),>mulrax=%rax
+movq CRYPTO_NAMESPACE(EC2D1)(%rip),%rax

 # qhasm:   (uint128) mulrdx mulrax = mulrax * mulx1
 # asm 1: mul  <mulx1=int64#10
@ -3093,10 +3093,10 @@ mov  $0,%rbp
 # asm 2: adc <mulrdx=%rdx,<mulc=%rbp
 adc %rdx,%rbp

-# qhasm:   mulrax = *(uint64 *)&crypto_sign_ed25519_amd64_64_EC2D2
-# asm 1: movq crypto_sign_ed25519_amd64_64_EC2D2,>mulrax=int64#7
-# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D2,>mulrax=%rax
-movq crypto_sign_ed25519_amd64_64_EC2D2,%rax
+# qhasm:   mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D2)
+# asm 1: movq CRYPTO_NAMESPACE(EC2D2),>mulrax=int64#7
+# asm 2: movq CRYPTO_NAMESPACE(EC2D2),>mulrax=%rax
+movq CRYPTO_NAMESPACE(EC2D2)(%rip),%rax

 # qhasm:   (uint128) mulrdx mulrax = mulrax * mulx1
 # asm 1: mul  <mulx1=int64#10
@ -3128,10 +3128,10 @@ mov  $0,%rbp
 # asm 2: adc <mulrdx=%rdx,<mulc=%rbp
 adc %rdx,%rbp

-# qhasm:   mulrax = *(uint64 *)&crypto_sign_ed25519_amd64_64_EC2D3
-# asm 1: movq crypto_sign_ed25519_amd64_64_EC2D3,>mulrax=int64#7
-# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D3,>mulrax=%rax
-movq crypto_sign_ed25519_amd64_64_EC2D3,%rax
+# qhasm:   mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D3)
+# asm 1: movq CRYPTO_NAMESPACE(EC2D3),>mulrax=int64#7
+# asm 2: movq CRYPTO_NAMESPACE(EC2D3),>mulrax=%rax
+movq CRYPTO_NAMESPACE(EC2D3)(%rip),%rax

 # qhasm:   (uint128) mulrdx mulrax = mulrax * mulx1
 # asm 1: mul  <mulx1=int64#10
@ -3163,10 +3163,10 @@ adc %rdx,%r9
 # asm 2: movq <c2_stack=72(%rsp),>mulx2=%r12
 movq 72(%rsp),%r12

-# qhasm:   mulrax = *(uint64 *)&crypto_sign_ed25519_amd64_64_EC2D0
-# asm 1: movq crypto_sign_ed25519_amd64_64_EC2D0,>mulrax=int64#7
-# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D0,>mulrax=%rax
-movq crypto_sign_ed25519_amd64_64_EC2D0,%rax
+# qhasm:   mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D0)
+# asm 1: movq CRYPTO_NAMESPACE(EC2D0),>mulrax=int64#7
+# asm 2: movq CRYPTO_NAMESPACE(EC2D0),>mulrax=%rax
+movq CRYPTO_NAMESPACE(EC2D0)(%rip),%rax

 # qhasm:   (uint128) mulrdx mulrax = mulrax * mulx2
 # asm 1: mul  <mulx2=int64#10
@ -3188,10 +3188,10 @@ mov  $0,%rbp
 # asm 2: adc <mulrdx=%rdx,<mulc=%rbp
 adc %rdx,%rbp

-# qhasm:   mulrax = *(uint64 *)&crypto_sign_ed25519_amd64_64_EC2D1
-# asm 1: movq crypto_sign_ed25519_amd64_64_EC2D1,>mulrax=int64#7
-# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D1,>mulrax=%rax
-movq crypto_sign_ed25519_amd64_64_EC2D1,%rax
+# qhasm:   mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D1)
+# asm 1: movq CRYPTO_NAMESPACE(EC2D1),>mulrax=int64#7
+# asm 2: movq CRYPTO_NAMESPACE(EC2D1),>mulrax=%rax
+movq CRYPTO_NAMESPACE(EC2D1)(%rip),%rax

 # qhasm:   (uint128) mulrdx mulrax = mulrax * mulx2
 # asm 1: mul  <mulx2=int64#10
@ -3223,10 +3223,10 @@ mov  $0,%rbp
 # asm 2: adc <mulrdx=%rdx,<mulc=%rbp
 adc %rdx,%rbp

-# qhasm:   mulrax = *(uint64 *)&crypto_sign_ed25519_amd64_64_EC2D2
-# asm 1: movq crypto_sign_ed25519_amd64_64_EC2D2,>mulrax=int64#7
-# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D2,>mulrax=%rax
-movq crypto_sign_ed25519_amd64_64_EC2D2,%rax
+# qhasm:   mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D2)
+# asm 1: movq CRYPTO_NAMESPACE(EC2D2),>mulrax=int64#7
+# asm 2: movq CRYPTO_NAMESPACE(EC2D2),>mulrax=%rax
+movq CRYPTO_NAMESPACE(EC2D2)(%rip),%rax

 # qhasm:   (uint128) mulrdx mulrax = mulrax * mulx2
 # asm 1: mul  <mulx2=int64#10
@ -3258,10 +3258,10 @@ mov  $0,%rbp
 # asm 2: adc <mulrdx=%rdx,<mulc=%rbp
 adc %rdx,%rbp

-# qhasm:   mulrax = *(uint64 *)&crypto_sign_ed25519_amd64_64_EC2D3
-# asm 1: movq crypto_sign_ed25519_amd64_64_EC2D3,>mulrax=int64#7
-# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D3,>mulrax=%rax
-movq crypto_sign_ed25519_amd64_64_EC2D3,%rax
+# qhasm:   mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D3)
+# asm 1: movq CRYPTO_NAMESPACE(EC2D3),>mulrax=int64#7
+# asm 2: movq CRYPTO_NAMESPACE(EC2D3),>mulrax=%rax
+movq CRYPTO_NAMESPACE(EC2D3)(%rip),%rax

 # qhasm:   (uint128) mulrdx mulrax = mulrax * mulx2
 # asm 1: mul  <mulx2=int64#10
@ -3293,10 +3293,10 @@ adc %rdx,%r10
 # asm 2: movq <c3_stack=80(%rsp),>mulx3=%r12
 movq 80(%rsp),%r12

-# qhasm:   mulrax = *(uint64 *)&crypto_sign_ed25519_amd64_64_EC2D0
-# asm 1: movq crypto_sign_ed25519_amd64_64_EC2D0,>mulrax=int64#7
-# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D0,>mulrax=%rax
-movq crypto_sign_ed25519_amd64_64_EC2D0,%rax
+# qhasm:   mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D0)
+# asm 1: movq CRYPTO_NAMESPACE(EC2D0),>mulrax=int64#7
+# asm 2: movq CRYPTO_NAMESPACE(EC2D0),>mulrax=%rax
+movq CRYPTO_NAMESPACE(EC2D0)(%rip),%rax

 # qhasm:   (uint128) mulrdx mulrax = mulrax * mulx3
 # asm 1: mul  <mulx3=int64#10
@ -3318,10 +3318,10 @@ mov  $0,%rbp
 # asm 2: adc <mulrdx=%rdx,<mulc=%rbp
 adc %rdx,%rbp

-# qhasm:   mulrax = *(uint64 *)&crypto_sign_ed25519_amd64_64_EC2D1
-# asm 1: movq crypto_sign_ed25519_amd64_64_EC2D1,>mulrax=int64#7
-# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D1,>mulrax=%rax
-movq crypto_sign_ed25519_amd64_64_EC2D1,%rax
+# qhasm:   mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D1)
+# asm 1: movq CRYPTO_NAMESPACE(EC2D1),>mulrax=int64#7
+# asm 2: movq CRYPTO_NAMESPACE(EC2D1),>mulrax=%rax
+movq CRYPTO_NAMESPACE(EC2D1)(%rip),%rax

 # qhasm:   (uint128) mulrdx mulrax = mulrax * mulx3
 # asm 1: mul  <mulx3=int64#10
@ -3353,10 +3353,10 @@ mov  $0,%rbp
 # asm 2: adc <mulrdx=%rdx,<mulc=%rbp
 adc %rdx,%rbp

-# qhasm:   mulrax = *(uint64 *)&crypto_sign_ed25519_amd64_64_EC2D2
-# asm 1: movq crypto_sign_ed25519_amd64_64_EC2D2,>mulrax=int64#7
-# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D2,>mulrax=%rax
-movq crypto_sign_ed25519_amd64_64_EC2D2,%rax
+# qhasm:   mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D2)
+# asm 1: movq CRYPTO_NAMESPACE(EC2D2),>mulrax=int64#7
+# asm 2: movq CRYPTO_NAMESPACE(EC2D2),>mulrax=%rax
+movq CRYPTO_NAMESPACE(EC2D2)(%rip),%rax

 # qhasm:   (uint128) mulrdx mulrax = mulrax * mulx3
 # asm 1: mul  <mulx3=int64#10
@ -3388,10 +3388,10 @@ mov  $0,%rbp
 # asm 2: adc <mulrdx=%rdx,<mulc=%rbp
 adc %rdx,%rbp

-# qhasm:   mulrax = *(uint64 *)&crypto_sign_ed25519_amd64_64_EC2D3
-# asm 1: movq crypto_sign_ed25519_amd64_64_EC2D3,>mulrax=int64#7
-# asm 2: movq crypto_sign_ed25519_amd64_64_EC2D3,>mulrax=%rax
-movq crypto_sign_ed25519_amd64_64_EC2D3,%rax
+# qhasm:   mulrax = *(uint64 *)&CRYPTO_NAMESPACE(EC2D3)
+# asm 1: movq CRYPTO_NAMESPACE(EC2D3),>mulrax=int64#7
+# asm 2: movq CRYPTO_NAMESPACE(EC2D3),>mulrax=%rax
+movq CRYPTO_NAMESPACE(EC2D3)(%rip),%rax

 # qhasm:   (uint128) mulrdx mulrax = mulrax * mulx3
 # asm 1: mul  <mulx3=int64#10
@ -3423,8 +3423,8 @@ adc %rdx,%r11
 # asm 2: mov  <mulr4=%r8,>mulrax=%rax
 mov  %r8,%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   mulr4 = mulrax
 # asm 1: mov  <mulrax=int64#7,>mulr4=int64#5
@ -3441,8 +3441,8 @@ mov  %r9,%rax
 # asm 2: mov  <mulrdx=%rdx,>mulr5=%r9
 mov  %rdx,%r9

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr5 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr5=int64#6
@ -3464,8 +3464,8 @@ mov  $0,%r10
 # asm 2: adc <mulrdx=%rdx,<mulr6=%r10
 adc %rdx,%r10

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr6 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr6=int64#8
@ -3487,8 +3487,8 @@ mov  $0,%r11
 # asm 2: adc <mulrdx=%rdx,<mulr7=%r11
 adc %rdx,%r11

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr7 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr7=int64#9
@ -4105,8 +4105,8 @@ adc %rdx,%r11
 # asm 2: mov  <mulr4=%r8,>mulrax=%rax
 mov  %r8,%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   mulr4 = mulrax
 # asm 1: mov  <mulrax=int64#7,>mulr4=int64#2
@ -4123,8 +4123,8 @@ mov  %r9,%rax
 # asm 2: mov  <mulrdx=%rdx,>mulr5=%rcx
 mov  %rdx,%rcx

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr5 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr5=int64#4
@ -4146,8 +4146,8 @@ mov  $0,%r8
 # asm 2: adc <mulrdx=%rdx,<mulr6=%r8
 adc %rdx,%r8

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr6 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr6=int64#5
@ -4169,8 +4169,8 @@ mov  $0,%r9
 # asm 2: adc <mulrdx=%rdx,<mulr7=%r9
 adc %rdx,%r9

