From 922ba9912a634ebdf4915a69a7d1c2e6d8a43e83 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Mon, 24 Oct 2022 13:12:27 +0100
Subject: [PATCH 001/112] Updated libff to point to last commit

---
 depends/libff | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/depends/libff b/depends/libff
index 5f9a4bdd9..f9a588c05 160000
--- a/depends/libff
+++ b/depends/libff
@@ -1 +1 @@
-Subproject commit 5f9a4bdd9bea61036b57cfe972354fc97c497457
+Subproject commit f9a588c05ff803adef5b94a677a6eb37d7ea94cc

From 2ba1b0da9c6cf7ec201adefb32f8cfa1310ab391 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Fri, 24 Jun 2022 16:47:22 +0100
Subject: [PATCH 002/112] added TAGS to .gitignore

---
 .gitignore | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.gitignore b/.gitignore
index 24199bfe8..6d887f0ab 100644
--- a/.gitignore
+++ b/.gitignore
@@ -50,3 +50,5 @@ libsnark/zk_proof_systems/zksnark/ram_zksnark/tests/test_ram_zksnark
 
 build
 *~
+TAGS
+.dir-locals.el

From 43a98845b4775200276bb21292a938f1d0c31845 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Fri, 24 Jun 2022 16:47:57 +0100
Subject: [PATCH 003/112] added BLS12-381 curve to CMakeLists.txt

---
 CMakeLists.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index e22a19f8f..8e20f9dcc 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -23,7 +23,7 @@ set(
   "BN128"
   CACHE
   STRING
-  "Default curve: one of ALT_BN128, BN128, EDWARDS, MNT4, MNT6"
+  "Default curve: one of ALT_BN128, BN128, EDWARDS, MNT4, MNT6, BLS12_381"
 )
 
 option(

From 3d34c0658f206134dd1b227b98b0e9f67ca04791 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Fri, 24 Jun 2022 16:48:53 +0100
Subject: [PATCH 004/112] added test for plonk in CMakeLists.txt

---
 libsnark/CMakeLists.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/libsnark/CMakeLists.txt b/libsnark/CMakeLists.txt
index 1d3e0e29a..8b554fff8 100644
--- a/libsnark/CMakeLists.txt
+++ b/libsnark/CMakeLists.txt
@@ -205,6 +205,7 @@ if ("${IS_LIBSNARK_PARENT}")
   libsnark_test(test_r1cs_ppzksnark_verifier_gadget gadgetlib1/tests/test_r1cs_ppzksnark_verifier_gadget.cpp)
   libsnark_test(test_r1cs_gg_ppzksnark_verifier_gadget gadgetlib1/tests/test_r1cs_gg_ppzksnark_verifier_gadget.cpp)
   libsnark_test(test_kzg10_verifier_gadget gadgetlib1/tests/test_kzg10_verifier_gadget.cpp)
+  libsnark_test(test_plonk zk_proof_systems/plonk/tests/test_plonk.cpp)
 
   # TODO (howardwu): Resolve runtime on targets:
   # libsnark_test(zk_proof_systems_uscs_ppzksnark_test zk_proof_systems/ppzksnark/uscs_ppzksnark/tests/test_uscs_ppzksnark.cpp)

From 2d86e316aed4b317ad3fee02b178f62973360425 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Wed, 27 Jul 2022 08:37:02 +0100
Subject: [PATCH 005/112] anemoi: added initial directory and files for the
 implementation of the Anemoi hash function in the R1CS contraint system

---
 .../hashes/anemoi/anemoi_components.hpp       | 63 +++++++++++++++++++
 .../hashes/anemoi/anemoi_components.tcc       | 56 +++++++++++++++++
 .../anemoi/tests/test_anemoi_gadget.cpp       | 58 +++++++++++++++++
 3 files changed, 177 insertions(+)
 create mode 100644 libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
 create mode 100644 libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
 create mode 100644 libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
new file mode 100644
index 000000000..a3b76de42
--- /dev/null
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
@@ -0,0 +1,63 @@
+/** @file
+ *****************************************************************************
+
+ Declaration of interfaces for top-level SHA256 gadgets.
+
+ *****************************************************************************
+ * @author     This file is part of libsnark, developed by SCIPR Lab
+ *             and contributors (see AUTHORS).
+ * @copyright  MIT license (see LICENSE file)
+ *****************************************************************************/
+
+#ifndef LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_COMPONENTS_HPP_
+#define LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_COMPONENTS_HPP_
+
+#include <libsnark/common/data_structures/merkle_tree.hpp>
+#include <libsnark/gadgetlib1/gadgets/basic_gadgets.hpp>
+#include <libsnark/gadgetlib1/gadgets/hashes/hash_io.hpp>
+#include <libsnark/gadgetlib1/gadgets/hashes/sha256/sha256_components.hpp>
+
+namespace libsnark
+{
+
+/*
+  the gadgets below are Fp specific:
+  I * X = R
+  (1-R) * X = 0
+
+  if X = 0 then R = 0
+  if X != 0 then R = 1 and I = X^{-1}
+*/
+
+/// Compute x^3
+/// (old) Output is 0 iff the sum of inputs is 0.  Output is 1 otherwise.
+template<typename FieldT>
+class anemoi_power_three_gadget : public gadget<FieldT>
+{
+private:
+    pb_variable<FieldT> inv;
+
+public:
+    const pb_linear_combination_array<FieldT> inputs;
+    const pb_variable<FieldT> output;
+
+    anemoi_power_three_gadget(
+        protoboard<FieldT> &pb,
+        const pb_linear_combination_array<FieldT> &inputs,
+        const pb_variable<FieldT> &output,
+        const std::string &annotation_prefix = "")
+        : gadget<FieldT>(pb, annotation_prefix), inputs(inputs), output(output)
+    {
+        assert(inputs.size() >= 1);
+        inv.allocate(pb, FMT(this->annotation_prefix, " inv"));
+    }
+
+    void generate_r1cs_constraints();
+    void generate_r1cs_witness();
+};
+
+} // namespace libsnark
+
+#include <libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc>
+
+#endif // LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_COMPONENTS_HPP_
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
new file mode 100644
index 000000000..e015e88c8
--- /dev/null
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
@@ -0,0 +1,56 @@
+/** @file
+ *****************************************************************************
+
+ Implementation of interfaces for top-level Anemoi hash function gadgets.
+
+ See anemoi_gadget.hpp .
+
+ *****************************************************************************
+ * @author     This file is part of libsnark, developed by SCIPR Lab
+ *             and contributors (see AUTHORS).
+ * @copyright  MIT license (see LICENSE file)
+ *****************************************************************************/
+
+#ifndef LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_COMPONENTS_TCC_
+#define LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_COMPONENTS_TCC_
+
+namespace libsnark
+{
+
+template<typename FieldT>
+void anemoi_power_three_gadget<FieldT>::generate_r1cs_constraints()
+{
+    linear_combination<FieldT> sum = pb_sum(inputs);
+
+    // inv * sum = output
+    this->pb.add_r1cs_constraint(
+        r1cs_constraint<FieldT>(inv, sum, output),
+        FMT(this->annotation_prefix, " inv*sum=output"));
+
+    // (1-output) * sum = 0
+    this->pb.add_r1cs_constraint(
+        r1cs_constraint<FieldT>(FieldT::one() - output, sum, FieldT::zero()),
+        FMT(this->annotation_prefix, " (1-output)*sum=0"));
+}
+
+template<typename FieldT>
+void anemoi_power_three_gadget<FieldT>::generate_r1cs_witness()
+{
+    FieldT sum = FieldT::zero();
+
+    for (size_t i = 0; i < inputs.size(); ++i) {
+        sum += this->pb.lc_val(inputs[i]);
+    }
+
+    if (sum.is_zero()) {
+        this->pb.val(inv) = FieldT::zero();
+        this->pb.val(output) = FieldT::zero();
+    } else {
+        this->pb.val(inv) = sum.inverse();
+        this->pb.val(output) = FieldT::one();
+    }
+}
+
+} // namespace libsnark
+
+#endif // LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_COMPONENTS_TCC_
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
new file mode 100644
index 000000000..e003f37ac
--- /dev/null
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
@@ -0,0 +1,58 @@
+/** @file
+ *****************************************************************************
+ * @author     This file is part of libsnark, developed by SCIPR Lab
+ *             and contributors (see AUTHORS).
+ * @copyright  MIT license (see LICENSE file)
+ *****************************************************************************/
+
+#include <gtest/gtest.h>
+#include <libff/common/default_types/ec_pp.hpp>
+#include <libff/common/profiling.hpp>
+#include <libff/common/utils.hpp>
+#include <libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp>
+
+using namespace libsnark;
+
+template<typename FieldT> void test_anemoi_power_three_gadget(const size_t n)
+{
+    printf("testing anemoi_power_three_gadget on all %zu bit strings\n", n);
+
+    protoboard<FieldT> pb;
+    pb_variable_array<FieldT> inputs;
+    inputs.allocate(pb, n, "inputs");
+
+    pb_variable<FieldT> output;
+    output.allocate(pb, "output");
+
+    anemoi_power_three_gadget<FieldT> d(pb, inputs, output, "d");
+    d.generate_r1cs_constraints();
+
+    for (size_t w = 0; w < 1ul << n; ++w) {
+        for (size_t j = 0; j < n; ++j) {
+            pb.val(inputs[j]) = FieldT((w & (1ul << j)) ? 1 : 0);
+        }
+
+        d.generate_r1cs_witness();
+
+#ifdef DEBUG
+        printf("positive test for %zu\n", w);
+#endif
+        ASSERT_EQ(pb.val(output), (w ? FieldT::one() : FieldT::zero()));
+        ASSERT_TRUE(pb.is_satisfied());
+
+#ifdef DEBUG
+        printf("negative test for %zu\n", w);
+#endif
+        pb.val(output) = (w ? FieldT::zero() : FieldT::one());
+        ASSERT_FALSE(pb.is_satisfied());
+    }
+
+    libff::print_time("anemoi_power_three_gadget tests successful");
+}
+
+int main(void)
+{
+    libff::start_profiling();
+    libff::default_ec_pp::init_public_params();
+    test_anemoi_power_three_gadget<libff::Fr<libff::default_ec_pp>>(10);
+}

From 819304c3df12a67fd7f0c5ee6464da3f88f7ee29 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Wed, 27 Jul 2022 08:38:38 +0100
Subject: [PATCH 006/112] anemoi: added initial test for Anemoi hash

---
 libsnark/CMakeLists.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/libsnark/CMakeLists.txt b/libsnark/CMakeLists.txt
index 8b554fff8..d209927f4 100644
--- a/libsnark/CMakeLists.txt
+++ b/libsnark/CMakeLists.txt
@@ -206,6 +206,7 @@ if ("${IS_LIBSNARK_PARENT}")
   libsnark_test(test_r1cs_gg_ppzksnark_verifier_gadget gadgetlib1/tests/test_r1cs_gg_ppzksnark_verifier_gadget.cpp)
   libsnark_test(test_kzg10_verifier_gadget gadgetlib1/tests/test_kzg10_verifier_gadget.cpp)
   libsnark_test(test_plonk zk_proof_systems/plonk/tests/test_plonk.cpp)
+  libsnark_test(test_anemoi_gadget gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp)
 
   # TODO (howardwu): Resolve runtime on targets:
   # libsnark_test(zk_proof_systems_uscs_ppzksnark_test zk_proof_systems/ppzksnark/uscs_ppzksnark/tests/test_uscs_ppzksnark.cpp)

From cfec176a3ee7fa779803c9db1afc76b97ee14df6 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Thu, 28 Jul 2022 16:54:29 +0100
Subject: [PATCH 007/112] anmeoi: implemented r1cs gadget for the component y =
 alpha * x^3 + beta

---
 .../hashes/anemoi/anemoi_components.hpp       | 49 ++++++++++-------
 .../hashes/anemoi/anemoi_components.tcc       | 44 +++++++--------
 .../anemoi/tests/test_anemoi_gadget.cpp       | 53 ++++++++++---------
 3 files changed, 78 insertions(+), 68 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
index a3b76de42..c95fcbb1c 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
@@ -20,37 +20,46 @@
 namespace libsnark
 {
 
-/*
-  the gadgets below are Fp specific:
-  I * X = R
-  (1-R) * X = 0
-
-  if X = 0 then R = 0
-  if X != 0 then R = 1 and I = X^{-1}
-*/
-
-/// Compute x^3
-/// (old) Output is 0 iff the sum of inputs is 0.  Output is 1 otherwise.
+/// Compute y = alpha x^3 + beta
+/// x: input
+/// y: output
+/// a,b,c: intermediate values
+/// alpha, beta: constants
 template<typename FieldT>
 class anemoi_power_three_gadget : public gadget<FieldT>
 {
 private:
-    pb_variable<FieldT> inv;
+    // intermediate values
+    pb_variable<FieldT> a;
+    pb_variable<FieldT> b;
+    pb_variable<FieldT> c;
 
 public:
-    const pb_linear_combination_array<FieldT> inputs;
-    const pb_variable<FieldT> output;
+    // input
+    const pb_variable<FieldT> x;
+    // output
+    const pb_variable<FieldT> y;
+    // constants
+    pb_variable<FieldT> alpha;
+    pb_variable<FieldT> beta;
 
     anemoi_power_three_gadget(
         protoboard<FieldT> &pb,
-        const pb_linear_combination_array<FieldT> &inputs,
-        const pb_variable<FieldT> &output,
+        const pb_variable<FieldT> &x,
+        const pb_variable<FieldT> &y,
+        const pb_variable<FieldT> &alpha,
+        const pb_variable<FieldT> &beta,
         const std::string &annotation_prefix = "")
-        : gadget<FieldT>(pb, annotation_prefix), inputs(inputs), output(output)
+        : gadget<FieldT>(pb, annotation_prefix)
+        , x(x)
+        , y(y)
+        , alpha(alpha)
+        , beta(beta)
     {
-        assert(inputs.size() >= 1);
-        inv.allocate(pb, FMT(this->annotation_prefix, " inv"));
-    }
+        a.allocate(this->pb, "a");
+        b.allocate(this->pb, "b");
+        c.allocate(this->pb, "c");
+    };
 
     void generate_r1cs_constraints();
     void generate_r1cs_witness();
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
index e015e88c8..a5caa0933 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
@@ -20,35 +20,35 @@ namespace libsnark
 template<typename FieldT>
 void anemoi_power_three_gadget<FieldT>::generate_r1cs_constraints()
 {
-    linear_combination<FieldT> sum = pb_sum(inputs);
-
-    // inv * sum = output
+    // x*x = a
     this->pb.add_r1cs_constraint(
-        r1cs_constraint<FieldT>(inv, sum, output),
-        FMT(this->annotation_prefix, " inv*sum=output"));
-
-    // (1-output) * sum = 0
+        r1cs_constraint<FieldT>(x, x, a),
+        FMT(this->annotation_prefix, " x*x=a"));
+    // a*x = b
+    this->pb.add_r1cs_constraint(
+        r1cs_constraint<FieldT>(a, x, b),
+        FMT(this->annotation_prefix, " a*x=b"));
+    // b*alpha = c
+    this->pb.add_r1cs_constraint(
+        r1cs_constraint<FieldT>(b, alpha, c),
+        FMT(this->annotation_prefix, " b*alpha=c"));
+    // 1*(c+beta) = y
     this->pb.add_r1cs_constraint(
-        r1cs_constraint<FieldT>(FieldT::one() - output, sum, FieldT::zero()),
-        FMT(this->annotation_prefix, " (1-output)*sum=0"));
+        r1cs_constraint<FieldT>(1, c + beta, y),
+        FMT(this->annotation_prefix, " 1*(c+beta)=y"));
 }
 
 template<typename FieldT>
 void anemoi_power_three_gadget<FieldT>::generate_r1cs_witness()
 {
-    FieldT sum = FieldT::zero();
-
-    for (size_t i = 0; i < inputs.size(); ++i) {
-        sum += this->pb.lc_val(inputs[i]);
-    }
-
-    if (sum.is_zero()) {
-        this->pb.val(inv) = FieldT::zero();
-        this->pb.val(output) = FieldT::zero();
-    } else {
-        this->pb.val(inv) = sum.inverse();
-        this->pb.val(output) = FieldT::one();
-    }
+    // x*x = a
+    this->pb.val(a) = this->pb.val(x) * this->pb.val(x);
+    // a*x = b
+    this->pb.val(b) = this->pb.val(a) * this->pb.val(x);
+    // b*alpha = c
+    this->pb.val(c) = this->pb.val(b) * this->pb.val(alpha);
+    // 1*(c+beta) = y
+    this->pb.val(y) = this->pb.val(c) + this->pb.val(beta);
 }
 
 } // namespace libsnark
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
index e003f37ac..a19548aeb 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
@@ -9,7 +9,9 @@
 #include <libff/common/default_types/ec_pp.hpp>
 #include <libff/common/profiling.hpp>
 #include <libff/common/utils.hpp>
+#include <libsnark/common/default_types/r1cs_ppzksnark_pp.hpp> // VV
 #include <libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp>
+#include <libsnark/zk_proof_systems/ppzksnark/r1cs_ppzksnark/r1cs_ppzksnark.hpp> // VV
 
 using namespace libsnark;
 
@@ -18,34 +20,33 @@ template<typename FieldT> void test_anemoi_power_three_gadget(const size_t n)
     printf("testing anemoi_power_three_gadget on all %zu bit strings\n", n);
 
     protoboard<FieldT> pb;
-    pb_variable_array<FieldT> inputs;
-    inputs.allocate(pb, n, "inputs");
-
-    pb_variable<FieldT> output;
-    output.allocate(pb, "output");
-
-    anemoi_power_three_gadget<FieldT> d(pb, inputs, output, "d");
+    pb_variable<FieldT> x;
+    pb_variable<FieldT> y;
+    pb_variable<FieldT> alpha;
+    pb_variable<FieldT> beta;
+
+    // input
+    x.allocate(pb, "x");
+    // output
+    y.allocate(pb, "y");
+    // constants
+    alpha.allocate(pb, "alpha");
+    beta.allocate(pb, "beta");
+
+    // create gadget
+    anemoi_power_three_gadget<FieldT> d(pb, x, y, alpha, beta, "d");
+    // generate contraints
     d.generate_r1cs_constraints();
+    // witness values
+    pb.val(x) = 2;
+    pb.val(alpha) = 2;
+    pb.val(beta) = 5;
+
+    // generate witness
+    d.generate_r1cs_witness();
 
-    for (size_t w = 0; w < 1ul << n; ++w) {
-        for (size_t j = 0; j < n; ++j) {
-            pb.val(inputs[j]) = FieldT((w & (1ul << j)) ? 1 : 0);
-        }
-
-        d.generate_r1cs_witness();
-
-#ifdef DEBUG
-        printf("positive test for %zu\n", w);
-#endif
-        ASSERT_EQ(pb.val(output), (w ? FieldT::one() : FieldT::zero()));
-        ASSERT_TRUE(pb.is_satisfied());
-
-#ifdef DEBUG
-        printf("negative test for %zu\n", w);
-#endif
-        pb.val(output) = (w ? FieldT::zero() : FieldT::one());
-        ASSERT_FALSE(pb.is_satisfied());
-    }
+    ASSERT_EQ(pb.val(y), 21);
+    ASSERT_TRUE(pb.is_satisfied());
 
     libff::print_time("anemoi_power_three_gadget tests successful");
 }

From d0114274fb5157c2c97cc6afea209109580e9846 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Fri, 29 Jul 2022 08:18:43 +0100
Subject: [PATCH 008/112] anemoi: implemented r1cs gadget for the component y =
 alpha * x^2 + beta

---
 .../hashes/anemoi/anemoi_components.hpp       | 42 +++++++++++++++++++
 .../hashes/anemoi/anemoi_components.tcc       | 28 +++++++++++++
 .../anemoi/tests/test_anemoi_gadget.cpp       | 37 ++++++++++++++++
 3 files changed, 107 insertions(+)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
index c95fcbb1c..66581b31b 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
@@ -20,6 +20,48 @@
 namespace libsnark
 {
 
+/// Compute y = alpha x^2 + beta
+/// x: input
+/// y: output
+/// a,b: intermediate values
+/// alpha, beta: constants
+template<typename FieldT> class anemoi_power_two_gadget : public gadget<FieldT>
+{
+private:
+    // intermediate values
+    pb_variable<FieldT> a;
+    pb_variable<FieldT> b;
+
+public:
+    // input
+    const pb_variable<FieldT> x;
+    // output
+    const pb_variable<FieldT> y;
+    // constants
+    pb_variable<FieldT> alpha;
+    pb_variable<FieldT> beta;
+
+    anemoi_power_two_gadget(
+        protoboard<FieldT> &pb,
+        const pb_variable<FieldT> &x,
+        const pb_variable<FieldT> &y,
+        const pb_variable<FieldT> &alpha,
+        const pb_variable<FieldT> &beta,
+        const std::string &annotation_prefix = "")
+        : gadget<FieldT>(pb, annotation_prefix)
+        , x(x)
+        , y(y)
+        , alpha(alpha)
+        , beta(beta)
+    {
+        a.allocate(this->pb, "a");
+        b.allocate(this->pb, "b");
+    };
+
+    void generate_r1cs_constraints();
+    void generate_r1cs_witness();
+};
+
 /// Compute y = alpha x^3 + beta
 /// x: input
 /// y: output
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
index a5caa0933..53e8ac26d 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
@@ -17,6 +17,34 @@
 namespace libsnark
 {
 
+template<typename FieldT>
+void anemoi_power_two_gadget<FieldT>::generate_r1cs_constraints()
+{
+    // x*x = a
+    this->pb.add_r1cs_constraint(
+        r1cs_constraint<FieldT>(x, x, a),
+        FMT(this->annotation_prefix, " x*x=a"));
+    // a*x = b
+    this->pb.add_r1cs_constraint(
+        r1cs_constraint<FieldT>(a, x, b),
+        FMT(this->annotation_prefix, " a*x=b"));
+    // 1*(b+beta) = y
+    this->pb.add_r1cs_constraint(
+        r1cs_constraint<FieldT>(1, b + beta, y),
+        FMT(this->annotation_prefix, " 1*(b+beta)=y"));
+}
+
+template<typename FieldT>
+void anemoi_power_two_gadget<FieldT>::generate_r1cs_witness()
+{
+    // x*x = a
+    this->pb.val(a) = this->pb.val(x) * this->pb.val(x);
+    // a*x = b
+    this->pb.val(b) = this->pb.val(a) * this->pb.val(x);
+    // 1*(b+beta) = y
+    this->pb.val(y) = this->pb.val(b) + this->pb.val(beta);
+}
+
 template<typename FieldT>
 void anemoi_power_three_gadget<FieldT>::generate_r1cs_constraints()
 {
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
index a19548aeb..862393775 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
@@ -15,6 +15,42 @@
 
 using namespace libsnark;
 
+template<typename FieldT> void test_anemoi_power_two_gadget(const size_t n)
+{
+    printf("testing anemoi_power_two_gadget on all %zu bit strings\n", n);
+
+    protoboard<FieldT> pb;
+    pb_variable<FieldT> x;
+    pb_variable<FieldT> y;
+    pb_variable<FieldT> alpha;
+    pb_variable<FieldT> beta;
+
+    // input
+    x.allocate(pb, "x");
+    // output
+    y.allocate(pb, "y");
+    // constants
+    alpha.allocate(pb, "alpha");
+    beta.allocate(pb, "beta");
+
+    // create gadget
+    anemoi_power_two_gadget<FieldT> d(pb, x, y, alpha, beta, "d");
+    // generate contraints
+    d.generate_r1cs_constraints();
+    // witness values
+    pb.val(x) = 2;
+    pb.val(alpha) = 2;
+    pb.val(beta) = 5;
+
+    // generate witness
+    d.generate_r1cs_witness();
+
+    ASSERT_EQ(pb.val(y), 13);
+    ASSERT_TRUE(pb.is_satisfied());
+
+    libff::print_time("anemoi_power_two_gadget tests successful");
+}
+
 template<typename FieldT> void test_anemoi_power_three_gadget(const size_t n)
 {
     printf("testing anemoi_power_three_gadget on all %zu bit strings\n", n);
@@ -56,4 +92,5 @@ int main(void)
     libff::start_profiling();
     libff::default_ec_pp::init_public_params();
     test_anemoi_power_three_gadget<libff::Fr<libff::default_ec_pp>>(10);
+    test_anemoi_power_two_gadget<libff::Fr<libff::default_ec_pp>>(10);
 }

From 076cee81eef89410f1aa51c2abb1398363e8ea16 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Wed, 31 Aug 2022 13:21:54 +0100
Subject: [PATCH 009/112] anemoi: major reimplementation of r1cs gadgets for
 anemoi power 2 and power 3 components addressing latest comments from PR#65

---
 .../hashes/anemoi/anemoi_components.hpp       |  71 +++------
 .../hashes/anemoi/anemoi_components.tcc       | 143 +++++++++++++-----
 .../anemoi/tests/test_anemoi_gadget.cpp       |  32 ++--
 3 files changed, 136 insertions(+), 110 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
index 66581b31b..aa7ac2e52 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
@@ -23,39 +23,28 @@ namespace libsnark
 /// Compute y = alpha x^2 + beta
 /// x: input
 /// y: output
-/// a,b: intermediate values
 /// alpha, beta: constants
 template<typename FieldT> class anemoi_power_two_gadget : public gadget<FieldT>
 {
 private:
-    // intermediate values
-    pb_variable<FieldT> a;
-    pb_variable<FieldT> b;
+    // constants
+    FieldT alpha;
+    FieldT beta;
 
 public:
-    // input
-    const pb_variable<FieldT> x;
-    // output
-    const pb_variable<FieldT> y;
-    // constants
-    pb_variable<FieldT> alpha;
-    pb_variable<FieldT> beta;
+    // input/output
+    const pb_variable<FieldT> input;
+    const pb_variable<FieldT> output;
 
     anemoi_power_two_gadget(
         protoboard<FieldT> &pb,
-        const pb_variable<FieldT> &x,
-        const pb_variable<FieldT> &y,
-        const pb_variable<FieldT> &alpha,
-        const pb_variable<FieldT> &beta,
+        const pb_variable<FieldT> &input,
+        const pb_variable<FieldT> &output,
         const std::string &annotation_prefix = "")
-        : gadget<FieldT>(pb, annotation_prefix)
-        , x(x)
-        , y(y)
-        , alpha(alpha)
-        , beta(beta)
+        : gadget<FieldT>(pb, annotation_prefix), input(input), output(output)
     {
-        a.allocate(this->pb, "a");
-        b.allocate(this->pb, "b");
+        alpha = FieldT(2);
+        beta = FieldT(5);
     };
 
     void generate_r1cs_constraints();
@@ -65,42 +54,32 @@ template<typename FieldT> class anemoi_power_two_gadget : public gadget<FieldT>
 /// Compute y = alpha x^3 + beta
 /// x: input
 /// y: output
-/// a,b,c: intermediate values
 /// alpha, beta: constants
 template<typename FieldT>
 class anemoi_power_three_gadget : public gadget<FieldT>
 {
 private:
-    // intermediate values
-    pb_variable<FieldT> a;
-    pb_variable<FieldT> b;
-    pb_variable<FieldT> c;
+    /// internal (i.e. intermediate) variable
+    pb_variable<FieldT> internal;
+    /// constants
+    FieldT alpha;
+    FieldT beta;
 
 public:
-    // input
-    const pb_variable<FieldT> x;
-    // output
-    const pb_variable<FieldT> y;
-    // constants
-    pb_variable<FieldT> alpha;
-    pb_variable<FieldT> beta;
+    /// input/output
+    const pb_variable<FieldT> input;
+    const pb_variable<FieldT> output;
 
     anemoi_power_three_gadget(
         protoboard<FieldT> &pb,
-        const pb_variable<FieldT> &x,
-        const pb_variable<FieldT> &y,
-        const pb_variable<FieldT> &alpha,
-        const pb_variable<FieldT> &beta,
+        const pb_variable<FieldT> &input,
+        const pb_variable<FieldT> &output,
         const std::string &annotation_prefix = "")
-        : gadget<FieldT>(pb, annotation_prefix)
-        , x(x)
-        , y(y)
-        , alpha(alpha)
-        , beta(beta)
+        : gadget<FieldT>(pb, annotation_prefix), input(input), output(output)
     {
-        a.allocate(this->pb, "a");
-        b.allocate(this->pb, "b");
-        c.allocate(this->pb, "c");
+        alpha = FieldT(2);
+        beta = FieldT(5);
+        internal.allocate(pb, FMT(this->annotation_prefix, " internal"));
     };
 
     void generate_r1cs_constraints();
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
index 53e8ac26d..346845fe9 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
@@ -17,66 +17,127 @@
 namespace libsnark
 {
 
+// A R1CS constraint is a formal expression of the form
+//
+//                < A , X > * < B , X > = < C , X > ,
+//
+// where X = (x_0,x_1,...,x_m) is a vector of formal variables and
+// A,B,C each consist of 1+m elements in <FieldT> and <A, X> = \sum_i
+// (a_i x_i) is the dot product between vectors A and X. Equivalently,
+// the vectors A,B,C are linear combinations of X.
+//
+// A R1CS constraint is used to construct a R1CS constraint system.
+//
+// See also class \ef r1cs_constraint
+
+// R1CS constraints for the operation y = alpha x^2 + beta with x =
+// input, y = output. The latter is represented with one
+// multiplication as
+//
+// (alpha x) * x = y-beta
+//
+// for the variables vector X = (x0=1, x1=x, x2=y). This computation
+// is represented with 1 R1CS constraint:
+//
+// < A , X > * < B , X > = < C , X >
+//
+// where A =(0, alpha, 0), B=(0, 1, 0) and C =(-beta, 0, 1)
 template<typename FieldT>
 void anemoi_power_two_gadget<FieldT>::generate_r1cs_constraints()
 {
-    // x*x = a
-    this->pb.add_r1cs_constraint(
-        r1cs_constraint<FieldT>(x, x, a),
-        FMT(this->annotation_prefix, " x*x=a"));
-    // a*x = b
+    // X variables (input, output, intermediate) x_0=1, x_1, x_2
+    std::vector<pb_variable<FieldT>> X{ONE, input, output};
+    // A constants a_0, a_1, a_2
+    std::vector<FieldT> A{0, alpha, 0};
+    // B constants b_0, b_1, b_2
+    std::vector<FieldT> B{0, FieldT(1), 0};
+    // C constants c_0, c_1, c_2
+    std::vector<FieldT> C{-beta, 0, FieldT(1)};
+    // < A , X >
+    std::vector<linear_term<FieldT>> A_lc_terms{
+        {X[0], A[0]}, {X[1], A[1]}, {X[2], A[2]}};
+    linear_combination<FieldT> A_lc(A_lc_terms);
+    // < B , X >
+    std::vector<linear_term<FieldT>> B_lc_terms{
+        {X[0], B[0]}, {X[1], B[1]}, {X[2], B[2]}};
+    linear_combination<FieldT> B_lc(B_lc_terms);
+    // < C , X >
+    std::vector<linear_term<FieldT>> C_lc_terms{
+        {X[0], C[0]}, {X[1], C[1]}, {X[2], C[2]}};
+    linear_combination<FieldT> C_lc(C_lc_terms);
+    // < A , X > * < B , X > = < C , X >
     this->pb.add_r1cs_constraint(
-        r1cs_constraint<FieldT>(a, x, b),
-        FMT(this->annotation_prefix, " a*x=b"));
-    // 1*(b+beta) = y
-    this->pb.add_r1cs_constraint(
-        r1cs_constraint<FieldT>(1, b + beta, y),
-        FMT(this->annotation_prefix, " 1*(b+beta)=y"));
+        r1cs_constraint<FieldT>(A_lc, B_lc, C_lc),
+        FMT(this->annotation_prefix, " A*B=C"));
 }
 
+// compute a witness y for a given input x for the computation y =
+// alpha x^2 + beta, where x=input, y=output
 template<typename FieldT>
 void anemoi_power_two_gadget<FieldT>::generate_r1cs_witness()
 {
-    // x*x = a
-    this->pb.val(a) = this->pb.val(x) * this->pb.val(x);
-    // a*x = b
-    this->pb.val(b) = this->pb.val(a) * this->pb.val(x);
-    // 1*(b+beta) = y
-    this->pb.val(y) = this->pb.val(b) + this->pb.val(beta);
+    // y = alpha x^2 + beta
+    this->pb.val(output) =
+        this->alpha * this->pb.val(input) * this->pb.val(input) + this->beta;
 }
 
+// R1CS constraints for the operation y = alpha x^3 + beta with
+// x=input, y=output. This operation is represented with two
+// multiplications as y-beta = ((alpha x * x) * x). Equivalently:
+//
+// alpha x1 * x1 = x2
+// x2 * x1 = x3-beta
+//
+// for the variables vector X = (x0=1, x1=input, x2=intermediate,
+// x3=output). The above system is represented with 2 R1CS
+// constraints resp.:
+//
+// < A0 , X > * < B0 , X > = < C0 , X > ,
+// < A1 , X > * < B1 , X > = < C1 , X >
+//
+// where A0=(0, alpha, 0, 0), B0=(0, 1, 0, 0), C0=(0, 0, 1, 0) and
+// A1=(0, 0, 1, 0), B1=(0, 1, 0, 0), C1=(-beta, 0, 0, 1)
 template<typename FieldT>
 void anemoi_power_three_gadget<FieldT>::generate_r1cs_constraints()
 {
-    // x*x = a
-    this->pb.add_r1cs_constraint(
-        r1cs_constraint<FieldT>(x, x, a),
-        FMT(this->annotation_prefix, " x*x=a"));
-    // a*x = b
-    this->pb.add_r1cs_constraint(
-        r1cs_constraint<FieldT>(a, x, b),
-        FMT(this->annotation_prefix, " a*x=b"));
-    // b*alpha = c
-    this->pb.add_r1cs_constraint(
-        r1cs_constraint<FieldT>(b, alpha, c),
-        FMT(this->annotation_prefix, " b*alpha=c"));
-    // 1*(c+beta) = y
-    this->pb.add_r1cs_constraint(
-        r1cs_constraint<FieldT>(1, c + beta, y),
-        FMT(this->annotation_prefix, " 1*(c+beta)=y"));
+    // X variables (input, output, internal) x_0=1, x_1, x_2, x_3
+    std::vector<pb_variable<FieldT>> X{ONE, input, internal, output};
+    // A constants
+    std::vector<std::vector<FieldT>> A{{0, alpha, 0, 0}, {0, 0, 1, 0}};
+    // B constants
+    std::vector<std::vector<FieldT>> B{{0, 1, 0, 0}, {0, 1, 0, 0}};
+    // C constants
+    std::vector<std::vector<FieldT>> C{{0, 0, 1, 0}, {-beta, 0, 0, 1}};
+    // add j-th R1CS constraint
+    for (size_t j = 0; j < 2; ++j) {
+        std::vector<linear_term<FieldT>> A_lc_terms, B_lc_terms, C_lc_terms;
+        for (size_t i = 0; i < X.size(); ++i) {
+            A_lc_terms.push_back({X[i], A[j][i]});
+            B_lc_terms.push_back({X[i], B[j][i]});
+            C_lc_terms.push_back({X[i], C[j][i]});
+        }
+        // < Aj , X >
+        linear_combination<FieldT> A_lc(A_lc_terms);
+        // < Bj , X >
+        linear_combination<FieldT> B_lc(B_lc_terms);
+        // < Cj , X >
+        linear_combination<FieldT> C_lc(C_lc_terms);
+        // < Aj , X > * < Bj , X > = < Cj , X >
+        this->pb.add_r1cs_constraint(
+            r1cs_constraint<FieldT>(A_lc, B_lc, C_lc),
+            FMT(this->annotation_prefix, " Aj*Bj=Cj"));
+    }
 }
 
 template<typename FieldT>
 void anemoi_power_three_gadget<FieldT>::generate_r1cs_witness()
 {
-    // x*x = a
-    this->pb.val(a) = this->pb.val(x) * this->pb.val(x);
-    // a*x = b
-    this->pb.val(b) = this->pb.val(a) * this->pb.val(x);
-    // b*alpha = c
-    this->pb.val(c) = this->pb.val(b) * this->pb.val(alpha);
-    // 1*(c+beta) = y
-    this->pb.val(y) = this->pb.val(c) + this->pb.val(beta);
+    // x_internal = alpha x * x
+    this->pb.val(internal) =
+        (this->alpha * this->pb.val(input)) * this->pb.val(input);
+    // y = alpha x^3 + beta = x_internal * x + beta
+    this->pb.val(output) =
+        this->pb.val(internal) * this->pb.val(input) + this->beta;
 }
 
 } // namespace libsnark
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
index 862393775..732a57f12 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
@@ -22,29 +22,22 @@ template<typename FieldT> void test_anemoi_power_two_gadget(const size_t n)
     protoboard<FieldT> pb;
     pb_variable<FieldT> x;
     pb_variable<FieldT> y;
-    pb_variable<FieldT> alpha;
-    pb_variable<FieldT> beta;
 
     // input
     x.allocate(pb, "x");
     // output
     y.allocate(pb, "y");
-    // constants
-    alpha.allocate(pb, "alpha");
-    beta.allocate(pb, "beta");
 
     // create gadget
-    anemoi_power_two_gadget<FieldT> d(pb, x, y, alpha, beta, "d");
+    anemoi_power_two_gadget<FieldT> d(pb, x, y, "d");
     // generate contraints
     d.generate_r1cs_constraints();
-    // witness values
+    // set input value
     pb.val(x) = 2;
-    pb.val(alpha) = 2;
-    pb.val(beta) = 5;
-
-    // generate witness
+    // generate witness for the given input
     d.generate_r1cs_witness();
 
+    // the expected output is 13 for input 2
     ASSERT_EQ(pb.val(y), 13);
     ASSERT_TRUE(pb.is_satisfied());
 
@@ -58,29 +51,22 @@ template<typename FieldT> void test_anemoi_power_three_gadget(const size_t n)
     protoboard<FieldT> pb;
     pb_variable<FieldT> x;
     pb_variable<FieldT> y;
-    pb_variable<FieldT> alpha;
-    pb_variable<FieldT> beta;
 
     // input
     x.allocate(pb, "x");
     // output
     y.allocate(pb, "y");
-    // constants
-    alpha.allocate(pb, "alpha");
-    beta.allocate(pb, "beta");
 
     // create gadget
-    anemoi_power_three_gadget<FieldT> d(pb, x, y, alpha, beta, "d");
+    anemoi_power_three_gadget<FieldT> d(pb, x, y, "d");
     // generate contraints
     d.generate_r1cs_constraints();
-    // witness values
+    // set input value
     pb.val(x) = 2;
-    pb.val(alpha) = 2;
-    pb.val(beta) = 5;
-
-    // generate witness
+    // generate witness for the given input
     d.generate_r1cs_witness();
 
+    // the expected output is 21 for input 2
     ASSERT_EQ(pb.val(y), 21);
     ASSERT_TRUE(pb.is_satisfied());
 
@@ -91,6 +77,6 @@ int main(void)
 {
     libff::start_profiling();
     libff::default_ec_pp::init_public_params();
-    test_anemoi_power_three_gadget<libff::Fr<libff::default_ec_pp>>(10);
     test_anemoi_power_two_gadget<libff::Fr<libff::default_ec_pp>>(10);
+    test_anemoi_power_three_gadget<libff::Fr<libff::default_ec_pp>>(10);
 }

From f7aa383d2eb2b4c9a86c8df26856495454c9e304 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Mon, 5 Sep 2022 07:28:33 +0100
Subject: [PATCH 010/112] anemoi: constructors definition moved from .hpp to
 .tcc file

---
 .../hashes/anemoi/anemoi_components.hpp       | 15 ++---------
 .../hashes/anemoi/anemoi_components.tcc       | 25 +++++++++++++++++++
 2 files changed, 27 insertions(+), 13 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
index aa7ac2e52..9bd7d09a7 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
@@ -40,12 +40,7 @@ template<typename FieldT> class anemoi_power_two_gadget : public gadget<FieldT>
         protoboard<FieldT> &pb,
         const pb_variable<FieldT> &input,
         const pb_variable<FieldT> &output,
-        const std::string &annotation_prefix = "")
-        : gadget<FieldT>(pb, annotation_prefix), input(input), output(output)
-    {
-        alpha = FieldT(2);
-        beta = FieldT(5);
-    };
+        const std::string &annotation_prefix = "");
 
     void generate_r1cs_constraints();
     void generate_r1cs_witness();
@@ -74,13 +69,7 @@ class anemoi_power_three_gadget : public gadget<FieldT>
         protoboard<FieldT> &pb,
         const pb_variable<FieldT> &input,
         const pb_variable<FieldT> &output,
-        const std::string &annotation_prefix = "")
-        : gadget<FieldT>(pb, annotation_prefix), input(input), output(output)
-    {
-        alpha = FieldT(2);
-        beta = FieldT(5);
-        internal.allocate(pb, FMT(this->annotation_prefix, " internal"));
-    };
+        const std::string &annotation_prefix = "");
 
     void generate_r1cs_constraints();
     void generate_r1cs_witness();
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
index 346845fe9..f1695cf61 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
@@ -17,6 +17,18 @@
 namespace libsnark
 {
 
+template<typename FieldT>
+anemoi_power_two_gadget<FieldT>::anemoi_power_two_gadget(
+    protoboard<FieldT> &pb,
+    const pb_variable<FieldT> &input,
+    const pb_variable<FieldT> &output,
+    const std::string &annotation_prefix)
+    : gadget<FieldT>(pb, annotation_prefix), input(input), output(output)
+{
+    alpha = FieldT(2);
+    beta = FieldT(5);
+}
+
 // A R1CS constraint is a formal expression of the form
 //
 //                < A , X > * < B , X > = < C , X > ,
@@ -81,6 +93,19 @@ void anemoi_power_two_gadget<FieldT>::generate_r1cs_witness()
         this->alpha * this->pb.val(input) * this->pb.val(input) + this->beta;
 }
 
+template<typename FieldT>
+anemoi_power_three_gadget<FieldT>::anemoi_power_three_gadget(
+    protoboard<FieldT> &pb,
+    const pb_variable<FieldT> &input,
+    const pb_variable<FieldT> &output,
+    const std::string &annotation_prefix)
+    : gadget<FieldT>(pb, annotation_prefix), input(input), output(output)
+{
+    alpha = FieldT(2);
+    beta = FieldT(5);
+    internal.allocate(pb, FMT(this->annotation_prefix, " internal"));
+};
+
 // R1CS constraints for the operation y = alpha x^3 + beta with
 // x=input, y=output. This operation is represented with two
 // multiplications as y-beta = ((alpha x * x) * x). Equivalently:

From 96ba7bbf2c3135c23259475a0847e1c7ea327b33 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Mon, 5 Sep 2022 09:23:27 +0100
Subject: [PATCH 011/112] anemoi: replaced constants names alpha, beta resp. by
 const_a, const_b; added macros for Anemoi constants values alpha, beta,
 gamma, delta, some of which are curve-dependent; moved initialization of
 private variables from body of constructor to list of initializers

---
 .../hashes/anemoi/anemoi_components.hpp       | 21 ++++---
 .../hashes/anemoi/anemoi_components.tcc       | 62 ++++++++++---------
 2 files changed, 47 insertions(+), 36 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
index 9bd7d09a7..7f817fe0f 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
@@ -20,16 +20,21 @@
 namespace libsnark
 {
 
-/// Compute y = alpha x^2 + beta
+#define ANEMOI_BLS12_381_CONST_ALPHA 5
+#define ANEMOI_BLS12_381_CONST_BETA 2 // = G1
+#define ANEMOI_BLS12_381_CONST_GAMMA 5 // TODO: value by spec is 0
+#define ANEMOI_BLS12_381_CONST_DELTA 0 // TODO: value by spec is G1.inv()
+
+/// Compute y = const_a x^2 + const_b
 /// x: input
 /// y: output
-/// alpha, beta: constants
+/// const_a, const_b: constants
 template<typename FieldT> class anemoi_power_two_gadget : public gadget<FieldT>
 {
 private:
     // constants
-    FieldT alpha;
-    FieldT beta;
+    FieldT const_a;
+    FieldT const_b;
 
 public:
     // input/output
@@ -46,10 +51,10 @@ template<typename FieldT> class anemoi_power_two_gadget : public gadget<FieldT>
     void generate_r1cs_witness();
 };
 
-/// Compute y = alpha x^3 + beta
+/// Compute y = const_a x^3 + const_b
 /// x: input
 /// y: output
-/// alpha, beta: constants
+/// const_a, const_b: constants
 template<typename FieldT>
 class anemoi_power_three_gadget : public gadget<FieldT>
 {
@@ -57,8 +62,8 @@ class anemoi_power_three_gadget : public gadget<FieldT>
     /// internal (i.e. intermediate) variable
     pb_variable<FieldT> internal;
     /// constants
-    FieldT alpha;
-    FieldT beta;
+    FieldT const_a;
+    FieldT const_b;
 
 public:
     /// input/output
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
index f1695cf61..794782154 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
@@ -23,10 +23,12 @@ anemoi_power_two_gadget<FieldT>::anemoi_power_two_gadget(
     const pb_variable<FieldT> &input,
     const pb_variable<FieldT> &output,
     const std::string &annotation_prefix)
-    : gadget<FieldT>(pb, annotation_prefix), input(input), output(output)
+    : gadget<FieldT>(pb, annotation_prefix)
+    , const_a(ANEMOI_BLS12_381_CONST_BETA)
+    , const_b(ANEMOI_BLS12_381_CONST_GAMMA)
+    , input(input)
+    , output(output)
 {
-    alpha = FieldT(2);
-    beta = FieldT(5);
 }
 
 // A R1CS constraint is a formal expression of the form
@@ -42,29 +44,29 @@ anemoi_power_two_gadget<FieldT>::anemoi_power_two_gadget(
 //
 // See also class \ef r1cs_constraint
 
-// R1CS constraints for the operation y = alpha x^2 + beta with x =
+// R1CS constraints for the operation y = const_a x^2 + const_b with x =
 // input, y = output. The latter is represented with one
 // multiplication as
 //
-// (alpha x) * x = y-beta
+// (const_a x) * x = y-const_b
 //
 // for the variables vector X = (x0=1, x1=x, x2=y). This computation
 // is represented with 1 R1CS constraint:
 //
 // < A , X > * < B , X > = < C , X >
 //
-// where A =(0, alpha, 0), B=(0, 1, 0) and C =(-beta, 0, 1)
+// where A =(0, const_a, 0), B=(0, 1, 0) and C =(-const_b, 0, 1)
 template<typename FieldT>
 void anemoi_power_two_gadget<FieldT>::generate_r1cs_constraints()
 {
     // X variables (input, output, intermediate) x_0=1, x_1, x_2
     std::vector<pb_variable<FieldT>> X{ONE, input, output};
     // A constants a_0, a_1, a_2
-    std::vector<FieldT> A{0, alpha, 0};
+    std::vector<FieldT> A{0, const_a, 0};
     // B constants b_0, b_1, b_2
     std::vector<FieldT> B{0, FieldT(1), 0};
     // C constants c_0, c_1, c_2
-    std::vector<FieldT> C{-beta, 0, FieldT(1)};
+    std::vector<FieldT> C{-const_b, 0, FieldT(1)};
     // < A , X >
     std::vector<linear_term<FieldT>> A_lc_terms{
         {X[0], A[0]}, {X[1], A[1]}, {X[2], A[2]}};
@@ -84,13 +86,14 @@ void anemoi_power_two_gadget<FieldT>::generate_r1cs_constraints()
 }
 
 // compute a witness y for a given input x for the computation y =
-// alpha x^2 + beta, where x=input, y=output
+// const_a x^2 + const_b, where x=input, y=output
 template<typename FieldT>
 void anemoi_power_two_gadget<FieldT>::generate_r1cs_witness()
 {
-    // y = alpha x^2 + beta
+    // y = const_a x^2 + const_b
     this->pb.val(output) =
-        this->alpha * this->pb.val(input) * this->pb.val(input) + this->beta;
+        this->const_a * this->pb.val(input) * this->pb.val(input) +
+        this->const_b;
 }
 
 template<typename FieldT>
@@ -99,19 +102,22 @@ anemoi_power_three_gadget<FieldT>::anemoi_power_three_gadget(
     const pb_variable<FieldT> &input,
     const pb_variable<FieldT> &output,
     const std::string &annotation_prefix)
-    : gadget<FieldT>(pb, annotation_prefix), input(input), output(output)
+    : gadget<FieldT>(pb, annotation_prefix)
+    , internal(pb_variable_allocate<FieldT>(
+          pb, FMT(this->annotation_prefix, " internal")))
+    , const_a(ANEMOI_BLS12_381_CONST_BETA)
+    , const_b(ANEMOI_BLS12_381_CONST_GAMMA)
+    , input(input)
+    , output(output)
 {
-    alpha = FieldT(2);
-    beta = FieldT(5);
-    internal.allocate(pb, FMT(this->annotation_prefix, " internal"));
-};
+}
 
-// R1CS constraints for the operation y = alpha x^3 + beta with
+// R1CS constraints for the operation y = const_a x^3 + const_b with
 // x=input, y=output. This operation is represented with two
-// multiplications as y-beta = ((alpha x * x) * x). Equivalently:
+// multiplications as y-const_b = ((const_a x * x) * x). Equivalently:
 //
-// alpha x1 * x1 = x2
-// x2 * x1 = x3-beta
+// const_a x1 * x1 = x2
+// x2 * x1 = x3-const_b
 //
 // for the variables vector X = (x0=1, x1=input, x2=intermediate,
 // x3=output). The above system is represented with 2 R1CS
@@ -120,19 +126,19 @@ anemoi_power_three_gadget<FieldT>::anemoi_power_three_gadget(
 // < A0 , X > * < B0 , X > = < C0 , X > ,
 // < A1 , X > * < B1 , X > = < C1 , X >
 //
-// where A0=(0, alpha, 0, 0), B0=(0, 1, 0, 0), C0=(0, 0, 1, 0) and
-// A1=(0, 0, 1, 0), B1=(0, 1, 0, 0), C1=(-beta, 0, 0, 1)
+// where A0=(0, const_a, 0, 0), B0=(0, 1, 0, 0), C0=(0, 0, 1, 0) and
+// A1=(0, 0, 1, 0), B1=(0, 1, 0, 0), C1=(-const_b, 0, 0, 1)
 template<typename FieldT>
 void anemoi_power_three_gadget<FieldT>::generate_r1cs_constraints()
 {
     // X variables (input, output, internal) x_0=1, x_1, x_2, x_3
     std::vector<pb_variable<FieldT>> X{ONE, input, internal, output};
     // A constants
-    std::vector<std::vector<FieldT>> A{{0, alpha, 0, 0}, {0, 0, 1, 0}};
+    std::vector<std::vector<FieldT>> A{{0, const_a, 0, 0}, {0, 0, 1, 0}};
     // B constants
     std::vector<std::vector<FieldT>> B{{0, 1, 0, 0}, {0, 1, 0, 0}};
     // C constants
-    std::vector<std::vector<FieldT>> C{{0, 0, 1, 0}, {-beta, 0, 0, 1}};
+    std::vector<std::vector<FieldT>> C{{0, 0, 1, 0}, {-const_b, 0, 0, 1}};
     // add j-th R1CS constraint
     for (size_t j = 0; j < 2; ++j) {
         std::vector<linear_term<FieldT>> A_lc_terms, B_lc_terms, C_lc_terms;
@@ -157,12 +163,12 @@ void anemoi_power_three_gadget<FieldT>::generate_r1cs_constraints()
 template<typename FieldT>
 void anemoi_power_three_gadget<FieldT>::generate_r1cs_witness()
 {
-    // x_internal = alpha x * x
+    // x_internal = const_a x * x
     this->pb.val(internal) =
-        (this->alpha * this->pb.val(input)) * this->pb.val(input);
-    // y = alpha x^3 + beta = x_internal * x + beta
+        (this->const_a * this->pb.val(input)) * this->pb.val(input);
+    // y = const_a x^3 + const_b = x_internal * x + const_b
     this->pb.val(output) =
-        this->pb.val(internal) * this->pb.val(input) + this->beta;
+        this->pb.val(internal) * this->pb.val(input) + this->const_b;
 }
 
 } // namespace libsnark

From 87fb6807f73df63b8986edd9b608677ab6781001 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Mon, 5 Sep 2022 10:55:33 +0100
Subject: [PATCH 012/112] anemoi: simplified the addition of r1cs constraints
 in the power 2 and 3 gadgets

---
 .../hashes/anemoi/anemoi_components.tcc       | 64 ++++---------------
 1 file changed, 14 insertions(+), 50 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
index 794782154..cfcb79481 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
@@ -59,30 +59,13 @@ anemoi_power_two_gadget<FieldT>::anemoi_power_two_gadget(
 template<typename FieldT>
 void anemoi_power_two_gadget<FieldT>::generate_r1cs_constraints()
 {
-    // X variables (input, output, intermediate) x_0=1, x_1, x_2
-    std::vector<pb_variable<FieldT>> X{ONE, input, output};
-    // A constants a_0, a_1, a_2
-    std::vector<FieldT> A{0, const_a, 0};
-    // B constants b_0, b_1, b_2
-    std::vector<FieldT> B{0, FieldT(1), 0};
-    // C constants c_0, c_1, c_2
-    std::vector<FieldT> C{-const_b, 0, FieldT(1)};
-    // < A , X >
-    std::vector<linear_term<FieldT>> A_lc_terms{
-        {X[0], A[0]}, {X[1], A[1]}, {X[2], A[2]}};
-    linear_combination<FieldT> A_lc(A_lc_terms);
-    // < B , X >
-    std::vector<linear_term<FieldT>> B_lc_terms{
-        {X[0], B[0]}, {X[1], B[1]}, {X[2], B[2]}};
-    linear_combination<FieldT> B_lc(B_lc_terms);
-    // < C , X >
-    std::vector<linear_term<FieldT>> C_lc_terms{
-        {X[0], C[0]}, {X[1], C[1]}, {X[2], C[2]}};
-    linear_combination<FieldT> C_lc(C_lc_terms);
-    // < A , X > * < B , X > = < C , X >
+    // Constraint has the form:
+    //   const_a * input^2 + const_b = output
+    // which can be written as
+    //   (const_a * input) * input = output - const_b
     this->pb.add_r1cs_constraint(
-        r1cs_constraint<FieldT>(A_lc, B_lc, C_lc),
-        FMT(this->annotation_prefix, " A*B=C"));
+        {input * const_a, input, output - const_b},
+        FMT(this->annotation_prefix, " const_a * x = y - const_b"));
 }
 
 // compute a witness y for a given input x for the computation y =
@@ -131,33 +114,14 @@ anemoi_power_three_gadget<FieldT>::anemoi_power_three_gadget(
 template<typename FieldT>
 void anemoi_power_three_gadget<FieldT>::generate_r1cs_constraints()
 {
-    // X variables (input, output, internal) x_0=1, x_1, x_2, x_3
-    std::vector<pb_variable<FieldT>> X{ONE, input, internal, output};
-    // A constants
-    std::vector<std::vector<FieldT>> A{{0, const_a, 0, 0}, {0, 0, 1, 0}};
-    // B constants
-    std::vector<std::vector<FieldT>> B{{0, 1, 0, 0}, {0, 1, 0, 0}};
-    // C constants
-    std::vector<std::vector<FieldT>> C{{0, 0, 1, 0}, {-const_b, 0, 0, 1}};
-    // add j-th R1CS constraint
-    for (size_t j = 0; j < 2; ++j) {
-        std::vector<linear_term<FieldT>> A_lc_terms, B_lc_terms, C_lc_terms;
-        for (size_t i = 0; i < X.size(); ++i) {
-            A_lc_terms.push_back({X[i], A[j][i]});
-            B_lc_terms.push_back({X[i], B[j][i]});
-            C_lc_terms.push_back({X[i], C[j][i]});
-        }
-        // < Aj , X >
-        linear_combination<FieldT> A_lc(A_lc_terms);
-        // < Bj , X >
-        linear_combination<FieldT> B_lc(B_lc_terms);
-        // < Cj , X >
-        linear_combination<FieldT> C_lc(C_lc_terms);
-        // < Aj , X > * < Bj , X > = < Cj , X >
-        this->pb.add_r1cs_constraint(
-            r1cs_constraint<FieldT>(A_lc, B_lc, C_lc),
-            FMT(this->annotation_prefix, " Aj*Bj=Cj"));
-    }
+    // (const_a * input) * input = internal
+    this->pb.add_r1cs_constraint(
+        r1cs_constraint<FieldT>(const_a * input, input, internal),
+        FMT(this->annotation_prefix, " const_a * x * x = x_square"));
+    // internal * input = output - const_b
+    this->pb.add_r1cs_constraint(
+        r1cs_constraint<FieldT>(internal, input, output - const_b),
+        FMT(this->annotation_prefix, " x_square * x = y - const_b"));
 }
 
 template<typename FieldT>

From b9a0e1b1fd334c872ac338578b6d272338c4c92b Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Mon, 5 Sep 2022 10:59:55 +0100
Subject: [PATCH 013/112] anemoi: set constant private members const_a, const_b
 explicitly as constants

---
 .../gadgets/hashes/anemoi/anemoi_components.hpp | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
index 7f817fe0f..559b5c46d 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
@@ -21,9 +21,12 @@ namespace libsnark
 {
 
 #define ANEMOI_BLS12_381_CONST_ALPHA 5
-#define ANEMOI_BLS12_381_CONST_BETA 2 // = G1
-#define ANEMOI_BLS12_381_CONST_GAMMA 5 // TODO: value by spec is 0
-#define ANEMOI_BLS12_381_CONST_DELTA 0 // TODO: value by spec is G1.inv()
+// equals to G1
+#define ANEMOI_BLS12_381_CONST_BETA 2
+// TODO: value by spec is 0
+#define ANEMOI_BLS12_381_CONST_GAMMA 5
+// TODO: value by spec is G1.inv()
+#define ANEMOI_BLS12_381_CONST_DELTA 0
 
 /// Compute y = const_a x^2 + const_b
 /// x: input
@@ -33,8 +36,8 @@ template<typename FieldT> class anemoi_power_two_gadget : public gadget<FieldT>
 {
 private:
     // constants
-    FieldT const_a;
-    FieldT const_b;
+    const FieldT const_a;
+    const FieldT const_b;
 
 public:
     // input/output
@@ -62,8 +65,8 @@ class anemoi_power_three_gadget : public gadget<FieldT>
     /// internal (i.e. intermediate) variable
     pb_variable<FieldT> internal;
     /// constants
-    FieldT const_a;
-    FieldT const_b;
+    const FieldT const_a;
+    const FieldT const_b;
 
 public:
     /// input/output

From eebe993213faebf402a9b801f9f0c649d71d4a49 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Thu, 8 Sep 2022 09:42:41 +0100
Subject: [PATCH 014/112] anemoi: renamed anemoi_power_* gadgets to
 flystel_power_* which is technically more correct

---
 .../hashes/anemoi/anemoi_components.hpp       | 16 +++----
 .../hashes/anemoi/anemoi_components.tcc       | 47 +++++++++++++++----
 .../anemoi/tests/test_anemoi_gadget.cpp       | 20 ++++----
 3 files changed, 55 insertions(+), 28 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
index 559b5c46d..f37ee0e2c 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
@@ -20,19 +20,19 @@
 namespace libsnark
 {
 
-#define ANEMOI_BLS12_381_CONST_ALPHA 5
+#define FLYSTEL_BLS12_381_ALPHA 5
 // equals to G1
-#define ANEMOI_BLS12_381_CONST_BETA 2
+#define FLYSTEL_BLS12_381_BETA 2
 // TODO: value by spec is 0
-#define ANEMOI_BLS12_381_CONST_GAMMA 5
+#define FLYSTEL_BLS12_381_GAMMA 5
 // TODO: value by spec is G1.inv()
-#define ANEMOI_BLS12_381_CONST_DELTA 0
+#define FLYSTEL_BLS12_381_DELTA 0
 
 /// Compute y = const_a x^2 + const_b
 /// x: input
 /// y: output
 /// const_a, const_b: constants
-template<typename FieldT> class anemoi_power_two_gadget : public gadget<FieldT>
+template<typename FieldT> class flystel_power_two_gadget : public gadget<FieldT>
 {
 private:
     // constants
@@ -44,7 +44,7 @@ template<typename FieldT> class anemoi_power_two_gadget : public gadget<FieldT>
     const pb_variable<FieldT> input;
     const pb_variable<FieldT> output;
 
-    anemoi_power_two_gadget(
+    flystel_power_two_gadget(
         protoboard<FieldT> &pb,
         const pb_variable<FieldT> &input,
         const pb_variable<FieldT> &output,
@@ -59,7 +59,7 @@ template<typename FieldT> class anemoi_power_two_gadget : public gadget<FieldT>
 /// y: output
 /// const_a, const_b: constants
 template<typename FieldT>
-class anemoi_power_three_gadget : public gadget<FieldT>
+class flystel_power_three_gadget : public gadget<FieldT>
 {
 private:
     /// internal (i.e. intermediate) variable
@@ -73,7 +73,7 @@ class anemoi_power_three_gadget : public gadget<FieldT>
     const pb_variable<FieldT> input;
     const pb_variable<FieldT> output;
 
-    anemoi_power_three_gadget(
+    flystel_power_three_gadget(
         protoboard<FieldT> &pb,
         const pb_variable<FieldT> &input,
         const pb_variable<FieldT> &output,
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
index cfcb79481..c07f5f8ab 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
@@ -17,15 +17,42 @@
 namespace libsnark
 {
 
+/*
+class flystel_power_two_round_1_gadget : public flystel_power_two_gadget
+{
+flystel_power_two_round_1_gadget(
+rotoboard<FieldT> &pb,
+        const pb_variable<FieldT> &input,
+        const pb_variable<FieldT> &output,
+        const std::string &annotation_prefix = "")
+  : flystel_power_two_gadget(..., ...ALPHA, ... BETA, ...)
+  {
+  }
+}
+
+class flystel_power_two_round_2_gadget : public flystel_power_two_gadget
+{
+flystel_power_two_round_2_gadget(
+rotoboard<FieldT> &pb,
+        const pb_variable<FieldT> &input,
+        const pb_variable<FieldT> &output,
+        const std::string &annotation_prefix = "")
+  : flystel_power_two_gadget(..., flystel_constants_selector<ppT>::BETA, ...
+flystel_constants_selector<ppT>::GAMMA, ...)
+  {
+  }
+}
+*/
+
 template<typename FieldT>
-anemoi_power_two_gadget<FieldT>::anemoi_power_two_gadget(
+flystel_power_two_gadget<FieldT>::flystel_power_two_gadget(
     protoboard<FieldT> &pb,
     const pb_variable<FieldT> &input,
     const pb_variable<FieldT> &output,
     const std::string &annotation_prefix)
     : gadget<FieldT>(pb, annotation_prefix)
-    , const_a(ANEMOI_BLS12_381_CONST_BETA)
-    , const_b(ANEMOI_BLS12_381_CONST_GAMMA)
+    , const_a(FLYSTEL_BLS12_381_BETA)
+    , const_b(FLYSTEL_BLS12_381_GAMMA)
     , input(input)
     , output(output)
 {
@@ -57,7 +84,7 @@ anemoi_power_two_gadget<FieldT>::anemoi_power_two_gadget(
 //
 // where A =(0, const_a, 0), B=(0, 1, 0) and C =(-const_b, 0, 1)
 template<typename FieldT>
-void anemoi_power_two_gadget<FieldT>::generate_r1cs_constraints()
+void flystel_power_two_gadget<FieldT>::generate_r1cs_constraints()
 {
     // Constraint has the form:
     //   const_a * input^2 + const_b = output
@@ -71,7 +98,7 @@ void anemoi_power_two_gadget<FieldT>::generate_r1cs_constraints()
 // compute a witness y for a given input x for the computation y =
 // const_a x^2 + const_b, where x=input, y=output
 template<typename FieldT>
-void anemoi_power_two_gadget<FieldT>::generate_r1cs_witness()
+void flystel_power_two_gadget<FieldT>::generate_r1cs_witness()
 {
     // y = const_a x^2 + const_b
     this->pb.val(output) =
@@ -80,7 +107,7 @@ void anemoi_power_two_gadget<FieldT>::generate_r1cs_witness()
 }
 
 template<typename FieldT>
-anemoi_power_three_gadget<FieldT>::anemoi_power_three_gadget(
+flystel_power_three_gadget<FieldT>::flystel_power_three_gadget(
     protoboard<FieldT> &pb,
     const pb_variable<FieldT> &input,
     const pb_variable<FieldT> &output,
@@ -88,8 +115,8 @@ anemoi_power_three_gadget<FieldT>::anemoi_power_three_gadget(
     : gadget<FieldT>(pb, annotation_prefix)
     , internal(pb_variable_allocate<FieldT>(
           pb, FMT(this->annotation_prefix, " internal")))
-    , const_a(ANEMOI_BLS12_381_CONST_BETA)
-    , const_b(ANEMOI_BLS12_381_CONST_GAMMA)
+    , const_a(FLYSTEL_BLS12_381_BETA)
+    , const_b(FLYSTEL_BLS12_381_GAMMA)
     , input(input)
     , output(output)
 {
@@ -112,7 +139,7 @@ anemoi_power_three_gadget<FieldT>::anemoi_power_three_gadget(
 // where A0=(0, const_a, 0, 0), B0=(0, 1, 0, 0), C0=(0, 0, 1, 0) and
 // A1=(0, 0, 1, 0), B1=(0, 1, 0, 0), C1=(-const_b, 0, 0, 1)
 template<typename FieldT>
-void anemoi_power_three_gadget<FieldT>::generate_r1cs_constraints()
+void flystel_power_three_gadget<FieldT>::generate_r1cs_constraints()
 {
     // (const_a * input) * input = internal
     this->pb.add_r1cs_constraint(
@@ -125,7 +152,7 @@ void anemoi_power_three_gadget<FieldT>::generate_r1cs_constraints()
 }
 
 template<typename FieldT>
-void anemoi_power_three_gadget<FieldT>::generate_r1cs_witness()
+void flystel_power_three_gadget<FieldT>::generate_r1cs_witness()
 {
     // x_internal = const_a x * x
     this->pb.val(internal) =
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
index 732a57f12..f4da4da2a 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
@@ -15,9 +15,9 @@
 
 using namespace libsnark;
 
-template<typename FieldT> void test_anemoi_power_two_gadget(const size_t n)
+template<typename FieldT> void test_flystel_power_two_gadget(const size_t n)
 {
-    printf("testing anemoi_power_two_gadget on all %zu bit strings\n", n);
+    printf("testing flystel_power_two_gadget on all %zu bit strings\n", n);
 
     protoboard<FieldT> pb;
     pb_variable<FieldT> x;
@@ -29,7 +29,7 @@ template<typename FieldT> void test_anemoi_power_two_gadget(const size_t n)
     y.allocate(pb, "y");
 
     // create gadget
-    anemoi_power_two_gadget<FieldT> d(pb, x, y, "d");
+    flystel_power_two_gadget<FieldT> d(pb, x, y, "d");
     // generate contraints
     d.generate_r1cs_constraints();
     // set input value
@@ -41,12 +41,12 @@ template<typename FieldT> void test_anemoi_power_two_gadget(const size_t n)
     ASSERT_EQ(pb.val(y), 13);
     ASSERT_TRUE(pb.is_satisfied());
 
-    libff::print_time("anemoi_power_two_gadget tests successful");
+    libff::print_time("flystel_power_two_gadget tests successful");
 }
 
-template<typename FieldT> void test_anemoi_power_three_gadget(const size_t n)
+template<typename FieldT> void test_flystel_power_three_gadget(const size_t n)
 {
-    printf("testing anemoi_power_three_gadget on all %zu bit strings\n", n);
+    printf("testing flystel_power_three_gadget on all %zu bit strings\n", n);
 
     protoboard<FieldT> pb;
     pb_variable<FieldT> x;
@@ -58,7 +58,7 @@ template<typename FieldT> void test_anemoi_power_three_gadget(const size_t n)
     y.allocate(pb, "y");
 
     // create gadget
-    anemoi_power_three_gadget<FieldT> d(pb, x, y, "d");
+    flystel_power_three_gadget<FieldT> d(pb, x, y, "d");
     // generate contraints
     d.generate_r1cs_constraints();
     // set input value
@@ -70,13 +70,13 @@ template<typename FieldT> void test_anemoi_power_three_gadget(const size_t n)
     ASSERT_EQ(pb.val(y), 21);
     ASSERT_TRUE(pb.is_satisfied());
 
-    libff::print_time("anemoi_power_three_gadget tests successful");
+    libff::print_time("flystel_power_three_gadget tests successful");
 }
 
 int main(void)
 {
     libff::start_profiling();
     libff::default_ec_pp::init_public_params();
-    test_anemoi_power_two_gadget<libff::Fr<libff::default_ec_pp>>(10);
-    test_anemoi_power_three_gadget<libff::Fr<libff::default_ec_pp>>(10);
+    test_flystel_power_two_gadget<libff::Fr<libff::default_ec_pp>>(10);
+    test_flystel_power_three_gadget<libff::Fr<libff::default_ec_pp>>(10);
 }

From 165a7e2efe400710745829e2e0e0b13fde6fe253 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Thu, 8 Sep 2022 10:58:07 +0100
Subject: [PATCH 015/112] anemoi: added flystel power 5 gadget for opertion
 y=x^5

---
 .../hashes/anemoi/anemoi_components.hpp       | 27 +++++++++
 .../hashes/anemoi/anemoi_components.tcc       | 59 +++++++++++++++++++
 .../anemoi/tests/test_anemoi_gadget.cpp       | 30 ++++++++++
 3 files changed, 116 insertions(+)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
index f37ee0e2c..1a4552a17 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
@@ -20,6 +20,8 @@
 namespace libsnark
 {
 
+// TODO: template-ize the following constants
+
 #define FLYSTEL_BLS12_381_ALPHA 5
 // equals to G1
 #define FLYSTEL_BLS12_381_BETA 2
@@ -83,6 +85,31 @@ class flystel_power_three_gadget : public gadget<FieldT>
     void generate_r1cs_witness();
 };
 
+/// Compute y = x^5
+/// x: input
+/// y: output
+template<typename FieldT>
+class flystel_power_five_gadget : public gadget<FieldT>
+{
+private:
+    /// internal (i.e. intermediate) variable: x2,x3
+    std::array<pb_variable<FieldT>, 2> internal;
+
+public:
+    /// input/output: x1,x4
+    const pb_variable<FieldT> input;
+    const pb_variable<FieldT> output;
+
+    flystel_power_five_gadget(
+        protoboard<FieldT> &pb,
+        const pb_variable<FieldT> &input,
+        const pb_variable<FieldT> &output,
+        const std::string &annotation_prefix = "");
+
+    void generate_r1cs_constraints();
+    void generate_r1cs_witness();
+};
+
 } // namespace libsnark
 
 #include <libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc>
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
index c07f5f8ab..1b5383432 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
@@ -162,6 +162,65 @@ void flystel_power_three_gadget<FieldT>::generate_r1cs_witness()
         this->pb.val(internal) * this->pb.val(input) + this->const_b;
 }
 
+template<typename FieldT>
+flystel_power_five_gadget<FieldT>::flystel_power_five_gadget(
+    protoboard<FieldT> &pb,
+    const pb_variable<FieldT> &input,
+    const pb_variable<FieldT> &output,
+    const std::string &annotation_prefix)
+    : gadget<FieldT>(pb, annotation_prefix), input(input), output(output)
+{
+    internal[0].allocate(this->pb, " internal 1");
+    internal[1].allocate(this->pb, " internal 2");
+}
+
+// R1CS constraints for the operation y = x^5 with x=input,
+// y=output. This operation is represented with three multiplications
+// as y = (temp * temp * x), temp = x * x. Equivalently:
+//
+// x1 * x1 = x2
+// x2 * x2 = x3
+// x1 * x3 = x4
+//
+// for the variables vector X = (x0=1, x1=input, x2=internal,
+// x3=internal, x4=output). The above system is represented with 3
+// R1CS constraints resp.:
+//
+// < A0 , X > * < B0 , X > = < C0 , X > ,
+// < A1 , X > * < B1 , X > = < C1 , X > ,
+// < A2 , X > * < B2 , X > = < C2 , X >
+//
+// where A0=(01000), B0=(01000), C0=(00100); A1=(00100), B0=(00100),
+// C0=(00010) and A2=(01000), B2=(00010), C2=(00001)
+template<typename FieldT>
+void flystel_power_five_gadget<FieldT>::generate_r1cs_constraints()
+{
+    // x1*x1 = x2
+    this->pb.add_r1cs_constraint(
+        r1cs_constraint<FieldT>(input, input, internal[0]),
+        FMT(this->annotation_prefix, " x * x = x^2"));
+    // x2*x2 = x3
+    this->pb.add_r1cs_constraint(
+        r1cs_constraint<FieldT>(internal[0], internal[0], internal[1]),
+        FMT(this->annotation_prefix, " x^2 * x^2 = x^4"));
+    // x1*x3 = x4
+    this->pb.add_r1cs_constraint(
+        r1cs_constraint<FieldT>(input, internal[1], output),
+        FMT(this->annotation_prefix, " x^1 * x^4 = x^5"));
+}
+
+template<typename FieldT>
+void flystel_power_five_gadget<FieldT>::generate_r1cs_witness()
+{
+    // x2 = x1 * x1
+    this->pb.val(internal[0]) = (this->pb.val(input)) * this->pb.val(input);
+    // x3 = x2 * x2
+    this->pb.val(internal[1]) =
+        (this->pb.val(internal[0])) * this->pb.val(internal[0]);
+    // y = x1 * x3
+    this->pb.val(output) = this->pb.val(input) * this->pb.val(internal[1]);
+}
+
 } // namespace libsnark
 
 #endif // LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_COMPONENTS_TCC_
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
index f4da4da2a..c5c1f9620 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
@@ -73,10 +73,40 @@ template<typename FieldT> void test_flystel_power_three_gadget(const size_t n)
     libff::print_time("flystel_power_three_gadget tests successful");
 }
 
+template<typename FieldT> void test_flystel_power_five_gadget(const size_t n)
+{
+    printf("testing flystel_power_five_gadget on all %zu bit strings\n", n);
+
+    protoboard<FieldT> pb;
+    pb_variable<FieldT> x;
+    pb_variable<FieldT> y;
+
+    // input
+    x.allocate(pb, "x");
+    // output
+    y.allocate(pb, "y");
+
+    // create gadget
+    flystel_power_five_gadget<FieldT> d(pb, x, y, "d");
+    // generate contraints
+    d.generate_r1cs_constraints();
+    // set input value
+    pb.val(x) = 2;
+    // generate witness for the given input
+    d.generate_r1cs_witness();
+
+    // the expected output is 32 for input 2
+    ASSERT_EQ(pb.val(y), 32);
+    ASSERT_TRUE(pb.is_satisfied());
+
+    libff::print_time("flystel_power_five_gadget tests successful");
+}
+
 int main(void)
 {
     libff::start_profiling();
     libff::default_ec_pp::init_public_params();
     test_flystel_power_two_gadget<libff::Fr<libff::default_ec_pp>>(10);
     test_flystel_power_three_gadget<libff::Fr<libff::default_ec_pp>>(10);
+    test_flystel_power_five_gadget<libff::Fr<libff::default_ec_pp>>(10);
 }

From a92d59d444a5f6150145e72f7ac0f1097752cb86 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Thu, 8 Sep 2022 13:01:11 +0100
Subject: [PATCH 016/112] anemoi: added gadgets for the Qi and Qf components of
 the Flystel s-box for prime and binary fields; inherit the power 2 and power
 3 gadget classes

---
 .../hashes/anemoi/anemoi_components.hpp       | 48 +++++++++++++++++++
 .../hashes/anemoi/anemoi_components.tcc       | 44 +++++++++++++++++
 2 files changed, 92 insertions(+)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
index 1a4552a17..2b58477e0 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
@@ -56,6 +56,30 @@ template<typename FieldT> class flystel_power_two_gadget : public gadget<FieldT>
     void generate_r1cs_witness();
 };
 
+/// Flystel Qi function for prime fields:
+/// Qi(x) = beta x^2 + gamma
+template<typename FieldT>
+class flystel_Qi_power_two_gadget : public flystel_power_two_gadget<FieldT>
+{
+    flystel_Qi_power_two_gadget(
+        protoboard<FieldT> &pb,
+        const pb_variable<FieldT> &input,
+        const pb_variable<FieldT> &output,
+        const std::string &annotation_prefix = "");
+};
+
+/// Flystel Qf function for prime fields:
+/// Qf(x) = beta x^2 + delta
+template<typename FieldT>
+class flystel_Qf_power_two_gadget : public flystel_power_two_gadget<FieldT>
+{
+    flystel_Qf_power_two_gadget(
+        protoboard<FieldT> &pb,
+        const pb_variable<FieldT> &input,
+        const pb_variable<FieldT> &output,
+        const std::string &annotation_prefix = "");
+};
+
 /// Compute y = const_a x^3 + const_b
 /// x: input
 /// y: output
@@ -85,6 +109,30 @@ class flystel_power_three_gadget : public gadget<FieldT>
     void generate_r1cs_witness();
 };
 
+/// Flystel Qi function for binary fields:
+/// Qi(x) = beta x^3 + gamma
+template<typename FieldT>
+class flystel_Qi_power_three_gadget : public flystel_power_three_gadget<FieldT>
+{
+    flystel_Qi_power_three_gadget(
+        protoboard<FieldT> &pb,
+        const pb_variable<FieldT> &input,
+        const pb_variable<FieldT> &output,
+        const std::string &annotation_prefix = "");
+};
+
+/// Flystel Qf function for binary fields:
+/// Qf(x) = beta x^3 + delta
+template<typename FieldT>
+class flystel_Qf_power_three_gadget : public flystel_power_three_gadget<FieldT>
+{
+    flystel_Qf_power_three_gadget(
+        protoboard<FieldT> &pb,
+        const pb_variable<FieldT> &input,
+        const pb_variable<FieldT> &output,
+        const std::string &annotation_prefix = "");
+};
+
 /// Compute y = x^5
 /// x: input
 /// y: output
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
index 1b5383432..d6fe6088a 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
@@ -106,6 +106,28 @@ void flystel_power_two_gadget<FieldT>::generate_r1cs_witness()
         this->const_b;
 }
 
+template<typename FieldT>
+flystel_Qi_power_two_gadget<FieldT>::flystel_Qi_power_two_gadget(
+    protoboard<FieldT> &pb,
+    const pb_variable<FieldT> &input,
+    const pb_variable<FieldT> &output,
+    const std::string &annotation_prefix)
+    : flystel_power_two_gadget<FieldT>(
+          pb, FLYSTEL_BLS12_381_BETA, FLYSTEL_BLS12_381_GAMMA, input, output)
+{
+}
+
+template<typename FieldT>
+flystel_Qf_power_two_gadget<FieldT>::flystel_Qf_power_two_gadget(
+    protoboard<FieldT> &pb,
+    const pb_variable<FieldT> &input,
+    const pb_variable<FieldT> &output,
+    const std::string &annotation_prefix)
+    : flystel_power_two_gadget<FieldT>(
+          pb, FLYSTEL_BLS12_381_BETA, FLYSTEL_BLS12_381_DELTA, input, output)
+{
+}
+
 template<typename FieldT>
 flystel_power_three_gadget<FieldT>::flystel_power_three_gadget(
     protoboard<FieldT> &pb,
@@ -174,6 +196,28 @@ flystel_power_five_gadget<FieldT>::flystel_power_five_gadget(
     internal[1].allocate(this->pb, " internal 2");
 }
 
+template<typename FieldT>
+flystel_Qi_power_three_gadget<FieldT>::flystel_Qi_power_three_gadget(
+    protoboard<FieldT> &pb,
+    const pb_variable<FieldT> &input,
+    const pb_variable<FieldT> &output,
+    const std::string &annotation_prefix)
+    : flystel_power_three_gadget<FieldT>(
+          pb, FLYSTEL_BLS12_381_BETA, FLYSTEL_BLS12_381_GAMMA, input, output)
+{
+}
+
+template<typename FieldT>
+flystel_Qf_power_three_gadget<FieldT>::flystel_Qf_power_three_gadget(
+    protoboard<FieldT> &pb,
+    const pb_variable<FieldT> &input,
+    const pb_variable<FieldT> &output,
+    const std::string &annotation_prefix)
+    : flystel_power_three_gadget<FieldT>(
+          pb, FLYSTEL_BLS12_381_BETA, FLYSTEL_BLS12_381_GAMMA, input, output)
+{
+}
+
 // R1CS constraints for the operation y = x^5 with x=input,
 // y=output. This operation is represented with three multiplications
 // as y = (temp * temp * x), temp = x * x. Equivalently:

From 0492bff6cb5da1470d01aa608157378dbc08f66f Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Wed, 14 Sep 2022 18:36:50 +0100
Subject: [PATCH 017/112] anemoi: added gadget for the flystel component for
 prime fields; changed the names of several classes to better reflect their
 purpouse.

---
 .../hashes/anemoi/anemoi_components.hpp       | 118 +++++++++++++-----
 .../hashes/anemoi/anemoi_components.tcc       | 106 +++++++++-------
 2 files changed, 146 insertions(+), 78 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
index 2b58477e0..1d486635e 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
@@ -30,6 +30,8 @@ namespace libsnark
 // TODO: value by spec is G1.inv()
 #define FLYSTEL_BLS12_381_DELTA 0
 
+// --- Prime fields ---
+
 /// Compute y = const_a x^2 + const_b
 /// x: input
 /// y: output
@@ -59,9 +61,10 @@ template<typename FieldT> class flystel_power_two_gadget : public gadget<FieldT>
 /// Flystel Qi function for prime fields:
 /// Qi(x) = beta x^2 + gamma
 template<typename FieldT>
-class flystel_Qi_power_two_gadget : public flystel_power_two_gadget<FieldT>
+class flystel_Q_gamma_prime_field_gadget
+    : public flystel_power_two_gadget<FieldT>
 {
-    flystel_Qi_power_two_gadget(
+    flystel_Q_gamma_prime_field_gadget(
         protoboard<FieldT> &pb,
         const pb_variable<FieldT> &input,
         const pb_variable<FieldT> &output,
@@ -71,15 +74,87 @@ class flystel_Qi_power_two_gadget : public flystel_power_two_gadget<FieldT>
 /// Flystel Qf function for prime fields:
 /// Qf(x) = beta x^2 + delta
 template<typename FieldT>
-class flystel_Qf_power_two_gadget : public flystel_power_two_gadget<FieldT>
+class flystel_Q_delta_prime_field_gadget
+    : public flystel_power_two_gadget<FieldT>
 {
-    flystel_Qf_power_two_gadget(
+    flystel_Q_delta_prime_field_gadget(
         protoboard<FieldT> &pb,
         const pb_variable<FieldT> &input,
         const pb_variable<FieldT> &output,
         const std::string &annotation_prefix = "");
 };
 
+/// Compute y = x^5
+/// x: input
+/// y: output
+template<typename FieldT>
+class flystel_power_five_gadget : public gadget<FieldT>
+{
+private:
+    /// internal (i.e. intermediate) variable: x2,x3
+    std::array<pb_variable<FieldT>, 2> internal;
+
+public:
+    /// input/output: x1,x4
+    const pb_variable<FieldT> input;
+    const pb_variable<FieldT> output;
+
+    flystel_power_five_gadget(
+        protoboard<FieldT> &pb,
+        const pb_variable<FieldT> &input,
+        const pb_variable<FieldT> &output,
+        const std::string &annotation_prefix = "");
+
+    void generate_r1cs_constraints();
+    void generate_r1cs_witness();
+};
+
+/// Anemoi closed Flystel component for fields of prime characteristic
+///
+/// x0,x1: input (y,v in the paper)
+/// y0,y1: output (x,u in the paper)
+///
+/// The component performs the following computation:
+///
+/// y0 = (beta x0^2 + gamma) + (x0-x1)^5
+/// y1 = (beta x1^2 + delta) + (x0-x1)^5
+///
+/// Using Q_gamma, Q_delta and power_five gadgets the above is
+/// equivalent to
+///
+/// y0 = Q_gamma(x0) + power_five(x0-x1)
+/// y1 = Q_delta(x1) + power_five(x0-x1)
+///
+/// \note: in the paper (x0,x1)->(y0,y1) is denoted with (y,v)->(x,u)
+template<typename FieldT>
+class flystel_closed_prime_field_gadget : public gadget<FieldT>
+{
+private:
+    // internal (i.e. intermediate) variables: v3,v4,v5
+    std::array<pb_variable<FieldT>, 4> internal;
+
+public:
+    // (v1,v2)=(x0,x1)
+    std::array<pb_variable<FieldT>, 2> input;
+    // (v7,v8)=(y0,y1)
+    std::array<pb_variable<FieldT>, 2> output;
+
+    flystel_Q_gamma_prime_field_gadget<FieldT> Q_gamma;
+    flystel_Q_delta_prime_field_gadget<FieldT> Q_delta;
+    flystel_power_five_gadget<FieldT> power_five;
+
+    flystel_closed_prime_field_gadget(
+        protoboard<FieldT> &pb,
+        const std::array<pb_variable<FieldT>, 2> &input,
+        const std::array<pb_variable<FieldT>, 2> &output,
+        const std::string &annotation_prefix = "");
+
+    void generate_r1cs_constraints();
+    void generate_r1cs_witness();
+};
+
+// --- Binary fields ---
+
 /// Compute y = const_a x^3 + const_b
 /// x: input
 /// y: output
@@ -112,9 +187,10 @@ class flystel_power_three_gadget : public gadget<FieldT>
 /// Flystel Qi function for binary fields:
 /// Qi(x) = beta x^3 + gamma
 template<typename FieldT>
-class flystel_Qi_power_three_gadget : public flystel_power_three_gadget<FieldT>
+class flystel_Q_gamma_binary_field_gadget
+    : public flystel_power_three_gadget<FieldT>
 {
-    flystel_Qi_power_three_gadget(
+    flystel_Q_gamma_binary_field_gadget(
         protoboard<FieldT> &pb,
         const pb_variable<FieldT> &input,
         const pb_variable<FieldT> &output,
@@ -124,40 +200,16 @@ class flystel_Qi_power_three_gadget : public flystel_power_three_gadget<FieldT>
 /// Flystel Qf function for binary fields:
 /// Qf(x) = beta x^3 + delta
 template<typename FieldT>
-class flystel_Qf_power_three_gadget : public flystel_power_three_gadget<FieldT>
+class flystel_Q_delta_binary_field_gadget
+    : public flystel_power_three_gadget<FieldT>
 {
-    flystel_Qf_power_three_gadget(
+    flystel_Q_delta_binary_field_gadget(
         protoboard<FieldT> &pb,
         const pb_variable<FieldT> &input,
         const pb_variable<FieldT> &output,
         const std::string &annotation_prefix = "");
 };
 
-/// Compute y = x^5
-/// x: input
-/// y: output
-template<typename FieldT>
-class flystel_power_five_gadget : public gadget<FieldT>
-{
-private:
-    /// internal (i.e. intermediate) variable: x2,x3
-    std::array<pb_variable<FieldT>, 2> internal;
-
-public:
-    /// input/output: x1,x4
-    const pb_variable<FieldT> input;
-    const pb_variable<FieldT> output;
-
-    flystel_power_five_gadget(
-        protoboard<FieldT> &pb,
-        const pb_variable<FieldT> &input,
-        const pb_variable<FieldT> &output,
-        const std::string &annotation_prefix = "");
-
-    void generate_r1cs_constraints();
-    void generate_r1cs_witness();
-};
-
 } // namespace libsnark
 
 #include <libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc>
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
index d6fe6088a..4f24408c9 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
@@ -17,33 +17,6 @@
 namespace libsnark
 {
 