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr7 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr7=int64#6
--- a/ed25519/amd64-64-24k/ge25519_base_niels.data
+++ b/ed25519/amd64-64-24k/ge25519_base_niels.data
@ -1533,4 +1533,4 @@
 {{0xbd4ea9e10f53c4b6, 0x1673dc5f8ac91a14, 0xa8f81a4e2acc1aba, 0x33a92a7924332a25}}},
 {{{0x9dd1f49927996c02, 0x0cb3b058e04d1752, 0x1f7e88967fd02c3e, 0x2f964268cb8b3eb1}},
 {{0x7ba95ba0218f2ada, 0xcff42287330fb9ca, 0xdada496d56c6d907, 0x5380c296f4beee54}},
- {{0x9d4f270466898d0a, 0x3d0987990aff3f7a, 0xd09ef36267daba45, 0x7761455e7b1c669c}}}
+ {{0x9d4f270466898d0a, 0x3d0987990aff3f7a, 0xd09ef36267daba45, 0x7761455e7b1c669c}}}
--- a/ed25519/amd64-64-24k/ge25519_base_niels_smalltables.data
+++ b/ed25519/amd64-64-24k/ge25519_base_niels_smalltables.data
@ -765,4 +765,4 @@
 {{0x25d448327b95d543, 0x70d38300a3340f1d, 0xde1c531c60e1c52b, 0x272224512c7de9e4}}},
 {{{0x1abc92af49c5342e, 0xffeed811b2e6fad0, 0xefa28c8dfcc84e29, 0x11b5df18a44cc543}},
 {{0xbf7bbb8a42a975fc, 0x8c5c397796ada358, 0xe27fc76fcdedaa48, 0x19735fd7f6bc20a6}},
- {{0xe3ab90d042c84266, 0xeb848e0f7f19547e, 0x2503a1d065a497b9, 0x0fef911191df895f}}}
+ {{0xe3ab90d042c84266, 0xeb848e0f7f19547e, 0x2503a1d065a497b9, 0x0fef911191df895f}}}
--- a/ed25519/amd64-64-24k/ge25519_base_slide_multiples.data
+++ b/ed25519/amd64-64-24k/ge25519_base_slide_multiples.data
@ -93,4 +93,4 @@
 {{0xd2f4d5107f18c781, 0x122ecdf2527e9d28, 0xa70a862a3d3d3341, 0x1db7778911914ce3}}},
 {{{0xddf352397c6bc26f, 0x7a97e2cc53d50113, 0x7c74f43abf79a330, 0x31ad97ad26e2adfc}},
 {{0xb3394769dd701ab6, 0xe2b8ded419cf8da5, 0x15df4161fd2ac852, 0x7ae2ca8a017d24be}},
- {{0xb7e817ed0920b962, 0x1e8518cc3f19da9d, 0xe491c14f25560a64, 0x1ed1fc53a6622c83}}}
+ {{0xb7e817ed0920b962, 0x1e8518cc3f19da9d, 0xe491c14f25560a64, 0x1ed1fc53a6622c83}}}
--- a/ed25519/amd64-64-24k/ge25519_batchpack.c
+++ b/ed25519/amd64-64-24k/ge25519_batchpack.c
@ -0,0 +1,23 @@
+#include "fe25519.h"
+#include "ge25519.h"
+
+// NOTE: leaves in unfinished state
+void ge25519_batchpack_destructive_1(bytes32 *out, ge25519_p3 *in, fe25519 *tmp, size_t num)
+{
+  fe25519 ty;
+
+  fe25519_batchinvert(&in->z, &in->z, tmp, num, sizeof(ge25519_p3));
+
+  for (size_t i = 0; i < num; ++i) {
+    fe25519_mul(&ty, &in[i].y, &in[i].z);
+    fe25519_pack(out[i], &ty);
+  }
+}
+
+void ge25519_batchpack_destructive_finish(bytes32 out, ge25519_p3 *unf)
+{
+  fe25519 tx;
+  // z of unfinished is inverted
+  fe25519_mul(&tx, &unf->x, &unf->z);
+  out[31] ^= fe25519_getparity(&tx) << 7;
+}
--- a/ed25519/amd64-64-24k/ge25519_dbl_p1p1.S
+++ b/ed25519/amd64-64-24k/ge25519_dbl_p1p1.S
@ -233,13 +233,13 @@

 # qhasm:   stack64 caller7_stack

-# qhasm: enter crypto_sign_ed25519_amd64_64_ge25519_dbl_p1p1
+# qhasm: enter CRYPTO_NAMESPACE(ge25519_dbl_p1p1)
 .text
 .p2align 5
-.globl _crypto_sign_ed25519_amd64_64_ge25519_dbl_p1p1
-.globl crypto_sign_ed25519_amd64_64_ge25519_dbl_p1p1
-_crypto_sign_ed25519_amd64_64_ge25519_dbl_p1p1:
-crypto_sign_ed25519_amd64_64_ge25519_dbl_p1p1:
+.globl _CRYPTO_NAMESPACE(ge25519_dbl_p1p1)
+.globl CRYPTO_NAMESPACE(ge25519_dbl_p1p1)
+_CRYPTO_NAMESPACE(ge25519_dbl_p1p1):
+CRYPTO_NAMESPACE(ge25519_dbl_p1p1):
 mov %rsp,%r11
 and $31,%r11
 add $192,%r11
@ -575,8 +575,8 @@ adc %rdx,%rcx
 # asm 2: mov  <squarer4=%r11,>squarerax=%rax
 mov  %r11,%rax

-# qhasm:   (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   squarer4 = squarerax
 # asm 1: mov  <squarerax=int64#7,>squarer4=int64#9
@ -593,8 +593,8 @@ mov  %r12,%rax
 # asm 2: mov  <squarerdx=%rdx,>squarer5=%r12
 mov  %rdx,%r12

-# qhasm:   (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? squarer5 += squarerax
 # asm 1: add  <squarerax=int64#7,<squarer5=int64#10
@ -616,8 +616,8 @@ mov  $0,%r13
 # asm 2: adc <squarerdx=%rdx,<squarer6=%r13
 adc %rdx,%r13

-# qhasm:   (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? squarer6 += squarerax
 # asm 1: add  <squarerax=int64#7,<squarer6=int64#11
@ -639,8 +639,8 @@ mov  $0,%rcx
 # asm 2: adc <squarerdx=%rdx,<squarer7=%rcx
 adc %rdx,%rcx

-# qhasm:   (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? squarer7 += squarerax
 # asm 1: add  <squarerax=int64#7,<squarer7=int64#4
@ -1042,8 +1042,8 @@ adc %rdx,%rcx
 # asm 2: mov  <squarer4=%r11,>squarerax=%rax
 mov  %r11,%rax

-# qhasm:   (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   squarer4 = squarerax
 # asm 1: mov  <squarerax=int64#7,>squarer4=int64#9
@ -1060,8 +1060,8 @@ mov  %r12,%rax
 # asm 2: mov  <squarerdx=%rdx,>squarer5=%r12
 mov  %rdx,%r12

-# qhasm:   (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? squarer5 += squarerax
 # asm 1: add  <squarerax=int64#7,<squarer5=int64#10
@ -1083,8 +1083,8 @@ mov  $0,%r13
 # asm 2: adc <squarerdx=%rdx,<squarer6=%r13
 adc %rdx,%r13

-# qhasm:   (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? squarer6 += squarerax
 # asm 1: add  <squarerax=int64#7,<squarer6=int64#11
@ -1106,8 +1106,8 @@ mov  $0,%rcx
 # asm 2: adc <squarerdx=%rdx,<squarer7=%rcx
 adc %rdx,%rcx

-# qhasm:   (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? squarer7 += squarerax
 # asm 1: add  <squarerax=int64#7,<squarer7=int64#4
@ -1509,8 +1509,8 @@ adc %rdx,%rcx
 # asm 2: mov  <squarer4=%r11,>squarerax=%rax
 mov  %r11,%rax

-# qhasm:   (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   squarer4 = squarerax
 # asm 1: mov  <squarerax=int64#7,>squarer4=int64#9
@ -1527,8 +1527,8 @@ mov  %r12,%rax
 # asm 2: mov  <squarerdx=%rdx,>squarer5=%r12
 mov  %rdx,%r12

-# qhasm:   (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? squarer5 += squarerax
 # asm 1: add  <squarerax=int64#7,<squarer5=int64#10
@ -1550,8 +1550,8 @@ mov  $0,%r13
 # asm 2: adc <squarerdx=%rdx,<squarer6=%r13
 adc %rdx,%r13

-# qhasm:   (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? squarer6 += squarerax
 # asm 1: add  <squarerax=int64#7,<squarer6=int64#11
@ -1573,8 +1573,8 @@ mov  $0,%rcx
 # asm 2: adc <squarerdx=%rdx,<squarer7=%rcx
 adc %rdx,%rcx

-# qhasm:   (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? squarer7 += squarerax
 # asm 1: add  <squarerax=int64#7,<squarer7=int64#4
@ -2631,8 +2631,8 @@ adc %rdx,%rsi
 # asm 2: mov  <squarer4=%r10,>squarerax=%rax
 mov  %r10,%rax

-# qhasm:   (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   squarer4 = squarerax
 # asm 1: mov  <squarerax=int64#7,>squarer4=int64#8
@ -2649,8 +2649,8 @@ mov  %r11,%rax
 # asm 2: mov  <squarerdx=%rdx,>squarer5=%r11
 mov  %rdx,%r11

-# qhasm:   (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? squarer5 += squarerax
 # asm 1: add  <squarerax=int64#7,<squarer5=int64#9
@ -2672,8 +2672,8 @@ mov  $0,%r12
 # asm 2: adc <squarerdx=%rdx,<squarer6=%r12
 adc %rdx,%r12

-# qhasm:   (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? squarer6 += squarerax
 # asm 1: add  <squarerax=int64#7,<squarer6=int64#10
@ -2695,8 +2695,8 @@ mov  $0,%rsi
 # asm 2: adc <squarerdx=%rdx,<squarer7=%rsi
 adc %rdx,%rsi

-# qhasm:   (uint128) squarerdx squarerax = squarerax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) squarerdx squarerax = squarerax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? squarer7 += squarerax
 # asm 1: add  <squarerax=int64#7,<squarer7=int64#2
--- a/ed25519/amd64-64-24k/ge25519_double_scalarmult.c
+++ b/ed25519/amd64-64-24k/ge25519_double_scalarmult.c
@ -7,7 +7,7 @@
 #define S2_SWINDOWSIZE 7
 #define PRE2_SIZE (1<<(S2_SWINDOWSIZE-2))

-ge25519_niels pre2[PRE2_SIZE] = {
+static const ge25519_niels pre2[PRE2_SIZE] = {
 #include "ge25519_base_slide_multiples.data"
 };

--- a/ed25519/amd64-64-24k/ge25519_nielsadd2.S
+++ b/ed25519/amd64-64-24k/ge25519_nielsadd2.S
@ -293,13 +293,13 @@

 # qhasm: int64 subt1

-# qhasm: enter crypto_sign_ed25519_amd64_64_ge25519_nielsadd2
+# qhasm: enter CRYPTO_NAMESPACE(ge25519_nielsadd2)
 .text
 .p2align 5
-.globl _crypto_sign_ed25519_amd64_64_ge25519_nielsadd2
-.globl crypto_sign_ed25519_amd64_64_ge25519_nielsadd2
-_crypto_sign_ed25519_amd64_64_ge25519_nielsadd2:
-crypto_sign_ed25519_amd64_64_ge25519_nielsadd2:
+.globl _CRYPTO_NAMESPACE(ge25519_nielsadd2)
+.globl CRYPTO_NAMESPACE(ge25519_nielsadd2)
+_CRYPTO_NAMESPACE(ge25519_nielsadd2):
+CRYPTO_NAMESPACE(ge25519_nielsadd2):
 mov %rsp,%r11
 and $31,%r11
 add $192,%r11
@ -1060,8 +1060,8 @@ adc %rdx,%r10
 # asm 2: mov  <mulr4=%rcx,>mulrax=%rax
 mov  %rcx,%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   mulr4 = mulrax
 # asm 1: mov  <mulrax=int64#7,>mulr4=int64#4
@ -1078,8 +1078,8 @@ mov  %r8,%rax
 # asm 2: mov  <mulrdx=%rdx,>mulr5=%r8
 mov  %rdx,%r8

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr5 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr5=int64#5
@ -1101,8 +1101,8 @@ mov  $0,%r9
 # asm 2: adc <mulrdx=%rdx,<mulr6=%r9
 adc %rdx,%r9

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr6 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr6=int64#6
@ -1124,8 +1124,8 @@ mov  $0,%r10
 # asm 2: adc <mulrdx=%rdx,<mulr7=%r10
 adc %rdx,%r10

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr7 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr7=int64#8
@ -1742,8 +1742,8 @@ adc %rdx,%r10
 # asm 2: mov  <mulr4=%rcx,>mulrax=%rax
 mov  %rcx,%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   mulr4 = mulrax
 # asm 1: mov  <mulrax=int64#7,>mulr4=int64#4
@ -1760,8 +1760,8 @@ mov  %r8,%rax
 # asm 2: mov  <mulrdx=%rdx,>mulr5=%r8
 mov  %rdx,%r8

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr5 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr5=int64#5
@ -1783,8 +1783,8 @@ mov  $0,%r9
 # asm 2: adc <mulrdx=%rdx,<mulr6=%r9
 adc %rdx,%r9

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr6 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr6=int64#6
@ -1806,8 +1806,8 @@ mov  $0,%r10
 # asm 2: adc <mulrdx=%rdx,<mulr7=%r10
 adc %rdx,%r10

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr7 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr7=int64#8
@ -2594,8 +2594,8 @@ adc %rdx,%r10
 # asm 2: mov  <mulr4=%rcx,>mulrax=%rax
 mov  %rcx,%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   mulr4 = mulrax
 # asm 1: mov  <mulrax=int64#7,>mulr4=int64#2
@ -2612,8 +2612,8 @@ mov  %r8,%rax
 # asm 2: mov  <mulrdx=%rdx,>mulr5=%rcx
 mov  %rdx,%rcx

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr5 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr5=int64#4
@ -2635,8 +2635,8 @@ mov  $0,%r8
 # asm 2: adc <mulrdx=%rdx,<mulr6=%r8
 adc %rdx,%r8

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr6 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr6=int64#5
@ -2658,8 +2658,8 @@ mov  $0,%r9
 # asm 2: adc <mulrdx=%rdx,<mulr7=%r9
 adc %rdx,%r9

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr7 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr7=int64#6
@ -3531,8 +3531,8 @@ adc %rdx,%r9
 # asm 2: mov  <mulr4=%rsi,>mulrax=%rax
 mov  %rsi,%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   mulr4 = mulrax
 # asm 1: mov  <mulrax=int64#7,>mulr4=int64#2
@ -3549,8 +3549,8 @@ mov  %rcx,%rax
 # asm 2: mov  <mulrdx=%rdx,>mulr5=%rcx
 mov  %rdx,%rcx

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr5 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr5=int64#4
@ -3572,8 +3572,8 @@ mov  $0,%r8
 # asm 2: adc <mulrdx=%rdx,<mulr6=%r8
 adc %rdx,%r8

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr6 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr6=int64#5
@ -3595,8 +3595,8 @@ mov  $0,%r9
 # asm 2: adc <mulrdx=%rdx,<mulr7=%r9
 adc %rdx,%r9

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr7 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr7=int64#6
@ -4213,8 +4213,8 @@ adc %rdx,%r9
 # asm 2: mov  <mulr4=%rsi,>mulrax=%rax
 mov  %rsi,%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   mulr4 = mulrax
 # asm 1: mov  <mulrax=int64#7,>mulr4=int64#2
@ -4231,8 +4231,8 @@ mov  %rcx,%rax
 # asm 2: mov  <mulrdx=%rdx,>mulr5=%rcx
 mov  %rdx,%rcx