-/*
-class flystel_power_two_round_1_gadget : public flystel_power_two_gadget
-{
-flystel_power_two_round_1_gadget(
-rotoboard<FieldT> &pb,
-        const pb_variable<FieldT> &input,
-        const pb_variable<FieldT> &output,
-        const std::string &annotation_prefix = "")
-  : flystel_power_two_gadget(..., ...ALPHA, ... BETA, ...)
-  {
-  }
-}
-
-class flystel_power_two_round_2_gadget : public flystel_power_two_gadget
-{
-flystel_power_two_round_2_gadget(
-rotoboard<FieldT> &pb,
-        const pb_variable<FieldT> &input,
-        const pb_variable<FieldT> &output,
-        const std::string &annotation_prefix = "")
-  : flystel_power_two_gadget(..., flystel_constants_selector<ppT>::BETA, ...
-flystel_constants_selector<ppT>::GAMMA, ...)
-  {
-  }
-}
-*/
-
 template<typename FieldT>
 flystel_power_two_gadget<FieldT>::flystel_power_two_gadget(
     protoboard<FieldT> &pb,
@@ -107,7 +80,7 @@ void flystel_power_two_gadget<FieldT>::generate_r1cs_witness()
 }
 
 template<typename FieldT>
-flystel_Qi_power_two_gadget<FieldT>::flystel_Qi_power_two_gadget(
+flystel_Q_gamma_prime_field_gadget<FieldT>::flystel_Q_gamma_prime_field_gadget(
     protoboard<FieldT> &pb,
     const pb_variable<FieldT> &input,
     const pb_variable<FieldT> &output,
@@ -118,7 +91,7 @@ flystel_Qi_power_two_gadget<FieldT>::flystel_Qi_power_two_gadget(
 }
 
 template<typename FieldT>
-flystel_Qf_power_two_gadget<FieldT>::flystel_Qf_power_two_gadget(
+flystel_Q_delta_prime_field_gadget<FieldT>::flystel_Q_delta_prime_field_gadget(
     protoboard<FieldT> &pb,
     const pb_variable<FieldT> &input,
     const pb_variable<FieldT> &output,
@@ -185,37 +158,39 @@ void flystel_power_three_gadget<FieldT>::generate_r1cs_witness()
 }
 
 template<typename FieldT>
-flystel_power_five_gadget<FieldT>::flystel_power_five_gadget(
-    protoboard<FieldT> &pb,
-    const pb_variable<FieldT> &input,
-    const pb_variable<FieldT> &output,
-    const std::string &annotation_prefix)
-    : gadget<FieldT>(pb, annotation_prefix), input(input), output(output)
+flystel_Q_gamma_binary_field_gadget<FieldT>::
+    flystel_Q_gamma_binary_field_gadget(
+        protoboard<FieldT> &pb,
+        const pb_variable<FieldT> &input,
+        const pb_variable<FieldT> &output,
+        const std::string &annotation_prefix)
+    : flystel_power_three_gadget<FieldT>(
+          pb, FLYSTEL_BLS12_381_BETA, FLYSTEL_BLS12_381_GAMMA, input, output)
 {
-    internal[0].allocate(this->pb, " internal 1");
-    internal[1].allocate(this->pb, " internal 2");
 }
 
 template<typename FieldT>
-flystel_Qi_power_three_gadget<FieldT>::flystel_Qi_power_three_gadget(
-    protoboard<FieldT> &pb,
-    const pb_variable<FieldT> &input,
-    const pb_variable<FieldT> &output,
-    const std::string &annotation_prefix)
+flystel_Q_delta_binary_field_gadget<FieldT>::
+    flystel_Q_delta_binary_field_gadget(
+        protoboard<FieldT> &pb,
+        const pb_variable<FieldT> &input,
+        const pb_variable<FieldT> &output,
+        const std::string &annotation_prefix)
     : flystel_power_three_gadget<FieldT>(
           pb, FLYSTEL_BLS12_381_BETA, FLYSTEL_BLS12_381_GAMMA, input, output)
 {
 }
 
 template<typename FieldT>
-flystel_Qf_power_three_gadget<FieldT>::flystel_Qf_power_three_gadget(
+flystel_power_five_gadget<FieldT>::flystel_power_five_gadget(
     protoboard<FieldT> &pb,
     const pb_variable<FieldT> &input,
     const pb_variable<FieldT> &output,
     const std::string &annotation_prefix)
-    : flystel_power_three_gadget<FieldT>(
-          pb, FLYSTEL_BLS12_381_BETA, FLYSTEL_BLS12_381_GAMMA, input, output)
+    : gadget<FieldT>(pb, annotation_prefix), input(input), output(output)
 {
+    internal[0].allocate(this->pb, " internal 1");
+    internal[1].allocate(this->pb, " internal 2");
 }
 
 // R1CS constraints for the operation y = x^5 with x=input,
@@ -265,6 +240,47 @@ void flystel_power_five_gadget<FieldT>::generate_r1cs_witness()
     this->pb.val(output) = this->pb.val(input) * this->pb.val(internal[1]);
 }
 
+template<typename FieldT>
+flystel_closed_prime_field_gadget<FieldT>::flystel_closed_prime_field_gadget(
+    protoboard<FieldT> &pb,
+    const std::array<pb_variable<FieldT>, 2> &input,
+    const std::array<pb_variable<FieldT>, 2> &output,
+    const std::string &annotation_prefix)
+    : flystel_Q_gamma_prime_field_gadget<FieldT>(pb, input[0], internal[0])
+    , flystel_Q_delta_prime_field_gadget<FieldT>(pb, input[1], internal[2])
+    , flystel_power_five_gadget<FieldT>(pb, input[0] - input[1], internal[1])
+{
+    internal[0].allocate(this->pb, " v3");
+    internal[1].allocate(this->pb, " v4");
+    internal[2].allocate(this->pb, " v5");
+}
+
+// R1CS constraints for the operation
+//
+// y0 = Q_gamma(x0) + power_five(x0-x1)
+// y1 = Q_delta(x1) + power_five(x0-x1)
+//
+// x0=input[0], x1=input[1], y0=output[0], y1=output[1].
+//
+// The function generates the constraints for the three gadgets:
+// Q_gamma, Q_delta, power_five by calling their corresponding
+// generate_r1cs_constraints() methods
+template<typename FieldT>
+void flystel_closed_prime_field_gadget<FieldT>::generate_r1cs_constraints()
+{
+    Q_gamma.generate_r1cs_constraints();
+    Q_delta.generate_r1cs_constraints();
+    power_five.generate_r1cs_constraints();
+}
+
+template<typename FieldT>
+void flystel_closed_prime_field_gadget<FieldT>::generate_r1cs_witness()
+{
+    Q_gamma.generate_r1cs_witness();
+    Q_delta.generate_r1cs_witness();
+    power_five.generate_r1cs_witness();
+}
+
 } // namespace libsnark
 
 #endif // LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_COMPONENTS_TCC_

From d038da17cdb28f7f6551dc19e990d134a25a93c5 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Thu, 15 Sep 2022 17:00:37 +0100
Subject: [PATCH 018/112] anemoi: started implementation of anemoi permutation
 gadget for prime fields

---
 .../hashes/anemoi/anemoi_components.hpp       | 40 +++++++++++++++++++
 .../anemoi/tests/test_anemoi_gadget.cpp       |  2 +
 2 files changed, 42 insertions(+)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
index 1d486635e..e81a86020 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
@@ -126,6 +126,7 @@ class flystel_power_five_gadget : public gadget<FieldT>
 /// y1 = Q_delta(x1) + power_five(x0-x1)
 ///
 /// \note: in the paper (x0,x1)->(y0,y1) is denoted with (y,v)->(x,u)
+// template<typename FieldT, FieldT beta, FieldT gamma, DeildT delta>
 template<typename FieldT>
 class flystel_closed_prime_field_gadget : public gadget<FieldT>
 {
@@ -153,6 +154,45 @@ class flystel_closed_prime_field_gadget : public gadget<FieldT>
     void generate_r1cs_witness();
 };
 
+/// One round of the Anemoi permutation mapping (Fr)^{2l} -> (Fr)^{2l}
+///
+/// NumStateColumns_L : l parameter - number of columns in the
+///                     state. each column is composed of 2 elements
+///                     in F_r. One Flystel Sbox accepts 1 column as
+///                     input. There are l Flystel-s in 1 round of the
+///                     Anemoi permutation applied in parallel.
+///
+/// x0,x1: input
+/// y0,y1: output
+///
+// template<typename FieldT, FieldT beta, FieldT gamma, FieldT delta>
+template<typename FieldT, size_t NumStateColumns_L>
+class anemoi_permutation_round_prime_field_gadget : public gadget<FieldT>
+{
+private:
+    // internal (i.e. intermediate) variables: v3,v4,v5
+    std::array<pb_variable<FieldT>, 4> internal;
+
+public:
+    // (v1,v2)=(x0,x1)
+    std::array<pb_variable<FieldT>, 2> input;
+    // (v7,v8)=(y0,y1)
+    std::array<pb_variable<FieldT>, 2> output;
+
+    flystel_Q_gamma_prime_field_gadget<FieldT> Q_gamma;
+    flystel_Q_delta_prime_field_gadget<FieldT> Q_delta;
+    flystel_power_five_gadget<FieldT> power_five;
+
+    anemoi_permutation_round_prime_field_gadget(
+        protoboard<FieldT> &pb,
+        const std::array<pb_variable<FieldT>, 2> &input,
+        const std::array<pb_variable<FieldT>, 2> &output,
+        const std::string &annotation_prefix = "");
+
+    void generate_r1cs_constraints();
+    void generate_r1cs_witness();
+};
+
 // --- Binary fields ---
 
 /// Compute y = const_a x^3 + const_b
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
index c5c1f9620..16a9f0994 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
@@ -6,6 +6,7 @@
  *****************************************************************************/
 
 #include <gtest/gtest.h>
+//#include <libff/algebra/curves/bls12_381/bls12_381_pp.hpp>
 #include <libff/common/default_types/ec_pp.hpp>
 #include <libff/common/profiling.hpp>
 #include <libff/common/utils.hpp>
@@ -109,4 +110,5 @@ int main(void)
     test_flystel_power_two_gadget<libff::Fr<libff::default_ec_pp>>(10);
     test_flystel_power_three_gadget<libff::Fr<libff::default_ec_pp>>(10);
     test_flystel_power_five_gadget<libff::Fr<libff::default_ec_pp>>(10);
+    //    test_flystel_power_two_gadget<libff::bls12_381_Fr>(10);
 }

From 9206d9bfaee409b112c1ca4554fccd202754a778 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Fri, 16 Sep 2022 16:04:59 +0100
Subject: [PATCH 019/112] anemoi: started specialization of the components
 (Q_gamma, Q_delta, Flystel) in terms of the round constants beta, gamma,
 delta (WIP).

---
 .../hashes/anemoi/anemoi_components.hpp       | 51 ++++++----
 .../hashes/anemoi/anemoi_components.tcc       | 94 ++++++++++++-------
 .../anemoi/tests/test_anemoi_gadget.cpp       | 52 +++++++---
 3 files changed, 134 insertions(+), 63 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
index e81a86020..8d69c815a 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
@@ -33,10 +33,13 @@ namespace libsnark
 // --- Prime fields ---
 
 /// Compute y = const_a x^2 + const_b
+/// The constants const_a and const_b are curve/field dependent and
+/// are so added in the template
+///
 /// x: input
 /// y: output
-/// const_a, const_b: constants
-template<typename FieldT> class flystel_power_two_gadget : public gadget<FieldT>
+template<typename FieldT, FieldT Const_A, FieldT Const_B>
+class flystel_power_two_gadget : public gadget<FieldT>
 {
 private:
     // constants
@@ -60,9 +63,9 @@ template<typename FieldT> class flystel_power_two_gadget : public gadget<FieldT>
 
 /// Flystel Qi function for prime fields:
 /// Qi(x) = beta x^2 + gamma
-template<typename FieldT>
+template<typename FieldT, FieldT Const_A, FieldT Const_B>
 class flystel_Q_gamma_prime_field_gadget
-    : public flystel_power_two_gadget<FieldT>
+    : public flystel_power_two_gadget<FieldT, Const_A, Const_B>
 {
     flystel_Q_gamma_prime_field_gadget(
         protoboard<FieldT> &pb,
@@ -73,9 +76,9 @@ class flystel_Q_gamma_prime_field_gadget
 
 /// Flystel Qf function for prime fields:
 /// Qf(x) = beta x^2 + delta
-template<typename FieldT>
+template<typename FieldT, FieldT Const_A, FieldT Const_B>
 class flystel_Q_delta_prime_field_gadget
-    : public flystel_power_two_gadget<FieldT>
+    : public flystel_power_two_gadget<FieldT, Const_A, Const_B>
 {
     flystel_Q_delta_prime_field_gadget(
         protoboard<FieldT> &pb,
@@ -127,7 +130,11 @@ class flystel_power_five_gadget : public gadget<FieldT>
 ///
 /// \note: in the paper (x0,x1)->(y0,y1) is denoted with (y,v)->(x,u)
 // template<typename FieldT, FieldT beta, FieldT gamma, DeildT delta>
-template<typename FieldT>
+template<
+    typename FieldT,
+    FieldT Const_Beta,
+    FieldT Const_Gamma,
+    FieldT Const_Delta>
 class flystel_closed_prime_field_gadget : public gadget<FieldT>
 {
 private:
@@ -140,8 +147,8 @@ class flystel_closed_prime_field_gadget : public gadget<FieldT>
     // (v7,v8)=(y0,y1)
     std::array<pb_variable<FieldT>, 2> output;
 
-    flystel_Q_gamma_prime_field_gadget<FieldT> Q_gamma;
-    flystel_Q_delta_prime_field_gadget<FieldT> Q_delta;
+    flystel_Q_gamma_prime_field_gadget<FieldT, Const_Beta, Const_Gamma> Q_gamma;
+    flystel_Q_delta_prime_field_gadget<FieldT, Const_Beta, Const_Delta> Q_delta;
     flystel_power_five_gadget<FieldT> power_five;
 
     flystel_closed_prime_field_gadget(
@@ -166,7 +173,12 @@ class flystel_closed_prime_field_gadget : public gadget<FieldT>
 /// y0,y1: output
 ///
 // template<typename FieldT, FieldT beta, FieldT gamma, FieldT delta>
-template<typename FieldT, size_t NumStateColumns_L>
+template<
+    typename FieldT,
+    FieldT Const_Beta,
+    FieldT Const_Gamma,
+    FieldT Const_Delta,
+    size_t NumStateColumns_L>
 class anemoi_permutation_round_prime_field_gadget : public gadget<FieldT>
 {
 private:
@@ -174,19 +186,20 @@ class anemoi_permutation_round_prime_field_gadget : public gadget<FieldT>
     std::array<pb_variable<FieldT>, 4> internal;
 
 public:
-    // (v1,v2)=(x0,x1)
-    std::array<pb_variable<FieldT>, 2> input;
-    // (v7,v8)=(y0,y1)
-    std::array<pb_variable<FieldT>, 2> output;
+    std::array<pb_variable<FieldT>, 2 * NumStateColumns_L> input;
+    std::array<pb_variable<FieldT>, 2 * NumStateColumns_L> output;
 
-    flystel_Q_gamma_prime_field_gadget<FieldT> Q_gamma;
-    flystel_Q_delta_prime_field_gadget<FieldT> Q_delta;
-    flystel_power_five_gadget<FieldT> power_five;
+    flystel_closed_prime_field_gadget<
+        FieldT,
+        Const_Beta,
+        Const_Gamma,
+        Const_Delta>
+        flystel;
 
     anemoi_permutation_round_prime_field_gadget(
         protoboard<FieldT> &pb,
-        const std::array<pb_variable<FieldT>, 2> &input,
-        const std::array<pb_variable<FieldT>, 2> &output,
+        const std::array<pb_variable<FieldT>, (2 * NumStateColumns_L)> &input,
+        const std::array<pb_variable<FieldT>, (2 * NumStateColumns_L)> &output,
         const std::string &annotation_prefix = "");
 
     void generate_r1cs_constraints();
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
index 4f24408c9..b7fc3b4dd 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
@@ -17,8 +17,8 @@
 namespace libsnark
 {
 
-template<typename FieldT>
-flystel_power_two_gadget<FieldT>::flystel_power_two_gadget(
+template<typename FieldT, FieldT Const_A, FieldT Const_B>
+flystel_power_two_gadget<FieldT, Const_A, Const_B>::flystel_power_two_gadget(
     protoboard<FieldT> &pb,
     const pb_variable<FieldT> &input,
     const pb_variable<FieldT> &output,
@@ -56,8 +56,9 @@ flystel_power_two_gadget<FieldT>::flystel_power_two_gadget(
 // < A , X > * < B , X > = < C , X >
 //
 // where A =(0, const_a, 0), B=(0, 1, 0) and C =(-const_b, 0, 1)
-template<typename FieldT>
-void flystel_power_two_gadget<FieldT>::generate_r1cs_constraints()
+template<typename FieldT, FieldT Const_A, FieldT Const_B>
+void flystel_power_two_gadget<FieldT, Const_A, Const_B>::
+    generate_r1cs_constraints()
 {
     // Constraint has the form:
     //   const_a * input^2 + const_b = output
@@ -70,8 +71,8 @@ void flystel_power_two_gadget<FieldT>::generate_r1cs_constraints()
 
 // compute a witness y for a given input x for the computation y =
 // const_a x^2 + const_b, where x=input, y=output
-template<typename FieldT>
-void flystel_power_two_gadget<FieldT>::generate_r1cs_witness()
+template<typename FieldT, FieldT Const_A, FieldT Const_B>
+void flystel_power_two_gadget<FieldT, Const_A, Const_B>::generate_r1cs_witness()
 {
     // y = const_a x^2 + const_b
     this->pb.val(output) =
@@ -79,24 +80,26 @@ void flystel_power_two_gadget<FieldT>::generate_r1cs_witness()
         this->const_b;
 }
 
-template<typename FieldT>
-flystel_Q_gamma_prime_field_gadget<FieldT>::flystel_Q_gamma_prime_field_gadget(
-    protoboard<FieldT> &pb,
-    const pb_variable<FieldT> &input,
-    const pb_variable<FieldT> &output,
-    const std::string &annotation_prefix)
-    : flystel_power_two_gadget<FieldT>(
+template<typename FieldT, FieldT Const_A, FieldT Const_B>
+flystel_Q_gamma_prime_field_gadget<FieldT, Const_A, Const_B>::
+    flystel_Q_gamma_prime_field_gadget(
+        protoboard<FieldT> &pb,
+        const pb_variable<FieldT> &input,
+        const pb_variable<FieldT> &output,
+        const std::string &annotation_prefix)
+    : flystel_power_two_gadget<FieldT, Const_A, Const_B>(
           pb, FLYSTEL_BLS12_381_BETA, FLYSTEL_BLS12_381_GAMMA, input, output)
 {
 }
 
-template<typename FieldT>
-flystel_Q_delta_prime_field_gadget<FieldT>::flystel_Q_delta_prime_field_gadget(
-    protoboard<FieldT> &pb,
-    const pb_variable<FieldT> &input,
-    const pb_variable<FieldT> &output,
-    const std::string &annotation_prefix)
-    : flystel_power_two_gadget<FieldT>(
+template<typename FieldT, FieldT Const_A, FieldT Const_B>
+flystel_Q_delta_prime_field_gadget<FieldT, Const_A, Const_B>::
+    flystel_Q_delta_prime_field_gadget(
+        protoboard<FieldT> &pb,
+        const pb_variable<FieldT> &input,
+        const pb_variable<FieldT> &output,
+        const std::string &annotation_prefix)
+    : flystel_power_two_gadget<FieldT, Const_A, Const_B>(
           pb, FLYSTEL_BLS12_381_BETA, FLYSTEL_BLS12_381_DELTA, input, output)
 {
 }
@@ -240,14 +243,25 @@ void flystel_power_five_gadget<FieldT>::generate_r1cs_witness()
     this->pb.val(output) = this->pb.val(input) * this->pb.val(internal[1]);
 }
 
-template<typename FieldT>
-flystel_closed_prime_field_gadget<FieldT>::flystel_closed_prime_field_gadget(
-    protoboard<FieldT> &pb,
-    const std::array<pb_variable<FieldT>, 2> &input,
-    const std::array<pb_variable<FieldT>, 2> &output,
-    const std::string &annotation_prefix)
-    : flystel_Q_gamma_prime_field_gadget<FieldT>(pb, input[0], internal[0])
-    , flystel_Q_delta_prime_field_gadget<FieldT>(pb, input[1], internal[2])
+template<
+    typename FieldT,
+    FieldT Const_Beta,
+    FieldT Const_Gamma,
+    FieldT Const_Delta>
+flystel_closed_prime_field_gadget<
+    FieldT,
+    Const_Beta,
+    Const_Gamma,
+    Const_Delta>::
+    flystel_closed_prime_field_gadget(
+        protoboard<FieldT> &pb,
+        const std::array<pb_variable<FieldT>, 2> &input,
+        const std::array<pb_variable<FieldT>, 2> &output,
+        const std::string &annotation_prefix)
+    : flystel_Q_gamma_prime_field_gadget<FieldT, Const_Beta, Const_Gamma>(
+          pb, input[0], internal[0])
+    , flystel_Q_delta_prime_field_gadget<FieldT, Const_Beta, Const_Delta>(
+          pb, input[1], internal[2])
     , flystel_power_five_gadget<FieldT>(pb, input[0] - input[1], internal[1])
 {
     internal[0].allocate(this->pb, " v3");
@@ -265,16 +279,32 @@ flystel_closed_prime_field_gadget<FieldT>::flystel_closed_prime_field_gadget(
 // The function generates the constraints for the three gadgets:
 // Q_gamma, Q_delta, power_five by calling their corresponding
 // generate_r1cs_constraints() methods
-template<typename FieldT>
-void flystel_closed_prime_field_gadget<FieldT>::generate_r1cs_constraints()
+template<
+    typename FieldT,
+    FieldT Const_Beta,
+    FieldT Const_Gamma,
+    FieldT Const_Delta>
+void flystel_closed_prime_field_gadget<
+    FieldT,
+    Const_Beta,
+    Const_Gamma,
+    Const_Delta>::generate_r1cs_constraints()
 {
     Q_gamma.generate_r1cs_constraints();
     Q_delta.generate_r1cs_constraints();
     power_five.generate_r1cs_constraints();
 }
 
-template<typename FieldT>
-void flystel_closed_prime_field_gadget<FieldT>::generate_r1cs_witness()
+template<
+    typename FieldT,
+    FieldT Const_Beta,
+    FieldT Const_Gamma,
+    FieldT Const_Delta>
+void flystel_closed_prime_field_gadget<
+    FieldT,
+    Const_Beta,
+    Const_Gamma,
+    Const_Delta>::generate_r1cs_witness()
 {
     Q_gamma.generate_r1cs_witness();
     Q_delta.generate_r1cs_witness();
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
index 16a9f0994..1f73331d9 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
@@ -6,20 +6,27 @@
  *****************************************************************************/
 
 #include <gtest/gtest.h>
-//#include <libff/algebra/curves/bls12_381/bls12_381_pp.hpp>
+#include <libff/algebra/curves/bls12_381/bls12_381_pp.hpp>
 #include <libff/common/default_types/ec_pp.hpp>
 #include <libff/common/profiling.hpp>
 #include <libff/common/utils.hpp>
-#include <libsnark/common/default_types/r1cs_ppzksnark_pp.hpp> // VV
+#include <libsnark/common/default_types/r1cs_ppzksnark_pp.hpp>
 #include <libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp>
-#include <libsnark/zk_proof_systems/ppzksnark/r1cs_ppzksnark/r1cs_ppzksnark.hpp> // VV
+#include <libsnark/zk_proof_systems/ppzksnark/r1cs_ppzksnark/r1cs_ppzksnark.hpp>
 
 using namespace libsnark;
 
-template<typename FieldT> void test_flystel_power_two_gadget(const size_t n)
+template<typename T, const T x> void foo()
 {
-    printf("testing flystel_power_two_gadget on all %zu bit strings\n", n);
+    //    printf("[%s:%d] %s() x %d\n", __FILE__, __LINE__, __FUNCTION__, x);
+}
 
+// template<typename FieldT, FieldT Const_A, FieldT Const_B>
+template<typename FieldT, const FieldT A>
+void test_flystel_power_two_gadget(const size_t n)
+{
+    printf("testing flystel_power_two_gadget on all %zu bit strings\n", n);
+#if 0
     protoboard<FieldT> pb;
     pb_variable<FieldT> x;
     pb_variable<FieldT> y;
@@ -30,7 +37,7 @@ template<typename FieldT> void test_flystel_power_two_gadget(const size_t n)
     y.allocate(pb, "y");
 
     // create gadget
-    flystel_power_two_gadget<FieldT> d(pb, x, y, "d");
+    flystel_power_two_gadget<FieldT, Const_A, Const_B> d(pb, x, y, "d");
     // generate contraints
     d.generate_r1cs_constraints();
     // set input value
@@ -41,7 +48,7 @@ template<typename FieldT> void test_flystel_power_two_gadget(const size_t n)
     // the expected output is 13 for input 2
     ASSERT_EQ(pb.val(y), 13);
     ASSERT_TRUE(pb.is_satisfied());
-
+#endif
     libff::print_time("flystel_power_two_gadget tests successful");
 }
 
@@ -106,9 +113,30 @@ template<typename FieldT> void test_flystel_power_five_gadget(const size_t n)
 int main(void)
 {
     libff::start_profiling();
-    libff::default_ec_pp::init_public_params();
-    test_flystel_power_two_gadget<libff::Fr<libff::default_ec_pp>>(10);
-    test_flystel_power_three_gadget<libff::Fr<libff::default_ec_pp>>(10);
-    test_flystel_power_five_gadget<libff::Fr<libff::default_ec_pp>>(10);
-    //    test_flystel_power_two_gadget<libff::bls12_381_Fr>(10);
+    //    libff::default_ec_pp::init_public_params();
+    libff::bls12_381_pp::init_public_params();
+    //    using Field = libff::Fr<libff::default_ec_pp>;
+    using Field = libff::Fr<libff::bls12_381_pp>;
+    //    const Field temp = Field(2);
+    //    Field temp_inv = temp.inverse();
+    //    Field a = Field::random_element();
+    // for BLS12-381
+    // beta = g = first multiplicative generator = 7.
+    // delta = g^(-1)
+    // 14981678621464625851270783002338847382197300714436467949315331057125308909861
+    Field a = Field(7);
+    Field a_inv = a.inverse();
+    assert((a * a_inv) == Field::one());
+    a_inv.print();
+
+    //    const int x = 76;
+    //    foo<int, x>();
+    //    test_flystel_power_two_gadget<Field, temp>(10);
+    // test_flystel_power_two_gadget<
+    //        libff::Fr<libff::default_ec_pp>,
+    //        FLYSTEL_BLS12_381_BETA,
+    //        FLYSTEL_BLS12_381_GAMMA>(10);
+    //    test_flystel_power_three_gadget<libff::Fr<libff::default_ec_pp>>(10);
+    //    test_flystel_power_five_gadget<libff::Fr<libff::default_ec_pp>>(10);
+    //    //    test_flystel_power_two_gadget<libff::bls12_381_Fr>(10);
 }

From 289d873526abd355b12bbb9f61182c46ea201078 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Mon, 19 Sep 2022 17:05:26 +0100
Subject: [PATCH 020/112] anemoi: improved specialization of anemoi components;
 updated anemoi round permutation gadget.

---
 .../hashes/anemoi/anemoi_components.hpp       | 211 ++++++-------
 .../hashes/anemoi/anemoi_components.tcc       | 292 +++++++++---------
 .../anemoi/tests/test_anemoi_gadget.cpp       |  65 ++--
 3 files changed, 269 insertions(+), 299 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
index 8d69c815a..4518fd718 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
@@ -12,46 +12,46 @@
 #ifndef LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_COMPONENTS_HPP_
 #define LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_COMPONENTS_HPP_
 
-#include <libsnark/common/data_structures/merkle_tree.hpp>
 #include <libsnark/gadgetlib1/gadgets/basic_gadgets.hpp>
-#include <libsnark/gadgetlib1/gadgets/hashes/hash_io.hpp>
-#include <libsnark/gadgetlib1/gadgets/hashes/sha256/sha256_components.hpp>
 
 namespace libsnark
 {
 
-// TODO: template-ize the following constants
+#define FLYSTEL_DEBUG
 
-#define FLYSTEL_BLS12_381_ALPHA 5
-// equals to G1
-#define FLYSTEL_BLS12_381_BETA 2
-// TODO: value by spec is 0
-#define FLYSTEL_BLS12_381_GAMMA 5
-// TODO: value by spec is G1.inv()
-#define FLYSTEL_BLS12_381_DELTA 0
+#define FLYSTEL_MULTIPLICATIVE_SUBGROUP_GENERATOR 7
 
-// --- Prime fields ---
+// original constants by specification
+// for BLS12-381
+// beta = g = first multiplicative generator = 7.
+// delta = g^(-1) =
+// 14981678621464625851270783002338847382197300714436467949315331057125308909861
+// gamma = 0
 
-/// Compute y = const_a x^2 + const_b
-/// The constants const_a and const_b are curve/field dependent and
-/// are so added in the template
-///
+// constants used for debug
+#define DEBUG_FLYSTEL_ALPHA FLYSTEL_ALPHA
+#define DEBUG_FLYSTEL_BETA 2
+#define DEBUG_FLYSTEL_GAMMA 5
+#define DEBUG_FLYSTEL_DELTA 0
+
+/// Flystel Qf function for prime fields:
+/// Qf(x) = beta x^2 + gamma
 /// x: input
 /// y: output
-template<typename FieldT, FieldT Const_A, FieldT Const_B>
-class flystel_power_two_gadget : public gadget<FieldT>
+template<typename FieldT, size_t generator>
+class flystel_Q_gamma_prime_field_gadget : public gadget<FieldT>
 {
 private:
     // constants
-    const FieldT const_a;
-    const FieldT const_b;
+    const FieldT beta;
+    const FieldT gamma;
 
 public:
     // input/output
     const pb_variable<FieldT> input;
     const pb_variable<FieldT> output;
 
-    flystel_power_two_gadget(
+    flystel_Q_gamma_prime_field_gadget(
         protoboard<FieldT> &pb,
         const pb_variable<FieldT> &input,
         const pb_variable<FieldT> &output,
@@ -61,37 +61,70 @@ class flystel_power_two_gadget : public gadget<FieldT>
     void generate_r1cs_witness();
 };
 
-/// Flystel Qi function for prime fields:
-/// Qi(x) = beta x^2 + gamma
-template<typename FieldT, FieldT Const_A, FieldT Const_B>
-class flystel_Q_gamma_prime_field_gadget
-    : public flystel_power_two_gadget<FieldT, Const_A, Const_B>
+/// Flystel Qf function for prime fields:
+/// Qf(x) = beta x^2 + delta
+/// x: input
+/// y: output
+template<typename FieldT, size_t generator>
+class flystel_Q_delta_prime_field_gadget : public gadget<FieldT>
 {
-    flystel_Q_gamma_prime_field_gadget(
+private:
+    // constants
+    const FieldT beta;
+    const FieldT delta;
+
+public:
+    // input/output
+    const pb_variable<FieldT> input;
+    const pb_variable<FieldT> output;
+
+    flystel_Q_delta_prime_field_gadget(
         protoboard<FieldT> &pb,
         const pb_variable<FieldT> &input,
         const pb_variable<FieldT> &output,
         const std::string &annotation_prefix = "");
+
+    void generate_r1cs_constraints();
+    void generate_r1cs_witness();
 };
 
-/// Flystel Qf function for prime fields:
-/// Qf(x) = beta x^2 + delta
-template<typename FieldT, FieldT Const_A, FieldT Const_B>
-class flystel_Q_delta_prime_field_gadget
-    : public flystel_power_two_gadget<FieldT, Const_A, Const_B>
+/// Flystel Qi function for binary fields:
+/// Qi(x) = beta x^3 + gamma
+///
+/// Compute y = beta x^3 + gamma
+/// x: input
+/// y: output
+/// beta, gamma: constants
+template<typename FieldT, size_t generator>
+class flystel_Q_gamma_binary_field_gadget : public gadget<FieldT>
 {
-    flystel_Q_delta_prime_field_gadget(
+private:
+    /// internal (i.e. intermediate) variable
+    pb_variable<FieldT> internal;
+    /// constants
+    const FieldT beta;
+    const FieldT gamma;
+
+public:
+    /// input/output
+    const pb_variable<FieldT> input;
+    const pb_variable<FieldT> output;
+
+    flystel_Q_gamma_binary_field_gadget(
         protoboard<FieldT> &pb,
         const pb_variable<FieldT> &input,
         const pb_variable<FieldT> &output,
         const std::string &annotation_prefix = "");
+
+    void generate_r1cs_constraints();
+    void generate_r1cs_witness();
 };
 
 /// Compute y = x^5
 /// x: input
 /// y: output
 template<typename FieldT>
-class flystel_power_five_gadget : public gadget<FieldT>
+class flystel_E_power_five_gadget : public gadget<FieldT>
 {
 private:
     /// internal (i.e. intermediate) variable: x2,x3
@@ -102,7 +135,7 @@ class flystel_power_five_gadget : public gadget<FieldT>
     const pb_variable<FieldT> input;
     const pb_variable<FieldT> output;
 
-    flystel_power_five_gadget(
+    flystel_E_power_five_gadget(
         protoboard<FieldT> &pb,
         const pb_variable<FieldT> &input,
         const pb_variable<FieldT> &output,
@@ -130,11 +163,7 @@ class flystel_power_five_gadget : public gadget<FieldT>
 ///
 /// \note: in the paper (x0,x1)->(y0,y1) is denoted with (y,v)->(x,u)
 // template<typename FieldT, FieldT beta, FieldT gamma, DeildT delta>
-template<
-    typename FieldT,
-    FieldT Const_Beta,
-    FieldT Const_Gamma,
-    FieldT Const_Delta>
+template<typename FieldT, size_t generator>
 class flystel_closed_prime_field_gadget : public gadget<FieldT>
 {
 private:
@@ -147,9 +176,9 @@ class flystel_closed_prime_field_gadget : public gadget<FieldT>
     // (v7,v8)=(y0,y1)
     std::array<pb_variable<FieldT>, 2> output;
 
-    flystel_Q_gamma_prime_field_gadget<FieldT, Const_Beta, Const_Gamma> Q_gamma;
-    flystel_Q_delta_prime_field_gadget<FieldT, Const_Beta, Const_Delta> Q_delta;
-    flystel_power_five_gadget<FieldT> power_five;
+    flystel_Q_gamma_prime_field_gadget<FieldT, generator> Q_gamma;
+    flystel_Q_delta_prime_field_gadget<FieldT, generator> Q_delta;
+    flystel_E_power_five_gadget<FieldT> power_five;
 
     flystel_closed_prime_field_gadget(
         protoboard<FieldT> &pb,
@@ -164,8 +193,8 @@ class flystel_closed_prime_field_gadget : public gadget<FieldT>
 /// One round of the Anemoi permutation mapping (Fr)^{2l} -> (Fr)^{2l}
 ///
 /// NumStateColumns_L : l parameter - number of columns in the
-///                     state. each column is composed of 2 elements
-///                     in F_r. One Flystel Sbox accepts 1 column as
+///                     state. can be 1,2,3,4. each column is composed of 2
+///                     elements in F_r. One Flystel Sbox accepts 1 column as
 ///                     input. There are l Flystel-s in 1 round of the
 ///                     Anemoi permutation applied in parallel.
 ///
@@ -173,96 +202,38 @@ class flystel_closed_prime_field_gadget : public gadget<FieldT>
 /// y0,y1: output
 ///
 // template<typename FieldT, FieldT beta, FieldT gamma, FieldT delta>
-template<
-    typename FieldT,
-    FieldT Const_Beta,
-    FieldT Const_Gamma,
-    FieldT Const_Delta,
-    size_t NumStateColumns_L>
+template<typename FieldT, size_t generator, size_t NumStateColumns_L>
 class anemoi_permutation_round_prime_field_gadget : public gadget<FieldT>
 {
 private:
-    // internal (i.e. intermediate) variables: v3,v4,v5
-    std::array<pb_variable<FieldT>, 4> internal;
+    // array of C round constants
+    std::array<FieldT, NumStateColumns_L> c_const;
+    // array of D round constants
+    std::array<FieldT, NumStateColumns_L> d_const;
+    // matrix M_x
+    std::array<std::array<FieldT, NumStateColumns_L>, NumStateColumns_L> M_X;
+    // matrix M_y
+    std::array<std::array<FieldT, NumStateColumns_L>, NumStateColumns_L> M_Y;
+    // array of Flystel S-boxes
+    std::array<
+        flystel_closed_prime_field_gadget<FieldT, generator>,
+        NumStateColumns_L>
+        flystel;
 
 public:
     std::array<pb_variable<FieldT>, 2 * NumStateColumns_L> input;
     std::array<pb_variable<FieldT>, 2 * NumStateColumns_L> output;
 
-    flystel_closed_prime_field_gadget<
-        FieldT,
-        Const_Beta,
-        Const_Gamma,
-        Const_Delta>
-        flystel;
-
     anemoi_permutation_round_prime_field_gadget(
         protoboard<FieldT> &pb,
-        const std::array<pb_variable<FieldT>, (2 * NumStateColumns_L)> &input,
-        const std::array<pb_variable<FieldT>, (2 * NumStateColumns_L)> &output,
-        const std::string &annotation_prefix = "");
-
-    void generate_r1cs_constraints();
-    void generate_r1cs_witness();
-};
-
-// --- Binary fields ---
-
-/// Compute y = const_a x^3 + const_b
-/// x: input
-/// y: output
-/// const_a, const_b: constants
-template<typename FieldT>
-class flystel_power_three_gadget : public gadget<FieldT>
-{
-private:
-    /// internal (i.e. intermediate) variable
-    pb_variable<FieldT> internal;
-    /// constants
-    const FieldT const_a;
-    const FieldT const_b;
-
-public:
-    /// input/output
-    const pb_variable<FieldT> input;
-    const pb_variable<FieldT> output;
-
-    flystel_power_three_gadget(
-        protoboard<FieldT> &pb,
-        const pb_variable<FieldT> &input,
-        const pb_variable<FieldT> &output,
-        const std::string &annotation_prefix = "");
+        std::array<pb_variable<FieldT>, (2 * NumStateColumns_L)> &input,
+        std::array<pb_variable<FieldT>, (2 * NumStateColumns_L)> &output,
+        std::string &annotation_prefix = "");
 
     void generate_r1cs_constraints();
     void generate_r1cs_witness();
 };
 
-/// Flystel Qi function for binary fields:
-/// Qi(x) = beta x^3 + gamma
-template<typename FieldT>
-class flystel_Q_gamma_binary_field_gadget
-    : public flystel_power_three_gadget<FieldT>
-{
-    flystel_Q_gamma_binary_field_gadget(
-        protoboard<FieldT> &pb,
-        const pb_variable<FieldT> &input,
-        const pb_variable<FieldT> &output,
-        const std::string &annotation_prefix = "");
-};
-
-/// Flystel Qf function for binary fields:
-/// Qf(x) = beta x^3 + delta
-template<typename FieldT>
-class flystel_Q_delta_binary_field_gadget
-    : public flystel_power_three_gadget<FieldT>
-{
-    flystel_Q_delta_binary_field_gadget(
-        protoboard<FieldT> &pb,
-        const pb_variable<FieldT> &input,
-        const pb_variable<FieldT> &output,
-        const std::string &annotation_prefix = "");
-};
-
 } // namespace libsnark
 
 #include <libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc>
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
index b7fc3b4dd..636569d5a 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
@@ -17,20 +17,6 @@
 namespace libsnark
 {
 
-template<typename FieldT, FieldT Const_A, FieldT Const_B>
-flystel_power_two_gadget<FieldT, Const_A, Const_B>::flystel_power_two_gadget(
-    protoboard<FieldT> &pb,
-    const pb_variable<FieldT> &input,
-    const pb_variable<FieldT> &output,
-    const std::string &annotation_prefix)
-    : gadget<FieldT>(pb, annotation_prefix)
-    , const_a(FLYSTEL_BLS12_381_BETA)
-    , const_b(FLYSTEL_BLS12_381_GAMMA)
-    , input(input)
-    , output(output)
-{
-}
-
 // A R1CS constraint is a formal expression of the form
 //
 //                < A , X > * < B , X > = < C , X > ,
@@ -44,9 +30,12 @@ flystel_power_two_gadget<FieldT, Const_A, Const_B>::flystel_power_two_gadget(
 //
 // See also class \ef r1cs_constraint
 
-// R1CS constraints for the operation y = const_a x^2 + const_b with x =
-// input, y = output. The latter is represented with one
-// multiplication as
+// R1CS constraints for the operation y = const_a x^2 + const_b with x = input,
+// y = output. This operation is realized by the components \ref
+// flystel_Q_gamma_prime_field_gadget and \ref
+// flystel_Q_delta_prime_field_gadget
+//
+// The operation is represented with one multiplication as
 //
 // (const_a x) * x = y-const_b
 //
@@ -56,76 +45,101 @@ flystel_power_two_gadget<FieldT, Const_A, Const_B>::flystel_power_two_gadget(
 // < A , X > * < B , X > = < C , X >
 //
 // where A =(0, const_a, 0), B=(0, 1, 0) and C =(-const_b, 0, 1)
-template<typename FieldT, FieldT Const_A, FieldT Const_B>
-void flystel_power_two_gadget<FieldT, Const_A, Const_B>::
+
+template<typename FieldT, size_t generator>
+flystel_Q_gamma_prime_field_gadget<FieldT, generator>::
+    flystel_Q_gamma_prime_field_gadget(
+        protoboard<FieldT> &pb,
+        const pb_variable<FieldT> &input,
+        const pb_variable<FieldT> &output,
+        const std::string &annotation_prefix)
+    : gadget<FieldT>(pb, annotation_prefix)
+#ifdef FLYSTEL_DEBUG
+    , beta(DEBUG_FLYSTEL_BETA)
+    , gamma(DEBUG_FLYSTEL_GAMMA)
+#else
+    , beta(FieldT(generator))
+    , gamma(FieldT(0))
+#endif // #ifdef FLYSTEL_DEBUG
+    , input(input)
+    , output(output)
+{
+}
+
+template<typename FieldT, size_t generator>
+void flystel_Q_gamma_prime_field_gadget<FieldT, generator>::
     generate_r1cs_constraints()
 {
     // Constraint has the form:
-    //   const_a * input^2 + const_b = output
+    //   beta * input^2 + gamma = output
     // which can be written as
-    //   (const_a * input) * input = output - const_b
+    //   (beta * input) * input = output - gamma
     this->pb.add_r1cs_constraint(
-        {input * const_a, input, output - const_b},
-        FMT(this->annotation_prefix, " const_a * x = y - const_b"));
+        {input * beta, input, output - gamma},
+        FMT(this->annotation_prefix, " beta * x = y - gamma"));
 }
 
 // compute a witness y for a given input x for the computation y =
-// const_a x^2 + const_b, where x=input, y=output
-template<typename FieldT, FieldT Const_A, FieldT Const_B>
-void flystel_power_two_gadget<FieldT, Const_A, Const_B>::generate_r1cs_witness()
+// beta x^2 + gamma, where x=input, y=output
+template<typename FieldT, size_t generator>
+void flystel_Q_gamma_prime_field_gadget<FieldT, generator>::
+    generate_r1cs_witness()
 {
-    // y = const_a x^2 + const_b
+    // y = beta x^2 + gamma
     this->pb.val(output) =
-        this->const_a * this->pb.val(input) * this->pb.val(input) +
-        this->const_b;
+        this->beta * this->pb.val(input) * this->pb.val(input) + this->gamma;
 }
 
-template<typename FieldT, FieldT Const_A, FieldT Const_B>
-flystel_Q_gamma_prime_field_gadget<FieldT, Const_A, Const_B>::
-    flystel_Q_gamma_prime_field_gadget(
+template<typename FieldT, size_t generator>
+flystel_Q_delta_prime_field_gadget<FieldT, generator>::
+    flystel_Q_delta_prime_field_gadget(
         protoboard<FieldT> &pb,
         const pb_variable<FieldT> &input,
         const pb_variable<FieldT> &output,
         const std::string &annotation_prefix)
-    : flystel_power_two_gadget<FieldT, Const_A, Const_B>(
-          pb, FLYSTEL_BLS12_381_BETA, FLYSTEL_BLS12_381_GAMMA, input, output)
+    : gadget<FieldT>(pb, annotation_prefix)
+#ifdef FLYSTEL_DEBUG
+    , beta(DEBUG_FLYSTEL_BETA)
+    , delta(DEBUG_FLYSTEL_DELTA)
+#elif
+    , beta(FieldT(generator))
+    , delta(FieldT(generator).inverse())
+#endif // #ifdef FLYSTEL_DEBUG
+    , input(input)
+    , output(output)
 {
 }
 
-template<typename FieldT, FieldT Const_A, FieldT Const_B>
-flystel_Q_delta_prime_field_gadget<FieldT, Const_A, Const_B>::
-    flystel_Q_delta_prime_field_gadget(
-        protoboard<FieldT> &pb,
-        const pb_variable<FieldT> &input,
-        const pb_variable<FieldT> &output,
-        const std::string &annotation_prefix)
-    : flystel_power_two_gadget<FieldT, Const_A, Const_B>(
-          pb, FLYSTEL_BLS12_381_BETA, FLYSTEL_BLS12_381_DELTA, input, output)
+template<typename FieldT, size_t generator>
+void flystel_Q_delta_prime_field_gadget<FieldT, generator>::
+    generate_r1cs_constraints()
 {
+    // Constraint has the form:
+    //   beta * input^2 + delta = output
+    // which can be written as
+    //   (beta * input) * input = output - delta
+    this->pb.add_r1cs_constraint(
+        {input * beta, input, output - delta},
+        FMT(this->annotation_prefix, " beta * x = y - delta"));
 }
 
-template<typename FieldT>
-flystel_power_three_gadget<FieldT>::flystel_power_three_gadget(
-    protoboard<FieldT> &pb,
-    const pb_variable<FieldT> &input,
-    const pb_variable<FieldT> &output,
-    const std::string &annotation_prefix)
-    : gadget<FieldT>(pb, annotation_prefix)
-    , internal(pb_variable_allocate<FieldT>(
-          pb, FMT(this->annotation_prefix, " internal")))
-    , const_a(FLYSTEL_BLS12_381_BETA)
-    , const_b(FLYSTEL_BLS12_381_GAMMA)
-    , input(input)
-    , output(output)
+// compute a witness y for a given input x for the computation y =
+// beta x^2 + delta, where x=input, y=output
+template<typename FieldT, size_t generator>
+void flystel_Q_delta_prime_field_gadget<FieldT, generator>::
+    generate_r1cs_witness()
 {
+    // y = beta x^2 + delta
+    this->pb.val(output) =
+        this->beta * this->pb.val(input) * this->pb.val(input) + this->delta;
 }
 
-// R1CS constraints for the operation y = const_a x^3 + const_b with
+// R1CS constraints for the operation y = beta x^3 + gamma with
 // x=input, y=output. This operation is represented with two
-// multiplications as y-const_b = ((const_a x * x) * x). Equivalently:
+// multiplications as y-gamma = ((beta x * x) * x). Equivalently:
 //
-// const_a x1 * x1 = x2
-// x2 * x1 = x3-const_b
+// beta x1 * x1 = x2
+// x2 * x1 = x3-gamma
 //
 // for the variables vector X = (x0=1, x1=input, x2=intermediate,
 // x3=output). The above system is represented with 2 R1CS
@@ -134,66 +148,54 @@ flystel_power_three_gadget<FieldT>::flystel_power_three_gadget(
 // < A0 , X > * < B0 , X > = < C0 , X > ,
 // < A1 , X > * < B1 , X > = < C1 , X >
 //
-// where A0=(0, const_a, 0, 0), B0=(0, 1, 0, 0), C0=(0, 0, 1, 0) and
-// A1=(0, 0, 1, 0), B1=(0, 1, 0, 0), C1=(-const_b, 0, 0, 1)
-template<typename FieldT>
-void flystel_power_three_gadget<FieldT>::generate_r1cs_constraints()
-{
-    // (const_a * input) * input = internal
-    this->pb.add_r1cs_constraint(
-        r1cs_constraint<FieldT>(const_a * input, input, internal),
-        FMT(this->annotation_prefix, " const_a * x * x = x_square"));
-    // internal * input = output - const_b
-    this->pb.add_r1cs_constraint(
-        r1cs_constraint<FieldT>(internal, input, output - const_b),
-        FMT(this->annotation_prefix, " x_square * x = y - const_b"));
-}
-
-template<typename FieldT>
-void flystel_power_three_gadget<FieldT>::generate_r1cs_witness()
-{
-    // x_internal = const_a x * x
-    this->pb.val(internal) =
-        (this->const_a * this->pb.val(input)) * this->pb.val(input);
-    // y = const_a x^3 + const_b = x_internal * x + const_b
-    this->pb.val(output) =
-        this->pb.val(internal) * this->pb.val(input) + this->const_b;
-}
-
-template<typename FieldT>
-flystel_Q_gamma_binary_field_gadget<FieldT>::
+// where A0=(0, beta, 0, 0), B0=(0, 1, 0, 0), C0=(0, 0, 1, 0) and
+// A1=(0, 0, 1, 0), B1=(0, 1, 0, 0), C1=(-gamma, 0, 0, 1)
+template<typename FieldT, size_t generator>
+flystel_Q_gamma_binary_field_gadget<FieldT, generator>::
     flystel_Q_gamma_binary_field_gadget(
         protoboard<FieldT> &pb,
         const pb_variable<FieldT> &input,
         const pb_variable<FieldT> &output,
         const std::string &annotation_prefix)
-    : flystel_power_three_gadget<FieldT>(
-          pb, FLYSTEL_BLS12_381_BETA, FLYSTEL_BLS12_381_GAMMA, input, output)
+    : gadget<FieldT>(pb, annotation_prefix)
+    , internal(pb_variable_allocate<FieldT>(
+          pb, FMT(this->annotation_prefix, " internal")))
+#ifdef FLYSTEL_DEBUG
+    , beta(DEBUG_FLYSTEL_BETA)
+    , gamma(DEBUG_FLYSTEL_GAMMA)
+#elif
+    , beta(FieldT(generator))
+    , gamma(FieldT(0))
+#endif // #ifdef FLYSTEL_DEBUG
+    , input(input)
+    , output(output)
 {
 }
 
-template<typename FieldT>
-flystel_Q_delta_binary_field_gadget<FieldT>::
-    flystel_Q_delta_binary_field_gadget(
-        protoboard<FieldT> &pb,
-        const pb_variable<FieldT> &input,
-        const pb_variable<FieldT> &output,
-        const std::string &annotation_prefix)
-    : flystel_power_three_gadget<FieldT>(
-          pb, FLYSTEL_BLS12_381_BETA, FLYSTEL_BLS12_381_GAMMA, input, output)
+template<typename FieldT, size_t generator>
+void flystel_Q_gamma_binary_field_gadget<FieldT, generator>::
+    generate_r1cs_constraints()
 {
+    // (beta * input) * input = internal
+    this->pb.add_r1cs_constraint(
+        r1cs_constraint<FieldT>(beta * input, input, internal),
+        FMT(this->annotation_prefix, " beta * x * x = x_square"));
+    // internal * input = output - gamma
+    this->pb.add_r1cs_constraint(
+        r1cs_constraint<FieldT>(internal, input, output - gamma),
+        FMT(this->annotation_prefix, " x_square * x = y - gamma"));
 }
 
-template<typename FieldT>
-flystel_power_five_gadget<FieldT>::flystel_power_five_gadget(
-    protoboard<FieldT> &pb,
-    const pb_variable<FieldT> &input,
-    const pb_variable<FieldT> &output,
-    const std::string &annotation_prefix)
-    : gadget<FieldT>(pb, annotation_prefix), input(input), output(output)
+template<typename FieldT, size_t generator>
+void flystel_Q_gamma_binary_field_gadget<FieldT, generator>::
+    generate_r1cs_witness()
 {
-    internal[0].allocate(this->pb, " internal 1");
-    internal[1].allocate(this->pb, " internal 2");
+    // x_internal = beta x * x
+    this->pb.val(internal) =
+        (this->beta * this->pb.val(input)) * this->pb.val(input);
+    // y = beta x^3 + gamma = x_internal * x + gamma
+    this->pb.val(output) =
+        this->pb.val(internal) * this->pb.val(input) + this->gamma;
 }
 
 // R1CS constraints for the operation y = x^5 with x=input,
@@ -215,7 +217,19 @@ flystel_power_five_gadget<FieldT>::flystel_power_five_gadget(
 // where A0=(01000), B0=(01000), C0=(00100); A1=(00100), B0=(00100),
 // C0=(00010) and A2=(01000), B2=(00010), C2=(00001)
 template<typename FieldT>
-void flystel_power_five_gadget<FieldT>::generate_r1cs_constraints()
+flystel_E_power_five_gadget<FieldT>::flystel_E_power_five_gadget(
+    protoboard<FieldT> &pb,
+    const pb_variable<FieldT> &input,
+    const pb_variable<FieldT> &output,
+    const std::string &annotation_prefix)
+    : gadget<FieldT>(pb, annotation_prefix), input(input), output(output)
+{
+    internal[0].allocate(this->pb, " internal 1");
+    internal[1].allocate(this->pb, " internal 2");
+}
+
+template<typename FieldT>
+void flystel_E_power_five_gadget<FieldT>::generate_r1cs_constraints()
 {
     // x1*x1 = x2
     this->pb.add_r1cs_constraint(
@@ -232,7 +246,7 @@ void flystel_power_five_gadget<FieldT>::generate_r1cs_constraints()
 }
 
 template<typename FieldT>
-void flystel_power_five_gadget<FieldT>::generate_r1cs_witness()
+void flystel_E_power_five_gadget<FieldT>::generate_r1cs_witness()
 {
     // x2 = x1 * x1
     this->pb.val(internal[0]) = (this->pb.val(input)) * this->pb.val(input);
@@ -243,26 +257,18 @@ void flystel_power_five_gadget<FieldT>::generate_r1cs_witness()
     this->pb.val(output) = this->pb.val(input) * this->pb.val(internal[1]);
 }
 
-template<
-    typename FieldT,
-    FieldT Const_Beta,
-    FieldT Const_Gamma,
-    FieldT Const_Delta>
-flystel_closed_prime_field_gadget<
-    FieldT,
-    Const_Beta,
-    Const_Gamma,
-    Const_Delta>::
+template<typename FieldT, size_t generator>
+flystel_closed_prime_field_gadget<FieldT, generator>::
     flystel_closed_prime_field_gadget(
         protoboard<FieldT> &pb,
         const std::array<pb_variable<FieldT>, 2> &input,
         const std::array<pb_variable<FieldT>, 2> &output,
         const std::string &annotation_prefix)
-    : flystel_Q_gamma_prime_field_gadget<FieldT, Const_Beta, Const_Gamma>(
+    : flystel_Q_gamma_prime_field_gadget<FieldT, generator>(
           pb, input[0], internal[0])
-    , flystel_Q_delta_prime_field_gadget<FieldT, Const_Beta, Const_Delta>(
+    , flystel_Q_delta_prime_field_gadget<FieldT, generator>(
           pb, input[1], internal[2])
-    , flystel_power_five_gadget<FieldT>(pb, input[0] - input[1], internal[1])
+    , flystel_E_power_five_gadget<FieldT>(pb, input[0] - input[1], internal[1])
 {
     internal[0].allocate(this->pb, " v3");
     internal[1].allocate(this->pb, " v4");
@@ -279,38 +285,38 @@ flystel_closed_prime_field_gadget<
 // The function generates the constraints for the three gadgets:
 // Q_gamma, Q_delta, power_five by calling their corresponding
 // generate_r1cs_constraints() methods
-template<
-    typename FieldT,
-    FieldT Const_Beta,
-    FieldT Const_Gamma,
-    FieldT Const_Delta>
-void flystel_closed_prime_field_gadget<
-    FieldT,
-    Const_Beta,
-    Const_Gamma,
-    Const_Delta>::generate_r1cs_constraints()
+template<typename FieldT, size_t generator>
+void flystel_closed_prime_field_gadget<FieldT, generator>::
+    generate_r1cs_constraints()
 {
     Q_gamma.generate_r1cs_constraints();
     Q_delta.generate_r1cs_constraints();
     power_five.generate_r1cs_constraints();
 }
 
-template<
-    typename FieldT,
-    FieldT Const_Beta,
-    FieldT Const_Gamma,
-    FieldT Const_Delta>
-void flystel_closed_prime_field_gadget<
-    FieldT,
-    Const_Beta,
-    Const_Gamma,
-    Const_Delta>::generate_r1cs_witness()
+template<typename FieldT, size_t generator>
+void flystel_closed_prime_field_gadget<FieldT, generator>::
+    generate_r1cs_witness()
 {
     Q_gamma.generate_r1cs_witness();
     Q_delta.generate_r1cs_witness();
     power_five.generate_r1cs_witness();
 }
 
+template<typename FieldT, size_t generator, size_t NumStateColumns_L>
+anemoi_permutation_round_prime_field_gadget<
+    FieldT,
+    generator,
+    NumStateColumns_L>::
+    anemoi_permutation_round_prime_field_gadget(
+        protoboard<FieldT> &pb,
+        std::array<pb_variable<FieldT>, 2 * NumStateColumns_L> &input,
+        std::array<pb_variable<FieldT>, 2 * NumStateColumns_L> &output,
+        std::string &annotation_prefix)
+    : input(input), output(output)
+{
+}
+
 } // namespace libsnark
 
 #endif // LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_COMPONENTS_TCC_
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
index 1f73331d9..d3c390bd4 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
@@ -16,17 +16,10 @@
 
 using namespace libsnark;
 
-template<typename T, const T x> void foo()
-{
-    //    printf("[%s:%d] %s() x %d\n", __FILE__, __LINE__, __FUNCTION__, x);
-}
-
-// template<typename FieldT, FieldT Const_A, FieldT Const_B>
-template<typename FieldT, const FieldT A>
-void test_flystel_power_two_gadget(const size_t n)
+template<typename FieldT>
+void test_flystel_Q_gamma_prime_field_gadget(const size_t n)
 {
     printf("testing flystel_power_two_gadget on all %zu bit strings\n", n);
-#if 0
     protoboard<FieldT> pb;
     pb_variable<FieldT> x;
     pb_variable<FieldT> y;
@@ -37,7 +30,10 @@ void test_flystel_power_two_gadget(const size_t n)
     y.allocate(pb, "y");
 
     // create gadget
-    flystel_power_two_gadget<FieldT, Const_A, Const_B> d(pb, x, y, "d");
+    flystel_Q_gamma_prime_field_gadget<
+        FieldT,
+        FLYSTEL_MULTIPLICATIVE_SUBGROUP_GENERATOR>
+        d(pb, x, y, "d");
     // generate contraints
     d.generate_r1cs_constraints();
     // set input value
@@ -48,11 +44,11 @@ void test_flystel_power_two_gadget(const size_t n)
     // the expected output is 13 for input 2
     ASSERT_EQ(pb.val(y), 13);
     ASSERT_TRUE(pb.is_satisfied());
-#endif
     libff::print_time("flystel_power_two_gadget tests successful");
 }
 
-template<typename FieldT> void test_flystel_power_three_gadget(const size_t n)
+template<typename FieldT>
+void test_flystel_Q_gamma_binary_field_gadge(const size_t n)
 {
     printf("testing flystel_power_three_gadget on all %zu bit strings\n", n);
 
@@ -66,7 +62,10 @@ template<typename FieldT> void test_flystel_power_three_gadget(const size_t n)
     y.allocate(pb, "y");
 
     // create gadget
-    flystel_power_three_gadget<FieldT> d(pb, x, y, "d");
+    flystel_Q_gamma_binary_field_gadget<
+        FieldT,
+        FLYSTEL_MULTIPLICATIVE_SUBGROUP_GENERATOR>
+        d(pb, x, y, "d");
     // generate contraints
     d.generate_r1cs_constraints();
     // set input value
@@ -81,9 +80,9 @@ template<typename FieldT> void test_flystel_power_three_gadget(const size_t n)
     libff::print_time("flystel_power_three_gadget tests successful");
 }
 
-template<typename FieldT> void test_flystel_power_five_gadget(const size_t n)
+template<typename FieldT> void test_flystel_E_power_five_gadget(const size_t n)
 {
-    printf("testing flystel_power_five_gadget on all %zu bit strings\n", n);
+    printf("testing flystel_E_power_five_gadget on all %zu bit strings\n", n);
 
     protoboard<FieldT> pb;
     pb_variable<FieldT> x;
@@ -95,7 +94,7 @@ template<typename FieldT> void test_flystel_power_five_gadget(const size_t n)
     y.allocate(pb, "y");
 
     // create gadget
-    flystel_power_five_gadget<FieldT> d(pb, x, y, "d");
+    flystel_E_power_five_gadget<FieldT> d(pb, x, y, "d");
     // generate contraints
     d.generate_r1cs_constraints();
     // set input value
@@ -107,36 +106,30 @@ template<typename FieldT> void test_flystel_power_five_gadget(const size_t n)
     ASSERT_EQ(pb.val(y), 32);
     ASSERT_TRUE(pb.is_satisfied());
 
-    libff::print_time("flystel_power_five_gadget tests successful");
+    libff::print_time("flystel_E_power_five_gadget tests successful");
 }
 
 int main(void)
 {
     libff::start_profiling();
+
     //    libff::default_ec_pp::init_public_params();
+    //    using FieldT = libff::Fr<libff::default_ec_pp>;
+
     libff::bls12_381_pp::init_public_params();
-    //    using Field = libff::Fr<libff::default_ec_pp>;
-    using Field = libff::Fr<libff::bls12_381_pp>;
-    //    const Field temp = Field(2);
-    //    Field temp_inv = temp.inverse();
-    //    Field a = Field::random_element();
+    using FieldT = libff::Fr<libff::bls12_381_pp>;
+
     // for BLS12-381
     // beta = g = first multiplicative generator = 7.
     // delta = g^(-1)
     // 14981678621464625851270783002338847382197300714436467949315331057125308909861
-    Field a = Field(7);
-    Field a_inv = a.inverse();
-    assert((a * a_inv) == Field::one());
-    a_inv.print();
-
-    //    const int x = 76;
-    //    foo<int, x>();
-    //    test_flystel_power_two_gadget<Field, temp>(10);
-    // test_flystel_power_two_gadget<
-    //        libff::Fr<libff::default_ec_pp>,
-    //        FLYSTEL_BLS12_381_BETA,
-    //        FLYSTEL_BLS12_381_GAMMA>(10);
-    //    test_flystel_power_three_gadget<libff::Fr<libff::default_ec_pp>>(10);
-    //    test_flystel_power_five_gadget<libff::Fr<libff::default_ec_pp>>(10);
+    //    Field a = Field(7);
+    //    Field a_inv = a.inverse();
+    //    assert((a * a_inv) == Field::one());
+    //    a_inv.print();
+
+    test_flystel_Q_gamma_prime_field_gadget<FieldT>(10);
+    test_flystel_Q_gamma_binary_field_gadge<FieldT>(10);
+    test_flystel_E_power_five_gadget<FieldT>(10);
     //    //    test_flystel_power_two_gadget<libff::bls12_381_Fr>(10);
 }

From 456831ce8c7c4b50a4cd3a3d8a99c593237d5e37 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Wed, 21 Sep 2022 01:16:40 +0100
Subject: [PATCH 021/112] anemoi: updated anemoi permutation class; added
 function to return the correct mds matrix from the number of columns

---
 .../hashes/anemoi/anemoi_components.hpp       | 13 +++++----
 .../hashes/anemoi/anemoi_components.tcc       | 29 +++++++++++++++++++
 .../anemoi/tests/test_anemoi_gadget.cpp       | 22 ++++++++++----
 3 files changed, 53 insertions(+), 11 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
index 4518fd718..7006284e1 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
@@ -1,8 +1,6 @@
 /** @file
  *****************************************************************************
 
- Declaration of interfaces for top-level SHA256 gadgets.
-
  *****************************************************************************
  * @author     This file is part of libsnark, developed by SCIPR Lab
  *             and contributors (see AUTHORS).
@@ -190,6 +188,11 @@ class flystel_closed_prime_field_gadget : public gadget<FieldT>
     void generate_r1cs_witness();
 };
 
+// get the MDS matrix from the number of columns 2,3 or 4
+template<typename FieldT, size_t NumStateColumns_L>
+std::array<std::array<FieldT, NumStateColumns_L>, NumStateColumns_L>
+anemoi_permutation_get_mds(const FieldT g);
+
 /// One round of the Anemoi permutation mapping (Fr)^{2l} -> (Fr)^{2l}
 ///
 /// NumStateColumns_L : l parameter - number of columns in the
@@ -210,10 +213,8 @@ class anemoi_permutation_round_prime_field_gadget : public gadget<FieldT>
     std::array<FieldT, NumStateColumns_L> c_const;
     // array of D round constants
     std::array<FieldT, NumStateColumns_L> d_const;
-    // matrix M_x
-    std::array<std::array<FieldT, NumStateColumns_L>, NumStateColumns_L> M_X;
-    // matrix M_y
-    std::array<std::array<FieldT, NumStateColumns_L>, NumStateColumns_L> M_Y;
+    // matrix M
+    std::array<std::array<FieldT, NumStateColumns_L>, NumStateColumns_L> M;
     // array of Flystel S-boxes
     std::array<
         flystel_closed_prime_field_gadget<FieldT, generator>,
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
index 636569d5a..ba22a6e77 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
@@ -303,6 +303,35 @@ void flystel_closed_prime_field_gadget<FieldT, generator>::
     power_five.generate_r1cs_witness();
 }
 
+template<typename FieldT, size_t NumStateColumns_L>
+std::array<std::array<FieldT, NumStateColumns_L>, NumStateColumns_L>
+anemoi_permutation_get_mds(const FieldT g)
+{
+    std::array<std::array<FieldT, NumStateColumns_L>, NumStateColumns_L> M;
+    const FieldT g2 = g * g;
+    if (NumStateColumns_L == 2) {
+        M = {{1, g}, {g, g2 + 1}};
+        return M;
+    }
+    if (NumStateColumns_L == 3) {
+        M = {{g + 1, 1, g + 1}, {1, 1, g}, {g, 1, 1}};
+        return M;
+    }
+    if (NumStateColumns_L == 4) {
+        M = {
+            {g + 1, 1, g2, g2},
+            {1, g + 1, g2 + g, g2},
+            {g, g, g + 1, 1},
+            {g + 1, g, 1, g + 1}};
+        return M;
+    }
+    // If we are here, then the number of columns NumStateColumns_L has invalid
+    // value outside of the set {2,3,4}
+    throw std::logic_error(
+        "Error: invalid number of columns %d . Must be 2,3 or 4 .",
+        NumStateColumns_L);
+}
+
 template<typename FieldT, size_t generator, size_t NumStateColumns_L>
 anemoi_permutation_round_prime_field_gadget<
     FieldT,
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
index d3c390bd4..74b33b9ca 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
@@ -6,12 +6,14 @@
  *****************************************************************************/
 
 #include <gtest/gtest.h>
+#include <libff/algebra/curves/bls12_381/bls12_381_init.hpp>
 #include <libff/algebra/curves/bls12_381/bls12_381_pp.hpp>
 #include <libff/common/default_types/ec_pp.hpp>
 #include <libff/common/profiling.hpp>
 #include <libff/common/utils.hpp>
 #include <libsnark/common/default_types/r1cs_ppzksnark_pp.hpp>
 #include <libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp>
+#include <libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_constants.hpp>
 #include <libsnark/zk_proof_systems/ppzksnark/r1cs_ppzksnark/r1cs_ppzksnark.hpp>
 
 using namespace libsnark;
@@ -123,13 +125,23 @@ int main(void)
     // beta = g = first multiplicative generator = 7.
     // delta = g^(-1)
     // 14981678621464625851270783002338847382197300714436467949315331057125308909861
-    //    Field a = Field(7);
-    //    Field a_inv = a.inverse();
-    //    assert((a * a_inv) == Field::one());
-    //    a_inv.print();
-
+    // Fr modulus
+    // 52435875175126190479447740508185965837690552500527637822603658699938581184513
+#if 0
+    FieldT a = FieldT(7);
+    FieldT a_inv = a.inverse();
+    assert((a * a_inv) == FieldT::one());
+    printf("a_inv      ");
+    a_inv.print();
+    printf("\n");
+    printf("Fr modulus ");
+    a.mod.print();
+    printf("\n");
+#endif
+#if 1
     test_flystel_Q_gamma_prime_field_gadget<FieldT>(10);
     test_flystel_Q_gamma_binary_field_gadge<FieldT>(10);
     test_flystel_E_power_five_gadget<FieldT>(10);
+#endif
     //    //    test_flystel_power_two_gadget<libff::bls12_381_Fr>(10);
 }

From 2c1048fd2fc1f58e9a4757b9177673a5b3fbba97 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Wed, 21 Sep 2022 01:18:08 +0100
Subject: [PATCH 022/112] anemoi: added header file containing all round
 constants (initial)

---
 .../hashes/anemoi/anemoi_constants.hpp        | 264 ++++++++++++++++++
 1 file changed, 264 insertions(+)
 create mode 100644 libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_constants.hpp

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_constants.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_constants.hpp
new file mode 100644
index 000000000..26cb20ead
--- /dev/null
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_constants.hpp
@@ -0,0 +1,264 @@
+/** @file
+ *****************************************************************************
+
+ *****************************************************************************
+ * @author     This file is part of libsnark, developed by SCIPR Lab
+ *             and contributors (see AUTHORS).
+ * @copyright  MIT license (see LICENSE file)
+ *****************************************************************************/
+
+#ifndef LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_CONSTANTS_HPP_
+#define LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_CONSTANTS_HPP_
+
+namespace libsnark
+{
+// TODO: specialize by the field type + cast to the field
+#if 0
+// l = 1
+FieldT C1[1][19] = {
+    {39},
+    {41362478282768062297187132445775312675360473883834860695283235286481594490621},
+    {9548818195234740988996233204400874453525674173109474205108603996010297049928},
+    {25365440569177822667580105183435418073995888230868180942004497015015045856900},
+    {34023498397393406644117994167986720327178154686105264833093891093045919619309},
+    {38816051319719761886041858113129205506758421478656182868737326994635468402951},
+    {35167418087531820804128377095512663922179887277669504047069913414630376083753},
+    {25885868839756469722325652387535232478219821850603640827385444642154834700231},
+    {8867588811641202981080659274007552529205713737251862066053445622305818871963},
+    {36439756010140137556111047750162544185710881404522379792044818039722752946048},
+    {7788624504122357216765350546787885309160020166693449889975992574536033007374},
+    {3134147137704626983201116226440762775442116005053282329971088789984415999550},
+    {50252287380741824818995733304361249016282047978221591906573165442023106203143},
+    {48434698978712278012409706205559577163572452744833134361195687109159129985373},
+    {32960510617530186159512413633821386297955642598241661044178889571655571939473},
+    {12850897859166761094422335671106280470381427571695744605265713866647560628356},
+    {14578036872634298798382048587794204613583128573535557156943783762854124345644},
+    {21588109842058901916690548710649523388049643745013696896704903154857389904594},
+    {35731638686520516424752846654442973203189295883541072759390882351699754104989}};
+FieldT D1[1][19] = {
+    {14981678621464625851270783002338847382197300714436467949315331057125308909900},
+    {28253420209785428420233456008091632509255652343634529984400816700490470131093},
+    {51511939407083344002778208487678590135577660247075600880835916725469990319313},
+    {46291121544435738125248657675097664742296276807186696922340332893747842754587},
+    {3650460179273129580093806058710273018999560093475503119057680216309578390988},
+    {45802223370746268123059159806400152299867771061127345631244786118574025749328},
+    {11798621276624967315721748990709309216351696098813162382053396097866233042733},
+    {42372918959432199162670834641599336326433006968669415662488070504036922966492},
+    {52181371244193189669553521955614617990714056725501643636576377752669773323445},
+    {23791984554824031672195249524658580601428376029501889159059009332107176394097},
+    {33342520831620303764059548442834699069640109058400548818586964467754352720368},
+    {16791548253207744974576845515705461794133799104808996134617754018912057476556},
+    {11087343419860825311828133337767238110556416596687749174422888171911517001265},
+    {11931207770538477937808955037363240956790374856666237106403111503668796872571},
+    {3296943608590459582451043049934874894049468383833500962645016062634514172805},
+    {7080580976521357573320018355401935489220216583936865937104131954142364033647},
+    {25990144965911478244481527888046366474489820502460615136523859419965697796405},
+    {33907313384235729375566529911940467295099705980234607934575786561097199483218},
+    {25996950265608465541351207283024962044374873682152889814392533334239395044136}};
+
+// l=2
+FieldT C2[2][12] = {
+    {39,
+     17756515227822460609684409997111995494590448775258437999344446424780281143353},
+    {41362478282768062297187132445775312675360473883834860695283235286481594490621,
+     3384073892082712848969991795331397937188893616190315628722966662742467187281},
+    {9548818195234740988996233204400874453525674173109474205108603996010297049928,
+     51311880822158488881090781617710146800056386303122657365679608608648067582435},
+    {25365440569177822667580105183435418073995888230868180942004497015015045856900,
+     29347609441914902330741511702270026847909178228078752565372729158237774700914},
+    {34023498397393406644117994167986720327178154686105264833093891093045919619309,
+     2339620320400167830454536231899316133967303509954474267430948538955691907104},
+    {38816051319719761886041858113129205506758421478656182868737326994635468402951,
+     27338042530319738113354246208426108832239651080023276643867223794985578055610},
+    {35167418087531820804128377095512663922179887277669504047069913414630376083753,
+     42192983528513372869128514327443204912824559545179630597589572656156258515752},
+    {25885868839756469722325652387535232478219821850603640827385444642154834700231,
+     42721818980548514490325424436763032046927347769153393863616095871384405840432},
+    {8867588811641202981080659274007552529205713737251862066053445622305818871963,
+     23473499332437056484066006746048591864129988909190267521144125882222313735740},
+    {36439756010140137556111047750162544185710881404522379792044818039722752946048,
+     16497366583607480604161417644040292299204496829635795525393416854929276060989},
+    {7788624504122357216765350546787885309160020166693449889975992574536033007374,
+     16727395967350522643500778393489915391834352737211416857240725807058479128000},
+    {3134147137704626983201116226440762775442116005053282329971088789984415999550,
+     46525506418681456193255596516104416743523037046982280449529426136392814992763}};
+
+FieldT D2[2][12] = {
+    {14981678621464625851270783002338847382197300714436467949315331057125308909900,
+     48720959343719104324739338388885839802998711550637402773896395605948383052052},
+    {28253420209785428420233456008091632509255652343634529984400816700490470131093,
+     6257781313532096835800460747082714697295034136932481743077166200794135826591},
+    {51511939407083344002778208487678590135577660247075600880835916725469990319313,
+     4386017178186728799761421274050927732938229436976005221436222062273391481632},
+    {46291121544435738125248657675097664742296276807186696922340332893747842754587,
+     13820180736478645172746469075181304604729976364812127548341524461074783412926},
+    {3650460179273129580093806058710273018999560093475503119057680216309578390988,
+     40385222771838099109662234020243831589690223478794847201235014486200724862134},
+    {45802223370746268123059159806400152299867771061127345631244786118574025749328,
+     50306980075778262214155693291132052551559962723436936231611301042966928400825},
+    {11798621276624967315721748990709309216351696098813162382053396097866233042733,
+     34806952212038537244506031612074847133207330427265785757809673463434908473570},
+    {42372918959432199162670834641599336326433006968669415662488070504036922966492,
+     22755759419530071315007011572076166983660942447634027701351681157370705921018},
+    {52181371244193189669553521955614617990714056725501643636576377752669773323445,
+     30334172084294870556875274308904688414158741457854908094300017436690480001547},
+    {23791984554824031672195249524658580601428376029501889159059009332107176394097,
+     19832360622723392584029764807971325641132953515557801717644226271356492507876},
+    {33342520831620303764059548442834699069640109058400548818586964467754352720368,
+     5828182614154296575131381170785760240834851189333374788484657124381010655319},
+    {16791548253207744974576845515705461794133799104808996134617754018912057476556,
+     23729797853490401568967730686618146850735129707152853256809050789424668284094}};
+
+// l=3
+FieldT C3[3][10] = {
+    {39,
+     17756515227822460609684409997111995494590448775258437999344446424780281143353,
+     10188916128123599964772546147951904500865009616764646948187915341627970346879},
+    {41362478282768062297187132445775312675360473883834860695283235286481594490621,
+     3384073892082712848969991795331397937188893616190315628722966662742467187281,
+     38536464596998108028197905645250196649287447208374169339784649587982292038621},
+    {9548818195234740988996233204400874453525674173109474205108603996010297049928,
+     51311880822158488881090781617710146800056386303122657365679608608648067582435,
+     24596965950552905296088269899880882549715354660832391374009234980535928382152},
+    {25365440569177822667580105183435418073995888230868180942004497015015045856900,
+     29347609441914902330741511702270026847909178228078752565372729158237774700914,
+     14356478667385969079309349540394948109414829921001045845599553435706989367858},
+    {34023498397393406644117994167986720327178154686105264833093891093045919619309,
+     2339620320400167830454536231899316133967303509954474267430948538955691907104,
+     12136748919666286297989154404429099226154686992028401568133058190732008277996},
+    {38816051319719761886041858113129205506758421478656182868737326994635468402951,
+     27338042530319738113354246208426108832239651080023276643867223794985578055610,
+     15580674179713644540398409523441814073810768449493940562136422009899312699155},
+    {35167418087531820804128377095512663922179887277669504047069913414630376083753,
+     42192983528513372869128514327443204912824559545179630597589572656156258515752,
+     47389212411441573266379092392931599970417884729397156841216318364858334633325},
+    {25885868839756469722325652387535232478219821850603640827385444642154834700231,
+     42721818980548514490325424436763032046927347769153393863616095871384405840432,
+     5855288403637341107158034195599277569854359593529752399086836976954392351035},
+    {8867588811641202981080659274007552529205713737251862066053445622305818871963,
+     23473499332437056484066006746048591864129988909190267521144125882222313735740,
+     5696063807157149622355481994320806474692190935543821893362808351446578125354},
+    {36439756010140137556111047750162544185710881404522379792044818039722752946048,
+     16497366583607480604161417644040292299204496829635795525393416854929276060989,
+     31479323495970113713816467604460499675889579912370034974841212556442942086146}};
+
+FiledT D3[3][10] = {
+    {14981678621464625851270783002338847382197300714436467949315331057125308909900,
+     48720959343719104324739338388885839802998711550637402773896395605948383052052,
+     11709610427641952476226704950218052763560489079301307464225164120801969364960},
+    {28253420209785428420233456008091632509255652343634529984400816700490470131093,
+     6257781313532096835800460747082714697295034136932481743077166200794135826591,
+     11966422202069200811427605007493817363680804416274031195624148724039857787313},
+    {51511939407083344002778208487678590135577660247075600880835916725469990319313,
+     4386017178186728799761421274050927732938229436976005221436222062273391481632,
+     663227665329044490605880474899933274574966982371072793854806732105730575244},
+    {46291121544435738125248657675097664742296276807186696922340332893747842754587,
+     13820180736478645172746469075181304604729976364812127548341524461074783412926,
+     21821175320697611197161277831984495658213397245419754392657307036488476373765},
+    {3650460179273129580093806058710273018999560093475503119057680216309578390988,
+     40385222771838099109662234020243831589690223478794847201235014486200724862134,
+     20738601554725926373596082603265918636164823648026470243422423735982938342408},
+    {45802223370746268123059159806400152299867771061127345631244786118574025749328,
+     50306980075778262214155693291132052551559962723436936231611301042966928400825,
+     9105861908793877437599087016640061747418296780065295891365798855886560153752},
+    {11798621276624967315721748990709309216351696098813162382053396097866233042733,
+     34806952212038537244506031612074847133207330427265785757809673463434908473570,
+     10559431278588446438155840088055546145087872298641007742921718770142881700525},
+    {42372918959432199162670834641599336326433006968669415662488070504036922966492,
+     22755759419530071315007011572076166983660942447634027701351681157370705921018,
+     8881354201366797207686592249590682298565723459695719800911380560885170725516},
+    {52181371244193189669553521955614617990714056725501643636576377752669773323445,
+     30334172084294870556875274308904688414158741457854908094300017436690480001547,
+     35548861917762862971011720475855172816698712671893796030607658203859222685056},
+    {23791984554824031672195249524658580601428376029501889159059009332107176394097,
+     19832360622723392584029764807971325641132953515557801717644226271356492507876,
+     5370567718707734490084045178883836972105253285449736908577321570876055642415}};
+
+// l=4
+FieldT C4[4][10] = {
+    {39,
+     17756515227822460609684409997111995494590448775258437999344446424780281143353,
+     10188916128123599964772546147951904500865009616764646948187915341627970346879,
+     3814237141406755457246679946340702245820791055503616462386588886553626328449},
+    {41362478282768062297187132445775312675360473883834860695283235286481594490621,
+     3384073892082712848969991795331397937188893616190315628722966662742467187281,
+     38536464596998108028197905645250196649287447208374169339784649587982292038621,
+     37592197675289757358471908199906415982484124338112374453435292524131427342810},
+    {9548818195234740988996233204400874453525674173109474205108603996010297049928,
+     51311880822158488881090781617710146800056386303122657365679608608648067582435,
+     24596965950552905296088269899880882549715354660832391374009234980535928382152,
+     34036826250287807194659359129722586818079652442547178531030410684351456041117},
+    {25365440569177822667580105183435418073995888230868180942004497015015045856900,
+     29347609441914902330741511702270026847909178228078752565372729158237774700914,
+     14356478667385969079309349540394948109414829921001045845599553435706989367858,
+     9488013611624811735432450930006811652991761655550510302915118428283918068143},
+    {34023498397393406644117994167986720327178154686105264833093891093045919619309,
+     2339620320400167830454536231899316133967303509954474267430948538955691907104,
+     12136748919666286297989154404429099226154686992028401568133058190732008277996,
+     19442569822772655270268482835742480365499256802520510905846953360427433130058},
+    {38816051319719761886041858113129205506758421478656182868737326994635468402951,
+     27338042530319738113354246208426108832239651080023276643867223794985578055610,
+     15580674179713644540398409523441814073810768449493940562136422009899312699155,
+     4362660876979205605782410963041525734654031488177761934879852229226211686053},
+    {35167418087531820804128377095512663922179887277669504047069913414630376083753,
+     42192983528513372869128514327443204912824559545179630597589572656156258515752,
+     47389212411441573266379092392931599970417884729397156841216318364858334633325,
+     41487656259632727393098274178738763934249662924287956242704596746920012242443},
+    {25885868839756469722325652387535232478219821850603640827385444642154834700231,
+     42721818980548514490325424436763032046927347769153393863616095871384405840432,
+     5855288403637341107158034195599277569854359593529752399086836976954392351035,
+     18845851722124019325834426094831743068408557621685658713002749358354699910772},
+    {8867588811641202981080659274007552529205713737251862066053445622305818871963,
+     23473499332437056484066006746048591864129988909190267521144125882222313735740,
+     5696063807157149622355481994320806474692190935543821893362808351446578125354,
+     48558031599255072862103809681060565464555437399403822458902024251997890071747},
+    {36439756010140137556111047750162544185710881404522379792044818039722752946048,
+     16497366583607480604161417644040292299204496829635795525393416854929276060989,
+     31479323495970113713816467604460499675889579912370034974841212556442942086146,
+     52327065242455117582590188333899352706031813782154293138553490341266149456684}};
+
+FieldT D4[4][10] = {
+    {14981678621464625851270783002338847382197300714436467949315331057125308909900,
+     48720959343719104324739338388885839802998711550637402773896395605948383052052,
+     11709610427641952476226704950218052763560489079301307464225164120801969364960,
+     3188799073106888901912065951229864304299742047220134499402570163601813730969},
+    {28253420209785428420233456008091632509255652343634529984400816700490470131093,
+     6257781313532096835800460747082714697295034136932481743077166200794135826591,
+     11966422202069200811427605007493817363680804416274031195624148724039857787313,
+     8876022912542631074912834764773050492660953075192093830253524158063181475941},
+    {51511939407083344002778208487678590135577660247075600880835916725469990319313,
+     4386017178186728799761421274050927732938229436976005221436222062273391481632,
+     663227665329044490605880474899933274574966982371072793854806732105730575244,
+     7956955597245727322388196907364651338722736293265717471854714933795446618648},
+    {46291121544435738125248657675097664742296276807186696922340332893747842754587,
+     13820180736478645172746469075181304604729976364812127548341524461074783412926,
+     21821175320697611197161277831984495658213397245419754392657307036488476373765,
+     14806577897118234786495606424219372997573800509149076370951604526939593458489},
+    {3650460179273129580093806058710273018999560093475503119057680216309578390988,
+     40385222771838099109662234020243831589690223478794847201235014486200724862134,
+     20738601554725926373596082603265918636164823648026470243422423735982938342408,
+     25898290090014076279086638237202313571292864987698437102115051403552551578909},
+    {45802223370746268123059159806400152299867771061127345631244786118574025749328,
+     50306980075778262214155693291132052551559962723436936231611301042966928400825,
+     9105861908793877437599087016640061747418296780065295891365798855886560153752,
+     48177591413367409915642056167048753041735583848456612607691620273026228709602},
+    {11798621276624967315721748990709309216351696098813162382053396097866233042733,
+     34806952212038537244506031612074847133207330427265785757809673463434908473570,
+     10559431278588446438155840088055546145087872298641007742921718770142881700525,
+     2511742758961381498086249076485723904703122022711664665388729650078747694082},
+    {42372918959432199162670834641599336326433006968669415662488070504036922966492,
+     22755759419530071315007011572076166983660942447634027701351681157370705921018,
+     8881354201366797207686592249590682298565723459695719800911380560885170725516,
+     19725785152035256359574211351446161592903393017031483635806025440159666669692},
+    {52181371244193189669553521955614617990714056725501643636576377752669773323445,
+     30334172084294870556875274308904688414158741457854908094300017436690480001547,
+     35548861917762862971011720475855172816698712671893796030607658203859222685056,
+     23828822166916376664523534857031979764654878164406016294521947902346141831375},
+    {23791984554824031672195249524658580601428376029501889159059009332107176394097,
+     19832360622723392584029764807971325641132953515557801717644226271356492507876,
+     5370567718707734490084045178883836972105253285449736908577321570876055642415,
+     24072177097374519292068993110945703798030958684413852593268331853573451397392}};
+#endif
+} // namespace libsnark
+
+#endif // LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_CONSTANTS_HPP_

From 7508a5b435b322909860db4773130eff02b811cd Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Wed, 21 Sep 2022 12:41:57 +0100
Subject: [PATCH 023/112] anemoi: replaced inputs to Q_gamma, Q_delta, E from
 pb_variable to pb_lienar_combination; added gadget for Q_delta for binary
 field.