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr5 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr5=int64#4
@ -4254,8 +4254,8 @@ mov  $0,%r8
 # asm 2: adc <mulrdx=%rdx,<mulr6=%r8
 adc %rdx,%r8

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr6 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr6=int64#5
@ -4277,8 +4277,8 @@ mov  $0,%r9
 # asm 2: adc <mulrdx=%rdx,<mulr7=%r9
 adc %rdx,%r9

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr7 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr7=int64#6
@ -4895,8 +4895,8 @@ adc %rdx,%r9
 # asm 2: mov  <mulr4=%rsi,>mulrax=%rax
 mov  %rsi,%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   mulr4 = mulrax
 # asm 1: mov  <mulrax=int64#7,>mulr4=int64#2
@ -4913,8 +4913,8 @@ mov  %rcx,%rax
 # asm 2: mov  <mulrdx=%rdx,>mulr5=%rcx
 mov  %rdx,%rcx

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr5 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr5=int64#4
@ -4936,8 +4936,8 @@ mov  $0,%r8
 # asm 2: adc <mulrdx=%rdx,<mulr6=%r8
 adc %rdx,%r8

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr6 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr6=int64#5
@ -4959,8 +4959,8 @@ mov  $0,%r9
 # asm 2: adc <mulrdx=%rdx,<mulr7=%r9
 adc %rdx,%r9

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr7 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr7=int64#6
@ -5577,8 +5577,8 @@ adc %rdx,%r9
 # asm 2: mov  <mulr4=%rsi,>mulrax=%rax
 mov  %rsi,%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   mulr4 = mulrax
 # asm 1: mov  <mulrax=int64#7,>mulr4=int64#2
@ -5595,8 +5595,8 @@ mov  %rcx,%rax
 # asm 2: mov  <mulrdx=%rdx,>mulr5=%rcx
 mov  %rdx,%rcx

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr5 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr5=int64#4
@ -5618,8 +5618,8 @@ mov  $0,%r8
 # asm 2: adc <mulrdx=%rdx,<mulr6=%r8
 adc %rdx,%r8

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr6 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr6=int64#5
@ -5641,8 +5641,8 @@ mov  $0,%r9
 # asm 2: adc <mulrdx=%rdx,<mulr7=%r9
 adc %rdx,%r9

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr7 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr7=int64#6
--- a/ed25519/amd64-64-24k/ge25519_nielsadd_p1p1.S
+++ b/ed25519/amd64-64-24k/ge25519_nielsadd_p1p1.S
@ -297,13 +297,13 @@

 # qhasm: int64 subt1

-# qhasm: enter crypto_sign_ed25519_amd64_64_ge25519_nielsadd_p1p1
+# qhasm: enter CRYPTO_NAMESPACE(ge25519_nielsadd_p1p1)
 .text
 .p2align 5
-.globl _crypto_sign_ed25519_amd64_64_ge25519_nielsadd_p1p1
-.globl crypto_sign_ed25519_amd64_64_ge25519_nielsadd_p1p1
-_crypto_sign_ed25519_amd64_64_ge25519_nielsadd_p1p1:
-crypto_sign_ed25519_amd64_64_ge25519_nielsadd_p1p1:
+.globl _CRYPTO_NAMESPACE(ge25519_nielsadd_p1p1)
+.globl CRYPTO_NAMESPACE(ge25519_nielsadd_p1p1)
+_CRYPTO_NAMESPACE(ge25519_nielsadd_p1p1):
+CRYPTO_NAMESPACE(ge25519_nielsadd_p1p1):
 mov %rsp,%r11
 and $31,%r11
 add $128,%r11
@ -1069,8 +1069,8 @@ adc %rdx,%r11
 # asm 2: mov  <mulr4=%r8,>mulrax=%rax
 mov  %r8,%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   mulr4 = mulrax
 # asm 1: mov  <mulrax=int64#7,>mulr4=int64#5
@ -1087,8 +1087,8 @@ mov  %r9,%rax
 # asm 2: mov  <mulrdx=%rdx,>mulr5=%r9
 mov  %rdx,%r9

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr5 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr5=int64#6
@ -1110,8 +1110,8 @@ mov  $0,%r10
 # asm 2: adc <mulrdx=%rdx,<mulr6=%r10
 adc %rdx,%r10

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr6 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr6=int64#8
@ -1133,8 +1133,8 @@ mov  $0,%r11
 # asm 2: adc <mulrdx=%rdx,<mulr7=%r11
 adc %rdx,%r11

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr7 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr7=int64#9
@ -1751,8 +1751,8 @@ adc %rdx,%r11
 # asm 2: mov  <mulr4=%r8,>mulrax=%rax
 mov  %r8,%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   mulr4 = mulrax
 # asm 1: mov  <mulrax=int64#7,>mulr4=int64#5
@ -1769,8 +1769,8 @@ mov  %r9,%rax
 # asm 2: mov  <mulrdx=%rdx,>mulr5=%r9
 mov  %rdx,%r9

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr5 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr5=int64#6
@ -1792,8 +1792,8 @@ mov  $0,%r10
 # asm 2: adc <mulrdx=%rdx,<mulr6=%r10
 adc %rdx,%r10

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr6 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr6=int64#8
@ -1815,8 +1815,8 @@ mov  $0,%r11
 # asm 2: adc <mulrdx=%rdx,<mulr7=%r11
 adc %rdx,%r11

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr7 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr7=int64#9
@ -2603,8 +2603,8 @@ adc %rdx,%r11
 # asm 2: mov  <mulr4=%r8,>mulrax=%rax
 mov  %r8,%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   mulr4 = mulrax
 # asm 1: mov  <mulrax=int64#7,>mulr4=int64#4
@ -2621,8 +2621,8 @@ mov  %r9,%rax
 # asm 2: mov  <mulrdx=%rdx,>mulr5=%r8
 mov  %rdx,%r8

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr5 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr5=int64#5
@ -2644,8 +2644,8 @@ mov  $0,%r9
 # asm 2: adc <mulrdx=%rdx,<mulr6=%r9
 adc %rdx,%r9

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr6 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr6=int64#6
@ -2667,8 +2667,8 @@ mov  $0,%r10
 # asm 2: adc <mulrdx=%rdx,<mulr7=%r10
 adc %rdx,%r10

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr7 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr7=int64#8
--- a/ed25519/amd64-64-24k/ge25519_p1p1_to_p2.S
+++ b/ed25519/amd64-64-24k/ge25519_p1p1_to_p2.S
@ -101,13 +101,13 @@

 # qhasm: int64 muli38

-# qhasm: enter crypto_sign_ed25519_amd64_64_ge25519_p1p1_to_p2
+# qhasm: enter CRYPTO_NAMESPACE(ge25519_p1p1_to_p2)
 .text
 .p2align 5
-.globl _crypto_sign_ed25519_amd64_64_ge25519_p1p1_to_p2
-.globl crypto_sign_ed25519_amd64_64_ge25519_p1p1_to_p2
-_crypto_sign_ed25519_amd64_64_ge25519_p1p1_to_p2:
-crypto_sign_ed25519_amd64_64_ge25519_p1p1_to_p2:
+.globl _CRYPTO_NAMESPACE(ge25519_p1p1_to_p2)
+.globl CRYPTO_NAMESPACE(ge25519_p1p1_to_p2)
+_CRYPTO_NAMESPACE(ge25519_p1p1_to_p2):
+CRYPTO_NAMESPACE(ge25519_p1p1_to_p2):
 mov %rsp,%r11
 and $31,%r11
 add $64,%r11
@ -658,8 +658,8 @@ adc %rdx,%r10
 # asm 2: mov  <mulr4=%rcx,>mulrax=%rax
 mov  %rcx,%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   mulr4 = mulrax
 # asm 1: mov  <mulrax=int64#7,>mulr4=int64#4
@ -676,8 +676,8 @@ mov  %r8,%rax
 # asm 2: mov  <mulrdx=%rdx,>mulr5=%r8
 mov  %rdx,%r8

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr5 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr5=int64#5
@ -699,8 +699,8 @@ mov  $0,%r9
 # asm 2: adc <mulrdx=%rdx,<mulr6=%r9
 adc %rdx,%r9

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr6 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr6=int64#6
@ -722,8 +722,8 @@ mov  $0,%r10
 # asm 2: adc <mulrdx=%rdx,<mulr7=%r10
 adc %rdx,%r10

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr7 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr7=int64#8
@ -1340,8 +1340,8 @@ adc %rdx,%r10
 # asm 2: mov  <mulr4=%rcx,>mulrax=%rax
 mov  %rcx,%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   mulr4 = mulrax
 # asm 1: mov  <mulrax=int64#7,>mulr4=int64#4
@ -1358,8 +1358,8 @@ mov  %r8,%rax
 # asm 2: mov  <mulrdx=%rdx,>mulr5=%r8
 mov  %rdx,%r8

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr5 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr5=int64#5
@ -1381,8 +1381,8 @@ mov  $0,%r9
 # asm 2: adc <mulrdx=%rdx,<mulr6=%r9
 adc %rdx,%r9

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr6 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr6=int64#6
@ -1404,8 +1404,8 @@ mov  $0,%r10
 # asm 2: adc <mulrdx=%rdx,<mulr7=%r10
 adc %rdx,%r10

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr7 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr7=int64#8
@ -2022,8 +2022,8 @@ adc %rdx,%r10
 # asm 2: mov  <mulr4=%rcx,>mulrax=%rax
 mov  %rcx,%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   mulr4 = mulrax
 # asm 1: mov  <mulrax=int64#7,>mulr4=int64#2
@ -2040,8 +2040,8 @@ mov  %r8,%rax
 # asm 2: mov  <mulrdx=%rdx,>mulr5=%rcx
 mov  %rdx,%rcx

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr5 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr5=int64#4
@ -2063,8 +2063,8 @@ mov  $0,%r8
 # asm 2: adc <mulrdx=%rdx,<mulr6=%r8
 adc %rdx,%r8

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr6 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr6=int64#5
@ -2086,8 +2086,8 @@ mov  $0,%r9
 # asm 2: adc <mulrdx=%rdx,<mulr7=%r9
 adc %rdx,%r9

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr7 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr7=int64#6
--- a/ed25519/amd64-64-24k/ge25519_p1p1_to_p3.S
+++ b/ed25519/amd64-64-24k/ge25519_p1p1_to_p3.S
@ -109,13 +109,13 @@

 # qhasm: int64 muli38

-# qhasm: enter crypto_sign_ed25519_amd64_64_ge25519_p1p1_to_p3
+# qhasm: enter CRYPTO_NAMESPACE(ge25519_p1p1_to_p3)
 .text
 .p2align 5
-.globl _crypto_sign_ed25519_amd64_64_ge25519_p1p1_to_p3
-.globl crypto_sign_ed25519_amd64_64_ge25519_p1p1_to_p3
-_crypto_sign_ed25519_amd64_64_ge25519_p1p1_to_p3:
-crypto_sign_ed25519_amd64_64_ge25519_p1p1_to_p3:
+.globl _CRYPTO_NAMESPACE(ge25519_p1p1_to_p3)
+.globl CRYPTO_NAMESPACE(ge25519_p1p1_to_p3)
+_CRYPTO_NAMESPACE(ge25519_p1p1_to_p3):
+CRYPTO_NAMESPACE(ge25519_p1p1_to_p3):
 mov %rsp,%r11
 and $31,%r11
 add $64,%r11
@ -666,8 +666,8 @@ adc %rdx,%r10
 # asm 2: mov  <mulr4=%rcx,>mulrax=%rax
 mov  %rcx,%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   mulr4 = mulrax
 # asm 1: mov  <mulrax=int64#7,>mulr4=int64#4
@ -684,8 +684,8 @@ mov  %r8,%rax
 # asm 2: mov  <mulrdx=%rdx,>mulr5=%r8
 mov  %rdx,%r8

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr5 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr5=int64#5
@ -707,8 +707,8 @@ mov  $0,%r9
 # asm 2: adc <mulrdx=%rdx,<mulr6=%r9
 adc %rdx,%r9

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr6 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr6=int64#6
@ -730,8 +730,8 @@ mov  $0,%r10
 # asm 2: adc <mulrdx=%rdx,<mulr7=%r10
 adc %rdx,%r10

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr7 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr7=int64#8
@ -1348,8 +1348,8 @@ adc %rdx,%r10
 # asm 2: mov  <mulr4=%rcx,>mulrax=%rax
 mov  %rcx,%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   mulr4 = mulrax
 # asm 1: mov  <mulrax=int64#7,>mulr4=int64#4
@ -1366,8 +1366,8 @@ mov  %r8,%rax
 # asm 2: mov  <mulrdx=%rdx,>mulr5=%r8
 mov  %rdx,%r8

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr5 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr5=int64#5
@ -1389,8 +1389,8 @@ mov  $0,%r9
 # asm 2: adc <mulrdx=%rdx,<mulr6=%r9
 adc %rdx,%r9

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr6 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr6=int64#6
@ -1412,8 +1412,8 @@ mov  $0,%r10
 # asm 2: adc <mulrdx=%rdx,<mulr7=%r10
 adc %rdx,%r10

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr7 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr7=int64#8
@ -2030,8 +2030,8 @@ adc %rdx,%r10
 # asm 2: mov  <mulr4=%rcx,>mulrax=%rax
 mov  %rcx,%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   mulr4 = mulrax
 # asm 1: mov  <mulrax=int64#7,>mulr4=int64#4
@ -2048,8 +2048,8 @@ mov  %r8,%rax
 # asm 2: mov  <mulrdx=%rdx,>mulr5=%r8
 mov  %rdx,%r8

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr5 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr5=int64#5
@ -2071,8 +2071,8 @@ mov  $0,%r9
 # asm 2: adc <mulrdx=%rdx,<mulr6=%r9
 adc %rdx,%r9