---
 .../hashes/anemoi/anemoi_components.hpp       | 59 +++++++++++---
 .../hashes/anemoi/anemoi_components.tcc       | 80 ++++++++++++++++---
 .../anemoi/tests/test_anemoi_gadget.cpp       |  2 -
 3 files changed, 117 insertions(+), 24 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
index 7006284e1..87f783b8a 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
@@ -27,12 +27,12 @@ namespace libsnark
 // gamma = 0
 
 // constants used for debug
-#define DEBUG_FLYSTEL_ALPHA FLYSTEL_ALPHA
+#define DEBUG_FLYSTEL_ALPHA 5
 #define DEBUG_FLYSTEL_BETA 2
 #define DEBUG_FLYSTEL_GAMMA 5
 #define DEBUG_FLYSTEL_DELTA 0
 
-/// Flystel Qf function for prime fields:
+/// Flystel Q_gamma function for prime fields:
 /// Qf(x) = beta x^2 + gamma
 /// x: input
 /// y: output
@@ -46,12 +46,12 @@ class flystel_Q_gamma_prime_field_gadget : public gadget<FieldT>
 
 public:
     // input/output
-    const pb_variable<FieldT> input;
+    const pb_linear_combination<FieldT> input;
     const pb_variable<FieldT> output;
 
     flystel_Q_gamma_prime_field_gadget(
         protoboard<FieldT> &pb,
-        const pb_variable<FieldT> &input,
+        const pb_linear_combination<FieldT> input,
         const pb_variable<FieldT> &output,
         const std::string &annotation_prefix = "");
 
@@ -59,7 +59,7 @@ class flystel_Q_gamma_prime_field_gadget : public gadget<FieldT>
     void generate_r1cs_witness();
 };
 
-/// Flystel Qf function for prime fields:
+/// Flystel Q_delta function for prime fields:
 /// Qf(x) = beta x^2 + delta
 /// x: input
 /// y: output
@@ -73,12 +73,12 @@ class flystel_Q_delta_prime_field_gadget : public gadget<FieldT>
 
 public:
     // input/output
-    const pb_variable<FieldT> input;
+    const pb_linear_combination<FieldT> input;
     const pb_variable<FieldT> output;
 
     flystel_Q_delta_prime_field_gadget(
         protoboard<FieldT> &pb,
-        const pb_variable<FieldT> &input,
+        const pb_linear_combination<FieldT> input,
         const pb_variable<FieldT> &output,
         const std::string &annotation_prefix = "");
 
@@ -86,7 +86,7 @@ class flystel_Q_delta_prime_field_gadget : public gadget<FieldT>
     void generate_r1cs_witness();
 };
 
-/// Flystel Qi function for binary fields:
+/// Flystel Q_gamma function for binary fields:
 /// Qi(x) = beta x^3 + gamma
 ///
 /// Compute y = beta x^3 + gamma
@@ -105,12 +105,47 @@ class flystel_Q_gamma_binary_field_gadget : public gadget<FieldT>
 
 public:
     /// input/output
-    const pb_variable<FieldT> input;
+    const pb_linear_combination<FieldT> input;
     const pb_variable<FieldT> output;
 
     flystel_Q_gamma_binary_field_gadget(
         protoboard<FieldT> &pb,
-        const pb_variable<FieldT> &input,
+        const pb_linear_combination<FieldT> input,
+        const pb_variable<FieldT> &output,
+        const std::string &annotation_prefix = "");
+
+    void generate_r1cs_constraints();
+    void generate_r1cs_witness();
+};
+
+// TODO: add class flystel_Q_delta_binary_field_gadget : public gadget<FieldT>
+// ...
+
+/// Flystel Q_delta function for binary fields:
+/// Qi(x) = beta x^3 + delta
+///
+/// Compute y = beta x^3 + delta
+/// x: input
+/// y: output
+/// beta, delta: constants
+template<typename FieldT, size_t generator>
+class flystel_Q_delta_binary_field_gadget : public gadget<FieldT>
+{
+private:
+    /// internal (i.e. intermediate) variable
+    pb_variable<FieldT> internal;
+    /// constants
+    const FieldT beta;
+    const FieldT delta;
+
+public:
+    /// input/output
+    const pb_linear_combination<FieldT> input;
+    const pb_variable<FieldT> output;
+
+    flystel_Q_delta_binary_field_gadget(
+        protoboard<FieldT> &pb,
+        const pb_linear_combination<FieldT> input,
         const pb_variable<FieldT> &output,
         const std::string &annotation_prefix = "");
 
@@ -130,12 +165,12 @@ class flystel_E_power_five_gadget : public gadget<FieldT>
 
 public:
     /// input/output: x1,x4
-    const pb_variable<FieldT> input;
+    const pb_linear_combination<FieldT> input;
     const pb_variable<FieldT> output;
 
     flystel_E_power_five_gadget(
         protoboard<FieldT> &pb,
-        const pb_variable<FieldT> &input,
+        const pb_linear_combination<FieldT> input,
         const pb_variable<FieldT> &output,
         const std::string &annotation_prefix = "");
 
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
index ba22a6e77..1d7a8126b 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
@@ -50,7 +50,7 @@ template<typename FieldT, size_t generator>
 flystel_Q_gamma_prime_field_gadget<FieldT, generator>::
     flystel_Q_gamma_prime_field_gadget(
         protoboard<FieldT> &pb,
-        const pb_variable<FieldT> &input,
+        const pb_linear_combination<FieldT> input,
         const pb_variable<FieldT> &output,
         const std::string &annotation_prefix)
     : gadget<FieldT>(pb, annotation_prefix)
@@ -85,16 +85,18 @@ template<typename FieldT, size_t generator>
 void flystel_Q_gamma_prime_field_gadget<FieldT, generator>::
     generate_r1cs_witness()
 {
+    input.evaluate(this->pb);
     // y = beta x^2 + gamma
     this->pb.val(output) =
-        this->beta * this->pb.val(input) * this->pb.val(input) + this->gamma;
+        this->beta * this->pb.lc_val(input) * this->pb.lc_val(input) +
+        this->gamma;
 }
 
 template<typename FieldT, size_t generator>
 flystel_Q_delta_prime_field_gadget<FieldT, generator>::
     flystel_Q_delta_prime_field_gadget(
         protoboard<FieldT> &pb,
-        const pb_variable<FieldT> &input,
+        const pb_linear_combination<FieldT> input,
         const pb_variable<FieldT> &output,
         const std::string &annotation_prefix)
     : gadget<FieldT>(pb, annotation_prefix)
@@ -129,9 +131,11 @@ template<typename FieldT, size_t generator>
 void flystel_Q_delta_prime_field_gadget<FieldT, generator>::
     generate_r1cs_witness()
 {
+    input.evaluate(this->pb);
     // y = beta x^2 + delta
     this->pb.val(output) =
-        this->beta * this->pb.val(input) * this->pb.val(input) + this->delta;
+        this->beta * this->pb.lc_val(input) * this->pb.lc_val(input) +
+        this->delta;
 }
 
 // R1CS constraints for the operation y = beta x^3 + gamma with
@@ -154,7 +158,7 @@ template<typename FieldT, size_t generator>
 flystel_Q_gamma_binary_field_gadget<FieldT, generator>::
     flystel_Q_gamma_binary_field_gadget(
         protoboard<FieldT> &pb,
-        const pb_variable<FieldT> &input,
+        const pb_linear_combination<FieldT> input,
         const pb_variable<FieldT> &output,
         const std::string &annotation_prefix)
     : gadget<FieldT>(pb, annotation_prefix)
@@ -190,12 +194,66 @@ template<typename FieldT, size_t generator>
 void flystel_Q_gamma_binary_field_gadget<FieldT, generator>::
     generate_r1cs_witness()
 {
+    input.evaluate(this->pb);
     // x_internal = beta x * x
     this->pb.val(internal) =
-        (this->beta * this->pb.val(input)) * this->pb.val(input);
+        (this->beta * this->pb.lc_val(input)) * this->pb.lc_val(input);
     // y = beta x^3 + gamma = x_internal * x + gamma
     this->pb.val(output) =
-        this->pb.val(internal) * this->pb.val(input) + this->gamma;
+        this->pb.val(internal) * this->pb.lc_val(input) + this->gamma;
+}
+
+// R1CS constraints for the operation y = beta x^3 + delta with
+// x=input, y=output. This operation is represented with two
+// multiplications as y-delta = ((beta x * x) * x).
+// \see flystel_Q_delta_binary_field_gadget
+template<typename FieldT, size_t generator>
+flystel_Q_delta_binary_field_gadget<FieldT, generator>::
+    flystel_Q_delta_binary_field_gadget(
+        protoboard<FieldT> &pb,
+        const pb_linear_combination<FieldT> input,
+        const pb_variable<FieldT> &output,
+        const std::string &annotation_prefix)
+    : gadget<FieldT>(pb, annotation_prefix)
+    , internal(pb_variable_allocate<FieldT>(
+          pb, FMT(this->annotation_prefix, " internal")))
+#ifdef FLYSTEL_DEBUG
+    , beta(DEBUG_FLYSTEL_BETA)
+    , delta(DEBUG_FLYSTEL_DELTA)
+#elif
+    , beta(FieldT(generator))
+    , delta(FieldT(0))
+#endif // #ifdef FLYSTEL_DEBUG
+    , input(input)
+    , output(output)
+{
+}
+
+template<typename FieldT, size_t generator>
+void flystel_Q_delta_binary_field_gadget<FieldT, generator>::
+    generate_r1cs_constraints()
+{
+    // (beta * input) * input = internal
+    this->pb.add_r1cs_constraint(
+        r1cs_constraint<FieldT>(beta * input, input, internal),
+        FMT(this->annotation_prefix, " beta * x * x = x_square"));
+    // internal * input = output - delta
+    this->pb.add_r1cs_constraint(
+        r1cs_constraint<FieldT>(internal, input, output - delta),
+        FMT(this->annotation_prefix, " x_square * x = y - delta"));
+}
+
+template<typename FieldT, size_t generator>
+void flystel_Q_delta_binary_field_gadget<FieldT, generator>::
+    generate_r1cs_witness()
+{
+    input.evaluate(this->pb);
+    // x_internal = beta x * x
+    this->pb.val(internal) =
+        (this->beta * this->pb.lc_val(input)) * this->pb.lc_val(input);
+    // y = beta x^3 + delta = x_internal * x + delta
+    this->pb.val(output) =
+        this->pb.val(internal) * this->pb.lc_val(input) + this->delta;
 }
 
 // R1CS constraints for the operation y = x^5 with x=input,
@@ -219,7 +277,7 @@ void flystel_Q_gamma_binary_field_gadget<FieldT, generator>::
 template<typename FieldT>
 flystel_E_power_five_gadget<FieldT>::flystel_E_power_five_gadget(
     protoboard<FieldT> &pb,
-    const pb_variable<FieldT> &input,
+    const pb_linear_combination<FieldT> input,
     const pb_variable<FieldT> &output,
     const std::string &annotation_prefix)
     : gadget<FieldT>(pb, annotation_prefix), input(input), output(output)
@@ -248,13 +306,15 @@ void flystel_E_power_five_gadget<FieldT>::generate_r1cs_constraints()
 template<typename FieldT>
 void flystel_E_power_five_gadget<FieldT>::generate_r1cs_witness()
 {
+    input.evaluate(this->pb);
     // x2 = x1 * x1
-    this->pb.val(internal[0]) = (this->pb.val(input)) * this->pb.val(input);
+    this->pb.val(internal[0]) =
+        (this->pb.lc_val(input)) * this->pb.lc_val(input);
     // x3 = x2 * x2
     this->pb.val(internal[1]) =
         (this->pb.val(internal[0])) * this->pb.val(internal[0]);
     // y = x1 * x3
-    this->pb.val(output) = this->pb.val(input) * this->pb.val(internal[1]);
+    this->pb.val(output) = this->pb.lc_val(input) * this->pb.val(internal[1]);
 }
 
 template<typename FieldT, size_t generator>
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
index 74b33b9ca..abae2ad0f 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
@@ -138,10 +138,8 @@ int main(void)
     a.mod.print();
     printf("\n");
 #endif
-#if 1
     test_flystel_Q_gamma_prime_field_gadget<FieldT>(10);
     test_flystel_Q_gamma_binary_field_gadge<FieldT>(10);
     test_flystel_E_power_five_gadget<FieldT>(10);
-#endif
     //    //    test_flystel_power_two_gadget<libff::bls12_381_Fr>(10);
 }

From 75a8cc523aa3dfe37dffaf56d505cc79d6bf25c2 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Thu, 22 Sep 2022 10:50:52 +0100
Subject: [PATCH 024/112] anemoi: updated E_power_five gadget

---
 .../hashes/anemoi/anemoi_components.hpp       | 35 +++++++------
 .../hashes/anemoi/anemoi_components.tcc       | 52 +++++++++++--------
 .../hashes/anemoi/anemoi_constants.hpp        |  1 +
 .../anemoi/tests/test_anemoi_gadget.cpp       | 34 +++++++++++-
 4 files changed, 84 insertions(+), 38 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
index 87f783b8a..d8bc05eaf 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
@@ -51,7 +51,7 @@ class flystel_Q_gamma_prime_field_gadget : public gadget<FieldT>
 
     flystel_Q_gamma_prime_field_gadget(
         protoboard<FieldT> &pb,
-        const pb_linear_combination<FieldT> input,
+        const pb_linear_combination<FieldT> &input,
         const pb_variable<FieldT> &output,
         const std::string &annotation_prefix = "");
 
@@ -78,7 +78,7 @@ class flystel_Q_delta_prime_field_gadget : public gadget<FieldT>
 
     flystel_Q_delta_prime_field_gadget(
         protoboard<FieldT> &pb,
-        const pb_linear_combination<FieldT> input,
+        const pb_linear_combination<FieldT> &input,
         const pb_variable<FieldT> &output,
         const std::string &annotation_prefix = "");
 
@@ -110,7 +110,7 @@ class flystel_Q_gamma_binary_field_gadget : public gadget<FieldT>
 
     flystel_Q_gamma_binary_field_gadget(
         protoboard<FieldT> &pb,
-        const pb_linear_combination<FieldT> input,
+        const pb_linear_combination<FieldT> &input,
         const pb_variable<FieldT> &output,
         const std::string &annotation_prefix = "");
 
@@ -118,9 +118,6 @@ class flystel_Q_gamma_binary_field_gadget : public gadget<FieldT>
     void generate_r1cs_witness();
 };
 
-// TODO: add class flystel_Q_delta_binary_field_gadget : public gadget<FieldT>
-// ...
-
 /// Flystel Q_delta function for binary fields:
 /// Qi(x) = beta x^3 + delta
 ///
@@ -145,7 +142,7 @@ class flystel_Q_delta_binary_field_gadget : public gadget<FieldT>
 
     flystel_Q_delta_binary_field_gadget(
         protoboard<FieldT> &pb,
-        const pb_linear_combination<FieldT> input,
+        const pb_linear_combination<FieldT> &input,
         const pb_variable<FieldT> &output,
         const std::string &annotation_prefix = "");
 
@@ -170,7 +167,7 @@ class flystel_E_power_five_gadget : public gadget<FieldT>
 
     flystel_E_power_five_gadget(
         protoboard<FieldT> &pb,
-        const pb_linear_combination<FieldT> input,
+        const pb_linear_combination<FieldT> &input,
         const pb_variable<FieldT> &output,
         const std::string &annotation_prefix = "");
 
@@ -200,23 +197,29 @@ template<typename FieldT, size_t generator>
 class flystel_closed_prime_field_gadget : public gadget<FieldT>
 {
 private:
-    // internal (i.e. intermediate) variables: v3,v4,v5
-    std::array<pb_variable<FieldT>, 4> internal;
+    // internal (i.e. intermediate) variables
+    pb_variable<FieldT> a0;
+    pb_variable<FieldT> a1;
+    pb_variable<FieldT> a2;
 
 public:
     // (v1,v2)=(x0,x1)
-    std::array<pb_variable<FieldT>, 2> input;
+    const pb_linear_combination<FieldT> input_x0;
+    const pb_linear_combination<FieldT> input_x1;
     // (v7,v8)=(y0,y1)
-    std::array<pb_variable<FieldT>, 2> output;
+    const pb_linear_combination<FieldT> output_y0;
+    const pb_linear_combination<FieldT> output_y1;
 
     flystel_Q_gamma_prime_field_gadget<FieldT, generator> Q_gamma;
     flystel_Q_delta_prime_field_gadget<FieldT, generator> Q_delta;
-    flystel_E_power_five_gadget<FieldT> power_five;
+    flystel_E_power_five_gadget<FieldT> E_power_five;
 
     flystel_closed_prime_field_gadget(
         protoboard<FieldT> &pb,
-        const std::array<pb_variable<FieldT>, 2> &input,
-        const std::array<pb_variable<FieldT>, 2> &output,
+        const pb_linear_combination<FieldT> &x0,
+        const pb_linear_combination<FieldT> &x1,
+        const pb_linear_combination<FieldT> &y0,
+        const pb_linear_combination<FieldT> &y1,
         const std::string &annotation_prefix = "");
 
     void generate_r1cs_constraints();
@@ -226,7 +229,7 @@ class flystel_closed_prime_field_gadget : public gadget<FieldT>
 // get the MDS matrix from the number of columns 2,3 or 4
 template<typename FieldT, size_t NumStateColumns_L>
 std::array<std::array<FieldT, NumStateColumns_L>, NumStateColumns_L>
-anemoi_permutation_get_mds(const FieldT g);
+anemoi_permutation_mds(const FieldT g);
 
 /// One round of the Anemoi permutation mapping (Fr)^{2l} -> (Fr)^{2l}
 ///
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
index 1d7a8126b..2cf00e3dd 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
@@ -50,7 +50,7 @@ template<typename FieldT, size_t generator>
 flystel_Q_gamma_prime_field_gadget<FieldT, generator>::
     flystel_Q_gamma_prime_field_gadget(
         protoboard<FieldT> &pb,
-        const pb_linear_combination<FieldT> input,
+        const pb_linear_combination<FieldT> &input,
         const pb_variable<FieldT> &output,
         const std::string &annotation_prefix)
     : gadget<FieldT>(pb, annotation_prefix)
@@ -96,7 +96,7 @@ template<typename FieldT, size_t generator>
 flystel_Q_delta_prime_field_gadget<FieldT, generator>::
     flystel_Q_delta_prime_field_gadget(
         protoboard<FieldT> &pb,
-        const pb_linear_combination<FieldT> input,
+        const pb_linear_combination<FieldT> &input,
         const pb_variable<FieldT> &output,
         const std::string &annotation_prefix)
     : gadget<FieldT>(pb, annotation_prefix)
@@ -158,7 +158,7 @@ template<typename FieldT, size_t generator>
 flystel_Q_gamma_binary_field_gadget<FieldT, generator>::
     flystel_Q_gamma_binary_field_gadget(
         protoboard<FieldT> &pb,
-        const pb_linear_combination<FieldT> input,
+        const pb_linear_combination<FieldT> &input,
         const pb_variable<FieldT> &output,
         const std::string &annotation_prefix)
     : gadget<FieldT>(pb, annotation_prefix)
@@ -211,7 +211,7 @@ template<typename FieldT, size_t generator>
 flystel_Q_delta_binary_field_gadget<FieldT, generator>::
     flystel_Q_delta_binary_field_gadget(
         protoboard<FieldT> &pb,
-        const pb_linear_combination<FieldT> input,
+        const pb_linear_combination<FieldT> &input,
         const pb_variable<FieldT> &output,
         const std::string &annotation_prefix)
     : gadget<FieldT>(pb, annotation_prefix)
@@ -277,7 +277,7 @@ void flystel_Q_delta_binary_field_gadget<FieldT, generator>::
 template<typename FieldT>
 flystel_E_power_five_gadget<FieldT>::flystel_E_power_five_gadget(
     protoboard<FieldT> &pb,
-    const pb_linear_combination<FieldT> input,
+    const pb_linear_combination<FieldT> &input,
     const pb_variable<FieldT> &output,
     const std::string &annotation_prefix)
     : gadget<FieldT>(pb, annotation_prefix), input(input), output(output)
@@ -314,44 +314,54 @@ void flystel_E_power_five_gadget<FieldT>::generate_r1cs_witness()
     this->pb.val(internal[1]) =
         (this->pb.val(internal[0])) * this->pb.val(internal[0]);
     // y = x1 * x3
-    this->pb.val(output) = this->pb.lc_val(input) * this->pb.val(internal[1]);
+    this->pb.val(output) =
+        this->pb.lc_val(input) * this->pb.val(internal[1]);
 }
 
 template<typename FieldT, size_t generator>
 flystel_closed_prime_field_gadget<FieldT, generator>::
     flystel_closed_prime_field_gadget(
         protoboard<FieldT> &pb,
-        const std::array<pb_variable<FieldT>, 2> &input,
-        const std::array<pb_variable<FieldT>, 2> &output,
+        const pb_linear_combination<FieldT> &x0,
+        const pb_linear_combination<FieldT> &x1,
+        const pb_linear_combination<FieldT> &y0,
+        const pb_linear_combination<FieldT> &y1,
         const std::string &annotation_prefix)
-    : flystel_Q_gamma_prime_field_gadget<FieldT, generator>(
-          pb, input[0], internal[0])
-    , flystel_Q_delta_prime_field_gadget<FieldT, generator>(
-          pb, input[1], internal[2])
-    , flystel_E_power_five_gadget<FieldT>(pb, input[0] - input[1], internal[1])
+    : gadget<FieldT>(pb, annotation_prefix)
+    , input_x0(x0)
+    , input_x1(x1)
+    , output_y0(y0)
+    , output_y1(y1)
+    , Q_gamma(pb, x1, a0, annotation_prefix)
+    , Q_delta(pb, y1, a2, annotation_prefix)
+    , E_power_five(pb, x1 - y1, a1, annotation_prefix)
 {
-    internal[0].allocate(this->pb, " v3");
-    internal[1].allocate(this->pb, " v4");
-    internal[2].allocate(this->pb, " v5");
+    a0.allocate(this->pb, " a0");
+    a1.allocate(this->pb, " a1");
+    a2.allocate(this->pb, " a2");
 }
 
 // R1CS constraints for the operation
 //
-// y0 = Q_gamma(x0) + power_five(x0-x1)
-// y1 = Q_delta(x1) + power_five(x0-x1)
+// x0 = Q_gamma(x1) + power_five(x1-y1)
+// y0 = Q_delta(y1) + power_five(x1-y1)
 //
 // x0=input[0], x1=input[1], y0=output[0], y1=output[1].
 //
 // The function generates the constraints for the three gadgets:
 // Q_gamma, Q_delta, power_five by calling their corresponding
 // generate_r1cs_constraints() methods
+//
+// \attention one of the the outputs of this evaluation x0 is also an
+// input to the flystel S-box since here the flystel is evaluated in its closed
+// form i.e. when all inputs x,x1 and outputs y0,y1 are known
 template<typename FieldT, size_t generator>
 void flystel_closed_prime_field_gadget<FieldT, generator>::
     generate_r1cs_constraints()
 {
     Q_gamma.generate_r1cs_constraints();
     Q_delta.generate_r1cs_constraints();
-    power_five.generate_r1cs_constraints();
+    E_power_five.generate_r1cs_constraints();
 }
 
 template<typename FieldT, size_t generator>
@@ -360,12 +370,12 @@ void flystel_closed_prime_field_gadget<FieldT, generator>::
 {
     Q_gamma.generate_r1cs_witness();
     Q_delta.generate_r1cs_witness();
-    power_five.generate_r1cs_witness();
+    E_power_five.generate_r1cs_witness();
 }
 
 template<typename FieldT, size_t NumStateColumns_L>
 std::array<std::array<FieldT, NumStateColumns_L>, NumStateColumns_L>
-anemoi_permutation_get_mds(const FieldT g)
+anemoi_permutation_mds(const FieldT g)
 {
     std::array<std::array<FieldT, NumStateColumns_L>, NumStateColumns_L> M;
     const FieldT g2 = g * g;
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_constants.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_constants.hpp
index 26cb20ead..38ce24ce3 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_constants.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_constants.hpp
@@ -13,6 +13,7 @@
 namespace libsnark
 {
 // TODO: specialize by the field type + cast to the field
+// see     setup_sha3_constants();
 #if 0
 // l = 1
 FieldT C1[1][19] = {
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
index abae2ad0f..35b7dd432 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
@@ -111,6 +111,38 @@ template<typename FieldT> void test_flystel_E_power_five_gadget(const size_t n)
     libff::print_time("flystel_E_power_five_gadget tests successful");
 }
 
+template<typename FieldT>
+void test_flystel_closed_prime_field_gadget(const size_t n)
+{
+    printf(
+        "testing flystel_closed_prime_field_gadget on all %zu bit strings\n",
+        n);
+
+    protoboard<FieldT> pb;
+    //    std::array<pb_variable<FieldT>, 2> x;
+    //    std::array<pb_variable<FieldT>, 2> y;
+    //    std::array<pb_linear_combination<FieldT>, 2> x;
+    //    std::array<pb_linear_combination<FieldT>, 2> y;
+    pb_linear_combination<FieldT> x0;
+    pb_linear_combination<FieldT> x1;
+    pb_linear_combination<FieldT> y0;
+    pb_linear_combination<FieldT> y1;
+#if 0
+    // input
+    x[0].allocate(pb, "x0");
+    x[1].allocate(pb, "x1");
+    // output
+    y[0].allocate(pb, "y0");
+    y[1].allocate(pb, "y1");
+#endif
+    flystel_closed_prime_field_gadget<
+        FieldT,
+        FLYSTEL_MULTIPLICATIVE_SUBGROUP_GENERATOR>
+        d(pb, x0, x1, y0, y1, "flystel");
+
+    libff::print_time("flystel_E_power_five_gadget tests successful");
+}
+
 int main(void)
 {
     libff::start_profiling();
@@ -141,5 +173,5 @@ int main(void)
     test_flystel_Q_gamma_prime_field_gadget<FieldT>(10);
     test_flystel_Q_gamma_binary_field_gadge<FieldT>(10);
     test_flystel_E_power_five_gadget<FieldT>(10);
-    //    //    test_flystel_power_two_gadget<libff::bls12_381_Fr>(10);
+    test_flystel_closed_prime_field_gadget<FieldT>(10);
 }

From 18e08dc8e9da09b295a8bc59b5ee4f2e49ba6568 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Fri, 23 Sep 2022 13:31:21 +0100
Subject: [PATCH 025/112] anemoi: added a cnstructor of pb_linear_combination
 initializing an object from a linear_combination oject. needed for r1cs
 gadget for anemoi flystel sbox.

---
 libsnark/gadgetlib1/pb_variable.hpp | 2 ++
 libsnark/gadgetlib1/pb_variable.tcc | 7 +++++++
 2 files changed, 9 insertions(+)

diff --git a/libsnark/gadgetlib1/pb_variable.hpp b/libsnark/gadgetlib1/pb_variable.hpp
index ef540b9b6..ab8d6392e 100644
--- a/libsnark/gadgetlib1/pb_variable.hpp
+++ b/libsnark/gadgetlib1/pb_variable.hpp
@@ -106,6 +106,8 @@ class pb_linear_combination : public linear_combination<FieldT>
 
     pb_linear_combination();
     pb_linear_combination(const pb_variable<FieldT> &var);
+    pb_linear_combination(
+        protoboard<FieldT> &pb, const linear_combination<FieldT> &lc);
 
     void assign(protoboard<FieldT> &pb, const linear_combination<FieldT> &lc);
     void evaluate(protoboard<FieldT> &pb) const;
diff --git a/libsnark/gadgetlib1/pb_variable.tcc b/libsnark/gadgetlib1/pb_variable.tcc
index 3bf2e810a..01786e516 100644
--- a/libsnark/gadgetlib1/pb_variable.tcc
+++ b/libsnark/gadgetlib1/pb_variable.tcc
@@ -136,6 +136,13 @@ pb_linear_combination<FieldT>::pb_linear_combination(
     this->terms.emplace_back(linear_term<FieldT>(var));
 }
 
+template<typename FieldT>
+pb_linear_combination<FieldT>::pb_linear_combination(
+    protoboard<FieldT> &pb, const linear_combination<FieldT> &lc)
+{
+    assign(pb, lc);
+}
+
 template<typename FieldT>
 void pb_linear_combination<FieldT>::assign(
     protoboard<FieldT> &pb, const linear_combination<FieldT> &lc)

From 4daa5ac51883d626e1423fba0c524f2df9bfaada Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Fri, 23 Sep 2022 13:32:54 +0100
Subject: [PATCH 026/112] anemoi: updated gadget for flystel sbox using the new
 constructor of pb_linear_combination from linear_combination object.

---
 .../hashes/anemoi/anemoi_components.tcc       | 11 ++++-
 .../anemoi/tests/test_anemoi_gadget.cpp       | 43 +++++++++++++------
 2 files changed, 39 insertions(+), 15 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
index 2cf00e3dd..bb3f911c0 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
@@ -334,7 +334,8 @@ flystel_closed_prime_field_gadget<FieldT, generator>::
     , output_y1(y1)
     , Q_gamma(pb, x1, a0, annotation_prefix)
     , Q_delta(pb, y1, a2, annotation_prefix)
-    , E_power_five(pb, x1 - y1, a1, annotation_prefix)
+    , E_power_five(
+          pb, pb_linear_combination<FieldT>(pb, x1 - y1), a1, annotation_prefix)
 {
     a0.allocate(this->pb, " a0");
     a1.allocate(this->pb, " a1");
@@ -368,9 +369,17 @@ template<typename FieldT, size_t generator>
 void flystel_closed_prime_field_gadget<FieldT, generator>::
     generate_r1cs_witness()
 {
+    //    input_x0.evaluate(this->pb);
+    input_x1.evaluate(this->pb);
+    //    output_y0.evaluate(this->pb);
+    output_y1.evaluate(this->pb);
+
     Q_gamma.generate_r1cs_witness();
     Q_delta.generate_r1cs_witness();
     E_power_five.generate_r1cs_witness();
+
+    this->pb.lc_val(input_x0) = this->pb.val(a0) + this->pb.val(a1);
+    this->pb.lc_val(output_y0) = this->pb.val(a1) + this->pb.val(a2);
 }
 
 template<typename FieldT, size_t NumStateColumns_L>
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
index 35b7dd432..cab73e316 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
@@ -119,27 +119,42 @@ void test_flystel_closed_prime_field_gadget(const size_t n)
         n);
 
     protoboard<FieldT> pb;
-    //    std::array<pb_variable<FieldT>, 2> x;
-    //    std::array<pb_variable<FieldT>, 2> y;
-    //    std::array<pb_linear_combination<FieldT>, 2> x;
-    //    std::array<pb_linear_combination<FieldT>, 2> y;
-    pb_linear_combination<FieldT> x0;
-    pb_linear_combination<FieldT> x1;
-    pb_linear_combination<FieldT> y0;
-    pb_linear_combination<FieldT> y1;
-#if 0
+
     // input
-    x[0].allocate(pb, "x0");
-    x[1].allocate(pb, "x1");
+    pb_variable<FieldT> x0;
+    pb_variable<FieldT> x1;
+    x0.allocate(pb, "x0");
+    x1.allocate(pb, "x1");
+
     // output
-    y[0].allocate(pb, "y0");
-    y[1].allocate(pb, "y1");
-#endif
+    pb_variable<FieldT> y0;
+    pb_variable<FieldT> y1;
+    y0.allocate(pb, "y0");
+    y1.allocate(pb, "y1");
+
     flystel_closed_prime_field_gadget<
         FieldT,
         FLYSTEL_MULTIPLICATIVE_SUBGROUP_GENERATOR>
         d(pb, x0, x1, y0, y1, "flystel");
 
+    // generate contraints
+    d.generate_r1cs_constraints();
+    // set input values
+    pb.val(x1) = 3;
+    pb.val(y1) = 1;
+
+    //    x0.print();
+
+    // generate witness for the given input
+    d.generate_r1cs_witness();
+
+#if 0    
+    // expected outputs
+    ASSERT_EQ(pb.val(x0), 55);
+    ASSERT_EQ(pb.val(y0), 34);
+
+    ASSERT_TRUE(pb.is_satisfied());
+#endif
     libff::print_time("flystel_E_power_five_gadget tests successful");
 }
 

From 7cc1c113e880de0864b97d9aa5f9290ce6e45a60 Mon Sep 17 00:00:00 2001
From: Duncan Tebbs <duncan.tebbs@gmail.com>
Date: Tue, 27 Sep 2022 11:47:37 +0100
Subject: [PATCH 027/112] WIP: draft chages to anemoi circuit

---
 .../gadgets/hashes/anemoi/anemoi_components.hpp        |  4 ++--
 .../gadgets/hashes/anemoi/anemoi_components.tcc        | 10 +++++-----
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
index d8bc05eaf..7c98993d6 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
@@ -204,8 +204,8 @@ class flystel_closed_prime_field_gadget : public gadget<FieldT>
 
 public:
     // (v1,v2)=(x0,x1)
-    const pb_linear_combination<FieldT> input_x0;
-    const pb_linear_combination<FieldT> input_x1;
+    const linear_combination<FieldT> input_x0;
+    const linear_combination<FieldT> input_x1;
     // (v7,v8)=(y0,y1)
     const pb_linear_combination<FieldT> output_y0;
     const pb_linear_combination<FieldT> output_y1;
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
index bb3f911c0..a0c6ed6f5 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
@@ -328,18 +328,18 @@ flystel_closed_prime_field_gadget<FieldT, generator>::
         const pb_linear_combination<FieldT> &y1,
         const std::string &annotation_prefix)
     : gadget<FieldT>(pb, annotation_prefix)
+    , a0(pb_variable_allocate(pb, FMT(annotation_prefix, " a0"))
+    , a1(pb_variable_allocate(pb, FMT(annotation_prefix, " a1"))
+    , a2(pb_variable_allocate(pb, FMT(annotation_prefix, " a2"))
     , input_x0(x0)
     , input_x1(x1)
     , output_y0(y0)
     , output_y1(y1)
-    , Q_gamma(pb, x1, a0, annotation_prefix)
-    , Q_delta(pb, y1, a2, annotation_prefix)
+    , Q_gamma(pb, x1, a0, FMT(annotation_prefix, " Q_gamma"))
+    , Q_delta(pb, y1, a2, FMT(annotation_prefix, " Q_delta"))
     , E_power_five(
           pb, pb_linear_combination<FieldT>(pb, x1 - y1), a1, annotation_prefix)
 {
-    a0.allocate(this->pb, " a0");
-    a1.allocate(this->pb, " a1");
-    a2.allocate(this->pb, " a2");
 }
 
 // R1CS constraints for the operation

From 4ef1d9612c1c46d1f9d3e48f25e0d04bb64b1154 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Thu, 29 Sep 2022 10:05:42 +0100
Subject: [PATCH 028/112] anemoi: implemented Flystel E five root
 transformation

---
 .../hashes/anemoi/anemoi_components.hpp       | 57 +++++++++--
 .../hashes/anemoi/anemoi_components.tcc       | 98 +++++++++++++++----
 .../anemoi/tests/test_anemoi_gadget.cpp       | 65 +++++++++++-
 3 files changed, 190 insertions(+), 30 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
index 7c98993d6..896797213 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
@@ -16,8 +16,26 @@ namespace libsnark
 {
 
 #define FLYSTEL_DEBUG
-
 #define FLYSTEL_MULTIPLICATIVE_SUBGROUP_GENERATOR 7
+// alpha constant used in the Flystel E transformation. note that
+// alpha is independent of the choice of the curve, but 1/alpha (see
+// below) depends on the curve (mores specifically -- on the modulus r of
+// its scalar field Fr)
+#define FLYSTEL_ALPHA_FIVE 5
+// the mapping f(x)=x^a=y: x,y \in Fr applied in the Flystel E
+// transformation (where a is alpha) is invertible if 1/a exists. then
+// f^-1(y)=y^1/a=x. 1/a exists if gcd(a,r-1)=1 where r is the modulus
+// of Fr. 1/a can be found with the extended Euclidean algorithm which
+// finds u,v s.t. ua+v(r-1)=1 mod (r-1)=ua and so u=1/a. parameter
+// FLYSTEL_ALPHA_FIVE_INVERSE gives the value of u=1/a for a=5 for the
+// curve BLS12-381 precomputed using the Sage command
+// inverse_mod(alpha, r-1). TODO: write a function anemoi_parameters()
+// specialized by ppT that loads the precomputed constants (including
+// alpha and the multiplicative subgroup generator
+// FLYSTEL_MULTIPLICATIVE_SUBGROUP_GENERATOR) for any curve
+#define FLYSTEL_ALPHA_FIVE_INVERSE                                             \
+    "209743500700504761917790962032743863350762210002110551290414634799754324" \
+    "73805"
 
 // original constants by specification
 // for BLS12-381
@@ -157,11 +175,12 @@ template<typename FieldT>
 class flystel_E_power_five_gadget : public gadget<FieldT>
 {
 private:
-    /// internal (i.e. intermediate) variable: x2,x3
-    std::array<pb_variable<FieldT>, 2> internal;
+    // internal (i.e. intermediate) variables
+    pb_variable<FieldT> a0;
+    pb_variable<FieldT> a1;
 
 public:
-    /// input/output: x1,x4
+    /// input/output
     const pb_linear_combination<FieldT> input;
     const pb_variable<FieldT> output;
 
@@ -175,6 +194,32 @@ class flystel_E_power_five_gadget : public gadget<FieldT>
     void generate_r1cs_witness();
 };
 
+/// Compute y = x^1/5
+/// x: input
+/// y: output
+template<typename FieldT>
+class flystel_E_root_five_gadget : public gadget<FieldT>
+{
+private:
+    // internal (i.e. intermediate) variables
+    pb_variable<FieldT> a0;
+    pb_variable<FieldT> a1;
+
+public:
+    /// input/output
+    const pb_linear_combination<FieldT> input;
+    const pb_variable<FieldT> output;
+
+    flystel_E_root_five_gadget(
+        protoboard<FieldT> &pb,
+        const pb_linear_combination<FieldT> &input,
+        const pb_variable<FieldT> &output,
+        const std::string &annotation_prefix = "");
+
+    void generate_r1cs_constraints();
+    void generate_r1cs_witness();
+};
+
 /// Anemoi closed Flystel component for fields of prime characteristic
 ///
 /// x0,x1: input (y,v in the paper)
@@ -204,8 +249,8 @@ class flystel_closed_prime_field_gadget : public gadget<FieldT>
 
 public:
     // (v1,v2)=(x0,x1)
-    const linear_combination<FieldT> input_x0;
-    const linear_combination<FieldT> input_x1;
+    const pb_linear_combination<FieldT> input_x0;
+    const pb_linear_combination<FieldT> input_x1;
     // (v7,v8)=(y0,y1)
     const pb_linear_combination<FieldT> output_y0;
     const pb_linear_combination<FieldT> output_y1;
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
index a0c6ed6f5..666aff129 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
@@ -260,13 +260,12 @@ void flystel_Q_delta_binary_field_gadget<FieldT, generator>::
 // y=output. This operation is represented with three multiplications
 // as y = (temp * temp * x), temp = x * x. Equivalently:
 //
-// x1 * x1 = x2
-// x2 * x2 = x3
-// x1 * x3 = x4
+// x  * x  = a0
+// a0 * a0 = a1
+// x  * a1 =  y
 //
-// for the variables vector X = (x0=1, x1=input, x2=internal,
-// x3=internal, x4=output). The above system is represented with 3
-// R1CS constraints resp.:
+// for the variables vector X = (x0=1, x1=x, x2=a0, x3=a1, x4=y). The
+// above system is represented with 3 R1CS constraints resp.:
 //
 // < A0 , X > * < B0 , X > = < C0 , X > ,
 // < A1 , X > * < B1 , X > = < C1 , X > ,
@@ -282,8 +281,8 @@ flystel_E_power_five_gadget<FieldT>::flystel_E_power_five_gadget(
     const std::string &annotation_prefix)
     : gadget<FieldT>(pb, annotation_prefix), input(input), output(output)
 {
-    internal[0].allocate(this->pb, " internal 1");
-    internal[1].allocate(this->pb, " internal 2");
+    a0.allocate(this->pb, " internal value a0");
+    a1.allocate(this->pb, " internal value a1");
 }
 
 template<typename FieldT>
@@ -291,15 +290,15 @@ void flystel_E_power_five_gadget<FieldT>::generate_r1cs_constraints()
 {
     // x1*x1 = x2
     this->pb.add_r1cs_constraint(
-        r1cs_constraint<FieldT>(input, input, internal[0]),
+        r1cs_constraint<FieldT>(input, input, a0),
         FMT(this->annotation_prefix, " x * x = x^2"));
     // x2*x2 = x3
     this->pb.add_r1cs_constraint(
-        r1cs_constraint<FieldT>(internal[0], internal[0], internal[1]),
+        r1cs_constraint<FieldT>(a0, a0, a1),
         FMT(this->annotation_prefix, " x^2 * x^2 = x^4"));
     // x1*x3 = x4
     this->pb.add_r1cs_constraint(
-        r1cs_constraint<FieldT>(input, internal[1], output),
+        r1cs_constraint<FieldT>(input, a1, output),
         FMT(this->annotation_prefix, " x^1 * x^4 = x^5"));
 }
 
@@ -308,14 +307,73 @@ void flystel_E_power_five_gadget<FieldT>::generate_r1cs_witness()
 {
     input.evaluate(this->pb);
     // x2 = x1 * x1
-    this->pb.val(internal[0]) =
-        (this->pb.lc_val(input)) * this->pb.lc_val(input);
+    this->pb.val(a0) = (this->pb.lc_val(input)) * this->pb.lc_val(input);
     // x3 = x2 * x2
-    this->pb.val(internal[1]) =
-        (this->pb.val(internal[0])) * this->pb.val(internal[0]);
+    this->pb.val(a1) = (this->pb.val(a0)) * this->pb.val(a0);
     // y = x1 * x3
-    this->pb.val(output) =
-        this->pb.lc_val(input) * this->pb.val(internal[1]);
+    this->pb.val(output) = this->pb.lc_val(input) * this->pb.val(a1);
+}
+
+// R1CS constraints for the operation y = x^1/5 with x=input,
+// y=output. The constraints are computed using the equivalent
+// operation y^5=x (\see flystel_E_power_five_gadget). This operation
+// is represented with three multiplications as x = (temp * temp * y),
+// temp = y * y. Equivalently:
+//
+// y  *  y = a0
+// a0 * a0 = a1
+// y  * a1 = x
+//
+// for the variables vector X = (x0=1, x1=x, x2=a0, x3=a1, x4=y). The
+// above system is represented with 3 R1CS constraints resp.:
+//
+// < A0 , X > * < B0 , X > = < C0 , X > ,
+// < A1 , X > * < B1 , X > = < C1 , X > ,
+// < A2 , X > * < B2 , X > = < C2 , X >
+//
+// where A0=(01000), B0=(01000), C0=(00100); A1=(00100), B0=(00100),
+// C0=(00010) and A2=(01000), B2=(00010), C2=(00001)
+template<typename FieldT>
+flystel_E_root_five_gadget<FieldT>::flystel_E_root_five_gadget(
+    protoboard<FieldT> &pb,
+    const pb_linear_combination<FieldT> &input,
+    const pb_variable<FieldT> &output,
+    const std::string &annotation_prefix)
+    : gadget<FieldT>(pb, annotation_prefix), input(input), output(output)
+{
+    a0.allocate(this->pb, " internal value a0");
+    a1.allocate(this->pb, " internal value a1");
+}
+
+template<typename FieldT>
+void flystel_E_root_five_gadget<FieldT>::generate_r1cs_constraints()
+{
+    // y1*y1 = y2
+    this->pb.add_r1cs_constraint(
+        r1cs_constraint<FieldT>(output, output, a0),
+        FMT(this->annotation_prefix, " y * y = y^2"));
+    // y2*y2 = y3
+    this->pb.add_r1cs_constraint(
+        r1cs_constraint<FieldT>(a0, a0, a1),
+        FMT(this->annotation_prefix, " y^2 * y^2 = y^4"));
+    // y1*y3 = y4
+    this->pb.add_r1cs_constraint(
+        r1cs_constraint<FieldT>(output, a1, input),
+        FMT(this->annotation_prefix, " y * y^4 = y^5"));
+}
+
+template<typename FieldT>
+void flystel_E_root_five_gadget<FieldT>::generate_r1cs_witness()
+{
+    input.evaluate(this->pb);
+    FieldT x = this->pb.lc_val(input);
+    FieldT y = power(x, libff::bigint<5>(FLYSTEL_ALPHA_FIVE_INVERSE));
+    // x2 = x1 * x1
+    this->pb.val(a0) = y * y;
+    // x3 = x2 * x2
+    this->pb.val(a1) = (this->pb.val(a0)) * this->pb.val(a0);
+    // y = x1 * x3
+    this->pb.val(output) = y;
 }
 
 template<typename FieldT, size_t generator>
@@ -328,9 +386,9 @@ flystel_closed_prime_field_gadget<FieldT, generator>::
         const pb_linear_combination<FieldT> &y1,
         const std::string &annotation_prefix)
     : gadget<FieldT>(pb, annotation_prefix)
-    , a0(pb_variable_allocate(pb, FMT(annotation_prefix, " a0"))
-    , a1(pb_variable_allocate(pb, FMT(annotation_prefix, " a1"))
-    , a2(pb_variable_allocate(pb, FMT(annotation_prefix, " a2"))
+    , a0(pb_variable_allocate(pb, FMT(annotation_prefix, " a0")))
+    //    , a1(pb_variable_allocate(pb, FMT(annotation_prefix, " a1"))
+    //    , a2(pb_variable_allocate(pb, FMT(annotation_prefix, " a2"))
     , input_x0(x0)
     , input_x1(x1)
     , output_y0(y0)
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
index cab73e316..f5a649710 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
@@ -111,6 +111,39 @@ template<typename FieldT> void test_flystel_E_power_five_gadget(const size_t n)
     libff::print_time("flystel_E_power_five_gadget tests successful");
 }
 
+template<typename FieldT> void test_flystel_E_root_five_gadget(const size_t n)
+{
+    printf("testing flystel_E_root_five_gadget on all %zu bit strings\n", n);
+
+    protoboard<FieldT> pb;
+    pb_variable<FieldT> x;
+    pb_variable<FieldT> y;
+
+    // input
+    x.allocate(pb, "x");
+    // output
+    y.allocate(pb, "y");
+
+    // create gadget
+    flystel_E_root_five_gadget<FieldT> d(pb, x, y, "d");
+    // generate contraints
+    d.generate_r1cs_constraints();
+    // set input value
+    pb.val(x) = 22;
+    // generate witness for the given input
+    d.generate_r1cs_witness();
+
+    // computed using Sage
+    FieldT y_expected = FieldT("10357913779704000956629425810748166374506105653"
+                               "828973721142406533896278368512");
+
+    // the expected output is 32 for input 2
+    ASSERT_EQ(pb.val(y), y_expected);
+    ASSERT_TRUE(pb.is_satisfied());
+
+    libff::print_time("flystel_E_root_five_gadget tests successful");
+}
+
 template<typename FieldT>
 void test_flystel_closed_prime_field_gadget(const size_t n)
 {
@@ -158,6 +191,28 @@ void test_flystel_closed_prime_field_gadget(const size_t n)
     libff::print_time("flystel_E_power_five_gadget tests successful");
 }
 
+template<typename FieldT> void test_root_five()
+{
+    // alpha_inv =
+    // 20974350070050476191779096203274386335076221000211055129041463479975432473805
+    //    FieldT x = FieldT::random_element();
+    //    FieldT y = power(x, 5);
+    //    x.print();
+    //    y.print();
+    FieldT x = 5;
+    FieldT x_mod_inv =
+        FieldT("2097435007005047619177909620327438633507622100021"
+               "1055129041463479975432473805");
+    printf("Fr modulus   \n");
+    x.mod.print();
+    printf("x + x_mod_inv\n");
+    FieldT z = x + x_mod_inv;
+    z.print();
+    printf("\n");
+    x.print();
+    x.inverse().print();
+}
+
 int main(void)
 {
     libff::start_profiling();
@@ -185,8 +240,10 @@ int main(void)
     a.mod.print();
     printf("\n");
 #endif
-    test_flystel_Q_gamma_prime_field_gadget<FieldT>(10);
-    test_flystel_Q_gamma_binary_field_gadge<FieldT>(10);
-    test_flystel_E_power_five_gadget<FieldT>(10);
-    test_flystel_closed_prime_field_gadget<FieldT>(10);
+    //    test_flystel_Q_gamma_prime_field_gadget<FieldT>(10);
+    //    test_flystel_Q_gamma_binary_field_gadge<FieldT>(10);
+    //    test_flystel_E_power_five_gadget<FieldT>(10);
+    test_flystel_E_root_five_gadget<FieldT>(10);
+    //    test_flystel_closed_prime_field_gadget<FieldT>(10);
+    //    test_root_five<FieldT>();
 }

From 64a2c69982383d68db9a70b4d68798f7fa0a3f34 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Thu, 29 Sep 2022 13:37:33 +0100
Subject: [PATCH 029/112] anemoi: implemented new functionality to Flystel
 gadget for prime fields (WIP)

---
 .../hashes/anemoi/anemoi_components.hpp       | 48 ++++++------
 .../hashes/anemoi/anemoi_components.tcc       | 75 +++++++++----------
 .../anemoi/tests/test_anemoi_gadget.cpp       | 59 +++++++++------
 3 files changed, 91 insertions(+), 91 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
index 896797213..b7d0d892d 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
@@ -222,24 +222,20 @@ class flystel_E_root_five_gadget : public gadget<FieldT>
 
 /// Anemoi closed Flystel component for fields of prime characteristic
 ///
-/// x0,x1: input (y,v in the paper)
-/// y0,y1: output (x,u in the paper)
+/// x0,x1: input (x,y in the paper)
+/// y0,y1: output (u,v in the paper)
 ///
 /// The component performs the following computation:
 ///
-/// y0 = (beta x0^2 + gamma) + (x0-x1)^5
-/// y1 = (beta x1^2 + delta) + (x0-x1)^5
+/// a0 = (beta x1^2 + gamma) = Q_gamma(x1)
+/// a1 = (x0 - a0)^{1/alpha} = E_root_five(x0-a0)
+/// a2 = beta (x1-a1)^2 + delta = Q_delta(x1-a1)
+/// y0 = x0 - a0 + a2
+/// y1 = x1 - a1
 ///
-/// Using Q_gamma, Q_delta and power_five gadgets the above is
-/// equivalent to
-///
-/// y0 = Q_gamma(x0) + power_five(x0-x1)
-/// y1 = Q_delta(x1) + power_five(x0-x1)
-///
-/// \note: in the paper (x0,x1)->(y0,y1) is denoted with (y,v)->(x,u)
-// template<typename FieldT, FieldT beta, FieldT gamma, DeildT delta>
+/// \note: in the paper (x0,x1)->(y0,y1) is denoted with (x,y)->(u,v)
 template<typename FieldT, size_t generator>
-class flystel_closed_prime_field_gadget : public gadget<FieldT>
+class flystel_prime_field_gadget : public gadget<FieldT>
 {
 private:
     // internal (i.e. intermediate) variables
@@ -248,23 +244,23 @@ class flystel_closed_prime_field_gadget : public gadget<FieldT>
     pb_variable<FieldT> a2;
 
 public:
-    // (v1,v2)=(x0,x1)
-    const pb_linear_combination<FieldT> input_x0;
-    const pb_linear_combination<FieldT> input_x1;
+    // (x0,x1)
+    const linear_combination<FieldT> input_x0;
+    const linear_combination<FieldT> input_x1;
     // (v7,v8)=(y0,y1)
-    const pb_linear_combination<FieldT> output_y0;
-    const pb_linear_combination<FieldT> output_y1;
+    linear_combination<FieldT> output_y0;
+    linear_combination<FieldT> output_y1;
 
     flystel_Q_gamma_prime_field_gadget<FieldT, generator> Q_gamma;
     flystel_Q_delta_prime_field_gadget<FieldT, generator> Q_delta;
-    flystel_E_power_five_gadget<FieldT> E_power_five;
+    flystel_E_root_five_gadget<FieldT> E_root_five;
 
-    flystel_closed_prime_field_gadget(
+    flystel_prime_field_gadget(
         protoboard<FieldT> &pb,
-        const pb_linear_combination<FieldT> &x0,
-        const pb_linear_combination<FieldT> &x1,
-        const pb_linear_combination<FieldT> &y0,
-        const pb_linear_combination<FieldT> &y1,
+        const linear_combination<FieldT> &x0,
+        const linear_combination<FieldT> &x1,
+        const linear_combination<FieldT> &y0,
+        const linear_combination<FieldT> &y1,
         const std::string &annotation_prefix = "");
 
     void generate_r1cs_constraints();
@@ -299,9 +295,7 @@ class anemoi_permutation_round_prime_field_gadget : public gadget<FieldT>
     // matrix M
     std::array<std::array<FieldT, NumStateColumns_L>, NumStateColumns_L> M;
     // array of Flystel S-boxes
-    std::array<
-        flystel_closed_prime_field_gadget<FieldT, generator>,
-        NumStateColumns_L>
+    std::array<flystel_prime_field_gadget<FieldT, generator>, NumStateColumns_L>
         flystel;
 
 public:
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
index 666aff129..a5d9a82ee 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
@@ -377,67 +377,60 @@ void flystel_E_root_five_gadget<FieldT>::generate_r1cs_witness()
 }
 
 template<typename FieldT, size_t generator>
-flystel_closed_prime_field_gadget<FieldT, generator>::
-    flystel_closed_prime_field_gadget(
-        protoboard<FieldT> &pb,
-        const pb_linear_combination<FieldT> &x0,
-        const pb_linear_combination<FieldT> &x1,
-        const pb_linear_combination<FieldT> &y0,
-        const pb_linear_combination<FieldT> &y1,
-        const std::string &annotation_prefix)
+flystel_prime_field_gadget<FieldT, generator>::flystel_prime_field_gadget(
+    protoboard<FieldT> &pb,
+    const linear_combination<FieldT> &x0,
+    const linear_combination<FieldT> &x1,
+    const linear_combination<FieldT> &y0,
+    const linear_combination<FieldT> &y1,
+    const std::string &annotation_prefix)
     : gadget<FieldT>(pb, annotation_prefix)
     , a0(pb_variable_allocate(pb, FMT(annotation_prefix, " a0")))
-    //    , a1(pb_variable_allocate(pb, FMT(annotation_prefix, " a1"))
-    //    , a2(pb_variable_allocate(pb, FMT(annotation_prefix, " a2"))
+    , a1(pb_variable_allocate(pb, FMT(annotation_prefix, " a1")))
+    , a2(pb_variable_allocate(pb, FMT(annotation_prefix, " a2")))
     , input_x0(x0)
     , input_x1(x1)
     , output_y0(y0)
     , output_y1(y1)
-    , Q_gamma(pb, x1, a0, FMT(annotation_prefix, " Q_gamma"))
-    , Q_delta(pb, y1, a2, FMT(annotation_prefix, " Q_delta"))
-    , E_power_five(
-          pb, pb_linear_combination<FieldT>(pb, x1 - y1), a1, annotation_prefix)
+    , Q_gamma(
+          pb,
+          pb_linear_combination<FieldT>(pb, x1),
+          a0,
+          FMT(annotation_prefix, " Q_gamma"))
+    , Q_delta(
+          pb,
+          pb_linear_combination<FieldT>(pb, x1 - a1),
+          a2,
+          FMT(annotation_prefix, " Q_delta"))
+    , E_root_five(
+          pb, pb_linear_combination<FieldT>(pb, x0 - a0), a1, annotation_prefix)
 {
 }
 
-// R1CS constraints for the operation
-//
-// x0 = Q_gamma(x1) + power_five(x1-y1)
-// y0 = Q_delta(y1) + power_five(x1-y1)
-//
-// x0=input[0], x1=input[1], y0=output[0], y1=output[1].
-//
-// The function generates the constraints for the three gadgets:
-// Q_gamma, Q_delta, power_five by calling their corresponding
-// generate_r1cs_constraints() methods
-//
-// \attention one of the the outputs of this evaluation x0 is also an
-// input to the flystel S-box since here the flystel is evaluated in its closed
-// form i.e. when all inputs x,x1 and outputs y0,y1 are known
 template<typename FieldT, size_t generator>
-void flystel_closed_prime_field_gadget<FieldT, generator>::
-    generate_r1cs_constraints()
+void flystel_prime_field_gadget<FieldT, generator>::generate_r1cs_constraints()
 {
     Q_gamma.generate_r1cs_constraints();
     Q_delta.generate_r1cs_constraints();
-    E_power_five.generate_r1cs_constraints();
+    E_root_five.generate_r1cs_constraints();
 }
 
 template<typename FieldT, size_t generator>
-void flystel_closed_prime_field_gadget<FieldT, generator>::
-    generate_r1cs_witness()
+void flystel_prime_field_gadget<FieldT, generator>::generate_r1cs_witness()
 {
-    //    input_x0.evaluate(this->pb);
-    input_x1.evaluate(this->pb);
-    //    output_y0.evaluate(this->pb);
-    output_y1.evaluate(this->pb);
-
     Q_gamma.generate_r1cs_witness();
     Q_delta.generate_r1cs_witness();
-    E_power_five.generate_r1cs_witness();
+    E_root_five.generate_r1cs_witness();
+
+    //    this->pb.lc_val(pb_linear_combination<FieldT>(this->pb, output_y0)) =
+    //        this->pb.lc_val(pb_linear_combination<FieldT>(this->pb, input_x0))
+    //        - this->pb.val(a0) - this->pb.val(a2);
+    //    output_y0 = input_x0 - this->pb.val(a0) - this->pb.val(a2);
+    output_y0 = input_x0 - this->pb.val(a0) - this->pb.val(a2);
+    output_y1 = input_x1 - this->pb.val(a1);
 
-    this->pb.lc_val(input_x0) = this->pb.val(a0) + this->pb.val(a1);
-    this->pb.lc_val(output_y0) = this->pb.val(a1) + this->pb.val(a2);
+    //    output_y0 = input_x0 - this->pb.val(a0) + this->pb.val(a2);
+    //    output_y1 = input_x1 - this->pb.val(a1);
 }
 
 template<typename FieldT, size_t NumStateColumns_L>
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
index f5a649710..db740cda9 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
@@ -144,51 +144,64 @@ template<typename FieldT> void test_flystel_E_root_five_gadget(const size_t n)
     libff::print_time("flystel_E_root_five_gadget tests successful");
 }
 
-template<typename FieldT>
-void test_flystel_closed_prime_field_gadget(const size_t n)
+template<typename FieldT> void test_flystel_prime_field_gadget(const size_t n)
 {
-    printf(
-        "testing flystel_closed_prime_field_gadget on all %zu bit strings\n",
-        n);
+    printf("testing flystel_prime_field_gadget on all %zu bit strings\n", n);
 
     protoboard<FieldT> pb;
 
     // input
+#if 0    
     pb_variable<FieldT> x0;
     pb_variable<FieldT> x1;
     x0.allocate(pb, "x0");
     x1.allocate(pb, "x1");
-
     // output
     pb_variable<FieldT> y0;
     pb_variable<FieldT> y1;
     y0.allocate(pb, "y0");
     y1.allocate(pb, "y1");
+#endif
+    const linear_combination<FieldT> x0 = 55;
+    const linear_combination<FieldT> x1 = 3;
+    linear_combination<FieldT> y0;
+    linear_combination<FieldT> y1;
+
+    FieldT x0_val = x0.terms[0].coeff;
+    FieldT x1_val = x1.terms[0].coeff;
 
-    flystel_closed_prime_field_gadget<
+    flystel_prime_field_gadget<
         FieldT,
         FLYSTEL_MULTIPLICATIVE_SUBGROUP_GENERATOR>
         d(pb, x0, x1, y0, y1, "flystel");
 
     // generate contraints
     d.generate_r1cs_constraints();
-    // set input values
-    pb.val(x1) = 3;
-    pb.val(y1) = 1;
-
-    //    x0.print();
 
     // generate witness for the given input
     d.generate_r1cs_witness();
 
-#if 0    
-    // expected outputs
-    ASSERT_EQ(pb.val(x0), 55);
-    ASSERT_EQ(pb.val(y0), 34);
-
+    // a0 = 23
+    FieldT a0_expected = FieldT(23);
+    // a1 = 22^{1/5}
+    FieldT a1_expected =
+        FieldT("10357913779704000956629425810748166374506105653"
+               "828973721142406533896278368512");
+    // a2 = 2 (3-a1)^2
+    FieldT a2_expected =
+        FieldT(2) * (FieldT(3) - a1_expected) * (FieldT(3) - a1_expected);
+    // y0 = x0 - a0 + a2 = 22 + a2
+    FieldT y0_expected = x0_val - a0_expected + a2_expected;
+    // y1 = x1 - a1 = 3 - a1
+    FieldT y1_expected = x1_val - a1_expected;
+
+    std::vector<FieldT> y0_assignment({x0_val, -a0_expected, a2_expected});
+    std::vector<FieldT> y1_assignment({x1_val, -a1_expected});
+    ASSERT_EQ(y0.evaluate(y0_assignment), y0_expected);
+    ASSERT_EQ(y1.evaluate(y1_assignment), y1_expected);
     ASSERT_TRUE(pb.is_satisfied());
-#endif
-    libff::print_time("flystel_E_power_five_gadget tests successful");
+
+    libff::print_time("flystel_prime_field_gadget tests successful");
 }
 
 template<typename FieldT> void test_root_five()
@@ -240,10 +253,10 @@ int main(void)
     a.mod.print();
     printf("\n");
 #endif
-    //    test_flystel_Q_gamma_prime_field_gadget<FieldT>(10);
-    //    test_flystel_Q_gamma_binary_field_gadge<FieldT>(10);
-    //    test_flystel_E_power_five_gadget<FieldT>(10);
+    test_flystel_Q_gamma_prime_field_gadget<FieldT>(10);
+    test_flystel_Q_gamma_binary_field_gadge<FieldT>(10);
+    test_flystel_E_power_five_gadget<FieldT>(10);
     test_flystel_E_root_five_gadget<FieldT>(10);
-    //    test_flystel_closed_prime_field_gadget<FieldT>(10);
+    test_flystel_prime_field_gadget<FieldT>(10);
     //    test_root_five<FieldT>();
 }

From e1fe2c39263d6a6b3c8f5e7c429966fd5cae6ef9 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Tue, 4 Oct 2022 08:46:21 +0100
Subject: [PATCH 030/112] anemoi: debgging info for flystel gadget

---
 .../hashes/anemoi/anemoi_components.tcc       | 30 ++++++++++++++++
 .../anemoi/tests/test_anemoi_gadget.cpp       | 35 ++++++++++++++++++-
 2 files changed, 64 insertions(+), 1 deletion(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
index a5d9a82ee..1ba43c4b7 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
@@ -64,6 +64,8 @@ flystel_Q_gamma_prime_field_gadget<FieldT, generator>::
     , input(input)
     , output(output)
 {
+    printf("[%s:%d] %s() input ", __FILE__, __LINE__, __FUNCTION__);
+    this->input.print();
 }
 
 template<typename FieldT, size_t generator>
@@ -86,10 +88,22 @@ void flystel_Q_gamma_prime_field_gadget<FieldT, generator>::
     generate_r1cs_witness()
 {
     input.evaluate(this->pb);
+
+    printf("[%s:%d] %s() xxx input ", __FILE__, __LINE__, __FUNCTION__);
+    this->input.print();
+
+    printf("[%s:%d] %s() yyy input ", __FILE__, __LINE__, __FUNCTION__);
+    this->pb.lc_val(input).print();
+
+    //    assert(this->input.is_variable == true);
+
     // y = beta x^2 + gamma
     this->pb.val(output) =
         this->beta * this->pb.lc_val(input) * this->pb.lc_val(input) +
         this->gamma;
+
+    printf("[%s:%d] %s() zzz output ", __FILE__, __LINE__, __FUNCTION__);
+    this->pb.val(output).print();
 }
 
 template<typename FieldT, size_t generator>
@@ -405,6 +419,12 @@ flystel_prime_field_gadget<FieldT, generator>::flystel_prime_field_gadget(
     , E_root_five(
           pb, pb_linear_combination<FieldT>(pb, x0 - a0), a1, annotation_prefix)
 {
+    printf("[%s:%d] %s() x0", __FILE__, __LINE__, __FUNCTION__);
+    this->input_x0.print();
+    printf("[%s:%d] %s() x1", __FILE__, __LINE__, __FUNCTION__);
+    this->input_x1.print();
+    printf("[%s:%d] %s() a0 ", __FILE__, __LINE__, __FUNCTION__);
+    this->pb.val(a0).print();
 }
 
 template<typename FieldT, size_t generator>
@@ -426,9 +446,19 @@ void flystel_prime_field_gadget<FieldT, generator>::generate_r1cs_witness()
     //        this->pb.lc_val(pb_linear_combination<FieldT>(this->pb, input_x0))
     //        - this->pb.val(a0) - this->pb.val(a2);
     //    output_y0 = input_x0 - this->pb.val(a0) - this->pb.val(a2);
+
     output_y0 = input_x0 - this->pb.val(a0) - this->pb.val(a2);
     output_y1 = input_x1 - this->pb.val(a1);
 
+    printf("[%s:%d] y0  ", __FILE__, __LINE__);
+    output_y0.print();
+    printf("[%s:%d] x0  ", __FILE__, __LINE__);
+    input_x0.print();
+    printf("[%s:%d] a0  ", __FILE__, __LINE__);
+    this->pb.val(a0).print();
+    printf("[%s:%d] a2  ", __FILE__, __LINE__);
+    this->pb.val(a2).print();
+
     //    output_y0 = input_x0 - this->pb.val(a0) + this->pb.val(a2);
     //    output_y1 = input_x1 - this->pb.val(a1);
 }
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
index db740cda9..ed9ece0bb 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
@@ -175,7 +175,7 @@ template<typename FieldT> void test_flystel_prime_field_gadget(const size_t n)
         FLYSTEL_MULTIPLICATIVE_SUBGROUP_GENERATOR>
         d(pb, x0, x1, y0, y1, "flystel");
 
-    // generate contraints
+    // generate constraints
     d.generate_r1cs_constraints();
 
     // generate witness for the given input
@@ -226,6 +226,36 @@ template<typename FieldT> void test_root_five()
     x.inverse().print();
 }
 
+template<typename FieldT> void test_bug()
+{
+    protoboard<FieldT> pb;
+    pb_variable<FieldT> a0;
+    linear_combination<FieldT> x1 = 3;
+    pb_linear_combination<FieldT> x1_lc(pb, x1);
+
+    assert(x1_lc.is_variable == false);
+
+    FieldT x1_lc_val = pb.lc_val(x1_lc);
+
+    printf("[%s:%d] x1_lc print\n", __FILE__, __LINE__);
+    //    pb.lc_val(x1_lc).print();
+    x1_lc_val.print();
+
+#if 1
+    // create gadget
+    flystel_Q_gamma_prime_field_gadget<
+        FieldT,
+        FLYSTEL_MULTIPLICATIVE_SUBGROUP_GENERATOR>
+        d(pb, x1_lc, a0, "d");
+
+    // generate contraints
+    d.generate_r1cs_constraints();
+
+    // generate witness for the given input
+    d.generate_r1cs_witness();
+#endif
+}
+
 int main(void)
 {
     libff::start_profiling();
@@ -253,10 +283,13 @@ int main(void)
     a.mod.print();
     printf("\n");
 #endif
+#if 0    
     test_flystel_Q_gamma_prime_field_gadget<FieldT>(10);
     test_flystel_Q_gamma_binary_field_gadge<FieldT>(10);
     test_flystel_E_power_five_gadget<FieldT>(10);
     test_flystel_E_root_five_gadget<FieldT>(10);
     test_flystel_prime_field_gadget<FieldT>(10);
+#endif
+    test_bug<FieldT>();
     //    test_root_five<FieldT>();
 }

From 429b17891c070700c6699fff33a8852beebc56a9 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Tue, 4 Oct 2022 08:46:49 +0100
Subject: [PATCH 031/112] anemoi: added temporary debug info in protoboard and
 pb_variable for purpouses of flystel gadget testing

---
 libsnark/gadgetlib1/pb_variable.tcc | 2 ++
 libsnark/gadgetlib1/protoboard.tcc  | 6 +++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/libsnark/gadgetlib1/pb_variable.tcc b/libsnark/gadgetlib1/pb_variable.tcc
index 01786e516..6898eb965 100644
--- a/libsnark/gadgetlib1/pb_variable.tcc
+++ b/libsnark/gadgetlib1/pb_variable.tcc
@@ -141,6 +141,7 @@ pb_linear_combination<FieldT>::pb_linear_combination(
     protoboard<FieldT> &pb, const linear_combination<FieldT> &lc)
 {
     assign(pb, lc);
+    assert(this->is_variable == false);
 }
 
 template<typename FieldT>
@@ -150,6 +151,7 @@ void pb_linear_combination<FieldT>::assign(
     assert(this->is_variable == false);
     this->index = pb.allocate_lc_index();
     this->terms = lc.terms;
+    assert(this->is_variable == false);
 }
 
 template<typename FieldT>
diff --git a/libsnark/gadgetlib1/protoboard.tcc b/libsnark/gadgetlib1/protoboard.tcc
index eb6e7b6ed..0d0e946eb 100644
--- a/libsnark/gadgetlib1/protoboard.tcc
+++ b/libsnark/gadgetlib1/protoboard.tcc
@@ -70,9 +70,13 @@ FieldT protoboard<FieldT>::val(const pb_variable<FieldT> &var) const
 template<typename FieldT>
 FieldT &protoboard<FieldT>::lc_val(const pb_linear_combination<FieldT> &lc)
 {
-    if (lc.is_variable) {
+    printf("[%s:%d] CHECKPOINT 1\n", __FILE__, __LINE__);
+    assert(lc.is_variable == false);
+    if (lc.is_variable == true) {
+        printf("[%s:%d] CHECKPOINT 2\n", __FILE__, __LINE__);
         return this->val(pb_variable<FieldT>(lc.index));
     } else {
+        printf("[%s:%d] CHECKPOINT 3\n", __FILE__, __LINE__);
         assert(lc.index < lc_values.size());
         return lc_values[lc.index];
     }

From 9d0e3ba8aad2806a541a5179a384a90ed2529e71 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Wed, 5 Oct 2022 12:45:09 +0100
Subject: [PATCH 032/112] anemoi: added more debug code for Flystel gadget

---
 .../anemoi/tests/test_anemoi_gadget.cpp       | 34 ++++++++++++++++++-
 libsnark/gadgetlib1/protoboard.tcc            |  2 +-
 2 files changed, 34 insertions(+), 2 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
index ed9ece0bb..dc4fb9cef 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
@@ -229,9 +229,41 @@ template<typename FieldT> void test_root_five()
 template<typename FieldT> void test_bug()
 {
     protoboard<FieldT> pb;
+    //    pb_variable<FieldT> x1;
+    linear_combination<FieldT> x1_lc;
+    pb_linear_combination<FieldT> x1(pb, x1_lc);
     pb_variable<FieldT> a0;
+
+    // input
+    //    x1.allocate(pb, "x1");
+    // output
+    a0.allocate(pb, "a0");
+
+    // create gadget
+    flystel_Q_gamma_prime_field_gadget<
+        FieldT,
+        FLYSTEL_MULTIPLICATIVE_SUBGROUP_GENERATOR>
+        d(pb, x1, a0, "d");
+    // generate contraints
+    d.generate_r1cs_constraints();
+    // set input value
+    pb.lc_val(x1) = 3;
+    // generate witness for the given input
+    d.generate_r1cs_witness();
+
+    // the expected output is 13 for input 2
+    ASSERT_EQ(pb.val(a0), 23);
+    ASSERT_TRUE(pb.is_satisfied());
+}
+
+template<typename FieldT> void test_bug_two()
+{
+    protoboard<FieldT> pb;
+    pb_variable<FieldT> a0; // <-- allocate
     linear_combination<FieldT> x1 = 3;
-    pb_linear_combination<FieldT> x1_lc(pb, x1);
+    pb_linear_combination<FieldT> x1_lc(pb, x1); // <--- use assign
+
+    // assert(!a)
 
     assert(x1_lc.is_variable == false);
 
diff --git a/libsnark/gadgetlib1/protoboard.tcc b/libsnark/gadgetlib1/protoboard.tcc
index 0d0e946eb..da49735ef 100644
--- a/libsnark/gadgetlib1/protoboard.tcc
+++ b/libsnark/gadgetlib1/protoboard.tcc
@@ -71,7 +71,7 @@ template<typename FieldT>
 FieldT &protoboard<FieldT>::lc_val(const pb_linear_combination<FieldT> &lc)
 {
     printf("[%s:%d] CHECKPOINT 1\n", __FILE__, __LINE__);
-    assert(lc.is_variable == false);
+    //    assert(lc.is_variable == false);
     if (lc.is_variable == true) {
         printf("[%s:%d] CHECKPOINT 2\n", __FILE__, __LINE__);
         return this->val(pb_variable<FieldT>(lc.index));

From e32c518ac9bb514e6cb65f1d408b64e9c35a4b41 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Thu, 6 Oct 2022 09:36:05 +0100
Subject: [PATCH 033/112] anemoi: updated unit tests for the Flystel gadget

---
 .../anemoi/tests/test_anemoi_gadget.cpp       | 87 ++++++++++++++-----
 1 file changed, 64 insertions(+), 23 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
index dc4fb9cef..d30f4aa22 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
@@ -162,14 +162,15 @@ template<typename FieldT> void test_flystel_prime_field_gadget(const size_t n)
     y0.allocate(pb, "y0");
     y1.allocate(pb, "y1");
 #endif
-    const linear_combination<FieldT> x0 = 55;
-    const linear_combination<FieldT> x1 = 3;
+    linear_combination<FieldT> x0_lc;
+    linear_combination<FieldT> x1_lc;
+
+    pb_linear_combination<FieldT> x0(pb, x0_lc);
+    pb_linear_combination<FieldT> x1(pb, x1_lc);
+
     linear_combination<FieldT> y0;
     linear_combination<FieldT> y1;
 
-    FieldT x0_val = x0.terms[0].coeff;
-    FieldT x1_val = x1.terms[0].coeff;
-
     flystel_prime_field_gadget<
         FieldT,
         FLYSTEL_MULTIPLICATIVE_SUBGROUP_GENERATOR>
@@ -178,9 +179,18 @@ template<typename FieldT> void test_flystel_prime_field_gadget(const size_t n)
     // generate constraints
     d.generate_r1cs_constraints();
 
+    //    const linear_combination<FieldT> x0 = 55;
+    //    const linear_combination<FieldT> x1 = 3;
+    //    pb.lc_val(x1_lc) = 3;
+    pb.lc_val(x0) = 55;
+    pb.lc_val(x1) = 3;
+
     // generate witness for the given input
     d.generate_r1cs_witness();
 
+    FieldT x0_val = pb.lc_val(x0); // x0_lc.terms[0].coeff;
+    FieldT x1_val = pb.lc_val(x1); // x1_lc.terms[0].coeff;
+
     // a0 = 23
     FieldT a0_expected = FieldT(23);
     // a1 = 22^{1/5}
@@ -195,12 +205,25 @@ template<typename FieldT> void test_flystel_prime_field_gadget(const size_t n)
     // y1 = x1 - a1 = 3 - a1
     FieldT y1_expected = x1_val - a1_expected;
 
+    // template<typename FieldT> class linear_term
+    //{
+    // public:
+    //    var_index_t index;
+    //    FieldT coeff;
+
+    //    std::vector<linear_term<FieldT>> terms;
     std::vector<FieldT> y0_assignment({x0_val, -a0_expected, a2_expected});
     std::vector<FieldT> y1_assignment({x1_val, -a1_expected});
+
+    FieldT t1 = y0.evaluate(y0_assignment);
+    printf("[%s:%d] y0.evaluate ", __FILE__, __LINE__);
+    t1.print();
+    printf("[%s:%d] y0_expected ", __FILE__, __LINE__);
+    y0_expected.print();
+
     ASSERT_EQ(y0.evaluate(y0_assignment), y0_expected);
     ASSERT_EQ(y1.evaluate(y1_assignment), y1_expected);
     ASSERT_TRUE(pb.is_satisfied());
-
     libff::print_time("flystel_prime_field_gadget tests successful");
 }
 
@@ -229,38 +252,53 @@ template<typename FieldT> void test_root_five()
 template<typename FieldT> void test_bug()
 {
     protoboard<FieldT> pb;
-    //    pb_variable<FieldT> x1;
     linear_combination<FieldT> x1_lc;
     pb_linear_combination<FieldT> x1(pb, x1_lc);
     pb_variable<FieldT> a0;
 
-    // input
-    //    x1.allocate(pb, "x1");
-    // output
     a0.allocate(pb, "a0");
 
-    // create gadget
     flystel_Q_gamma_prime_field_gadget<
         FieldT,
         FLYSTEL_MULTIPLICATIVE_SUBGROUP_GENERATOR>
-        d(pb, x1, a0, "d");
-    // generate contraints
+        d(pb, x1, a0, "flystel_Q_gamma");
     d.generate_r1cs_constraints();
-    // set input value
+
+    //    pb.lc_val(x1) = FieldT(3);
     pb.lc_val(x1) = 3;
-    // generate witness for the given input
-    d.generate_r1cs_witness();
 
-    // the expected output is 13 for input 2
+    d.generate_r1cs_witness();
     ASSERT_EQ(pb.val(a0), 23);
-    ASSERT_TRUE(pb.is_satisfied());
+    //    ASSERT_TRUE(pb.is_satisfied());
 }
 
 template<typename FieldT> void test_bug_two()
+{
+    protoboard<FieldT> pb;
+    linear_combination<FieldT> x1_lc;
+    pb_linear_combination<FieldT> x1(pb, x1_lc);
+    pb_variable<FieldT> a0;
+
+    a0.allocate(pb, "a0");
+
+    flystel_Q_gamma_prime_field_gadget<
+        FieldT,
+        FLYSTEL_MULTIPLICATIVE_SUBGROUP_GENERATOR>
+        d(pb, x1, a0, "d");
+    d.generate_r1cs_constraints();
+
+    pb.lc_val(x1) = 3;
+
+    d.generate_r1cs_witness();
+    ASSERT_EQ(pb.val(a0), 23);
+    //    ASSERT_TRUE(pb.is_satisfied());
+}
+
+template<typename FieldT> void test_bug_one()
 {
     protoboard<FieldT> pb;
     pb_variable<FieldT> a0; // <-- allocate
-    linear_combination<FieldT> x1 = 3;
+    linear_combination<FieldT> x1;
     pb_linear_combination<FieldT> x1_lc(pb, x1); // <--- use assign
 
     // assert(!a)
@@ -273,19 +311,20 @@ template<typename FieldT> void test_bug_two()
     //    pb.lc_val(x1_lc).print();
     x1_lc_val.print();
 
-#if 1
     // create gadget
     flystel_Q_gamma_prime_field_gadget<
         FieldT,
         FLYSTEL_MULTIPLICATIVE_SUBGROUP_GENERATOR>
         d(pb, x1_lc, a0, "d");
 
+    pb.lc_val(x1_lc) = 3;
+
     // generate contraints
     d.generate_r1cs_constraints();
 
     // generate witness for the given input
     d.generate_r1cs_witness();
-#endif
+    ASSERT_EQ(pb.val(a0), 23);
 }
 
 int main(void)
@@ -320,8 +359,10 @@ int main(void)
     test_flystel_Q_gamma_binary_field_gadge<FieldT>(10);
     test_flystel_E_power_five_gadget<FieldT>(10);
     test_flystel_E_root_five_gadget<FieldT>(10);
-    test_flystel_prime_field_gadget<FieldT>(10);
 #endif
-    test_bug<FieldT>();
+    test_flystel_prime_field_gadget<FieldT>(10);
+    //    test_bug<FieldT>();
+    //    test_bug_two<FieldT>();
+    //    test_bug_one<FieldT>();
     //    test_root_five<FieldT>();
 }

From 5073dba7e456e0eb4babb79071ee5b642d6b3177 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Thu, 6 Oct 2022 16:40:06 +0100
Subject: [PATCH 034/112] anemoi: merged bug fix plus more debug tests

---
 .../anemoi/tests/test_anemoi_gadget.cpp       | 128 +++++++++---------
 1 file changed, 63 insertions(+), 65 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
index d30f4aa22..7a97cd1db 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
@@ -14,10 +14,26 @@
 #include <libsnark/common/default_types/r1cs_ppzksnark_pp.hpp>
 #include <libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp>
 #include <libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_constants.hpp>
-#include <libsnark/zk_proof_systems/ppzksnark/r1cs_ppzksnark/r1cs_ppzksnark.hpp>
+#include <libsnark/zk_proof_systems/ppzksnark/r1cs_gg_ppzksnark/r1cs_gg_ppzksnark.hpp>
+//#include
+//<libsnark/zk_proof_systems/ppzksnark/r1cs_ppzksnark/r1cs_ppzksnark.hpp>
 
 using namespace libsnark;
 
+template<typename ppT>
+void test_pb_verify_circuit(protoboard<libff::Fr<ppT>> &pb)
+{
+    ASSERT_TRUE(pb.is_satisfied());
+    const r1cs_gg_ppzksnark_keypair<ppT> keypair =
+        r1cs_gg_ppzksnark_generator<ppT>(pb.get_constraint_system(), true);
+    r1cs_primary_input<libff::Fr<ppT>> primary_input = pb.primary_input();
+    r1cs_auxiliary_input<libff::Fr<ppT>> auxiliary_input = pb.auxiliary_input();
+    r1cs_gg_ppzksnark_proof<ppT> proof = r1cs_gg_ppzksnark_prover(
+        keypair.pk, primary_input, auxiliary_input, true);
+    ASSERT_TRUE(r1cs_gg_ppzksnark_verifier_strong_IC<ppT>(
+        keypair.vk, primary_input, proof));
+}
+
 template<typename FieldT>
 void test_flystel_Q_gamma_prime_field_gadget(const size_t n)
 {
@@ -205,12 +221,6 @@ template<typename FieldT> void test_flystel_prime_field_gadget(const size_t n)
     // y1 = x1 - a1 = 3 - a1
     FieldT y1_expected = x1_val - a1_expected;
 
-    // template<typename FieldT> class linear_term
-    //{
-    // public:
-    //    var_index_t index;
-    //    FieldT coeff;
-
     //    std::vector<linear_term<FieldT>> terms;
     std::vector<FieldT> y0_assignment({x0_val, -a0_expected, a2_expected});
     std::vector<FieldT> y1_assignment({x1_val, -a1_expected});
@@ -249,14 +259,17 @@ template<typename FieldT> void test_root_five()
     x.inverse().print();
 }
 
-template<typename FieldT> void test_bug()
+template<typename ppT> void test_bug()
 {
+    using FieldT = libff::Fr<ppT>;
+
     protoboard<FieldT> pb;
-    linear_combination<FieldT> x1_lc;
-    pb_linear_combination<FieldT> x1(pb, x1_lc);
-    pb_variable<FieldT> a0;
+    pb_variable<FieldT> v1 = pb_variable_allocate(pb, "v1");
+    pb_variable<FieldT> v2 = pb_variable_allocate(pb, "v2");
+    pb_variable<FieldT> a0 = pb_variable_allocate(pb, "a0");
+    pb_linear_combination<FieldT> x1;
 
-    a0.allocate(pb, "a0");
+    x1.assign(pb, v1 + v2);
 
     flystel_Q_gamma_prime_field_gadget<
         FieldT,
@@ -264,70 +277,50 @@ template<typename FieldT> void test_bug()
         d(pb, x1, a0, "flystel_Q_gamma");
     d.generate_r1cs_constraints();
 
-    //    pb.lc_val(x1) = FieldT(3);
-    pb.lc_val(x1) = 3;
-
-    d.generate_r1cs_witness();
-    ASSERT_EQ(pb.val(a0), 23);
-    //    ASSERT_TRUE(pb.is_satisfied());
-}
-
-template<typename FieldT> void test_bug_two()
-{
-    protoboard<FieldT> pb;
-    linear_combination<FieldT> x1_lc;
-    pb_linear_combination<FieldT> x1(pb, x1_lc);
-    pb_variable<FieldT> a0;
-
-    a0.allocate(pb, "a0");
-
-    flystel_Q_gamma_prime_field_gadget<
-        FieldT,
-        FLYSTEL_MULTIPLICATIVE_SUBGROUP_GENERATOR>
-        d(pb, x1, a0, "d");
-    d.generate_r1cs_constraints();
+    pb.val(v1) = FieldT(3);
+    pb.val(v2) = FieldT(0);
 
-    pb.lc_val(x1) = 3;
+    const FieldT expect_a0("23");
 
     d.generate_r1cs_witness();
-    ASSERT_EQ(pb.val(a0), 23);
-    //    ASSERT_TRUE(pb.is_satisfied());
+    ASSERT_EQ(expect_a0, pb.val(a0));
+    ASSERT_TRUE(pb.is_satisfied());
+
+    //    test_pb_verify_circuit<ppT>(pb);
 }
 
-template<typename FieldT> void test_bug_one()
+template<typename ppT> void test_bug_dt()
 {
-    protoboard<FieldT> pb;
-    pb_variable<FieldT> a0; // <-- allocate
-    linear_combination<FieldT> x1;
-    pb_linear_combination<FieldT> x1_lc(pb, x1); // <--- use assign
+    using FieldT = libff::Fr<ppT>;
 
-    // assert(!a)
+    // Circuit showing x_3 = beta * (x_1+x_2)^2 + gamma
+    FieldT x1 = FieldT(7);
+    FieldT x2 = FieldT(11);
+    linear_combination<FieldT> lc(x1 + x2);
 
-    assert(x1_lc.is_variable == false);
-
-    FieldT x1_lc_val = pb.lc_val(x1_lc);
-
-    printf("[%s:%d] x1_lc print\n", __FILE__, __LINE__);
-    //    pb.lc_val(x1_lc).print();
-    x1_lc_val.print();
-
-    // create gadget
-    flystel_Q_gamma_prime_field_gadget<
-        FieldT,
-        FLYSTEL_MULTIPLICATIVE_SUBGROUP_GENERATOR>
-        d(pb, x1_lc, a0, "d");
-
-    pb.lc_val(x1_lc) = 3;
+    protoboard<FieldT> pb;
+    pb_variable<FieldT> x3 = pb_variable_allocate(pb, "x3");
+    pb_linear_combination<FieldT> pb_lc; //(pb, lc);
+    pb_lc.assign(pb, lc);
 
-    // generate contraints
+    flystel_Q_gamma_prime_field_gadget<FieldT, 2> d(
+        pb, pb_lc, x3, "flystel_Q_gamma");
     d.generate_r1cs_constraints();
 
-    // generate witness for the given input
+    // Expect x3 = 2 * (7+11)^2 + 5 = 653
+    const FieldT expect_x3("653");
+
     d.generate_r1cs_witness();
-    ASSERT_EQ(pb.val(a0), 23);
+    ASSERT_EQ(expect_x3, pb.val(x3));
+    ASSERT_TRUE(pb.is_satisfied());
+
+    //    test_pb_verify_circuit<ppT>(pb);
 }
 
-int main(void)
+TEST(TestAnemoiGadget, TestBug) { test_bug<libff::bls12_381_pp>(); }
+TEST(TestAnemoiGadget, TestBugDt) { test_bug_dt<libff::bls12_381_pp>(); }
+
+int main(int argc, char **argv)
 {
     libff::start_profiling();
 
@@ -335,7 +328,8 @@ int main(void)
     //    using FieldT = libff::Fr<libff::default_ec_pp>;
 
     libff::bls12_381_pp::init_public_params();
-    using FieldT = libff::Fr<libff::bls12_381_pp>;
+    using ppT = libff::bls12_381_pp;
+    using FieldT = libff::Fr<ppT>;
 
     // for BLS12-381
     // beta = g = first multiplicative generator = 7.
@@ -360,9 +354,13 @@ int main(void)
     test_flystel_E_power_five_gadget<FieldT>(10);
     test_flystel_E_root_five_gadget<FieldT>(10);
 #endif
-    test_flystel_prime_field_gadget<FieldT>(10);
-    //    test_bug<FieldT>();
+    //    test_flystel_prime_field_gadget<FieldT>(10);
+    //    test_bug<ppT>();
+    test_bug_dt<ppT>();
     //    test_bug_two<FieldT>();
     //    test_bug_one<FieldT>();
     //    test_root_five<FieldT>();
+    //    ::testing::InitGoogleTest(&argc, argv);
+    //    return RUN_ALL_TESTS();
+    return 0;
 }

From d8151e3fda7a15861342994b3e5bce6f595a1db0 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Fri, 7 Oct 2022 09:12:35 +0100
Subject: [PATCH 035/112] anemoi: replaced inputs to all gadgets from
 pb_linear_combination to linear_combination

---
 .../hashes/anemoi/anemoi_components.hpp       |  24 ++--
 .../hashes/anemoi/anemoi_components.tcc       | 104 +++++++++++-------
 .../anemoi/tests/test_anemoi_gadget.cpp       |  52 +++------
 3 files changed, 89 insertions(+), 91 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
index b7d0d892d..dfdee78e3 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
@@ -64,12 +64,12 @@ class flystel_Q_gamma_prime_field_gadget : public gadget<FieldT>
 
 public:
     // input/output
-    const pb_linear_combination<FieldT> input;
+    const linear_combination<FieldT> input;
     const pb_variable<FieldT> output;
 
     flystel_Q_gamma_prime_field_gadget(
         protoboard<FieldT> &pb,
-        const pb_linear_combination<FieldT> &input,
+        const linear_combination<FieldT> &input,
         const pb_variable<FieldT> &output,
         const std::string &annotation_prefix = "");
 
@@ -91,12 +91,12 @@ class flystel_Q_delta_prime_field_gadget : public gadget<FieldT>
 
 public:
     // input/output
-    const pb_linear_combination<FieldT> input;
+    const linear_combination<FieldT> input;
     const pb_variable<FieldT> output;
 
     flystel_Q_delta_prime_field_gadget(
         protoboard<FieldT> &pb,
-        const pb_linear_combination<FieldT> &input,
+        const linear_combination<FieldT> &input,
         const pb_variable<FieldT> &output,
         const std::string &annotation_prefix = "");
 