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr6 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr6=int64#6
@ -2094,8 +2094,8 @@ mov  $0,%r10
 # asm 2: adc <mulrdx=%rdx,<mulr7=%r10
 adc %rdx,%r10

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr7 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr7=int64#8
@ -2712,8 +2712,8 @@ adc %rdx,%r10
 # asm 2: mov  <mulr4=%rcx,>mulrax=%rax
 mov  %rcx,%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   mulr4 = mulrax
 # asm 1: mov  <mulrax=int64#7,>mulr4=int64#2
@ -2730,8 +2730,8 @@ mov  %r8,%rax
 # asm 2: mov  <mulrdx=%rdx,>mulr5=%rcx
 mov  %rdx,%rcx

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr5 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr5=int64#4
@ -2753,8 +2753,8 @@ mov  $0,%r8
 # asm 2: adc <mulrdx=%rdx,<mulr6=%r8
 adc %rdx,%r8

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr6 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr6=int64#5
@ -2776,8 +2776,8 @@ mov  $0,%r9
 # asm 2: adc <mulrdx=%rdx,<mulr7=%r9
 adc %rdx,%r9

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr7 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr7=int64#6
--- a/ed25519/amd64-64-24k/ge25519_pnielsadd_p1p1.S
+++ b/ed25519/amd64-64-24k/ge25519_pnielsadd_p1p1.S
@ -225,13 +225,13 @@

 # qhasm: int64 subt1

-# qhasm: enter crypto_sign_ed25519_amd64_64_ge25519_pnielsadd_p1p1
+# qhasm: enter CRYPTO_NAMESPACE(ge25519_pnielsadd_p1p1)
 .text
 .p2align 5
-.globl _crypto_sign_ed25519_amd64_64_ge25519_pnielsadd_p1p1
-.globl crypto_sign_ed25519_amd64_64_ge25519_pnielsadd_p1p1
-_crypto_sign_ed25519_amd64_64_ge25519_pnielsadd_p1p1:
-crypto_sign_ed25519_amd64_64_ge25519_pnielsadd_p1p1:
+.globl _CRYPTO_NAMESPACE(ge25519_pnielsadd_p1p1)
+.globl CRYPTO_NAMESPACE(ge25519_pnielsadd_p1p1)
+_CRYPTO_NAMESPACE(ge25519_pnielsadd_p1p1):
+CRYPTO_NAMESPACE(ge25519_pnielsadd_p1p1):
 mov %rsp,%r11
 and $31,%r11
 add $128,%r11
@ -997,8 +997,8 @@ adc %rdx,%r11
 # asm 2: mov  <mulr4=%r8,>mulrax=%rax
 mov  %r8,%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   mulr4 = mulrax
 # asm 1: mov  <mulrax=int64#7,>mulr4=int64#5
@ -1015,8 +1015,8 @@ mov  %r9,%rax
 # asm 2: mov  <mulrdx=%rdx,>mulr5=%r9
 mov  %rdx,%r9

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr5 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr5=int64#6
@ -1038,8 +1038,8 @@ mov  $0,%r10
 # asm 2: adc <mulrdx=%rdx,<mulr6=%r10
 adc %rdx,%r10

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr6 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr6=int64#8
@ -1061,8 +1061,8 @@ mov  $0,%r11
 # asm 2: adc <mulrdx=%rdx,<mulr7=%r11
 adc %rdx,%r11

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr7 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr7=int64#9
@ -1679,8 +1679,8 @@ adc %rdx,%r11
 # asm 2: mov  <mulr4=%r8,>mulrax=%rax
 mov  %r8,%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   mulr4 = mulrax
 # asm 1: mov  <mulrax=int64#7,>mulr4=int64#5
@ -1697,8 +1697,8 @@ mov  %r9,%rax
 # asm 2: mov  <mulrdx=%rdx,>mulr5=%r9
 mov  %rdx,%r9

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr5 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr5=int64#6
@ -1720,8 +1720,8 @@ mov  $0,%r10
 # asm 2: adc <mulrdx=%rdx,<mulr6=%r10
 adc %rdx,%r10

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr6 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr6=int64#8
@ -1743,8 +1743,8 @@ mov  $0,%r11
 # asm 2: adc <mulrdx=%rdx,<mulr7=%r11
 adc %rdx,%r11

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr7 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr7=int64#9
@ -2531,8 +2531,8 @@ adc %rdx,%r11
 # asm 2: mov  <mulr4=%r8,>mulrax=%rax
 mov  %r8,%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   mulr4 = mulrax
 # asm 1: mov  <mulrax=int64#7,>mulr4=int64#5
@ -2549,8 +2549,8 @@ mov  %r9,%rax
 # asm 2: mov  <mulrdx=%rdx,>mulr5=%r9
 mov  %rdx,%r9

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr5 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr5=int64#6
@ -2572,8 +2572,8 @@ mov  $0,%r10
 # asm 2: adc <mulrdx=%rdx,<mulr6=%r10
 adc %rdx,%r10

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr6 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr6=int64#8
@ -2595,8 +2595,8 @@ mov  $0,%r11
 # asm 2: adc <mulrdx=%rdx,<mulr7=%r11
 adc %rdx,%r11

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr7 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr7=int64#9
@ -3213,8 +3213,8 @@ adc %rdx,%r11
 # asm 2: mov  <mulr4=%r8,>mulrax=%rax
 mov  %r8,%rax

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   mulr4 = mulrax
 # asm 1: mov  <mulrax=int64#7,>mulr4=int64#2
@ -3231,8 +3231,8 @@ mov  %r9,%rax
 # asm 2: mov  <mulrdx=%rdx,>mulr5=%rcx
 mov  %rdx,%rcx

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr5 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr5=int64#4
@ -3254,8 +3254,8 @@ mov  $0,%r8
 # asm 2: adc <mulrdx=%rdx,<mulr6=%r8
 adc %rdx,%r8

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr6 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr6=int64#5
@ -3277,8 +3277,8 @@ mov  $0,%r9
 # asm 2: adc <mulrdx=%rdx,<mulr7=%r9
 adc %rdx,%r9

-# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&crypto_sign_ed25519_amd64_64_38
-mulq  crypto_sign_ed25519_amd64_64_38
+# qhasm:   (uint128) mulrdx mulrax = mulrax * *(uint64 *)&CRYPTO_NAMESPACE(38)
+mulq CRYPTO_NAMESPACE(38)(%rip)

 # qhasm:   carry? mulr7 += mulrax
 # asm 1: add  <mulrax=int64#7,<mulr7=int64#6
--- a/ed25519/amd64-64-24k/heap_rootreplaced.S
+++ b/ed25519/amd64-64-24k/heap_rootreplaced.S
@ -93,13 +93,13 @@

 # qhasm:   stack64 caller7_stack

-# qhasm: enter crypto_sign_ed25519_amd64_51_30k_batch_heap_rootreplaced
+# qhasm: enter CRYPTO_NAMESPACE(heap_rootreplaced)
 .text
 .p2align 5
-.globl _crypto_sign_ed25519_amd64_51_30k_batch_heap_rootreplaced
-.globl crypto_sign_ed25519_amd64_51_30k_batch_heap_rootreplaced
-_crypto_sign_ed25519_amd64_51_30k_batch_heap_rootreplaced:
-crypto_sign_ed25519_amd64_51_30k_batch_heap_rootreplaced:
+.globl _CRYPTO_NAMESPACE(heap_rootreplaced)
+.globl CRYPTO_NAMESPACE(heap_rootreplaced)
+_CRYPTO_NAMESPACE(heap_rootreplaced):
+CRYPTO_NAMESPACE(heap_rootreplaced):
 mov %rsp,%r11
 and $31,%r11
 add $64,%r11
--- a/ed25519/amd64-64-24k/heap_rootreplaced_1limb.S
+++ b/ed25519/amd64-64-24k/heap_rootreplaced_1limb.S
@ -93,13 +93,13 @@

 # qhasm:   stack64 caller7_stack

-# qhasm: enter crypto_sign_ed25519_amd64_51_30k_batch_heap_rootreplaced_1limb
+# qhasm: enter CRYPTO_NAMESPACE(heap_rootreplaced_1limb)
 .text
 .p2align 5
-.globl _crypto_sign_ed25519_amd64_51_30k_batch_heap_rootreplaced_1limb
-.globl crypto_sign_ed25519_amd64_51_30k_batch_heap_rootreplaced_1limb
-_crypto_sign_ed25519_amd64_51_30k_batch_heap_rootreplaced_1limb:
-crypto_sign_ed25519_amd64_51_30k_batch_heap_rootreplaced_1limb:
+.globl _CRYPTO_NAMESPACE(heap_rootreplaced_1limb)
+.globl CRYPTO_NAMESPACE(heap_rootreplaced_1limb)
+_CRYPTO_NAMESPACE(heap_rootreplaced_1limb):
+CRYPTO_NAMESPACE(heap_rootreplaced_1limb):
 mov %rsp,%r11
 and $31,%r11
 add $64,%r11
--- a/ed25519/amd64-64-24k/heap_rootreplaced_2limbs.S
+++ b/ed25519/amd64-64-24k/heap_rootreplaced_2limbs.S
@ -93,13 +93,13 @@

 # qhasm:   stack64 caller7_stack

-# qhasm: enter crypto_sign_ed25519_amd64_51_30k_batch_heap_rootreplaced_2limbs
+# qhasm: enter CRYPTO_NAMESPACE(heap_rootreplaced_2limbs)
 .text
 .p2align 5
-.globl _crypto_sign_ed25519_amd64_51_30k_batch_heap_rootreplaced_2limbs
-.globl crypto_sign_ed25519_amd64_51_30k_batch_heap_rootreplaced_2limbs
-_crypto_sign_ed25519_amd64_51_30k_batch_heap_rootreplaced_2limbs:
-crypto_sign_ed25519_amd64_51_30k_batch_heap_rootreplaced_2limbs:
+.globl _CRYPTO_NAMESPACE(heap_rootreplaced_2limbs)
+.globl CRYPTO_NAMESPACE(heap_rootreplaced_2limbs)
+_CRYPTO_NAMESPACE(heap_rootreplaced_2limbs):
+CRYPTO_NAMESPACE(heap_rootreplaced_2limbs):
 mov %rsp,%r11
 and $31,%r11
 add $64,%r11
--- a/ed25519/amd64-64-24k/heap_rootreplaced_3limbs.S
+++ b/ed25519/amd64-64-24k/heap_rootreplaced_3limbs.S
@ -93,13 +93,13 @@

 # qhasm:   stack64 caller7_stack

-# qhasm: enter crypto_sign_ed25519_amd64_51_30k_batch_heap_rootreplaced_3limbs
+# qhasm: enter CRYPTO_NAMESPACE(heap_rootreplaced_3limbs)
 .text
 .p2align 5
-.globl _crypto_sign_ed25519_amd64_51_30k_batch_heap_rootreplaced_3limbs
-.globl crypto_sign_ed25519_amd64_51_30k_batch_heap_rootreplaced_3limbs
-_crypto_sign_ed25519_amd64_51_30k_batch_heap_rootreplaced_3limbs:
-crypto_sign_ed25519_amd64_51_30k_batch_heap_rootreplaced_3limbs:
+.globl _CRYPTO_NAMESPACE(heap_rootreplaced_3limbs)
+.globl CRYPTO_NAMESPACE(heap_rootreplaced_3limbs)
+_CRYPTO_NAMESPACE(heap_rootreplaced_3limbs):
+CRYPTO_NAMESPACE(heap_rootreplaced_3limbs):
 mov %rsp,%r11
 and $31,%r11
 add $64,%r11
--- a/ed25519/amd64-64-24k/hram.h
+++ b/ed25519/amd64-64-24k/hram.h
@ -1,7 +1,7 @@
 #ifndef HRAM_H
 #define HRAM_H

-#define get_hram crypto_sign_ed25519_amd64_64_get_hram
+#define get_hram CRYPTO_NAMESPACE(get_hram)

 extern void get_hram(unsigned char *hram, const unsigned char *sm, const unsigned char *pk, unsigned char *playground, unsigned long long smlen);

--- a/ed25519/amd64-64-24k/index_heap.h
+++ b/ed25519/amd64-64-24k/index_heap.h
@ -2,16 +2,17 @@
 #define INDEX_HEAP_H

 #include "sc25519.h"
+#include "compat.h"

-#define heap_init                crypto_sign_ed25519_amd64_64_heap_init
-#define heap_extend              crypto_sign_ed25519_amd64_64_heap_extend
-#define heap_pop                 crypto_sign_ed25519_amd64_64_heap_pop
-#define heap_push                crypto_sign_ed25519_amd64_64_heap_push
-#define heap_get2max             crypto_sign_ed25519_amd64_64_heap_get2max
-#define heap_rootreplaced        crypto_sign_ed25519_amd64_64_heap_rootreplaced
-#define heap_rootreplaced_3limbs crypto_sign_ed25519_amd64_64_heap_rootreplaced_3limbs
-#define heap_rootreplaced_2limbs crypto_sign_ed25519_amd64_64_heap_rootreplaced_2limbs
-#define heap_rootreplaced_1limb  crypto_sign_ed25519_amd64_64_heap_rootreplaced_1limb
+#define heap_init                CRYPTO_NAMESPACE(heap_init)
+#define heap_extend              CRYPTO_NAMESPACE(heap_extend)
+#define heap_pop                 CRYPTO_NAMESPACE(heap_pop)
+#define heap_push                CRYPTO_NAMESPACE(heap_push)
+#define heap_get2max             CRYPTO_NAMESPACE(heap_get2max)
+#define heap_rootreplaced        CRYPTO_NAMESPACE(heap_rootreplaced)
+#define heap_rootreplaced_3limbs CRYPTO_NAMESPACE(heap_rootreplaced_3limbs)
+#define heap_rootreplaced_2limbs CRYPTO_NAMESPACE(heap_rootreplaced_2limbs)
+#define heap_rootreplaced_1limb  CRYPTO_NAMESPACE(heap_rootreplaced_1limb)

 void heap_init(unsigned long long *h, unsigned long long hlen, sc25519 *scalars);