@@ -123,12 +123,12 @@ class flystel_Q_gamma_binary_field_gadget : public gadget<FieldT>
 
 public:
     /// input/output
-    const pb_linear_combination<FieldT> input;
+    const linear_combination<FieldT> input;
     const pb_variable<FieldT> output;
 
     flystel_Q_gamma_binary_field_gadget(
         protoboard<FieldT> &pb,
-        const pb_linear_combination<FieldT> &input,
+        const linear_combination<FieldT> &input,
         const pb_variable<FieldT> &output,
         const std::string &annotation_prefix = "");
 
@@ -155,12 +155,12 @@ class flystel_Q_delta_binary_field_gadget : public gadget<FieldT>
 
 public:
     /// input/output
-    const pb_linear_combination<FieldT> input;
+    const linear_combination<FieldT> input;
     const pb_variable<FieldT> output;
 
     flystel_Q_delta_binary_field_gadget(
         protoboard<FieldT> &pb,
-        const pb_linear_combination<FieldT> &input,
+        const linear_combination<FieldT> &input,
         const pb_variable<FieldT> &output,
         const std::string &annotation_prefix = "");
 
@@ -181,12 +181,12 @@ class flystel_E_power_five_gadget : public gadget<FieldT>
 
 public:
     /// input/output
-    const pb_linear_combination<FieldT> input;
+    const linear_combination<FieldT> input;
     const pb_variable<FieldT> output;
 
     flystel_E_power_five_gadget(
         protoboard<FieldT> &pb,
-        const pb_linear_combination<FieldT> &input,
+        const linear_combination<FieldT> &input,
         const pb_variable<FieldT> &output,
         const std::string &annotation_prefix = "");
 
@@ -207,12 +207,12 @@ class flystel_E_root_five_gadget : public gadget<FieldT>
 
 public:
     /// input/output
-    const pb_linear_combination<FieldT> input;
+    const linear_combination<FieldT> input;
     const pb_variable<FieldT> output;
 
     flystel_E_root_five_gadget(
         protoboard<FieldT> &pb,
-        const pb_linear_combination<FieldT> &input,
+        const linear_combination<FieldT> &input,
         const pb_variable<FieldT> &output,
         const std::string &annotation_prefix = "");
 
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
index 1ba43c4b7..27a6d125e 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
@@ -50,7 +50,7 @@ template<typename FieldT, size_t generator>
 flystel_Q_gamma_prime_field_gadget<FieldT, generator>::
     flystel_Q_gamma_prime_field_gadget(
         protoboard<FieldT> &pb,
-        const pb_linear_combination<FieldT> &input,
+        const linear_combination<FieldT> &input,
         const pb_variable<FieldT> &output,
         const std::string &annotation_prefix)
     : gadget<FieldT>(pb, annotation_prefix)
@@ -87,22 +87,14 @@ template<typename FieldT, size_t generator>
 void flystel_Q_gamma_prime_field_gadget<FieldT, generator>::
     generate_r1cs_witness()
 {
-    input.evaluate(this->pb);
-
-    printf("[%s:%d] %s() xxx input ", __FILE__, __LINE__, __FUNCTION__);
-    this->input.print();
-
-    printf("[%s:%d] %s() yyy input ", __FILE__, __LINE__, __FUNCTION__);
-    this->pb.lc_val(input).print();
-
-    //    assert(this->input.is_variable == true);
-
+    const FieldT input_value =
+        input.evaluate(this->pb.full_variable_assignment());
     // y = beta x^2 + gamma
-    this->pb.val(output) =
-        this->beta * this->pb.lc_val(input) * this->pb.lc_val(input) +
-        this->gamma;
+    this->pb.val(output) = this->beta * input_value * input_value + this->gamma;
 
-    printf("[%s:%d] %s() zzz output ", __FILE__, __LINE__, __FUNCTION__);
+    printf("[%s:%d] %s() input ", __FILE__, __LINE__, __FUNCTION__);
+    input_value.print();
+    printf("[%s:%d] %s() output ", __FILE__, __LINE__, __FUNCTION__);
     this->pb.val(output).print();
 }
 
@@ -110,7 +102,7 @@ template<typename FieldT, size_t generator>
 flystel_Q_delta_prime_field_gadget<FieldT, generator>::
     flystel_Q_delta_prime_field_gadget(
         protoboard<FieldT> &pb,
-        const pb_linear_combination<FieldT> &input,
+        const linear_combination<FieldT> &input,
         const pb_variable<FieldT> &output,
         const std::string &annotation_prefix)
     : gadget<FieldT>(pb, annotation_prefix)
@@ -145,11 +137,15 @@ template<typename FieldT, size_t generator>
 void flystel_Q_delta_prime_field_gadget<FieldT, generator>::
     generate_r1cs_witness()
 {
-    input.evaluate(this->pb);
+    const FieldT input_value =
+        input.evaluate(this->pb.full_variable_assignment());
     // y = beta x^2 + delta
-    this->pb.val(output) =
-        this->beta * this->pb.lc_val(input) * this->pb.lc_val(input) +
-        this->delta;
+    this->pb.val(output) = this->beta * input_value * input_value + this->delta;
+
+    printf("[%s:%d] %s() input ", __FILE__, __LINE__, __FUNCTION__);
+    input_value.print();
+    printf("[%s:%d] %s() output ", __FILE__, __LINE__, __FUNCTION__);
+    this->pb.val(output).print();
 }
 
 // R1CS constraints for the operation y = beta x^3 + gamma with
@@ -172,7 +168,7 @@ template<typename FieldT, size_t generator>
 flystel_Q_gamma_binary_field_gadget<FieldT, generator>::
     flystel_Q_gamma_binary_field_gadget(
         protoboard<FieldT> &pb,
-        const pb_linear_combination<FieldT> &input,
+        const linear_combination<FieldT> &input,
         const pb_variable<FieldT> &output,
         const std::string &annotation_prefix)
     : gadget<FieldT>(pb, annotation_prefix)
@@ -208,13 +204,17 @@ template<typename FieldT, size_t generator>
 void flystel_Q_gamma_binary_field_gadget<FieldT, generator>::
     generate_r1cs_witness()
 {
-    input.evaluate(this->pb);
+    const FieldT input_value =
+        input.evaluate(this->pb.full_variable_assignment());
     // x_internal = beta x * x
-    this->pb.val(internal) =
-        (this->beta * this->pb.lc_val(input)) * this->pb.lc_val(input);
+    this->pb.val(internal) = (this->beta * input_value) * input_value;
     // y = beta x^3 + gamma = x_internal * x + gamma
-    this->pb.val(output) =
-        this->pb.val(internal) * this->pb.lc_val(input) + this->gamma;
+    this->pb.val(output) = this->pb.val(internal) * input_value + this->gamma;
+
+    printf("[%s:%d] %s() input ", __FILE__, __LINE__, __FUNCTION__);
+    input_value.print();
+    printf("[%s:%d] %s() output ", __FILE__, __LINE__, __FUNCTION__);
+    this->pb.val(output).print();
 }
 
 // R1CS constraints for the operation y = beta x^3 + delta with
@@ -225,7 +225,7 @@ template<typename FieldT, size_t generator>
 flystel_Q_delta_binary_field_gadget<FieldT, generator>::
     flystel_Q_delta_binary_field_gadget(
         protoboard<FieldT> &pb,
-        const pb_linear_combination<FieldT> &input,
+        const linear_combination<FieldT> &input,
         const pb_variable<FieldT> &output,
         const std::string &annotation_prefix)
     : gadget<FieldT>(pb, annotation_prefix)
@@ -261,13 +261,17 @@ template<typename FieldT, size_t generator>
 void flystel_Q_delta_binary_field_gadget<FieldT, generator>::
     generate_r1cs_witness()
 {
-    input.evaluate(this->pb);
+    const FieldT input_value =
+        input.evaluate(this->pb.full_variable_assignment());
     // x_internal = beta x * x
-    this->pb.val(internal) =
-        (this->beta * this->pb.lc_val(input)) * this->pb.lc_val(input);
+    this->pb.val(internal) = (this->beta * input_value) * input_value;
     // y = beta x^3 + delta = x_internal * x + delta
-    this->pb.val(output) =
-        this->pb.val(internal) * this->pb.lc_val(input) + this->delta;
+    this->pb.val(output) = this->pb.val(internal) * input_value + this->delta;
+
+    printf("[%s:%d] %s() input ", __FILE__, __LINE__, __FUNCTION__);
+    input_value.print();
+    printf("[%s:%d] %s() output ", __FILE__, __LINE__, __FUNCTION__);
+    this->pb.val(output).print();
 }
 
 // R1CS constraints for the operation y = x^5 with x=input,
@@ -290,7 +294,7 @@ void flystel_Q_delta_binary_field_gadget<FieldT, generator>::
 template<typename FieldT>
 flystel_E_power_five_gadget<FieldT>::flystel_E_power_five_gadget(
     protoboard<FieldT> &pb,
-    const pb_linear_combination<FieldT> &input,
+    const linear_combination<FieldT> &input,
     const pb_variable<FieldT> &output,
     const std::string &annotation_prefix)
     : gadget<FieldT>(pb, annotation_prefix), input(input), output(output)
@@ -319,13 +323,19 @@ void flystel_E_power_five_gadget<FieldT>::generate_r1cs_constraints()
 template<typename FieldT>
 void flystel_E_power_five_gadget<FieldT>::generate_r1cs_witness()
 {
-    input.evaluate(this->pb);
+    const FieldT input_value =
+        input.evaluate(this->pb.full_variable_assignment());
     // x2 = x1 * x1
-    this->pb.val(a0) = (this->pb.lc_val(input)) * this->pb.lc_val(input);
+    this->pb.val(a0) = (input_value)*input_value;
     // x3 = x2 * x2
     this->pb.val(a1) = (this->pb.val(a0)) * this->pb.val(a0);
     // y = x1 * x3
-    this->pb.val(output) = this->pb.lc_val(input) * this->pb.val(a1);
+    this->pb.val(output) = input_value * this->pb.val(a1);
+
+    printf("[%s:%d] %s() input ", __FILE__, __LINE__, __FUNCTION__);
+    input_value.print();
+    printf("[%s:%d] %s() output ", __FILE__, __LINE__, __FUNCTION__);
+    this->pb.val(output).print();
 }
 
 // R1CS constraints for the operation y = x^1/5 with x=input,
@@ -350,7 +360,7 @@ void flystel_E_power_five_gadget<FieldT>::generate_r1cs_witness()
 template<typename FieldT>
 flystel_E_root_five_gadget<FieldT>::flystel_E_root_five_gadget(
     protoboard<FieldT> &pb,
-    const pb_linear_combination<FieldT> &input,
+    const linear_combination<FieldT> &input,
     const pb_variable<FieldT> &output,
     const std::string &annotation_prefix)
     : gadget<FieldT>(pb, annotation_prefix), input(input), output(output)
@@ -379,8 +389,9 @@ void flystel_E_root_five_gadget<FieldT>::generate_r1cs_constraints()
 template<typename FieldT>
 void flystel_E_root_five_gadget<FieldT>::generate_r1cs_witness()
 {
-    input.evaluate(this->pb);
-    FieldT x = this->pb.lc_val(input);
+    const FieldT input_value =
+        input.evaluate(this->pb.full_variable_assignment());
+    FieldT x = input_value; // this->pb.lc_val(input);
     FieldT y = power(x, libff::bigint<5>(FLYSTEL_ALPHA_FIVE_INVERSE));
     // x2 = x1 * x1
     this->pb.val(a0) = y * y;
@@ -388,6 +399,11 @@ void flystel_E_root_five_gadget<FieldT>::generate_r1cs_witness()
     this->pb.val(a1) = (this->pb.val(a0)) * this->pb.val(a0);
     // y = x1 * x3
     this->pb.val(output) = y;
+
+    printf("[%s:%d] %s() input ", __FILE__, __LINE__, __FUNCTION__);
+    input_value.print();
+    printf("[%s:%d] %s() output ", __FILE__, __LINE__, __FUNCTION__);
+    this->pb.val(output).print();
 }
 
 template<typename FieldT, size_t generator>
@@ -413,11 +429,17 @@ flystel_prime_field_gadget<FieldT, generator>::flystel_prime_field_gadget(
           FMT(annotation_prefix, " Q_gamma"))
     , Q_delta(
           pb,
-          pb_linear_combination<FieldT>(pb, x1 - a1),
+          pb_linear_combination<FieldT>(pb, x1 - pb.val(a1)),
           a2,
           FMT(annotation_prefix, " Q_delta"))
     , E_root_five(
-          pb, pb_linear_combination<FieldT>(pb, x0 - a0), a1, annotation_prefix)
+          pb,
+          pb_linear_combination<FieldT>(pb, x0 - pb.val(a0)),
+          a1,
+          annotation_prefix)
+//    , Q_gamma(pb, x1, a0, FMT(annotation_prefix, " Q_gamma"))
+//    , Q_delta(pb, x1 - a1, a2, FMT(annotation_prefix, " Q_delta"))
+//    , E_root_five(pb, x0 - a0, a1, FMT(annotation_prefix, " E_root_five"))
 {
     printf("[%s:%d] %s() x0", __FILE__, __LINE__, __FUNCTION__);
     this->input_x0.print();
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
index 7a97cd1db..e0516d4a0 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
@@ -166,26 +166,10 @@ template<typename FieldT> void test_flystel_prime_field_gadget(const size_t n)
 
     protoboard<FieldT> pb;
 
-    // input
-#if 0    
-    pb_variable<FieldT> x0;
-    pb_variable<FieldT> x1;
-    x0.allocate(pb, "x0");
-    x1.allocate(pb, "x1");
-    // output
-    pb_variable<FieldT> y0;
-    pb_variable<FieldT> y1;
-    y0.allocate(pb, "y0");
-    y1.allocate(pb, "y1");
-#endif
-    linear_combination<FieldT> x0_lc;
-    linear_combination<FieldT> x1_lc;
-
-    pb_linear_combination<FieldT> x0(pb, x0_lc);
-    pb_linear_combination<FieldT> x1(pb, x1_lc);
-
-    linear_combination<FieldT> y0;
-    linear_combination<FieldT> y1;
+    pb_variable<FieldT> x0 = pb_variable_allocate(pb, "x0");
+    pb_variable<FieldT> x1 = pb_variable_allocate(pb, "x1");
+    pb_variable<FieldT> y0 = pb_variable_allocate(pb, "y0");
+    pb_variable<FieldT> y1 = pb_variable_allocate(pb, "y1");
 
     flystel_prime_field_gadget<
         FieldT,
@@ -195,15 +179,14 @@ template<typename FieldT> void test_flystel_prime_field_gadget(const size_t n)
     // generate constraints
     d.generate_r1cs_constraints();
 
-    //    const linear_combination<FieldT> x0 = 55;
-    //    const linear_combination<FieldT> x1 = 3;
-    //    pb.lc_val(x1_lc) = 3;
-    pb.lc_val(x0) = 55;
-    pb.lc_val(x1) = 3;
+    pb.val(x0) = 55;
+    pb.val(x1) = 3;
 
     // generate witness for the given input
     d.generate_r1cs_witness();
 
+#if 0    
+
     FieldT x0_val = pb.lc_val(x0); // x0_lc.terms[0].coeff;
     FieldT x1_val = pb.lc_val(x1); // x1_lc.terms[0].coeff;
 
@@ -221,19 +204,11 @@ template<typename FieldT> void test_flystel_prime_field_gadget(const size_t n)
     // y1 = x1 - a1 = 3 - a1
     FieldT y1_expected = x1_val - a1_expected;
 
-    //    std::vector<linear_term<FieldT>> terms;
-    std::vector<FieldT> y0_assignment({x0_val, -a0_expected, a2_expected});
-    std::vector<FieldT> y1_assignment({x1_val, -a1_expected});
-
-    FieldT t1 = y0.evaluate(y0_assignment);
-    printf("[%s:%d] y0.evaluate ", __FILE__, __LINE__);
-    t1.print();
-    printf("[%s:%d] y0_expected ", __FILE__, __LINE__);
-    y0_expected.print();
-
     ASSERT_EQ(y0.evaluate(y0_assignment), y0_expected);
     ASSERT_EQ(y1.evaluate(y1_assignment), y1_expected);
     ASSERT_TRUE(pb.is_satisfied());
+#endif
+
     libff::print_time("flystel_prime_field_gadget tests successful");
 }
 
@@ -320,7 +295,8 @@ template<typename ppT> void test_bug_dt()
 TEST(TestAnemoiGadget, TestBug) { test_bug<libff::bls12_381_pp>(); }
 TEST(TestAnemoiGadget, TestBugDt) { test_bug_dt<libff::bls12_381_pp>(); }
 
-int main(int argc, char **argv)
+// int main(int argc, char **argv)
+int main()
 {
     libff::start_profiling();
 
@@ -354,9 +330,9 @@ int main(int argc, char **argv)
     test_flystel_E_power_five_gadget<FieldT>(10);
     test_flystel_E_root_five_gadget<FieldT>(10);
 #endif
-    //    test_flystel_prime_field_gadget<FieldT>(10);
+    test_flystel_prime_field_gadget<FieldT>(10);
     //    test_bug<ppT>();
-    test_bug_dt<ppT>();
+    //    test_bug_dt<ppT>();
     //    test_bug_two<FieldT>();
     //    test_bug_one<FieldT>();
     //    test_root_five<FieldT>();

From 88b4024a96e5ffa1b355827d01498baa516a998d Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Fri, 7 Oct 2022 11:14:06 +0100
Subject: [PATCH 036/112] anemoi: added gadget for the flystel sbox plus unit
 test

---
 .../hashes/anemoi/anemoi_components.tcc       | 63 +++++++++----------
 .../anemoi/tests/test_anemoi_gadget.cpp       |  4 +-
 2 files changed, 31 insertions(+), 36 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
index 27a6d125e..c0a89b442 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
@@ -92,6 +92,7 @@ void flystel_Q_gamma_prime_field_gadget<FieldT, generator>::
     // y = beta x^2 + gamma
     this->pb.val(output) = this->beta * input_value * input_value + this->gamma;
 
+    printf("[%s:%d] flystel_Q_gamma_prime_field_gadget\n", __FILE__, __LINE__);
     printf("[%s:%d] %s() input ", __FILE__, __LINE__, __FUNCTION__);
     input_value.print();
     printf("[%s:%d] %s() output ", __FILE__, __LINE__, __FUNCTION__);
@@ -142,6 +143,7 @@ void flystel_Q_delta_prime_field_gadget<FieldT, generator>::
     // y = beta x^2 + delta
     this->pb.val(output) = this->beta * input_value * input_value + this->delta;
 
+    printf("[%s:%d] flystel_Q_delta_prime_field_gadget\n", __FILE__, __LINE__);
     printf("[%s:%d] %s() input ", __FILE__, __LINE__, __FUNCTION__);
     input_value.print();
     printf("[%s:%d] %s() output ", __FILE__, __LINE__, __FUNCTION__);
@@ -332,6 +334,7 @@ void flystel_E_power_five_gadget<FieldT>::generate_r1cs_witness()
     // y = x1 * x3
     this->pb.val(output) = input_value * this->pb.val(a1);
 
+    printf("[%s:%d] flystel_E_power_five_gadget\n", __FILE__, __LINE__);
     printf("[%s:%d] %s() input ", __FILE__, __LINE__, __FUNCTION__);
     input_value.print();
     printf("[%s:%d] %s() output ", __FILE__, __LINE__, __FUNCTION__);
@@ -400,6 +403,7 @@ void flystel_E_root_five_gadget<FieldT>::generate_r1cs_witness()
     // y = x1 * x3
     this->pb.val(output) = y;
 
+    printf("[%s:%d] flystel_E_root_five_gadget\n", __FILE__, __LINE__);
     printf("[%s:%d] %s() input ", __FILE__, __LINE__, __FUNCTION__);
     input_value.print();
     printf("[%s:%d] %s() output ", __FILE__, __LINE__, __FUNCTION__);
@@ -422,31 +426,22 @@ flystel_prime_field_gadget<FieldT, generator>::flystel_prime_field_gadget(
     , input_x1(x1)
     , output_y0(y0)
     , output_y1(y1)
-    , Q_gamma(
-          pb,
-          pb_linear_combination<FieldT>(pb, x1),
-          a0,
-          FMT(annotation_prefix, " Q_gamma"))
-    , Q_delta(
-          pb,
-          pb_linear_combination<FieldT>(pb, x1 - pb.val(a1)),
-          a2,
-          FMT(annotation_prefix, " Q_delta"))
-    , E_root_five(
-          pb,
-          pb_linear_combination<FieldT>(pb, x0 - pb.val(a0)),
-          a1,
-          annotation_prefix)
-//    , Q_gamma(pb, x1, a0, FMT(annotation_prefix, " Q_gamma"))
-//    , Q_delta(pb, x1 - a1, a2, FMT(annotation_prefix, " Q_delta"))
-//    , E_root_five(pb, x0 - a0, a1, FMT(annotation_prefix, " E_root_five"))
+    , Q_gamma(pb, x1, a0, FMT(annotation_prefix, " Q_gamma"))
+    , Q_delta(pb, x1 - a1, a2, FMT(annotation_prefix, " Q_delta"))
+    , E_root_five(pb, x0 - a0, a1, FMT(annotation_prefix, " E_root_five"))
 {
-    printf("[%s:%d] %s() x0", __FILE__, __LINE__, __FUNCTION__);
-    this->input_x0.print();
-    printf("[%s:%d] %s() x1", __FILE__, __LINE__, __FUNCTION__);
-    this->input_x1.print();
-    printf("[%s:%d] %s() a0 ", __FILE__, __LINE__, __FUNCTION__);
-    this->pb.val(a0).print();
+    const FieldT input_x0_value =
+        input_x0.evaluate(this->pb.full_variable_assignment());
+    const FieldT input_x1_value =
+        input_x1.evaluate(this->pb.full_variable_assignment());
+    const FieldT a0_value = this->pb.val(a0);
+
+    printf("[%s:%d] %s() x0 = ", __FILE__, __LINE__, __FUNCTION__);
+    input_x0_value.print();
+    printf("[%s:%d] %s() x1 = ", __FILE__, __LINE__, __FUNCTION__);
+    input_x1_value.print();
+    printf("[%s:%d] %s() a0 = ", __FILE__, __LINE__, __FUNCTION__);
+    a0_value.print();
 }
 
 template<typename FieldT, size_t generator>
@@ -461,25 +456,25 @@ template<typename FieldT, size_t generator>
 void flystel_prime_field_gadget<FieldT, generator>::generate_r1cs_witness()
 {
     Q_gamma.generate_r1cs_witness();
-    Q_delta.generate_r1cs_witness();
     E_root_five.generate_r1cs_witness();
+    Q_delta.generate_r1cs_witness();
 
-    //    this->pb.lc_val(pb_linear_combination<FieldT>(this->pb, output_y0)) =
-    //        this->pb.lc_val(pb_linear_combination<FieldT>(this->pb, input_x0))
-    //        - this->pb.val(a0) - this->pb.val(a2);
-    //    output_y0 = input_x0 - this->pb.val(a0) - this->pb.val(a2);
+    const FieldT input_x0_value =
+        input_x0.evaluate(this->pb.full_variable_assignment());
+    const FieldT input_x1_value =
+        input_x1.evaluate(this->pb.full_variable_assignment());
 
-    output_y0 = input_x0 - this->pb.val(a0) - this->pb.val(a2);
-    output_y1 = input_x1 - this->pb.val(a1);
+    output_y0 = input_x0_value - this->pb.val(a0) - this->pb.val(a2);
+    output_y1 = input_x1_value - this->pb.val(a1);
 
-    printf("[%s:%d] y0  ", __FILE__, __LINE__);
-    output_y0.print();
     printf("[%s:%d] x0  ", __FILE__, __LINE__);
-    input_x0.print();
+    input_x0_value.print();
     printf("[%s:%d] a0  ", __FILE__, __LINE__);
     this->pb.val(a0).print();
     printf("[%s:%d] a2  ", __FILE__, __LINE__);
     this->pb.val(a2).print();
+    //    printf("[%s:%d] y0  ", __FILE__, __LINE__);
+    //    output_y0.print();
 
     //    output_y0 = input_x0 - this->pb.val(a0) + this->pb.val(a2);
     //    output_y1 = input_x1 - this->pb.val(a1);
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
index e0516d4a0..aa88e934e 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
@@ -179,8 +179,8 @@ template<typename FieldT> void test_flystel_prime_field_gadget(const size_t n)
     // generate constraints
     d.generate_r1cs_constraints();
 
-    pb.val(x0) = 55;
-    pb.val(x1) = 3;
+    pb.val(x0) = FieldT(55);
+    pb.val(x1) = FieldT(3);
 
     // generate witness for the given input
     d.generate_r1cs_witness();

From b7dcb351ef5be20c998862714fe0cafd6057d126 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Mon, 10 Oct 2022 12:31:41 +0100
Subject: [PATCH 037/112] anemoi: removed debug comments from protoboard.tcc

---
 libsnark/gadgetlib1/protoboard.tcc | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/libsnark/gadgetlib1/protoboard.tcc b/libsnark/gadgetlib1/protoboard.tcc
index da49735ef..8de4fc37b 100644
--- a/libsnark/gadgetlib1/protoboard.tcc
+++ b/libsnark/gadgetlib1/protoboard.tcc
@@ -70,13 +70,9 @@ FieldT protoboard<FieldT>::val(const pb_variable<FieldT> &var) const
 template<typename FieldT>
 FieldT &protoboard<FieldT>::lc_val(const pb_linear_combination<FieldT> &lc)
 {
-    printf("[%s:%d] CHECKPOINT 1\n", __FILE__, __LINE__);
-    //    assert(lc.is_variable == false);
     if (lc.is_variable == true) {
-        printf("[%s:%d] CHECKPOINT 2\n", __FILE__, __LINE__);
         return this->val(pb_variable<FieldT>(lc.index));
     } else {
-        printf("[%s:%d] CHECKPOINT 3\n", __FILE__, __LINE__);
         assert(lc.index < lc_values.size());
         return lc_values[lc.index];
     }

From 377ea064ad8bc3f000a153d749c421f264ded5c5 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Mon, 10 Oct 2022 12:31:50 +0100
Subject: [PATCH 038/112] anemoi: completed unit test for flystel sbox; code
 cleanup

---
 .../hashes/anemoi/anemoi_components.hpp       |  10 +-
 .../hashes/anemoi/anemoi_components.tcc       |  26 +--
 .../anemoi/tests/test_anemoi_gadget.cpp       | 161 +++---------------
 3 files changed, 37 insertions(+), 160 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
index dfdee78e3..a67c7e6b9 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
@@ -244,12 +244,10 @@ class flystel_prime_field_gadget : public gadget<FieldT>
     pb_variable<FieldT> a2;
 
 public:
-    // (x0,x1)
     const linear_combination<FieldT> input_x0;
     const linear_combination<FieldT> input_x1;
-    // (v7,v8)=(y0,y1)
-    linear_combination<FieldT> output_y0;
-    linear_combination<FieldT> output_y1;
+    const pb_variable<FieldT> output_y0;
+    const pb_variable<FieldT> output_y1;
 
     flystel_Q_gamma_prime_field_gadget<FieldT, generator> Q_gamma;
     flystel_Q_delta_prime_field_gadget<FieldT, generator> Q_delta;
@@ -259,8 +257,8 @@ class flystel_prime_field_gadget : public gadget<FieldT>
         protoboard<FieldT> &pb,
         const linear_combination<FieldT> &x0,
         const linear_combination<FieldT> &x1,
-        const linear_combination<FieldT> &y0,
-        const linear_combination<FieldT> &y1,
+        const pb_variable<FieldT> &y0,
+        const pb_variable<FieldT> &y1,
         const std::string &annotation_prefix = "");
 
     void generate_r1cs_constraints();
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
index c0a89b442..c57979d8f 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
@@ -415,8 +415,8 @@ flystel_prime_field_gadget<FieldT, generator>::flystel_prime_field_gadget(
     protoboard<FieldT> &pb,
     const linear_combination<FieldT> &x0,
     const linear_combination<FieldT> &x1,
-    const linear_combination<FieldT> &y0,
-    const linear_combination<FieldT> &y1,
+    const pb_variable<FieldT> &y0,
+    const pb_variable<FieldT> &y1,
     const std::string &annotation_prefix)
     : gadget<FieldT>(pb, annotation_prefix)
     , a0(pb_variable_allocate(pb, FMT(annotation_prefix, " a0")))
@@ -464,8 +464,9 @@ void flystel_prime_field_gadget<FieldT, generator>::generate_r1cs_witness()
     const FieldT input_x1_value =
         input_x1.evaluate(this->pb.full_variable_assignment());
 
-    output_y0 = input_x0_value - this->pb.val(a0) - this->pb.val(a2);
-    output_y1 = input_x1_value - this->pb.val(a1);
+    this->pb.lc_val(output_y0) =
+        input_x0_value - this->pb.val(a0) + this->pb.val(a2);
+    this->pb.lc_val(output_y1) = input_x1_value - this->pb.val(a1);
 
     printf("[%s:%d] x0  ", __FILE__, __LINE__);
     input_x0_value.print();
@@ -473,11 +474,10 @@ void flystel_prime_field_gadget<FieldT, generator>::generate_r1cs_witness()
     this->pb.val(a0).print();
     printf("[%s:%d] a2  ", __FILE__, __LINE__);
     this->pb.val(a2).print();
-    //    printf("[%s:%d] y0  ", __FILE__, __LINE__);
-    //    output_y0.print();
-
-    //    output_y0 = input_x0 - this->pb.val(a0) + this->pb.val(a2);
-    //    output_y1 = input_x1 - this->pb.val(a1);
+    printf("[%s:%d] y0  ", __FILE__, __LINE__);
+    this->pb.lc_val(output_y0).print();
+    printf("[%s:%d] y1  ", __FILE__, __LINE__);
+    this->pb.lc_val(output_y1).print();
 }
 
 template<typename FieldT, size_t NumStateColumns_L>
@@ -496,10 +496,10 @@ anemoi_permutation_mds(const FieldT g)
     }
     if (NumStateColumns_L == 4) {
         M = {
-            {g + 1, 1, g2, g2},
-            {1, g + 1, g2 + g, g2},
-            {g, g, g + 1, 1},
-            {g + 1, g, 1, g + 1}};
+            {1, g2, g2, 1 + g},
+            {1 + g, g + g2, g2, 1 + 2 * g},
+            {g, 1 + g, 1, g},
+            {g, 1 + 2 * g, 1 + g, 1 + g}};
         return M;
     }
     // If we are here, then the number of columns NumStateColumns_L has invalid
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
index aa88e934e..909d8b6ca 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
@@ -34,9 +34,10 @@ void test_pb_verify_circuit(protoboard<libff::Fr<ppT>> &pb)
         keypair.vk, primary_input, proof));
 }
 
-template<typename FieldT>
+template<typename ppT>
 void test_flystel_Q_gamma_prime_field_gadget(const size_t n)
 {
+    using FieldT = libff::Fr<ppT>;
     printf("testing flystel_power_two_gadget on all %zu bit strings\n", n);
     protoboard<FieldT> pb;
     pb_variable<FieldT> x;
@@ -65,9 +66,10 @@ void test_flystel_Q_gamma_prime_field_gadget(const size_t n)
     libff::print_time("flystel_power_two_gadget tests successful");
 }
 
-template<typename FieldT>
+template<typename ppT>
 void test_flystel_Q_gamma_binary_field_gadge(const size_t n)
 {
+    using FieldT = libff::Fr<ppT>;
     printf("testing flystel_power_three_gadget on all %zu bit strings\n", n);
 
     protoboard<FieldT> pb;
@@ -98,8 +100,9 @@ void test_flystel_Q_gamma_binary_field_gadge(const size_t n)
     libff::print_time("flystel_power_three_gadget tests successful");
 }
 
-template<typename FieldT> void test_flystel_E_power_five_gadget(const size_t n)
+template<typename ppT> void test_flystel_E_power_five_gadget(const size_t n)
 {
+    using FieldT = libff::Fr<ppT>;
     printf("testing flystel_E_power_five_gadget on all %zu bit strings\n", n);
 
     protoboard<FieldT> pb;
@@ -127,8 +130,9 @@ template<typename FieldT> void test_flystel_E_power_five_gadget(const size_t n)
     libff::print_time("flystel_E_power_five_gadget tests successful");
 }
 
-template<typename FieldT> void test_flystel_E_root_five_gadget(const size_t n)
+template<typename ppT> void test_flystel_E_root_five_gadget(const size_t n)
 {
+    using FieldT = libff::Fr<ppT>;
     printf("testing flystel_E_root_five_gadget on all %zu bit strings\n", n);
 
     protoboard<FieldT> pb;
@@ -160,8 +164,9 @@ template<typename FieldT> void test_flystel_E_root_five_gadget(const size_t n)
     libff::print_time("flystel_E_root_five_gadget tests successful");
 }
 
-template<typename FieldT> void test_flystel_prime_field_gadget(const size_t n)
+template<typename ppT> void test_flystel_prime_field_gadget(const size_t n)
 {
+    using FieldT = libff::Fr<ppT>;
     printf("testing flystel_prime_field_gadget on all %zu bit strings\n", n);
 
     protoboard<FieldT> pb;
@@ -185,117 +190,18 @@ template<typename FieldT> void test_flystel_prime_field_gadget(const size_t n)
     // generate witness for the given input
     d.generate_r1cs_witness();
 
-#if 0    
-
-    FieldT x0_val = pb.lc_val(x0); // x0_lc.terms[0].coeff;
-    FieldT x1_val = pb.lc_val(x1); // x1_lc.terms[0].coeff;
-
-    // a0 = 23
-    FieldT a0_expected = FieldT(23);
-    // a1 = 22^{1/5}
-    FieldT a1_expected =
-        FieldT("10357913779704000956629425810748166374506105653"
-               "828973721142406533896278368512");
-    // a2 = 2 (3-a1)^2
-    FieldT a2_expected =
-        FieldT(2) * (FieldT(3) - a1_expected) * (FieldT(3) - a1_expected);
-    // y0 = x0 - a0 + a2 = 22 + a2
-    FieldT y0_expected = x0_val - a0_expected + a2_expected;
-    // y1 = x1 - a1 = 3 - a1
-    FieldT y1_expected = x1_val - a1_expected;
-
-    ASSERT_EQ(y0.evaluate(y0_assignment), y0_expected);
-    ASSERT_EQ(y1.evaluate(y1_assignment), y1_expected);
-    ASSERT_TRUE(pb.is_satisfied());
-#endif
-
-    libff::print_time("flystel_prime_field_gadget tests successful");
-}
+    FieldT y0_expect = FieldT(34);
+    FieldT y1_expect = FieldT(1);
 
-template<typename FieldT> void test_root_five()
-{
-    // alpha_inv =
-    // 20974350070050476191779096203274386335076221000211055129041463479975432473805
-    //    FieldT x = FieldT::random_element();
-    //    FieldT y = power(x, 5);
-    //    x.print();
-    //    y.print();
-    FieldT x = 5;
-    FieldT x_mod_inv =
-        FieldT("2097435007005047619177909620327438633507622100021"
-               "1055129041463479975432473805");
-    printf("Fr modulus   \n");
-    x.mod.print();
-    printf("x + x_mod_inv\n");
-    FieldT z = x + x_mod_inv;
-    z.print();
-    printf("\n");
-    x.print();
-    x.inverse().print();
-}
-
-template<typename ppT> void test_bug()
-{
-    using FieldT = libff::Fr<ppT>;
-
-    protoboard<FieldT> pb;
-    pb_variable<FieldT> v1 = pb_variable_allocate(pb, "v1");
-    pb_variable<FieldT> v2 = pb_variable_allocate(pb, "v2");
-    pb_variable<FieldT> a0 = pb_variable_allocate(pb, "a0");
-    pb_linear_combination<FieldT> x1;
-
-    x1.assign(pb, v1 + v2);
-
-    flystel_Q_gamma_prime_field_gadget<
-        FieldT,
-        FLYSTEL_MULTIPLICATIVE_SUBGROUP_GENERATOR>
-        d(pb, x1, a0, "flystel_Q_gamma");
-    d.generate_r1cs_constraints();
-
-    pb.val(v1) = FieldT(3);
-    pb.val(v2) = FieldT(0);
-
-    const FieldT expect_a0("23");
-
-    d.generate_r1cs_witness();
-    ASSERT_EQ(expect_a0, pb.val(a0));
+    ASSERT_EQ(y0_expect, pb.val(y0));
+    ASSERT_EQ(y1_expect, pb.val(y1));
     ASSERT_TRUE(pb.is_satisfied());
 
     //    test_pb_verify_circuit<ppT>(pb);
-}
-
-template<typename ppT> void test_bug_dt()
-{
-    using FieldT = libff::Fr<ppT>;
-
-    // Circuit showing x_3 = beta * (x_1+x_2)^2 + gamma
-    FieldT x1 = FieldT(7);
-    FieldT x2 = FieldT(11);
-    linear_combination<FieldT> lc(x1 + x2);
-
-    protoboard<FieldT> pb;
-    pb_variable<FieldT> x3 = pb_variable_allocate(pb, "x3");
-    pb_linear_combination<FieldT> pb_lc; //(pb, lc);
-    pb_lc.assign(pb, lc);
-
-    flystel_Q_gamma_prime_field_gadget<FieldT, 2> d(
-        pb, pb_lc, x3, "flystel_Q_gamma");
-    d.generate_r1cs_constraints();
 
-    // Expect x3 = 2 * (7+11)^2 + 5 = 653
-    const FieldT expect_x3("653");
-
-    d.generate_r1cs_witness();
-    ASSERT_EQ(expect_x3, pb.val(x3));
-    ASSERT_TRUE(pb.is_satisfied());
-
-    //    test_pb_verify_circuit<ppT>(pb);
+    libff::print_time("flystel_prime_field_gadget tests successful");
 }
 
-TEST(TestAnemoiGadget, TestBug) { test_bug<libff::bls12_381_pp>(); }
-TEST(TestAnemoiGadget, TestBugDt) { test_bug_dt<libff::bls12_381_pp>(); }
-
-// int main(int argc, char **argv)
 int main()
 {
     libff::start_profiling();
@@ -305,38 +211,11 @@ int main()
 
     libff::bls12_381_pp::init_public_params();
     using ppT = libff::bls12_381_pp;
-    using FieldT = libff::Fr<ppT>;
 
-    // for BLS12-381
-    // beta = g = first multiplicative generator = 7.
-    // delta = g^(-1)
-    // 14981678621464625851270783002338847382197300714436467949315331057125308909861
-    // Fr modulus
-    // 52435875175126190479447740508185965837690552500527637822603658699938581184513
-#if 0
-    FieldT a = FieldT(7);
-    FieldT a_inv = a.inverse();
-    assert((a * a_inv) == FieldT::one());
-    printf("a_inv      ");
-    a_inv.print();
-    printf("\n");
-    printf("Fr modulus ");
-    a.mod.print();
-    printf("\n");
-#endif
-#if 0    
-    test_flystel_Q_gamma_prime_field_gadget<FieldT>(10);
-    test_flystel_Q_gamma_binary_field_gadge<FieldT>(10);
-    test_flystel_E_power_five_gadget<FieldT>(10);
-    test_flystel_E_root_five_gadget<FieldT>(10);
-#endif
-    test_flystel_prime_field_gadget<FieldT>(10);
-    //    test_bug<ppT>();
-    //    test_bug_dt<ppT>();
-    //    test_bug_two<FieldT>();
-    //    test_bug_one<FieldT>();
-    //    test_root_five<FieldT>();
-    //    ::testing::InitGoogleTest(&argc, argv);
-    //    return RUN_ALL_TESTS();
+    test_flystel_Q_gamma_prime_field_gadget<ppT>(10);
+    test_flystel_Q_gamma_binary_field_gadge<ppT>(10);
+    test_flystel_E_power_five_gadget<ppT>(10);
+    test_flystel_E_root_five_gadget<ppT>(10);
+    test_flystel_prime_field_gadget<ppT>(10);
     return 0;
 }

From f247bfe488aba52971227ace42b1c636db661754 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Mon, 17 Oct 2022 10:28:32 +0100
Subject: [PATCH 039/112] anemoi: transposed matrix M4 fixing a bug in the
 paper

---
 .../gadgets/hashes/anemoi/anemoi_components.tcc           | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
index c57979d8f..0fd38371e 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
@@ -496,10 +496,10 @@ anemoi_permutation_mds(const FieldT g)
     }
     if (NumStateColumns_L == 4) {
         M = {
-            {1, g2, g2, 1 + g},
-            {1 + g, g + g2, g2, 1 + 2 * g},
-            {g, 1 + g, 1, g},
-            {g, 1 + 2 * g, 1 + g, 1 + g}};
+            {1, 1 + g, g, g},
+            {g2, g + g2, 1 + g, 1 + 2 * g},
+            {g2, g2, 1, 1 + g},
+            {1 + g, 1 + 2 * g, g, 1 + g}};
         return M;
     }
     // If we are here, then the number of columns NumStateColumns_L has invalid

From 58ff44a644368fc2d0fc5ccc6c790e99090e6c38 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Fri, 21 Oct 2022 22:55:16 +0100
Subject: [PATCH 040/112] anemoi: removed test for plonk in CMakeLists.txt

---
 libsnark/CMakeLists.txt | 1 -
 1 file changed, 1 deletion(-)

diff --git a/libsnark/CMakeLists.txt b/libsnark/CMakeLists.txt
index d209927f4..35bc673b5 100644
--- a/libsnark/CMakeLists.txt
+++ b/libsnark/CMakeLists.txt
@@ -205,7 +205,6 @@ if ("${IS_LIBSNARK_PARENT}")
   libsnark_test(test_r1cs_ppzksnark_verifier_gadget gadgetlib1/tests/test_r1cs_ppzksnark_verifier_gadget.cpp)
   libsnark_test(test_r1cs_gg_ppzksnark_verifier_gadget gadgetlib1/tests/test_r1cs_gg_ppzksnark_verifier_gadget.cpp)
   libsnark_test(test_kzg10_verifier_gadget gadgetlib1/tests/test_kzg10_verifier_gadget.cpp)
-  libsnark_test(test_plonk zk_proof_systems/plonk/tests/test_plonk.cpp)
   libsnark_test(test_anemoi_gadget gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp)
 
   # TODO (howardwu): Resolve runtime on targets:

From e3af3c2bfebf8dec4396e7d25a69ebfa05a6ff60 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Wed, 26 Oct 2022 11:38:53 +0100
Subject: [PATCH 041/112] anemoi: added latest revision of depends/libff

---
 depends/libff | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/depends/libff b/depends/libff
index f9a588c05..9f01c327c 160000
--- a/depends/libff
+++ b/depends/libff
@@ -1 +1 @@
-Subproject commit f9a588c05ff803adef5b94a677a6eb37d7ea94cc
+Subproject commit 9f01c327cf928d9bb25d2586d7b4b8bc9726bc4c

From 20340d231dff2dc72b0b2e015aee9c0478adc37c Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Wed, 26 Oct 2022 11:51:55 +0100
Subject: [PATCH 042/112] anemoi: removed default initialization of input var
 annotation_prefix in anemoi_permutation_round_prime_field_gadget to fix CI
 error

---
 libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
index a67c7e6b9..b2f91ee0c 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
@@ -304,7 +304,7 @@ class anemoi_permutation_round_prime_field_gadget : public gadget<FieldT>
         protoboard<FieldT> &pb,
         std::array<pb_variable<FieldT>, (2 * NumStateColumns_L)> &input,
         std::array<pb_variable<FieldT>, (2 * NumStateColumns_L)> &output,
-        std::string &annotation_prefix = "");
+        std::string &annotation_prefix);
 
     void generate_r1cs_constraints();
     void generate_r1cs_witness();

From a43ace38f2d5c505b12b0e5b19a8baea523328fc Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Wed, 26 Oct 2022 12:05:34 +0100
Subject: [PATCH 043/112] anemoi: removed printing of columns value in
 std::logic_error to fix CI complaint