@ -23,9 +24,9 @@ void heap_push(unsigned long long *h, unsigned long long *hlen, unsigned long lo

 void heap_get2max(unsigned long long *h, unsigned long long *max1, unsigned long long *max2, sc25519 *scalars);

-void heap_rootreplaced(unsigned long long *h, unsigned long long hlen, sc25519 *scalars);
-void heap_rootreplaced_3limbs(unsigned long long *h, unsigned long long hlen, sc25519 *scalars);
-void heap_rootreplaced_2limbs(unsigned long long *h, unsigned long long hlen, sc25519 *scalars);
-void heap_rootreplaced_1limb(unsigned long long *h, unsigned long long hlen, sc25519 *scalars);
+void heap_rootreplaced(unsigned long long *h, unsigned long long hlen, sc25519 *scalars) SYSVABI;
+void heap_rootreplaced_3limbs(unsigned long long *h, unsigned long long hlen, sc25519 *scalars) SYSVABI;
+void heap_rootreplaced_2limbs(unsigned long long *h, unsigned long long hlen, sc25519 *scalars) SYSVABI;
+void heap_rootreplaced_1limb(unsigned long long *h, unsigned long long hlen, sc25519 *scalars) SYSVABI;

 #endif
--- a/ed25519/amd64-64-24k/sc25519.h
+++ b/ed25519/amd64-64-24k/sc25519.h
@ -1,34 +1,36 @@
 #ifndef SC25519_H
 #define SC25519_H

-#define sc25519                  crypto_sign_ed25519_amd64_64_sc25519
-#define shortsc25519             crypto_sign_ed25519_amd64_64_shortsc25519
-#define sc25519_from32bytes      crypto_sign_ed25519_amd64_64_sc25519_from32bytes
-#define shortsc25519_from16bytes crypto_sign_ed25519_amd64_64_shortsc25519_from16bytes
-#define sc25519_from64bytes      crypto_sign_ed25519_amd64_64_sc25519_from64bytes
-#define sc25519_from_shortsc     crypto_sign_ed25519_amd64_64_sc25519_from_shortsc
-#define sc25519_to32bytes        crypto_sign_ed25519_amd64_64_sc25519_to32bytes
-#define sc25519_iszero_vartime   crypto_sign_ed25519_amd64_64_sc25519_iszero_vartime
-#define sc25519_isshort_vartime  crypto_sign_ed25519_amd64_64_sc25519_isshort_vartime
-#define sc25519_lt               crypto_sign_ed25519_amd64_64_sc25519_lt
-#define sc25519_add              crypto_sign_ed25519_amd64_64_sc25519_add
-#define sc25519_sub_nored        crypto_sign_ed25519_amd64_64_sc25519_sub_nored
-#define sc25519_mul              crypto_sign_ed25519_amd64_64_sc25519_mul
-#define sc25519_mul_shortsc      crypto_sign_ed25519_amd64_64_sc25519_mul_shortsc
-#define sc25519_window4          crypto_sign_ed25519_amd64_64_sc25519_window4
-#define sc25519_slide          crypto_sign_ed25519_amd64_64_sc25519_slide
-#define sc25519_2interleave2     crypto_sign_ed25519_amd64_64_sc25519_2interleave2
-#define sc25519_barrett crypto_sign_ed25519_amd64_64_sc25519_barrett
+#include "compat.h"

-typedef struct 
+#define sc25519                  CRYPTO_NAMESPACE(sc25519)
+#define shortsc25519             CRYPTO_NAMESPACE(shortsc25519)
+#define sc25519_from32bytes      CRYPTO_NAMESPACE(sc25519_from32bytes)
+#define shortsc25519_from16bytes CRYPTO_NAMESPACE(shortsc25519_from16bytes)
+#define sc25519_from64bytes      CRYPTO_NAMESPACE(sc25519_from64bytes)
+#define sc25519_from_shortsc     CRYPTO_NAMESPACE(sc25519_from_shortsc)
+#define sc25519_to32bytes        CRYPTO_NAMESPACE(sc25519_to32bytes)
+#define sc25519_iszero_vartime   CRYPTO_NAMESPACE(sc25519_iszero_vartime)
+#define sc25519_isshort_vartime  CRYPTO_NAMESPACE(sc25519_isshort_vartime)
+#define sc25519_lt               CRYPTO_NAMESPACE(sc25519_lt)
+#define sc25519_add              CRYPTO_NAMESPACE(sc25519_add)
+#define sc25519_sub_nored        CRYPTO_NAMESPACE(sc25519_sub_nored)
+#define sc25519_mul              CRYPTO_NAMESPACE(sc25519_mul)
+#define sc25519_mul_shortsc      CRYPTO_NAMESPACE(sc25519_mul_shortsc)
+#define sc25519_window4          CRYPTO_NAMESPACE(sc25519_window4)
+#define sc25519_slide          CRYPTO_NAMESPACE(sc25519_slide)
+#define sc25519_2interleave2     CRYPTO_NAMESPACE(sc25519_2interleave2)
+#define sc25519_barrett CRYPTO_NAMESPACE(sc25519_barrett)
+
+typedef struct
 {
-  unsigned long long v[4]; 
+  unsigned long long v[4];
 }
 sc25519;

-typedef struct 
+typedef struct
 {
-  unsigned long long v[2]; 
+  unsigned long long v[2];
 }
 shortsc25519;

@ -42,11 +44,11 @@ void sc25519_to32bytes(unsigned char r[32], const sc25519 *x);

 int sc25519_iszero_vartime(const sc25519 *x);

-int sc25519_lt(const sc25519 *x, const sc25519 *y);
+int sc25519_lt(const sc25519 *x, const sc25519 *y) SYSVABI;

-void sc25519_add(sc25519 *r, const sc25519 *x, const sc25519 *y);
+void sc25519_add(sc25519 *r, const sc25519 *x, const sc25519 *y) SYSVABI;

-void sc25519_sub_nored(sc25519 *r, const sc25519 *x, const sc25519 *y);
+void sc25519_sub_nored(sc25519 *r, const sc25519 *x, const sc25519 *y) SYSVABI;

 void sc25519_mul(sc25519 *r, const sc25519 *x, const sc25519 *y);

@ -55,12 +57,12 @@ void sc25519_mul_shortsc(sc25519 *r, const sc25519 *x, const shortsc25519 *y);
 /* Convert s into a representation of the form \sum_{i=0}^{63}r[i]2^(4*i)
 * with r[i] in {-8,...,7}
 */
-void sc25519_window4(signed char r[85], const sc25519 *s);
+void sc25519_window4(signed char r[64], const sc25519 *s);

 void sc25519_slide(signed char r[256], const sc25519 *s, int swindowsize);

 void sc25519_2interleave2(unsigned char r[127], const sc25519 *s1, const sc25519 *s2);

-void sc25519_barrett(sc25519 *r, unsigned long long x[8]);
+void sc25519_barrett(sc25519 *r, unsigned long long x[8]) SYSVABI;

 #endif
--- a/ed25519/amd64-64-24k/sc25519_add.S
+++ b/ed25519/amd64-64-24k/sc25519_add.S
@ -63,13 +63,13 @@

 # qhasm:   stack64 caller7_stack

-# qhasm: enter crypto_sign_ed25519_amd64_51_30k_batch_sc25519_add
+# qhasm: enter CRYPTO_NAMESPACE(sc25519_add)
 .text
 .p2align 5
-.globl _crypto_sign_ed25519_amd64_51_30k_batch_sc25519_add
-.globl crypto_sign_ed25519_amd64_51_30k_batch_sc25519_add
-_crypto_sign_ed25519_amd64_51_30k_batch_sc25519_add:
-crypto_sign_ed25519_amd64_51_30k_batch_sc25519_add:
+.globl _CRYPTO_NAMESPACE(sc25519_add)
+.globl CRYPTO_NAMESPACE(sc25519_add)
+_CRYPTO_NAMESPACE(sc25519_add):
+CRYPTO_NAMESPACE(sc25519_add):
 mov %rsp,%r11
 and $31,%r11
 add $32,%r11
@ -150,25 +150,25 @@ mov  %r9,%r10
 # asm 2: mov  <r3=%rsi,>t3=%r14
 mov  %rsi,%r14

-# qhasm: carry? t0 -= *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER0
-# asm 1: sub  crypto_sign_ed25519_amd64_51_30k_batch_ORDER0,<t0=int64#3
-# asm 2: sub  crypto_sign_ed25519_amd64_51_30k_batch_ORDER0,<t0=%rdx
-sub  crypto_sign_ed25519_amd64_51_30k_batch_ORDER0,%rdx
+# qhasm: carry? t0 -= *(uint64 *) &CRYPTO_NAMESPACE(ORDER0)
+# asm 1: sub  CRYPTO_NAMESPACE(ORDER0),<t0=int64#3
+# asm 2: sub  CRYPTO_NAMESPACE(ORDER0),<t0=%rdx
+sub  CRYPTO_NAMESPACE(ORDER0)(%rip),%rdx

-# qhasm: carry? t1 -= *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER1 - carry
-# asm 1: sbb  crypto_sign_ed25519_amd64_51_30k_batch_ORDER1,<t1=int64#7
-# asm 2: sbb  crypto_sign_ed25519_amd64_51_30k_batch_ORDER1,<t1=%rax
-sbb  crypto_sign_ed25519_amd64_51_30k_batch_ORDER1,%rax
+# qhasm: carry? t1 -= *(uint64 *) &CRYPTO_NAMESPACE(ORDER1) - carry
+# asm 1: sbb  CRYPTO_NAMESPACE(ORDER1),<t1=int64#7
+# asm 2: sbb  CRYPTO_NAMESPACE(ORDER1),<t1=%rax
+sbb  CRYPTO_NAMESPACE(ORDER1)(%rip),%rax

-# qhasm: carry? t2 -= *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER2 - carry
-# asm 1: sbb  crypto_sign_ed25519_amd64_51_30k_batch_ORDER2,<t2=int64#8
-# asm 2: sbb  crypto_sign_ed25519_amd64_51_30k_batch_ORDER2,<t2=%r10
-sbb  crypto_sign_ed25519_amd64_51_30k_batch_ORDER2,%r10
+# qhasm: carry? t2 -= *(uint64 *) &CRYPTO_NAMESPACE(ORDER2) - carry
+# asm 1: sbb  CRYPTO_NAMESPACE(ORDER2),<t2=int64#8
+# asm 2: sbb  CRYPTO_NAMESPACE(ORDER2),<t2=%r10
+sbb  CRYPTO_NAMESPACE(ORDER2)(%rip),%r10

-# qhasm: unsigned<? t3 -= *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER3 - carry
-# asm 1: sbb  crypto_sign_ed25519_amd64_51_30k_batch_ORDER3,<t3=int64#12
-# asm 2: sbb  crypto_sign_ed25519_amd64_51_30k_batch_ORDER3,<t3=%r14
-sbb  crypto_sign_ed25519_amd64_51_30k_batch_ORDER3,%r14
+# qhasm: unsigned<? t3 -= *(uint64 *) &CRYPTO_NAMESPACE(ORDER3) - carry
+# asm 1: sbb  CRYPTO_NAMESPACE(ORDER3),<t3=int64#12
+# asm 2: sbb  CRYPTO_NAMESPACE(ORDER3),<t3=%r14
+sbb  CRYPTO_NAMESPACE(ORDER3)(%rip),%r14

 # qhasm: r0 = t0 if !unsigned<
 # asm 1: cmovae <t0=int64#3,<r0=int64#4
--- a/ed25519/amd64-64-24k/sc25519_barrett.S
+++ b/ed25519/amd64-64-24k/sc25519_barrett.S
@ -107,13 +107,13 @@

 # qhasm: stack64 q33_stack

-# qhasm: enter crypto_sign_ed25519_amd64_51_30k_batch_sc25519_barrett
+# qhasm: enter CRYPTO_NAMESPACE(sc25519_barrett)
 .text
 .p2align 5
-.globl _crypto_sign_ed25519_amd64_51_30k_batch_sc25519_barrett
-.globl crypto_sign_ed25519_amd64_51_30k_batch_sc25519_barrett
-_crypto_sign_ed25519_amd64_51_30k_batch_sc25519_barrett:
-crypto_sign_ed25519_amd64_51_30k_batch_sc25519_barrett:
+.globl _CRYPTO_NAMESPACE(sc25519_barrett)
+.globl CRYPTO_NAMESPACE(sc25519_barrett)
+_CRYPTO_NAMESPACE(sc25519_barrett):
+CRYPTO_NAMESPACE(sc25519_barrett):
 mov %rsp,%r11
 and $31,%r11
 add $96,%r11
@ -184,8 +184,8 @@ xor  %r11,%r11
 # asm 2: movq   24(<xp=%rsi),>rax=%rax
 movq   24(%rsi),%rax

-# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU3
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_MU3
+# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU3)
+mulq CRYPTO_NAMESPACE(MU3)(%rip)

 # qhasm: q23 = rax
 # asm 1: mov  <rax=int64#7,>q23=int64#10
@ -202,8 +202,8 @@ mov  %rdx,%r13
 # asm 2: movq   24(<xp=%rsi),>rax=%rax
 movq   24(%rsi),%rax

-# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU4
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_MU4
+# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU4)
+mulq CRYPTO_NAMESPACE(MU4)(%rip)

 # qhasm: q24 = rax
 # asm 1: mov  <rax=int64#7,>q24=int64#12
@ -225,8 +225,8 @@ adc %rdx,%r8
 # asm 2: movq   32(<xp=%rsi),>rax=%rax
 movq   32(%rsi),%rax

-# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU2
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_MU2
+# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU2)
+mulq CRYPTO_NAMESPACE(MU2)(%rip)

 # qhasm: carry? q23 += rax
 # asm 1: add  <rax=int64#7,<q23=int64#10
@ -248,8 +248,8 @@ adc %rdx,%r13
 # asm 2: movq   32(<xp=%rsi),>rax=%rax
 movq   32(%rsi),%rax

-# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU3
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_MU3
+# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU3)
+mulq CRYPTO_NAMESPACE(MU3)(%rip)

 # qhasm: carry? q24 += rax
 # asm 1: add  <rax=int64#7,<q24=int64#12
@ -281,8 +281,8 @@ adc %rdx,%r13
 # asm 2: movq   32(<xp=%rsi),>rax=%rax
 movq   32(%rsi),%rax

-# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU4
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_MU4
+# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU4)
+mulq CRYPTO_NAMESPACE(MU4)(%rip)

 # qhasm: carry? q30 += rax 
 # asm 1: add  <rax=int64#7,<q30=int64#5
@ -309,8 +309,8 @@ adc %rdx,%r9
 # asm 2: movq   40(<xp=%rsi),>rax=%rax
 movq   40(%rsi),%rax

-# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU1
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_MU1
+# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU1)
+mulq CRYPTO_NAMESPACE(MU1)(%rip)

 # qhasm: carry? q23 += rax
 # asm 1: add  <rax=int64#7,<q23=int64#10
@ -332,8 +332,8 @@ adc %rdx,%r13
 # asm 2: movq   40(<xp=%rsi),>rax=%rax
 movq   40(%rsi),%rax

-# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU2
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_MU2
+# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU2)
+mulq CRYPTO_NAMESPACE(MU2)(%rip)

 # qhasm: carry? q24 += rax
 # asm 1: add  <rax=int64#7,<q24=int64#12
@ -365,8 +365,8 @@ adc %rdx,%r13
 # asm 2: movq   40(<xp=%rsi),>rax=%rax
 movq   40(%rsi),%rax

-# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU3
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_MU3
+# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU3)
+mulq CRYPTO_NAMESPACE(MU3)(%rip)

 # qhasm: carry? q30 += rax
 # asm 1: add  <rax=int64#7,<q30=int64#5
@ -398,8 +398,8 @@ adc %rdx,%r13
 # asm 2: movq   40(<xp=%rsi),>rax=%rax
 movq   40(%rsi),%rax

-# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU4
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_MU4
+# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU4)
+mulq CRYPTO_NAMESPACE(MU4)(%rip)

 # qhasm: carry? q31 += rax 
 # asm 1: add  <rax=int64#7,<q31=int64#6
@ -426,8 +426,8 @@ adc %rdx,%r10
 # asm 2: movq   48(<xp=%rsi),>rax=%rax
 movq   48(%rsi),%rax

-# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU0
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_MU0
+# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU0)
+mulq CRYPTO_NAMESPACE(MU0)(%rip)

 # qhasm: carry? q23 += rax
 # asm 1: add  <rax=int64#7,<q23=int64#10
@ -449,8 +449,8 @@ adc %rdx,%r12
 # asm 2: movq   48(<xp=%rsi),>rax=%rax
 movq   48(%rsi),%rax

-# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU1
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_MU1
+# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU1)
+mulq CRYPTO_NAMESPACE(MU1)(%rip)

 # qhasm: carry? q24 += rax
 # asm 1: add  <rax=int64#7,<q24=int64#12
@ -482,8 +482,8 @@ adc %rdx,%r12
 # asm 2: movq   48(<xp=%rsi),>rax=%rax
 movq   48(%rsi),%rax

-# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU2
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_MU2
+# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU2)
+mulq CRYPTO_NAMESPACE(MU2)(%rip)

 # qhasm: carry? q30 += rax
 # asm 1: add  <rax=int64#7,<q30=int64#5
@ -515,8 +515,8 @@ adc %rdx,%r12
 # asm 2: movq   48(<xp=%rsi),>rax=%rax
 movq   48(%rsi),%rax

-# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU3
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_MU3
+# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU3)
+mulq CRYPTO_NAMESPACE(MU3)(%rip)

 # qhasm: carry? q31 += rax
 # asm 1: add  <rax=int64#7,<q31=int64#6
@ -548,8 +548,8 @@ adc %rdx,%r12
 # asm 2: movq   48(<xp=%rsi),>rax=%rax
 movq   48(%rsi),%rax

-# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU4
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_MU4
+# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU4)
+mulq CRYPTO_NAMESPACE(MU4)(%rip)

 # qhasm: carry? q32 += rax 
 # asm 1: add  <rax=int64#7,<q32=int64#8
@ -576,8 +576,8 @@ adc %rdx,%r11
 # asm 2: movq   56(<xp=%rsi),>rax=%rax
 movq   56(%rsi),%rax

-# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU0
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_MU0
+# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU0)
+mulq CRYPTO_NAMESPACE(MU0)(%rip)

 # qhasm: carry? q24 += rax
 # asm 1: add  <rax=int64#7,<q24=int64#12
@ -601,8 +601,8 @@ adc %rdx,%r12
 # asm 2: movq   56(<xp=%rsi),>rax=%rax
 movq   56(%rsi),%rax

-# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU1
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_MU1
+# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU1)
+mulq CRYPTO_NAMESPACE(MU1)(%rip)

 # qhasm: carry? q30 += rax
 # asm 1: add  <rax=int64#7,<q30=int64#5
@ -639,8 +639,8 @@ movq %r8,56(%rsp)
 # asm 2: movq   56(<xp=%rsi),>rax=%rax
 movq   56(%rsi),%rax

-# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU2
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_MU2
+# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU2)
+mulq CRYPTO_NAMESPACE(MU2)(%rip)

 # qhasm: carry? q31 += rax
 # asm 1: add  <rax=int64#7,<q31=int64#6
@ -677,8 +677,8 @@ movq %r9,64(%rsp)
 # asm 2: movq   56(<xp=%rsi),>rax=%rax
 movq   56(%rsi),%rax

-# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU3
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_MU3
+# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU3)
+mulq CRYPTO_NAMESPACE(MU3)(%rip)

 # qhasm: carry? q32 += rax
 # asm 1: add  <rax=int64#7,<q32=int64#8
@ -715,8 +715,8 @@ movq %r10,72(%rsp)
 # asm 2: movq   56(<xp=%rsi),>rax=%rax
 movq   56(%rsi),%rax

-# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_MU4
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_MU4
+# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(MU4)
+mulq CRYPTO_NAMESPACE(MU4)(%rip)

 # qhasm: carry? q33 += rax 
 # asm 1: add  <rax=int64#7,<q33=int64#9
@ -743,8 +743,8 @@ movq %r11,80(%rsp)
 # asm 2: movq <q30_stack=56(%rsp),>rax=%rax
 movq 56(%rsp),%rax

-# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER0
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_ORDER0
+# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(ORDER0)
+mulq CRYPTO_NAMESPACE(ORDER0)(%rip)

 # qhasm: r20 = rax
 # asm 1: mov  <rax=int64#7,>r20=int64#5
@ -761,8 +761,8 @@ mov  %rdx,%r9
 # asm 2: movq <q30_stack=56(%rsp),>rax=%rax
 movq 56(%rsp),%rax

-# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER1
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_ORDER1
+# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(ORDER1)
+mulq CRYPTO_NAMESPACE(ORDER1)(%rip)

 # qhasm: r21 = rax
 # asm 1: mov  <rax=int64#7,>r21=int64#8
@ -789,8 +789,8 @@ adc %rdx,%r9
 # asm 2: movq <q30_stack=56(%rsp),>rax=%rax
 movq 56(%rsp),%rax

-# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER2
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_ORDER2
+# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(ORDER2)
+mulq CRYPTO_NAMESPACE(ORDER2)(%rip)

 # qhasm: r22 = rax
 # asm 1: mov  <rax=int64#7,>r22=int64#9
@ -817,8 +817,8 @@ adc %rdx,%r9
 # asm 2: movq <q30_stack=56(%rsp),>rax=%rax
 movq 56(%rsp),%rax

-# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER3
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_ORDER3
+# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(ORDER3)
+mulq CRYPTO_NAMESPACE(ORDER3)(%rip)

 # qhasm: free rdx

@ -837,8 +837,8 @@ add  %r9,%r12
 # asm 2: movq <q31_stack=64(%rsp),>rax=%rax
 movq 64(%rsp),%rax

-# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER0
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_ORDER0
+# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(ORDER0)
+mulq CRYPTO_NAMESPACE(ORDER0)(%rip)

 # qhasm: carry? r21 += rax
 # asm 1: add  <rax=int64#7,<r21=int64#8
@ -860,8 +860,8 @@ adc %rdx,%r9
 # asm 2: movq <q31_stack=64(%rsp),>rax=%rax
 movq 64(%rsp),%rax

-# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER1
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_ORDER1
+# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(ORDER1)
+mulq CRYPTO_NAMESPACE(ORDER1)(%rip)

 # qhasm: carry? r22 += rax
 # asm 1: add  <rax=int64#7,<r22=int64#9
@ -893,8 +893,8 @@ adc %rdx,%rcx
 # asm 2: movq <q31_stack=64(%rsp),>rax=%rax
 movq 64(%rsp),%rax

-# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER2
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_ORDER2
+# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(ORDER2)
+mulq CRYPTO_NAMESPACE(ORDER2)(%rip)

 # qhasm: free rdx

@ -913,8 +913,8 @@ add  %rcx,%r12
 # asm 2: movq <q32_stack=72(%rsp),>rax=%rax
 movq 72(%rsp),%rax

-# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER0
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_ORDER0
+# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(ORDER0)
+mulq CRYPTO_NAMESPACE(ORDER0)(%rip)

 # qhasm: carry? r22 += rax
 # asm 1: add  <rax=int64#7,<r22=int64#9
@ -936,8 +936,8 @@ adc %rdx,%rcx
 # asm 2: movq <q32_stack=72(%rsp),>rax=%rax
 movq 72(%rsp),%rax

-# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER1
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_ORDER1
+# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(ORDER1)
+mulq CRYPTO_NAMESPACE(ORDER1)(%rip)

 # qhasm: free rdx

@ -956,8 +956,8 @@ add  %rcx,%r12
 # asm 2: movq <q33_stack=80(%rsp),>rax=%rax
 movq 80(%rsp),%rax

-# qhasm: (uint128) rdx rax = rax * *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER0
-mulq  crypto_sign_ed25519_amd64_51_30k_batch_ORDER0
+# qhasm: (uint128) rdx rax = rax * *(uint64 *) &CRYPTO_NAMESPACE(ORDER0)
+mulq CRYPTO_NAMESPACE(ORDER0)(%rip)

 # qhasm: free rdx

@ -1026,25 +1026,25 @@ sbb  %r12,%rsi
 # asm 2: mov  <r3=%rsi,>t3=%r11
 mov  %rsi,%r11

-# qhasm: carry? t0 -= *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER0
-# asm 1: sub  crypto_sign_ed25519_amd64_51_30k_batch_ORDER0,<t0=int64#4
-# asm 2: sub  crypto_sign_ed25519_amd64_51_30k_batch_ORDER0,<t0=%rcx
-sub  crypto_sign_ed25519_amd64_51_30k_batch_ORDER0,%rcx
+# qhasm: carry? t0 -= *(uint64 *) &CRYPTO_NAMESPACE(ORDER0)
+# asm 1: sub  CRYPTO_NAMESPACE(ORDER0),<t0=int64#4
+# asm 2: sub  CRYPTO_NAMESPACE(ORDER0),<t0=%rcx
+sub  CRYPTO_NAMESPACE(ORDER0)(%rip),%rcx

-# qhasm: carry? t1 -= *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER1 - carry
-# asm 1: sbb  crypto_sign_ed25519_amd64_51_30k_batch_ORDER1,<t1=int64#6
-# asm 2: sbb  crypto_sign_ed25519_amd64_51_30k_batch_ORDER1,<t1=%r9
-sbb  crypto_sign_ed25519_amd64_51_30k_batch_ORDER1,%r9
+# qhasm: carry? t1 -= *(uint64 *) &CRYPTO_NAMESPACE(ORDER1) - carry
+# asm 1: sbb  CRYPTO_NAMESPACE(ORDER1),<t1=int64#6
+# asm 2: sbb  CRYPTO_NAMESPACE(ORDER1),<t1=%r9
+sbb  CRYPTO_NAMESPACE(ORDER1)(%rip),%r9

-# qhasm: carry? t2 -= *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER2 - carry
-# asm 1: sbb  crypto_sign_ed25519_amd64_51_30k_batch_ORDER2,<t2=int64#8
-# asm 2: sbb  crypto_sign_ed25519_amd64_51_30k_batch_ORDER2,<t2=%r10
-sbb  crypto_sign_ed25519_amd64_51_30k_batch_ORDER2,%r10
+# qhasm: carry? t2 -= *(uint64 *) &CRYPTO_NAMESPACE(ORDER2) - carry
+# asm 1: sbb  CRYPTO_NAMESPACE(ORDER2),<t2=int64#8
+# asm 2: sbb  CRYPTO_NAMESPACE(ORDER2),<t2=%r10
+sbb  CRYPTO_NAMESPACE(ORDER2)(%rip),%r10

-# qhasm: unsigned<? t3 -= *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER3 - carry
-# asm 1: sbb  crypto_sign_ed25519_amd64_51_30k_batch_ORDER3,<t3=int64#9
-# asm 2: sbb  crypto_sign_ed25519_amd64_51_30k_batch_ORDER3,<t3=%r11
-sbb  crypto_sign_ed25519_amd64_51_30k_batch_ORDER3,%r11
+# qhasm: unsigned<? t3 -= *(uint64 *) &CRYPTO_NAMESPACE(ORDER3) - carry
+# asm 1: sbb  CRYPTO_NAMESPACE(ORDER3),<t3=int64#9
+# asm 2: sbb  CRYPTO_NAMESPACE(ORDER3),<t3=%r11
+sbb  CRYPTO_NAMESPACE(ORDER3)(%rip),%r11

 # qhasm: r0 = t0 if !unsigned<
 # asm 1: cmovae <t0=int64#4,<r0=int64#3
@ -1086,25 +1086,25 @@ cmovae %r11,%rsi
 # asm 2: mov  <r3=%rsi,>t3=%r11
 mov  %rsi,%r11

-# qhasm: carry? t0 -= *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER0
-# asm 1: sub  crypto_sign_ed25519_amd64_51_30k_batch_ORDER0,<t0=int64#4
-# asm 2: sub  crypto_sign_ed25519_amd64_51_30k_batch_ORDER0,<t0=%rcx
-sub  crypto_sign_ed25519_amd64_51_30k_batch_ORDER0,%rcx
+# qhasm: carry? t0 -= *(uint64 *) &CRYPTO_NAMESPACE(ORDER0)
+# asm 1: sub  CRYPTO_NAMESPACE(ORDER0),<t0=int64#4
+# asm 2: sub  CRYPTO_NAMESPACE(ORDER0),<t0=%rcx
+sub  CRYPTO_NAMESPACE(ORDER0)(%rip),%rcx

-# qhasm: carry? t1 -= *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER1 - carry
-# asm 1: sbb  crypto_sign_ed25519_amd64_51_30k_batch_ORDER1,<t1=int64#6
-# asm 2: sbb  crypto_sign_ed25519_amd64_51_30k_batch_ORDER1,<t1=%r9
-sbb  crypto_sign_ed25519_amd64_51_30k_batch_ORDER1,%r9
+# qhasm: carry? t1 -= *(uint64 *) &CRYPTO_NAMESPACE(ORDER1) - carry
+# asm 1: sbb  CRYPTO_NAMESPACE(ORDER1),<t1=int64#6
+# asm 2: sbb  CRYPTO_NAMESPACE(ORDER1),<t1=%r9
+sbb  CRYPTO_NAMESPACE(ORDER1)(%rip),%r9

-# qhasm: carry? t2 -= *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER2 - carry
-# asm 1: sbb  crypto_sign_ed25519_amd64_51_30k_batch_ORDER2,<t2=int64#8
-# asm 2: sbb  crypto_sign_ed25519_amd64_51_30k_batch_ORDER2,<t2=%r10
-sbb  crypto_sign_ed25519_amd64_51_30k_batch_ORDER2,%r10
+# qhasm: carry? t2 -= *(uint64 *) &CRYPTO_NAMESPACE(ORDER2) - carry
+# asm 1: sbb  CRYPTO_NAMESPACE(ORDER2),<t2=int64#8
+# asm 2: sbb  CRYPTO_NAMESPACE(ORDER2),<t2=%r10
+sbb  CRYPTO_NAMESPACE(ORDER2)(%rip),%r10

-# qhasm: unsigned<? t3 -= *(uint64 *) &crypto_sign_ed25519_amd64_51_30k_batch_ORDER3 - carry
-# asm 1: sbb  crypto_sign_ed25519_amd64_51_30k_batch_ORDER3,<t3=int64#9
-# asm 2: sbb  crypto_sign_ed25519_amd64_51_30k_batch_ORDER3,<t3=%r11
-sbb  crypto_sign_ed25519_amd64_51_30k_batch_ORDER3,%r11
+# qhasm: unsigned<? t3 -= *(uint64 *) &CRYPTO_NAMESPACE(ORDER3) - carry
+# asm 1: sbb  CRYPTO_NAMESPACE(ORDER3),<t3=int64#9
+# asm 2: sbb  CRYPTO_NAMESPACE(ORDER3),<t3=%r11
+sbb  CRYPTO_NAMESPACE(ORDER3)(%rip),%r11

 # qhasm: r0 = t0 if !unsigned<
 # asm 1: cmovae <t0=int64#4,<r0=int64#3
--- a/ed25519/amd64-64-24k/sc25519_lt.S
+++ b/ed25519/amd64-64-24k/sc25519_lt.S
@ -57,13 +57,13 @@

 # qhasm:   stack64 caller7_stack

-# qhasm: enter crypto_sign_ed25519_amd64_51_30k_batch_sc25519_lt
+# qhasm: enter CRYPTO_NAMESPACE(sc25519_lt)
 .text
 .p2align 5
-.globl _crypto_sign_ed25519_amd64_51_30k_batch_sc25519_lt
-.globl crypto_sign_ed25519_amd64_51_30k_batch_sc25519_lt
-_crypto_sign_ed25519_amd64_51_30k_batch_sc25519_lt:
-crypto_sign_ed25519_amd64_51_30k_batch_sc25519_lt:
+.globl _CRYPTO_NAMESPACE(sc25519_lt)
+.globl CRYPTO_NAMESPACE(sc25519_lt)
+_CRYPTO_NAMESPACE(sc25519_lt):
+CRYPTO_NAMESPACE(sc25519_lt):
 mov %rsp,%r11
 and $31,%r11
 add $0,%r11
--- a/Show more
+++ b/Show more
Author	SHA1	Message	Date
cathugger	5172c0fd71	make depends	2024-02-15 21:48:15 +00:00
cathugger	fb5320a537	gpg TZ	2024-01-22 05:08:12 +00:00
cathugger	3e7aaf8a3a	add dep	2024-01-20 12:48:15 +00:00
cathugger	a3add1b889	add packages needed to build release	2024-01-20 12:48:15 +00:00
cathugger	1a8c287ac3	Merge pull request #103 from Y-Kim-64/update-readme-url Update outdated URL in README.md	2023-12-08 17:37:12 +00:00
cathugger	b0f394c17a	README.md: attempt to fix	2023-12-08 17:34:42 +00:00
cathugger	c72ddad656	README.md: attempt to use footnotes	2023-12-08 17:32:51 +00:00
Yeonjun Kim	6d4034abf1	Update outdated URL in README.md	2023-10-23 19:46:20 +09:00
cathugger	870c089a3c	better ruler fix	2023-09-06 02:24:14 +03:00
cathugger	1b00917e52	spaces/tabs fix	2023-09-06 02:19:20 +03:00
cathugger	4cc50f41ce	onionready: always refer warnnear	2023-09-06 02:15:13 +03:00
cathugger	6c704d20c4	use "latest wins" logic for skipnear/warnnear args	2023-09-06 01:43:44 +03:00
cathugger	c7a8d75229	don't skipnear if warnnear is set	2023-09-06 01:24:58 +03:00
cathugger	80e1bd0b47	near passkeys skip/warn modes & help tweak	2023-09-06 01:00:04 +03:00
Marni	42e4d3a5fc	Docker support (#99 ) * add Dockerfile * add basic documentation for docker image * change cmd to entrypoint in Dockerfile This is so that you can add args without docker assuming you're trying to override the command * Create docker-publish.yml github CI action This is taken from the marketplace, I didn't write this * correct docker image tag * fix checkpoint loading (use carry for add) * Fix digit typos in README * revamp docker support don't use volume, use latest alpine so i won't need to bump it use multistage static build for minimal size with stripping correctly save git version details * tweak workflows * try making cosign work * Revert "try making cosign work" This reverts commit `a70723db66`. * fix * remove root dockerfile --------- Co-authored-by: cathugger <cathugger@cock.li> Co-authored-by: dunsany <118174187+dunsany@users.noreply.github.com>	2023-08-06 18:22:54 +00:00
cathugger	ec788fec85	revamp docker support don't use volume, use latest alpine so i won't need to bump it use multistage static build for minimal size with stripping correctly save git version details	2023-08-06 16:08:33 +00:00
cathugger	951437bf51	Merge pull request #100 from dunsany/patch-1 Fix digit typos in README	2023-08-06 02:25:00 +00:00
cathugger	6a2b5e60bf	fix checkpoint loading (use carry for add)	2023-08-06 05:13:37 +03:00
dunsany	e9f6027a7c	Fix digit typos in README	2023-07-26 10:27:45 +02:00
cathugger	2b417046b6	remove slow/fast workers	2023-06-09 17:16:46 +03:00
cathugger	d612b74842	improve readme a bit	2023-03-26 23:43:49 +00:00
cathugger	68928c4984	fix assembler compilation on MacOS	2023-01-14 14:37:41 +00:00
cathugger	309b86fd59	more helpful error messages	2022-12-19 18:30:24 +02:00
cathugger	d202229a43	add libc6-dev to debian deps thanks @EsmailELBoBDev2 for report	2022-09-19 06:15:42 +00:00
cathugger	a6e53b0997	fixup release script	2022-06-30 22:19:56 +00:00
cathugger	f667a8a256	fix syncwritefile on windows	2022-06-24 18:08:51 +00:00
cathugger	bd1b6d927e	cleanup some remaining dead refs	2022-06-01 18:41:40 +00:00
cathugger	5ac2c8fa60	some cleanups & make depend	2022-05-31 02:11:40 +03:00
cathugger	4e20f086e3	fix amd64 asm stuff calling on windows	2022-05-31 01:41:03 +03:00
cathugger	fca1c18def	uhhh make depend	2022-05-30 20:47:53 +00:00
cathugger	a437e34a26	one more adjust	2022-05-30 20:44:35 +00:00
cathugger	4e98a931f4	tweak release script, add signing one	2022-05-30 20:34:31 +00:00
cathugger	7f714ee4f7	this makes more sense	2022-05-17 16:03:08 +00:00
cathugger	b428196b5e	more stuff	2022-05-17 16:01:52 +00:00
cathugger	ef71219c2b	Merge pull request #72 from eighthave/master Vagrantfile for fully automated, secure runs	2022-05-17 13:45:31 +00:00
cathugger	1884eaf5a2	some fixups	2022-05-16 21:21:01 +00:00
cathugger	481a6b701f	fix win side, add incomplete build script	2022-05-16 21:17:50 +00:00
Hans-Christoph Steiner	5f946123f2	Vagrantfile for fully automated, secure runs Just running `vagrant up` will start a VM, build mkp224o, remove root and internet access, then run mkp224o. This provides an easy to use, disposible way to generate onion services.	2022-05-16 16:55:05 +02:00
cathugger	8b2d09d1c0	edit readme a bit more	2022-05-12 15:02:09 +00:00
cathugger	ac633abd2b	don't email me i dont read stuff anyway also PGP key link is dead	2022-05-12 14:45:22 +00:00
cathugger	6438396a33	more :>	2022-05-05 23:18:41 +03:00
cathugger	01062d70d1	mmm right	2022-05-05 19:45:42 +00:00
cathugger	0eee09364d	change usage formatting, print version	2022-05-05 15:36:36 +00:00
cathugger	f374555fd4	rebase on newer SUPERCOP, use PIE, some other stuff	2022-05-05 13:22:34 +00:00
cathugger	0819ccd81d	Merge pull request #70 from scribblemaniac/fix-69 Fix missing #ifdefs	2022-03-20 23:27:04 +00:00
scribblemaniac	51d76913f1	Fix missing #ifdefs	2022-03-14 19:39:18 -06:00
cathugger	1e18c10a11	make depend	2021-12-14 13:55:33 +00:00
cathugger	3648c1f37e	Merge pull request #61 from scribblemaniac/checkpointing Add checkpointing support for passphrases	2021-12-10 11:30:53 +00:00
cathugger	67868f4126	cleanup, free memory	2021-12-10 13:27:01 +02:00
cathugger	1679e51e1b	move this there	2021-12-08 20:24:55 +00:00
cathugger	90fe9f35d1	some tweaks	2021-12-08 20:22:24 +00:00
cathugger	5b4074a47e	make checkpoint stuff actually proper	2021-12-08 20:14:20 +00:00
cathugger	f575bbe011	Merge github-cathugger:cathugger/mkp224o into checkpointing	2021-12-08 17:28:43 +00:00
cathugger	73d2791286	fix default ed25519 impl check in configure.ac	2021-12-08 16:25:58 +00:00
scribblemaniac	3706518f76	Move checkpoint saving to main thread Checkpoints will now be saved every 5 minutes and when the program ends.	2021-11-05 19:29:11 -06:00
scribblemaniac	c9396de8b2	Use long argument for checkpoint	2021-11-05 17:27:14 -06:00
cathugger	d6e2aecf52	small fixup	2021-11-03 19:57:41 +02:00
cathugger	eea863e3ac	a bit of calcest and some other stuff	2021-11-03 00:20:43 +00:00
cathugger	e12a3eb7c9	apparently this check was always wrong lmao	2021-11-02 17:07:30 +00:00
cathugger	f1c56e7480	idk	2021-11-02 17:32:10 +02:00
cathugger	7dea621e41	some tweaks	2021-11-02 15:07:37 +00:00
scribblemaniac	2a4afad91a	Add checkpointing support for passphrases	2021-10-15 22:53:53 -06:00
cathugger	ff3873965f	please new autoconf	2021-08-23 12:05:25 +00:00
cathugger	fc6285523f	fix compilation err in non-intfilter cases	2021-03-23 10:36:42 +00:00
cathugger	c9d018a253	whatever i implemented it anyway	2021-03-21 17:16:23 +00:00
cathugger	f43c3b021e	fix intfilter expansion logic also makes it simpler and probably faster. someone should contrib non-gnuc popcount if they care, i ran out of patience with this (yes i know it's simple) (it probably doesn't even need to be exactly popcount).	2021-03-21 16:52:15 +00:00
cathugger	68a06c4ced	tweak wording a bit	2021-03-09 08:58:46 +00:00
cathugger	2c871f4690	Merge pull request #46 from einsz/patch-1 Fix possible numbers in base32	2021-01-13 11:03:54 +00:00
einsz	5938904f46	Fix possible numbers in base32 The readme stated is is possible to gerenate a 0 and also stated 2 and 7 are not included in the base32 character set... fixed that.	2021-01-12 23:29:40 +01:00
cathugger	f6bda1035c	an attempt to clarify filter validation err	2020-12-22 10:50:09 +00:00
cathugger	6f1264177e	using trailing spaces for hard breaks is fucking stupid	2020-11-24 17:06:19 +00:00
cathugger	fdb715fee0	more readme	2020-11-24 16:39:21 +00:00
cathugger	3ffe5ee8a9	more readme tweaks	2020-11-24 16:35:55 +00:00
cathugger	2822508f8d	tweak readme heading sizes	2020-11-24 16:23:21 +00:00
cathugger	02c35e5f69	actually set stack size for new threads forgot to actually pass argument	2020-11-23 03:38:56 +00:00
cathugger	57c306d512	disable this again	2020-11-22 13:16:43 +00:00
cathugger	af5a7cfe12	set thread size	2020-11-22 13:13:50 +00:00
cathugger	51d87c3857	dont do indirection in for batch stuff	2020-11-22 10:21:06 +00:00
cathugger	5b5f414b79	fix gitignore	2020-11-22 05:13:24 +00:00
cathugger	30491bd9f8	various things disable paranoid check which was never triggered as far as I'm aware add editorconfig some whitespace changes in configure.ac which to batch mode by default start working on putting all filtering options in one bin some other tweaks	2020-11-21 11:34:25 +00:00
cathugger	9eb4b328f0	Merge pull request #40 from iamstefin/contrib-docker Added Docker support	2020-09-04 17:27:05 +00:00
Stefin	b94137e72d	Added maintainer for Dockerfile	2020-09-02 05:34:47 -05:00
Stefin	3025c59eab	Added README.md for contrib/docker	2020-09-02 05:33:04 -05:00
cathugger	9d3dd71411	https for CC0 link	2020-08-28 23:25:24 +00:00
cathugger	e421c8bb70	Merge pull request #41 from tohn/markdown Markdown	2020-08-28 23:22:08 +00:00
Yannic Haupenthal	e28c8183aa	use different mail format	2020-08-28 21:30:22 +02:00
Yannic Haupenthal	1de7b078af	use markdown instead of text	2020-08-28 18:59:29 +02:00
Yannic Haupenthal	bb9e793540	rename file	2020-08-19 18:37:46 +02:00
Stefin	1b6cb117b4	Update .dockerignore	2020-08-18 14:41:11 -05:00
Stefin	5c99601865	Update Dockerfile	2020-08-18 14:40:12 -05:00
Stefin	d392ec642c	Update contrib/docker/Dockerfile Co-authored-by: Sandro <sandro.jaeckel@gmail.com>	2020-08-09 09:25:37 -05:00
Stef	95a7e0580a	added docker support	2020-08-06 00:28:57 -05:00
cathugger	2e0344928f	sign	2020-07-19 00:18:09 +03:00
cathugger	158964b251	adjust OPTIMISATION.txt for current stuff	2020-07-18 16:18:24 +03:00
cathugger	e0bc8f1d4e	fmt	2020-07-16 20:34:43 +00:00
cathugger	e854cae46e	add faq to readme	2020-07-16 20:33:20 +00:00
cathugger	d5b90d43a9	some tweaks	2020-05-23 16:41:51 +00:00
cathugger	a3e141e79b	close filter files, more error handling	2020-05-22 22:30:14 +00:00
cathugger	e933a9b806	correctly handle filter file loading error, small tweak	2020-05-22 17:55:37 +00:00
cathugger	897dcbd350	adjust gitignore	2020-01-17 19:22:47 +00:00
cathugger	c57f10316f	rawyaml mode	2020-01-17 14:15:56 +00:00
cathugger	30c05eb266	remove some unused stuff, small fixups, use -Wextra	2020-01-14 17:51:56 +00:00
cathugger	e6d0f59f1d	estimate calc utility (WIP)	2020-01-14 17:15:44 +00:00
cathugger	d3640b7322	use GNUmakefile, since we depend on GNU stuff	2019-12-22 22:28:12 +02:00
cathugger	9032811fc5	small cleanup, makefile preparation for calcdiff	2019-12-22 22:01:26 +02:00
cathugger	451c9610aa	don't offload dead code elimination to compiler as we can do that in preprocessor	2019-11-20 16:22:43 +00:00
cathugger	5c7e0144d9	remove BATCHNUM limitations	2019-11-20 16:17:21 +00:00
cathugger	9bc52c5fb7	implement worker_batch_pass	2019-11-15 04:58:21 +00:00
cathugger	6f7e220b60	fix ed25519-donna makedepends	2019-11-15 02:48:19 +00:00
cathugger	c0ef36f200	make requirements section of readme more retard-proof	2019-09-14 20:50:50 +03:00
cathugger	92b36121b6	explicit void params declarations, add warnings to keep it correct thx http://nickdesaulniers.github.io/blog/2019/05/12/f-vs-f-void-in-c-vs-c-plus-plus/	2019-05-14 20:29:27 +03:00
cathugger	d03798bece	reduce pwhash opslimit even further, probably for the last time	2019-05-06 16:47:47 +00:00
cathugger	541b043a25	autodetect argon2id13 support and autoenable passphrase-based generation	2019-05-06 16:44:25 +00:00
cathugger	565c2a968f	more strict and this time correct nopie check	2019-05-05 22:50:10 +00:00
cathugger	6454595206	less strict nopie check apparently including -Werror broke detection in clang	2019-05-05 22:43:26 +00:00
cathugger	9eae27b334	make donna default	2019-05-05 22:41:53 +00:00
cathugger	3c52555f99	more strict nopie check	2019-03-31 23:39:11 +03:00
cathugger	addf4821d9	damn win gcc	2019-03-31 23:35:41 +03:00
cathugger	426ba147eb	oops forgot	2019-03-31 23:26:26 +03:00
cathugger	52dfa3a665	use autoconf' macros for this	2019-03-31 23:25:01 +03:00
cathugger	ff238e224d	proper extensions for windows executables	2019-03-31 23:16:58 +03:00
cathugger	4fb82c8902	unconditionally define feature test macros	2019-03-31 19:36:58 +00:00
cathugger	33162701fe	glibc isn't limited to linux	2019-03-31 19:26:53 +00:00
cathugger	f4567d7190	move windows check off Makefile	2019-03-31 19:12:07 +00:00
cathugger	0f000d3820	cleanup	2019-03-17 03:03:09 +02:00
cathugger	a145fe4cc0	ohyeah	2019-03-17 02:26:16 +02:00
cathugger	c9d4f79b9f	makefile: support out of tree builds	2019-03-17 02:23:10 +02:00
cathugger	5c58f03805	split worker off	2019-03-16 21:57:29 +02:00
cathugger	bfd9d712c8	tweak	2019-03-16 13:51:16 +00:00
cathugger	7e2503039d	using -Werror is probably more robust there	2019-03-15 21:18:35 +00:00
cathugger	390e8ea9de	cleanups, make clang happy	2019-03-15 21:04:40 +00:00
cathugger	9ac54f6db3	tweak pass functionality control	2019-02-16 16:50:26 +00:00
cathugger	db303cf8f6	cleanup right side reseed	2019-02-15 20:58:26 +00:00
cathugger	226f047aef	yaml stuff won't care about deterministic pw stuff	2019-02-14 00:07:20 +00:00
cathugger	72b739cb03	reduce pwhash opslimit further (its slow af on my arm device)	2019-02-14 00:01:42 +00:00
cathugger	8a375604f1	remove excess tabs	2019-02-13 23:56:43 +00:00
cathugger	f0587c98c3	tweak passphrase code	2019-02-13 23:54:00 +00:00
cathugger	01b733a704	reduce password hash opslimit, tweaks	2019-02-13 23:35:36 +00:00
cathugger	33007eadea	reseed right half of sk in password case, some tweaks	2019-02-13 23:07:53 +00:00
cathugger	02137f7ed4	configure: allow configuring BATCHNUM	2019-02-13 21:02:06 +00:00
cathugger	0befa419b1	compile batch keygen by default	2019-01-27 20:32:25 +02:00
cathugger	0ec0f85446	finish wrapping ed25519-donna	2019-01-27 20:21:14 +02:00
cathugger	3406354480	ed25519-donna: batchpack maybe	2019-01-27 20:05:26 +02:00
cathugger	f48239bbd7	ed25519-donna: batch invert thing hopefully	2019-01-27 19:00:28 +02:00
cathugger	f6138d29c4	make depend	2019-01-20 02:27:43 +02:00
cathugger	417b7615f8	disable setting stack size, port batch pack to amd64-51-30k, set default batch num 2048	2019-01-20 02:15:58 +02:00
cathugger	9972a833a8	finish porting to amd64-64-24k	2019-01-20 01:29:02 +02:00
cathugger	596ebfc71a	2 stage batching	2019-01-20 01:04:48 +02:00
cathugger	8f248cbd14	add missing files, 2 stage batch pack	2019-01-20 00:52:33 +02:00
cathugger	f944bb64a2	some cleanups, port batch invert to amd64-64-24k	2019-01-19 22:40:15 +00:00
cathugger	354e777bb7	implement batched ref10	2019-01-19 16:44:35 +00:00
cathugger	b7a027f633	ref10: p3_batchtobytes	2019-01-19 15:45:25 +00:00
cathugger	ffb8498905	ref10: tweak things	2019-01-19 14:39:33 +00:00
cathugger	9139d302fb	optimize deterministic worker	2019-01-19 14:10:56 +00:00
cathugger	5bb3d0f821	ref10: batch invert maybe	2019-01-19 13:52:13 +00:00
cathugger	f89c2d778c	Merge pull request #19 from foobar2019/master Add support for pass-phrase seed generation. TODO: we probably should reseed right-side after every match	2019-01-18 19:21:27 +00:00
foobar	7cba4e5669	Destroy determseed mutex.	2019-01-18 20:07:54 +01:00
foobar	12b57ea4a2	Add support for pass-phrase seed generation.	2019-01-18 19:06:14 +01:00
cathugger	74a13ae5c0	clarify -t/-j arguments	2018-12-10 13:21:51 +00:00
cathugger	60eb4c06c7	README typo fix	2018-11-04 16:40:24 +00:00
cathugger	5069b28674	Merge pull request #14 from bmintz/patch-1 .gitattributes: make sure .h .c are detected as C	2018-10-29 18:56:25 +00:00
Ben Mintz	4e91c7dbf2	.gitattributes: make sure .h .c are detected as C	2018-10-28 22:43:51 -05:00
cathugger	abc08bc47b	small fixup, implement deduplication support fixes potential binsearch+binfilter filters mis-ordering case. implements optional filters deduplication except for regex filters. adds -v flag for more verbose output.	2018-09-26 20:54:14 +03:00
cathugger	908d4957f6	uhhh...	2018-09-07 00:22:28 +03:00
cathugger	0d120efb67	do not bother with different exit codes	2018-09-07 00:21:48 +03:00
cathugger	b710adea5d	call sodium_init()	2018-08-24 21:31:57 +03:00
cathugger	e7ce68c245	clarify naming choice	2018-07-20 20:26:03 +00:00
cathugger	f696465e55	why did I remove this header?	2018-07-20 17:10:06 +00:00
cathugger	635c7a326a	add PGP key url	2018-07-19 22:50:14 +00:00
cathugger	34895c27cd	naming	2018-07-12 13:22:07 +00:00
cathugger	ebe1d5b678	delet trailing whitespace	2018-07-12 13:05:53 +00:00
cathugger	cf5ac5f929	prevent possible buffer overflow	2018-07-12 12:58:42 +00:00
cathugger	8f1e08973d	prevent termination during key write	2018-07-12 12:35:39 +00:00
cathugger	91f484cbc7	harden pseudo-YAML validation	2018-07-12 12:11:44 +00:00
cathugger	ee0257dc88	stronger base64 validation	2018-07-12 11:56:43 +00:00
cathugger	832ff7bdfb	credit.	2018-07-09 19:44:25 +00:00
cathugger	7f3b15245b	s/yaml/YAML/	2018-07-09 17:26:43 +00:00
cathugger	fe266cac50	Merge pull request #11 from heios/master pseudo-yaml output/processing functionality	2018-07-09 17:02:19 +00:00
cathugger	04fadf3333	fix docs	2018-07-09 17:00:51 +00:00
cathugger	83a63a30ee	fixes	2018-07-09 16:54:44 +00:00
cathugger	be50d6b929	refactor,fix,rewrite parts,tweak	2018-07-09 16:38:41 +00:00
cathugger	4bdeb62f44	-O -> -y, -i -> -Y; -o appends by default; introduce -O option to overwrite	2018-07-09 11:42:58 +00:00
heios	6a416795b7	optional functionality for writing results to the single file and extracting specific keys from it	2018-07-06 13:16:48 +03:00
cathugger	eafa834b5e	consistently print ammount of threads used	2018-07-05 22:40:34 +00:00
cathugger	37a1506b18	start error codes from 101 not 100 and expect no one relied on them yet	2018-07-01 20:03:13 +00:00
cathugger	f171063cb0	add note about not checking all the things in configure	2018-06-20 13:33:01 +00:00
cathugger	6458157cda	tweaks	2018-06-16 13:22:52 +00:00
cathugger	cf4443b7fd	increase workers stack size. fixes crashing of regex filtering	2018-06-16 12:42:42 +00:00
cathugger	68bb8c369c	20k worker stacks should be enough	2018-06-01 16:48:01 +03:00
cathugger	bc19497f88	more tweaks	2018-05-31 16:14:35 +00:00
cathugger	d9e4e12bdd	twx	2018-05-31 14:13:45 +00:00
cathugger	0208fc3fad	tweaks and cleanups	2018-05-31 14:01:33 +00:00
cathugger	25457c8741	remove irrelevant gitignore line	2018-05-15 05:56:02 +00:00