---
 .../gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc     | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
index 0fd38371e..ae234b147 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
@@ -505,8 +505,7 @@ anemoi_permutation_mds(const FieldT g)
     // If we are here, then the number of columns NumStateColumns_L has invalid
     // value outside of the set {2,3,4}
     throw std::logic_error(
-        "Error: invalid number of columns %d . Must be 2,3 or 4 .",
-        NumStateColumns_L);
+        "Error: invalid number of columns. Must be 2,3 or 4 .");
 }
 
 template<typename FieldT, size_t generator, size_t NumStateColumns_L>

From 4ab01e1497b255d6fdfda5d733092bedb5616f5a Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Wed, 26 Oct 2022 12:14:54 +0100
Subject: [PATCH 044/112] anemoi: made the declaration of the
 anemoi_permutation_round_prime_field_gadget constructor consistent with its
 definition in order to fix CI error

---
 .../gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp    | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
index b2f91ee0c..71065220e 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
@@ -302,8 +302,8 @@ class anemoi_permutation_round_prime_field_gadget : public gadget<FieldT>
 
     anemoi_permutation_round_prime_field_gadget(
         protoboard<FieldT> &pb,
-        std::array<pb_variable<FieldT>, (2 * NumStateColumns_L)> &input,
-        std::array<pb_variable<FieldT>, (2 * NumStateColumns_L)> &output,
+        std::array<pb_variable<FieldT>, 2 * NumStateColumns_L> &input,
+        std::array<pb_variable<FieldT>, 2 * NumStateColumns_L> &output,
         std::string &annotation_prefix);
 
     void generate_r1cs_constraints();

From 82032ee5d6144cbce006789bda766310d7457fc4 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Wed, 26 Oct 2022 12:22:36 +0100
Subject: [PATCH 045/112] anemoi: removed unused parameter pb in
 anemoi_permutation_round_prime_field_gadget to fix CI complaint

---
 libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp | 1 -
 libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc | 1 -
 2 files changed, 2 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
index 71065220e..aef0e69e4 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
@@ -301,7 +301,6 @@ class anemoi_permutation_round_prime_field_gadget : public gadget<FieldT>
     std::array<pb_variable<FieldT>, 2 * NumStateColumns_L> output;
 
     anemoi_permutation_round_prime_field_gadget(
-        protoboard<FieldT> &pb,
         std::array<pb_variable<FieldT>, 2 * NumStateColumns_L> &input,
         std::array<pb_variable<FieldT>, 2 * NumStateColumns_L> &output,
         std::string &annotation_prefix);
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
index ae234b147..58ecd4490 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
@@ -514,7 +514,6 @@ anemoi_permutation_round_prime_field_gadget<
     generator,
     NumStateColumns_L>::
     anemoi_permutation_round_prime_field_gadget(
-        protoboard<FieldT> &pb,
         std::array<pb_variable<FieldT>, 2 * NumStateColumns_L> &input,
         std::array<pb_variable<FieldT>, 2 * NumStateColumns_L> &output,
         std::string &annotation_prefix)

From e75dc3e77851414fb88403b742dde15ed2c554e5 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Wed, 26 Oct 2022 13:01:10 +0100
Subject: [PATCH 046/112] anemoi: removed unused parameter annotation_prefix
 from anemoi_permutation_round_prime_field_gadget to fix CI complaint

---
 .../gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp     | 3 +--
 .../gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc     | 3 +--
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
index aef0e69e4..6eecb73b2 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
@@ -302,8 +302,7 @@ class anemoi_permutation_round_prime_field_gadget : public gadget<FieldT>
 
     anemoi_permutation_round_prime_field_gadget(
         std::array<pb_variable<FieldT>, 2 * NumStateColumns_L> &input,
-        std::array<pb_variable<FieldT>, 2 * NumStateColumns_L> &output,
-        std::string &annotation_prefix);
+        std::array<pb_variable<FieldT>, 2 * NumStateColumns_L> &output);
 
     void generate_r1cs_constraints();
     void generate_r1cs_witness();
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
index 58ecd4490..13e2e9f5d 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
@@ -515,8 +515,7 @@ anemoi_permutation_round_prime_field_gadget<
     NumStateColumns_L>::
     anemoi_permutation_round_prime_field_gadget(
         std::array<pb_variable<FieldT>, 2 * NumStateColumns_L> &input,
-        std::array<pb_variable<FieldT>, 2 * NumStateColumns_L> &output,
-        std::string &annotation_prefix)
+        std::array<pb_variable<FieldT>, 2 * NumStateColumns_L> &output)
     : input(input), output(output)
 {
 }

From cf73f03bd6922a6908d8f8eeb7423d2200db2ffe Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Mon, 31 Oct 2022 11:06:12 +0000
Subject: [PATCH 047/112] anemoi: removed default value "" for
 annotation_prefix (cf. PR #65
 https://github.com/clearmatics/libsnark/pull/65#discussion_r992421871)

---
 .../gadgets/hashes/anemoi/anemoi_components.hpp    | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
index 6eecb73b2..9c63bda9c 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
@@ -71,7 +71,7 @@ class flystel_Q_gamma_prime_field_gadget : public gadget<FieldT>
         protoboard<FieldT> &pb,
         const linear_combination<FieldT> &input,
         const pb_variable<FieldT> &output,
-        const std::string &annotation_prefix = "");
+        const std::string &annotation_prefix);
 
     void generate_r1cs_constraints();
     void generate_r1cs_witness();
@@ -98,7 +98,7 @@ class flystel_Q_delta_prime_field_gadget : public gadget<FieldT>
         protoboard<FieldT> &pb,
         const linear_combination<FieldT> &input,
         const pb_variable<FieldT> &output,
-        const std::string &annotation_prefix = "");
+        const std::string &annotation_prefix);
 
     void generate_r1cs_constraints();
     void generate_r1cs_witness();
@@ -130,7 +130,7 @@ class flystel_Q_gamma_binary_field_gadget : public gadget<FieldT>
         protoboard<FieldT> &pb,
         const linear_combination<FieldT> &input,
         const pb_variable<FieldT> &output,
-        const std::string &annotation_prefix = "");
+        const std::string &annotation_prefix);
 
     void generate_r1cs_constraints();
     void generate_r1cs_witness();
@@ -162,7 +162,7 @@ class flystel_Q_delta_binary_field_gadget : public gadget<FieldT>
         protoboard<FieldT> &pb,
         const linear_combination<FieldT> &input,
         const pb_variable<FieldT> &output,
-        const std::string &annotation_prefix = "");
+        const std::string &annotation_prefix);
 
     void generate_r1cs_constraints();
     void generate_r1cs_witness();
@@ -188,7 +188,7 @@ class flystel_E_power_five_gadget : public gadget<FieldT>
         protoboard<FieldT> &pb,
         const linear_combination<FieldT> &input,
         const pb_variable<FieldT> &output,
-        const std::string &annotation_prefix = "");
+        const std::string &annotation_prefix);
 
     void generate_r1cs_constraints();
     void generate_r1cs_witness();
@@ -214,7 +214,7 @@ class flystel_E_root_five_gadget : public gadget<FieldT>
         protoboard<FieldT> &pb,
         const linear_combination<FieldT> &input,
         const pb_variable<FieldT> &output,
-        const std::string &annotation_prefix = "");
+        const std::string &annotation_prefix);
 
     void generate_r1cs_constraints();
     void generate_r1cs_witness();
@@ -259,7 +259,7 @@ class flystel_prime_field_gadget : public gadget<FieldT>
         const linear_combination<FieldT> &x1,
         const pb_variable<FieldT> &y0,
         const pb_variable<FieldT> &y1,
-        const std::string &annotation_prefix = "");
+        const std::string &annotation_prefix);
 
     void generate_r1cs_constraints();
     void generate_r1cs_witness();

From 3124b60ef27fbbc3c076662b3901ce3468f69482 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Mon, 31 Oct 2022 11:37:00 +0000
Subject: [PATCH 048/112] anemoi: set member variables representing
 intermediate values to be of type const in several classes. resp. added their
 initialization in the initialization list of the constructor (cf.
 https://github.com/clearmatics/libsnark/pull/65#discussion_r992426730)

---
 .../gadgets/hashes/anemoi/anemoi_components.hpp  | 16 ++++++++--------
 .../gadgets/hashes/anemoi/anemoi_components.tcc  | 16 ++++++++++------
 2 files changed, 18 insertions(+), 14 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
index 9c63bda9c..5c6b84858 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
@@ -148,7 +148,7 @@ class flystel_Q_delta_binary_field_gadget : public gadget<FieldT>
 {
 private:
     /// internal (i.e. intermediate) variable
-    pb_variable<FieldT> internal;
+    const pb_variable<FieldT> internal;
     /// constants
     const FieldT beta;
     const FieldT delta;
@@ -176,8 +176,8 @@ class flystel_E_power_five_gadget : public gadget<FieldT>
 {
 private:
     // internal (i.e. intermediate) variables
-    pb_variable<FieldT> a0;
-    pb_variable<FieldT> a1;
+    const pb_variable<FieldT> a0;
+    const pb_variable<FieldT> a1;
 
 public:
     /// input/output
@@ -202,8 +202,8 @@ class flystel_E_root_five_gadget : public gadget<FieldT>
 {
 private:
     // internal (i.e. intermediate) variables
-    pb_variable<FieldT> a0;
-    pb_variable<FieldT> a1;
+    const pb_variable<FieldT> a0;
+    const pb_variable<FieldT> a1;
 
 public:
     /// input/output
@@ -239,9 +239,9 @@ class flystel_prime_field_gadget : public gadget<FieldT>
 {
 private:
     // internal (i.e. intermediate) variables
-    pb_variable<FieldT> a0;
-    pb_variable<FieldT> a1;
-    pb_variable<FieldT> a2;
+    const pb_variable<FieldT> a0;
+    const pb_variable<FieldT> a1;
+    const pb_variable<FieldT> a2;
 
 public:
     const linear_combination<FieldT> input_x0;
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
index 13e2e9f5d..7e0d40b09 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
@@ -299,10 +299,12 @@ flystel_E_power_five_gadget<FieldT>::flystel_E_power_five_gadget(
     const linear_combination<FieldT> &input,
     const pb_variable<FieldT> &output,
     const std::string &annotation_prefix)
-    : gadget<FieldT>(pb, annotation_prefix), input(input), output(output)
+    : gadget<FieldT>(pb, annotation_prefix)
+    , a0(pb_variable_allocate(pb, FMT(annotation_prefix, " internal value a0")))
+    , a1(pb_variable_allocate(pb, FMT(annotation_prefix, " internal value a1")))
+    , input(input)
+    , output(output)
 {
-    a0.allocate(this->pb, " internal value a0");
-    a1.allocate(this->pb, " internal value a1");
 }
 
 template<typename FieldT>
@@ -366,10 +368,12 @@ flystel_E_root_five_gadget<FieldT>::flystel_E_root_five_gadget(
     const linear_combination<FieldT> &input,
     const pb_variable<FieldT> &output,
     const std::string &annotation_prefix)
-    : gadget<FieldT>(pb, annotation_prefix), input(input), output(output)
+    : gadget<FieldT>(pb, annotation_prefix)
+    , a0(pb_variable_allocate(pb, FMT(annotation_prefix, " a0")))
+    , a1(pb_variable_allocate(pb, FMT(annotation_prefix, " a1")))
+    , input(input)
+    , output(output)
 {
-    a0.allocate(this->pb, " internal value a0");
-    a1.allocate(this->pb, " internal value a1");
 }
 
 template<typename FieldT>

From c18735ba893731a867912d46e637cf50e4758a33 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Mon, 31 Oct 2022 11:43:47 +0000
Subject: [PATCH 049/112] anemoi: updated copyright notice in all files

---
 .../gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp | 7 +++----
 .../gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc | 5 +++--
 .../gadgetlib1/gadgets/hashes/anemoi/anemoi_constants.hpp  | 7 +++----
 .../gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp     | 5 +++--
 4 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
index 5c6b84858..37b8d5fa6 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
@@ -1,9 +1,8 @@
 /** @file
  *****************************************************************************
-
- *****************************************************************************
- * @author     This file is part of libsnark, developed by SCIPR Lab
- *             and contributors (see AUTHORS).
+ * @author     This file is part of libsnark, developed by Clearmatics Ltd
+ *             (originally developed by SCIPR Lab) and contributors
+ *             (see AUTHORS).
  * @copyright  MIT license (see LICENSE file)
  *****************************************************************************/
 
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
index 7e0d40b09..ffb8bd367 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
@@ -6,8 +6,9 @@
  See anemoi_gadget.hpp .
 
  *****************************************************************************
- * @author     This file is part of libsnark, developed by SCIPR Lab
- *             and contributors (see AUTHORS).
+ * @author     This file is part of libsnark, developed by Clearmatics Ltd
+ *             (originally developed by SCIPR Lab) and contributors
+ *             (see AUTHORS).
  * @copyright  MIT license (see LICENSE file)
  *****************************************************************************/
 
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_constants.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_constants.hpp
index 38ce24ce3..d1ece832b 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_constants.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_constants.hpp
@@ -1,9 +1,8 @@
 /** @file
  *****************************************************************************
-
- *****************************************************************************
- * @author     This file is part of libsnark, developed by SCIPR Lab
- *             and contributors (see AUTHORS).
+ * @author     This file is part of libsnark, developed by Clearmatics Ltd
+ *             (originally developed by SCIPR Lab) and contributors
+ *             (see AUTHORS).
  * @copyright  MIT license (see LICENSE file)
  *****************************************************************************/
 
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
index 909d8b6ca..b847f3070 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
@@ -1,7 +1,8 @@
 /** @file
  *****************************************************************************
- * @author     This file is part of libsnark, developed by SCIPR Lab
- *             and contributors (see AUTHORS).
+ * @author     This file is part of libsnark, developed by Clearmatics Ltd
+ *             (originally developed by SCIPR Lab) and contributors
+ *             (see AUTHORS).
  * @copyright  MIT license (see LICENSE file)
  *****************************************************************************/
 

From 579c1a34d2e158670fbf05bded68a0fed3b62562 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Mon, 31 Oct 2022 12:02:18 +0000
Subject: [PATCH 050/112] anemoi: added formal reference to the eprint version
 of the Anemoi paper (cf.
 https://github.com/clearmatics/libsnark/pull/65#discussion_r992439955)

---
 .../gadgets/hashes/anemoi/anemoi_components.hpp     | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
index 37b8d5fa6..fb18db7f4 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
@@ -11,6 +11,17 @@
 
 #include <libsnark/gadgetlib1/gadgets/basic_gadgets.hpp>
 
+/// Implementation of the Anenoi arithmetization-oriented hash function
+///
+/// Reference:
+/// - \[BBCPSVW22]:
+///   Title: "New Design Techniques for Efficient
+///   Arithmetization-Oriented Hash Functions: Anemoi Permutations and
+///   Jive Compression Mode", Clemence Bouvier, Pierre Briaud, Pyrros
+///   Chaidos, Leo Perrin, Robin Salen, Vesselin Velichkov, Danny
+///   Willems, Cryptology ePrint Archive, Report 2022/840, 2019,
+///   <https://eprint.iacr.org/2022/840>
+
 namespace libsnark
 {
 
@@ -232,7 +243,7 @@ class flystel_E_root_five_gadget : public gadget<FieldT>
 /// y0 = x0 - a0 + a2
 /// y1 = x1 - a1
 ///
-/// \note: in the paper (x0,x1)->(y0,y1) is denoted with (x,y)->(u,v)
+/// \note: in [BBCPSVW22] (x0,x1)->(y0,y1) is denoted with (x,y)->(u,v)
 template<typename FieldT, size_t generator>
 class flystel_prime_field_gadget : public gadget<FieldT>
 {

From e18fcc3ff01ef137bb5d9fdbbab8328f4ca16d2b Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Mon, 31 Oct 2022 12:05:36 +0000
Subject: [PATCH 051/112] anemoi: removed redundant comment
 (https://github.com/clearmatics/libsnark/pull/65#discussion_r992445155)

---
 .../gadgets/hashes/anemoi/anemoi_components.tcc     | 13 -------------
 1 file changed, 13 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
index ffb8bd367..a5f2ebc61 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
@@ -18,19 +18,6 @@
 namespace libsnark
 {
 
-// A R1CS constraint is a formal expression of the form
-//
-//                < A , X > * < B , X > = < C , X > ,
-//
-// where X = (x_0,x_1,...,x_m) is a vector of formal variables and
-// A,B,C each consist of 1+m elements in <FieldT> and <A, X> = \sum_i
-// (a_i x_i) is the dot product between vectors A and X. Equivalently,
-// the vectors A,B,C are linear combinations of X.
-//
-// A R1CS constraint is used to construct a R1CS constraint system.
-//
-// See also class \ef r1cs_constraint
-
 // R1CS constraints for the operation y = const_a x^2 + const_b with x = input,
 // y = output. This operation is realized by the components \ref
 // flystel_Q_gamma_prime_field_gadget and \ref

From f249b73afc9a3d6987ecc35ed8ad8f4bfb078c29 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Mon, 31 Oct 2022 12:18:20 +0000
Subject: [PATCH 052/112] anemoi: added editorial changes in comments

---
 .../gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc    | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
index a5f2ebc61..72d4d5ee1 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
@@ -70,7 +70,7 @@ void flystel_Q_gamma_prime_field_gadget<FieldT, generator>::
 }
 
 // compute a witness y for a given input x for the computation y =
-// beta x^2 + gamma, where x=input, y=output
+// beta x^2 + gamma
 template<typename FieldT, size_t generator>
 void flystel_Q_gamma_prime_field_gadget<FieldT, generator>::
     generate_r1cs_witness()
@@ -139,7 +139,7 @@ void flystel_Q_delta_prime_field_gadget<FieldT, generator>::
 }
 
 // R1CS constraints for the operation y = beta x^3 + gamma with
-// x=input, y=output. This operation is represented with two
+// x=input, y=output. This operation is represented with three
 // multiplications as y-gamma = ((beta x * x) * x). Equivalently:
 //
 // beta x1 * x1 = x2

From 99bfaa31784ac614c351efac4ca0a46d19f07b2e Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Mon, 31 Oct 2022 12:21:29 +0000
Subject: [PATCH 053/112] anemoi: changed comments in allocate() to match
 variable names
 (https://github.com/clearmatics/libsnark/pull/65#discussion_r992458348)

---
 .../gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc    | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
index 72d4d5ee1..36e1aa187 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
@@ -288,8 +288,8 @@ flystel_E_power_five_gadget<FieldT>::flystel_E_power_five_gadget(
     const pb_variable<FieldT> &output,
     const std::string &annotation_prefix)
     : gadget<FieldT>(pb, annotation_prefix)
-    , a0(pb_variable_allocate(pb, FMT(annotation_prefix, " internal value a0")))
-    , a1(pb_variable_allocate(pb, FMT(annotation_prefix, " internal value a1")))
+    , a0(pb_variable_allocate(pb, FMT(annotation_prefix, " a0")))
+    , a1(pb_variable_allocate(pb, FMT(annotation_prefix, " a1")))
     , input(input)
     , output(output)
 {

From 853afc23693b510daffbbf2af195e592deae3abb Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Mon, 31 Oct 2022 12:27:34 +0000
Subject: [PATCH 054/112] anemoi: uncommented test_pb_verify_circuit which was
 temporarily commented for debug.

---
 .../gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp          | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
index b847f3070..518c98a7f 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
@@ -198,7 +198,7 @@ template<typename ppT> void test_flystel_prime_field_gadget(const size_t n)
     ASSERT_EQ(y1_expect, pb.val(y1));
     ASSERT_TRUE(pb.is_satisfied());
 
-    //    test_pb_verify_circuit<ppT>(pb);
+    test_pb_verify_circuit<ppT>(pb);
 
     libff::print_time("flystel_prime_field_gadget tests successful");
 }

From ff230142de461de73f30f27640c3b718efff329c Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Mon, 31 Oct 2022 12:37:59 +0000
Subject: [PATCH 055/112] anemoi: removed redundant asserts in pb_variable
 added earlier for debug
 (https://github.com/clearmatics/libsnark/pull/65#discussion_r992475721,
 https://github.com/clearmatics/libsnark/pull/65#discussion_r992476561)

---
 libsnark/gadgetlib1/pb_variable.tcc | 2 --
 1 file changed, 2 deletions(-)

diff --git a/libsnark/gadgetlib1/pb_variable.tcc b/libsnark/gadgetlib1/pb_variable.tcc
index 6898eb965..01786e516 100644
--- a/libsnark/gadgetlib1/pb_variable.tcc
+++ b/libsnark/gadgetlib1/pb_variable.tcc
@@ -141,7 +141,6 @@ pb_linear_combination<FieldT>::pb_linear_combination(
     protoboard<FieldT> &pb, const linear_combination<FieldT> &lc)
 {
     assign(pb, lc);
-    assert(this->is_variable == false);
 }
 
 template<typename FieldT>
@@ -151,7 +150,6 @@ void pb_linear_combination<FieldT>::assign(
     assert(this->is_variable == false);
     this->index = pb.allocate_lc_index();
     this->terms = lc.terms;
-    assert(this->is_variable == false);
 }
 
 template<typename FieldT>

From 0a609c96885f94e8f2b2a02ba003b3738b4f8dc3 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Mon, 31 Oct 2022 12:42:06 +0000
Subject: [PATCH 056/112] anemoi: removed redundant "== true" in if-statement
 (https://github.com/clearmatics/libsnark/pull/65#discussion_r992476857).

---
 libsnark/gadgetlib1/protoboard.tcc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libsnark/gadgetlib1/protoboard.tcc b/libsnark/gadgetlib1/protoboard.tcc
index 8de4fc37b..eb6e7b6ed 100644
--- a/libsnark/gadgetlib1/protoboard.tcc
+++ b/libsnark/gadgetlib1/protoboard.tcc
@@ -70,7 +70,7 @@ FieldT protoboard<FieldT>::val(const pb_variable<FieldT> &var) const
 template<typename FieldT>
 FieldT &protoboard<FieldT>::lc_val(const pb_linear_combination<FieldT> &lc)
 {
-    if (lc.is_variable == true) {
+    if (lc.is_variable) {
         return this->val(pb_variable<FieldT>(lc.index));
     } else {
         assert(lc.index < lc_values.size());

From e7190516fe0ecd5e312ed85a2b3293ffb0465a6e Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Wed, 2 Nov 2022 10:59:31 +0000
Subject: [PATCH 057/112] anemoi: removed all printf-s
 (https://github.com/clearmatics/libsnark/pull/65#discussion_r992448853,
 https://github.com/clearmatics/libsnark/issues/77)

---
 .../hashes/anemoi/anemoi_components.tcc       | 59 -------------------
 .../anemoi/tests/test_anemoi_gadget.cpp       | 27 ++++-----
 2 files changed, 10 insertions(+), 76 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
index 36e1aa187..a31a3bb26 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
@@ -52,8 +52,6 @@ flystel_Q_gamma_prime_field_gadget<FieldT, generator>::
     , input(input)
     , output(output)
 {
-    printf("[%s:%d] %s() input ", __FILE__, __LINE__, __FUNCTION__);
-    this->input.print();
 }
 
 template<typename FieldT, size_t generator>
@@ -79,12 +77,6 @@ void flystel_Q_gamma_prime_field_gadget<FieldT, generator>::
         input.evaluate(this->pb.full_variable_assignment());
     // y = beta x^2 + gamma
     this->pb.val(output) = this->beta * input_value * input_value + this->gamma;
-
-    printf("[%s:%d] flystel_Q_gamma_prime_field_gadget\n", __FILE__, __LINE__);
-    printf("[%s:%d] %s() input ", __FILE__, __LINE__, __FUNCTION__);
-    input_value.print();
-    printf("[%s:%d] %s() output ", __FILE__, __LINE__, __FUNCTION__);
-    this->pb.val(output).print();
 }
 
 template<typename FieldT, size_t generator>
@@ -130,12 +122,6 @@ void flystel_Q_delta_prime_field_gadget<FieldT, generator>::
         input.evaluate(this->pb.full_variable_assignment());
     // y = beta x^2 + delta
     this->pb.val(output) = this->beta * input_value * input_value + this->delta;
-
-    printf("[%s:%d] flystel_Q_delta_prime_field_gadget\n", __FILE__, __LINE__);
-    printf("[%s:%d] %s() input ", __FILE__, __LINE__, __FUNCTION__);
-    input_value.print();
-    printf("[%s:%d] %s() output ", __FILE__, __LINE__, __FUNCTION__);
-    this->pb.val(output).print();
 }
 
 // R1CS constraints for the operation y = beta x^3 + gamma with
@@ -200,11 +186,6 @@ void flystel_Q_gamma_binary_field_gadget<FieldT, generator>::
     this->pb.val(internal) = (this->beta * input_value) * input_value;
     // y = beta x^3 + gamma = x_internal * x + gamma
     this->pb.val(output) = this->pb.val(internal) * input_value + this->gamma;
-
-    printf("[%s:%d] %s() input ", __FILE__, __LINE__, __FUNCTION__);
-    input_value.print();
-    printf("[%s:%d] %s() output ", __FILE__, __LINE__, __FUNCTION__);
-    this->pb.val(output).print();
 }
 
 // R1CS constraints for the operation y = beta x^3 + delta with
@@ -257,11 +238,6 @@ void flystel_Q_delta_binary_field_gadget<FieldT, generator>::
     this->pb.val(internal) = (this->beta * input_value) * input_value;
     // y = beta x^3 + delta = x_internal * x + delta
     this->pb.val(output) = this->pb.val(internal) * input_value + this->delta;
-
-    printf("[%s:%d] %s() input ", __FILE__, __LINE__, __FUNCTION__);
-    input_value.print();
-    printf("[%s:%d] %s() output ", __FILE__, __LINE__, __FUNCTION__);
-    this->pb.val(output).print();
 }
 
 // R1CS constraints for the operation y = x^5 with x=input,
@@ -323,12 +299,6 @@ void flystel_E_power_five_gadget<FieldT>::generate_r1cs_witness()
     this->pb.val(a1) = (this->pb.val(a0)) * this->pb.val(a0);
     // y = x1 * x3
     this->pb.val(output) = input_value * this->pb.val(a1);
-
-    printf("[%s:%d] flystel_E_power_five_gadget\n", __FILE__, __LINE__);
-    printf("[%s:%d] %s() input ", __FILE__, __LINE__, __FUNCTION__);
-    input_value.print();
-    printf("[%s:%d] %s() output ", __FILE__, __LINE__, __FUNCTION__);
-    this->pb.val(output).print();
 }
 
 // R1CS constraints for the operation y = x^1/5 with x=input,
@@ -394,12 +364,6 @@ void flystel_E_root_five_gadget<FieldT>::generate_r1cs_witness()
     this->pb.val(a1) = (this->pb.val(a0)) * this->pb.val(a0);
     // y = x1 * x3
     this->pb.val(output) = y;
-
-    printf("[%s:%d] flystel_E_root_five_gadget\n", __FILE__, __LINE__);
-    printf("[%s:%d] %s() input ", __FILE__, __LINE__, __FUNCTION__);
-    input_value.print();
-    printf("[%s:%d] %s() output ", __FILE__, __LINE__, __FUNCTION__);
-    this->pb.val(output).print();
 }
 
 template<typename FieldT, size_t generator>
@@ -422,18 +386,6 @@ flystel_prime_field_gadget<FieldT, generator>::flystel_prime_field_gadget(
     , Q_delta(pb, x1 - a1, a2, FMT(annotation_prefix, " Q_delta"))
     , E_root_five(pb, x0 - a0, a1, FMT(annotation_prefix, " E_root_five"))
 {
-    const FieldT input_x0_value =
-        input_x0.evaluate(this->pb.full_variable_assignment());
-    const FieldT input_x1_value =
-        input_x1.evaluate(this->pb.full_variable_assignment());
-    const FieldT a0_value = this->pb.val(a0);
-
-    printf("[%s:%d] %s() x0 = ", __FILE__, __LINE__, __FUNCTION__);
-    input_x0_value.print();
-    printf("[%s:%d] %s() x1 = ", __FILE__, __LINE__, __FUNCTION__);
-    input_x1_value.print();
-    printf("[%s:%d] %s() a0 = ", __FILE__, __LINE__, __FUNCTION__);
-    a0_value.print();
 }
 
 template<typename FieldT, size_t generator>
@@ -459,17 +411,6 @@ void flystel_prime_field_gadget<FieldT, generator>::generate_r1cs_witness()
     this->pb.lc_val(output_y0) =
         input_x0_value - this->pb.val(a0) + this->pb.val(a2);
     this->pb.lc_val(output_y1) = input_x1_value - this->pb.val(a1);
-
-    printf("[%s:%d] x0  ", __FILE__, __LINE__);
-    input_x0_value.print();
-    printf("[%s:%d] a0  ", __FILE__, __LINE__);
-    this->pb.val(a0).print();
-    printf("[%s:%d] a2  ", __FILE__, __LINE__);
-    this->pb.val(a2).print();
-    printf("[%s:%d] y0  ", __FILE__, __LINE__);
-    this->pb.lc_val(output_y0).print();
-    printf("[%s:%d] y1  ", __FILE__, __LINE__);
-    this->pb.lc_val(output_y1).print();
 }
 
 template<typename FieldT, size_t NumStateColumns_L>
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
index 518c98a7f..8ce88d7d1 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
@@ -35,11 +35,9 @@ void test_pb_verify_circuit(protoboard<libff::Fr<ppT>> &pb)
         keypair.vk, primary_input, proof));
 }
 
-template<typename ppT>
-void test_flystel_Q_gamma_prime_field_gadget(const size_t n)
+template<typename ppT> void test_flystel_Q_gamma_prime_field_gadget()
 {
     using FieldT = libff::Fr<ppT>;
-    printf("testing flystel_power_two_gadget on all %zu bit strings\n", n);
     protoboard<FieldT> pb;
     pb_variable<FieldT> x;
     pb_variable<FieldT> y;
@@ -67,11 +65,9 @@ void test_flystel_Q_gamma_prime_field_gadget(const size_t n)
     libff::print_time("flystel_power_two_gadget tests successful");
 }
 
-template<typename ppT>
-void test_flystel_Q_gamma_binary_field_gadge(const size_t n)
+template<typename ppT> void test_flystel_Q_gamma_binary_field_gadge()
 {
     using FieldT = libff::Fr<ppT>;
-    printf("testing flystel_power_three_gadget on all %zu bit strings\n", n);
 
     protoboard<FieldT> pb;
     pb_variable<FieldT> x;
@@ -101,10 +97,9 @@ void test_flystel_Q_gamma_binary_field_gadge(const size_t n)
     libff::print_time("flystel_power_three_gadget tests successful");
 }
 
-template<typename ppT> void test_flystel_E_power_five_gadget(const size_t n)
+template<typename ppT> void test_flystel_E_power_five_gadget()
 {
     using FieldT = libff::Fr<ppT>;
-    printf("testing flystel_E_power_five_gadget on all %zu bit strings\n", n);
 
     protoboard<FieldT> pb;
     pb_variable<FieldT> x;
@@ -131,10 +126,9 @@ template<typename ppT> void test_flystel_E_power_five_gadget(const size_t n)
     libff::print_time("flystel_E_power_five_gadget tests successful");
 }
 
-template<typename ppT> void test_flystel_E_root_five_gadget(const size_t n)
+template<typename ppT> void test_flystel_E_root_five_gadget()
 {
     using FieldT = libff::Fr<ppT>;
-    printf("testing flystel_E_root_five_gadget on all %zu bit strings\n", n);
 
     protoboard<FieldT> pb;
     pb_variable<FieldT> x;
@@ -165,10 +159,9 @@ template<typename ppT> void test_flystel_E_root_five_gadget(const size_t n)
     libff::print_time("flystel_E_root_five_gadget tests successful");
 }
 
-template<typename ppT> void test_flystel_prime_field_gadget(const size_t n)
+template<typename ppT> void test_flystel_prime_field_gadget()
 {
     using FieldT = libff::Fr<ppT>;
-    printf("testing flystel_prime_field_gadget on all %zu bit strings\n", n);
 
     protoboard<FieldT> pb;
 
@@ -213,10 +206,10 @@ int main()
     libff::bls12_381_pp::init_public_params();
     using ppT = libff::bls12_381_pp;
 
-    test_flystel_Q_gamma_prime_field_gadget<ppT>(10);
-    test_flystel_Q_gamma_binary_field_gadge<ppT>(10);
-    test_flystel_E_power_five_gadget<ppT>(10);
-    test_flystel_E_root_five_gadget<ppT>(10);
-    test_flystel_prime_field_gadget<ppT>(10);
+    test_flystel_Q_gamma_prime_field_gadget<ppT>();
+    test_flystel_Q_gamma_binary_field_gadge<ppT>();
+    test_flystel_E_power_five_gadget<ppT>();
+    test_flystel_E_root_five_gadget<ppT>();
+    test_flystel_prime_field_gadget<ppT>();
     return 0;
 }

From ab8832a4b5b31c99e71aaf56257a4503235b4120 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Wed, 2 Nov 2022 11:09:25 +0000
Subject: [PATCH 058/112] anemoi: clarified comment
 (https://github.com/clearmatics/libsnark/pull/65#discussion_r992455606)

---
 .../gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc    | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
index a31a3bb26..8a5eaa6aa 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
@@ -125,8 +125,8 @@ void flystel_Q_delta_prime_field_gadget<FieldT, generator>::
 }
 
 // R1CS constraints for the operation y = beta x^3 + gamma with
-// x=input, y=output. This operation is represented with three
-// multiplications as y-gamma = ((beta x * x) * x). Equivalently:
+// x=input, y=output, represented as y-gamma = ((beta x * x) *
+// x) or equivalently:
 //
 // beta x1 * x1 = x2
 // x2 * x1 = x3-gamma

From 61b6f28e89d4d5eefb29db30f816baf9ec032c1a Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Wed, 2 Nov 2022 11:13:40 +0000
Subject: [PATCH 059/112] anemoi: added missing calls to test_pb_verify_circuit

---
 .../gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp       | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
index 8ce88d7d1..f8303eec0 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
@@ -62,6 +62,8 @@ template<typename ppT> void test_flystel_Q_gamma_prime_field_gadget()
     // the expected output is 13 for input 2
     ASSERT_EQ(pb.val(y), 13);
     ASSERT_TRUE(pb.is_satisfied());
+    test_pb_verify_circuit<ppT>(pb);
+
     libff::print_time("flystel_power_two_gadget tests successful");
 }
 
@@ -93,6 +95,7 @@ template<typename ppT> void test_flystel_Q_gamma_binary_field_gadge()
     // the expected output is 21 for input 2
     ASSERT_EQ(pb.val(y), 21);
     ASSERT_TRUE(pb.is_satisfied());
+    test_pb_verify_circuit<ppT>(pb);
 
     libff::print_time("flystel_power_three_gadget tests successful");
 }
@@ -122,6 +125,7 @@ template<typename ppT> void test_flystel_E_power_five_gadget()
     // the expected output is 32 for input 2
     ASSERT_EQ(pb.val(y), 32);
     ASSERT_TRUE(pb.is_satisfied());
+    test_pb_verify_circuit<ppT>(pb);
 
     libff::print_time("flystel_E_power_five_gadget tests successful");
 }
@@ -155,6 +159,7 @@ template<typename ppT> void test_flystel_E_root_five_gadget()
     // the expected output is 32 for input 2
     ASSERT_EQ(pb.val(y), y_expected);
     ASSERT_TRUE(pb.is_satisfied());
+    test_pb_verify_circuit<ppT>(pb);
 
     libff::print_time("flystel_E_root_five_gadget tests successful");
 }

From e970f7984d5016b68ad205a721caf25b756894a1 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Wed, 2 Nov 2022 11:22:12 +0000
Subject: [PATCH 060/112] anemoi: added missing const identifier
 (https://github.com/clearmatics/libsnark/pull/65#discussion_r1010576258)

---
 libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
index fb18db7f4..f4c723c16 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
@@ -126,7 +126,7 @@ class flystel_Q_gamma_binary_field_gadget : public gadget<FieldT>
 {
 private:
     /// internal (i.e. intermediate) variable
-    pb_variable<FieldT> internal;
+    const pb_variable<FieldT> internal;
     /// constants
     const FieldT beta;
     const FieldT gamma;

From 28d960e8d81aa9e19b24b88a738977970bc4c7c7 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Wed, 2 Nov 2022 11:27:11 +0000
Subject: [PATCH 061/112] anemoi: removed redundant comments

---
 .../gadgets/hashes/anemoi/anemoi_components.hpp      | 12 ------------
 1 file changed, 12 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
index f4c723c16..19db79c2b 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
@@ -68,12 +68,10 @@ template<typename FieldT, size_t generator>
 class flystel_Q_gamma_prime_field_gadget : public gadget<FieldT>
 {
 private:
-    // constants
     const FieldT beta;
     const FieldT gamma;
 
 public:
-    // input/output
     const linear_combination<FieldT> input;
     const pb_variable<FieldT> output;
 
@@ -95,12 +93,10 @@ template<typename FieldT, size_t generator>
 class flystel_Q_delta_prime_field_gadget : public gadget<FieldT>
 {
 private:
-    // constants
     const FieldT beta;
     const FieldT delta;
 
 public:
-    // input/output
     const linear_combination<FieldT> input;
     const pb_variable<FieldT> output;
 
@@ -125,14 +121,11 @@ template<typename FieldT, size_t generator>
 class flystel_Q_gamma_binary_field_gadget : public gadget<FieldT>
 {
 private:
-    /// internal (i.e. intermediate) variable
     const pb_variable<FieldT> internal;
-    /// constants
     const FieldT beta;
     const FieldT gamma;
 
 public:
-    /// input/output
     const linear_combination<FieldT> input;
     const pb_variable<FieldT> output;
 
@@ -157,14 +150,11 @@ template<typename FieldT, size_t generator>
 class flystel_Q_delta_binary_field_gadget : public gadget<FieldT>
 {
 private:
-    /// internal (i.e. intermediate) variable
     const pb_variable<FieldT> internal;
-    /// constants
     const FieldT beta;
     const FieldT delta;
 
 public:
-    /// input/output
     const linear_combination<FieldT> input;
     const pb_variable<FieldT> output;
 
@@ -190,7 +180,6 @@ class flystel_E_power_five_gadget : public gadget<FieldT>
     const pb_variable<FieldT> a1;
 
 public:
-    /// input/output
     const linear_combination<FieldT> input;
     const pb_variable<FieldT> output;
 
@@ -216,7 +205,6 @@ class flystel_E_root_five_gadget : public gadget<FieldT>
     const pb_variable<FieldT> a1;
 
 public:
-    /// input/output
     const linear_combination<FieldT> input;
     const pb_variable<FieldT> output;
 

From 42f79e8226d1901c1e665c154fc41b141db8b7f1 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Wed, 2 Nov 2022 11:29:35 +0000
Subject: [PATCH 062/112] anemoi: removed redundant include
 (https://github.com/clearmatics/libsnark/pull/65#discussion_r1010607147)

---
 .../gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp          | 2 --
 1 file changed, 2 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
index f8303eec0..00656f79f 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
@@ -16,8 +16,6 @@
 #include <libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp>
 #include <libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_constants.hpp>
 #include <libsnark/zk_proof_systems/ppzksnark/r1cs_gg_ppzksnark/r1cs_gg_ppzksnark.hpp>
-//#include
-//<libsnark/zk_proof_systems/ppzksnark/r1cs_ppzksnark/r1cs_ppzksnark.hpp>
 
 using namespace libsnark;
 

From 39f1eefaa813863d87131200f535a72ca0fd6d51 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Wed, 2 Nov 2022 14:50:38 +0000
Subject: [PATCH 063/112] anemoi: switched to gtest framework
 (https://github.com/clearmatics/libsnark/pull/65#discussion_r992473776,
 https://github.com/clearmatics/libsnark/issues/77#issue-1431671566)

---
 .../anemoi/tests/test_anemoi_gadget.cpp       | 20 +++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
index 00656f79f..3e3380b81 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
@@ -199,20 +199,24 @@ template<typename ppT> void test_flystel_prime_field_gadget()
     libff::print_time("flystel_prime_field_gadget tests successful");
 }
 
-int main()
+template<typename ppT> void test_for_curve()
 {
-    libff::start_profiling();
+    // Execute all tests for the given curve.
 
-    //    libff::default_ec_pp::init_public_params();
-    //    using FieldT = libff::Fr<libff::default_ec_pp>;
-
-    libff::bls12_381_pp::init_public_params();
-    using ppT = libff::bls12_381_pp;
+    ppT::init_public_params();
 
     test_flystel_Q_gamma_prime_field_gadget<ppT>();
     test_flystel_Q_gamma_binary_field_gadge<ppT>();
     test_flystel_E_power_five_gadget<ppT>();
     test_flystel_E_root_five_gadget<ppT>();
     test_flystel_prime_field_gadget<ppT>();
-    return 0;
+}
+
+TEST(TestAnemoiGadget, BLS12_381) { test_for_curve<libff::bls12_381_pp>(); }
+
+int main(int argc, char **argv)
+{
+    libff::bls12_381_pp::init_public_params();
+    ::testing::InitGoogleTest(&argc, argv);
+    return RUN_ALL_TESTS();
 }

From e567f8a0a154666779aa640f5bc976e88c73e369 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Wed, 12 Oct 2022 15:05:09 +0100
Subject: [PATCH 064/112] anemoi: added script for generating Anemoi parameters
 for different curves

---
 scripts/anemoi-hash/LICENSE.md      |  19 +
 scripts/anemoi-hash/README.md       |  33 +
 scripts/anemoi-hash/anemoi.sage     | 893 ++++++++++++++++++++++++++++
 scripts/anemoi-hash/constants.py    |  17 +
 scripts/anemoi-hash/parameters.sage |  42 ++
 5 files changed, 1004 insertions(+)
 create mode 100644 scripts/anemoi-hash/LICENSE.md
 create mode 100644 scripts/anemoi-hash/README.md
 create mode 100644 scripts/anemoi-hash/anemoi.sage
 create mode 100644 scripts/anemoi-hash/constants.py
 create mode 100644 scripts/anemoi-hash/parameters.sage

diff --git a/scripts/anemoi-hash/LICENSE.md b/scripts/anemoi-hash/LICENSE.md
new file mode 100644
index 000000000..be5a79407
--- /dev/null
+++ b/scripts/anemoi-hash/LICENSE.md
@@ -0,0 +1,19 @@
+Copyright (c) 2022 - Bouvier, Briaud, Chaidos, Perrin, Velichkov
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
\ No newline at end of file
diff --git a/scripts/anemoi-hash/README.md b/scripts/anemoi-hash/README.md
new file mode 100644
index 000000000..ade7e6ab0
--- /dev/null
+++ b/scripts/anemoi-hash/README.md
@@ -0,0 +1,33 @@
+# Anemoi: a Family of ZK-friendly AO Hash Functions
+
+This repository contains a first implementation in sage of the **Anemoi** family of hash functions.
+**Anemoi** is a family of Arithmetization Oriented Hash Functions that operates over prime and binary fields.
+
+Our paper on Anemoi can be found on ePrint: https://eprint.iacr.org/2022/840.
+
+## Contents
+The sage script ```anemoi.sage``` contains various routines to evaluate **Anemoi** (including **AnemoiJive** and **AnemoiSponge**) but also to generate the corresponding systems of equations.
+
+First some basics functions allow to provide well-chosen parameters: field, number of rounds, linear layer, ... for various instances of **Anemoi**.
+
+The class ```AnemoiPermutation``` then contains different sections:
+- Sub-components: ```evaluate_sbox``` and ```linear_layer``` respectively apply our **Flystel** construction and the linear layer.
+- Evaluation: ```eval_with_intermediate_values``` performs an evaluation of **Anemoi** using the SPN construction. The function also return intermediate values as this can be used to check the solutions of the systems of equations generated.
+- Writing full system of equations: ```get_polynomial_variables```, ```verification_polynomials``` and ```print_verification_polynomials``` allow to generate the corresponding multivariate system of polynomial equations. This indeed allowed us to perform our security analysis using Grobner basis attacks. 
+
+The two functions ```jive``` and ```sponge_hash``` are routines to evaluate **AnemoiJive** and **AnemoiSponge** that respectively correspond to our Merkle Compression function, and our Hash function.
+
+## Authors
+- [Clémence Bouvier](https://who.rocq.inria.fr/Clemence.Bouvier/), Sorbonne University, France - Inria, France
+- [Pierre Briaud](https://who.rocq.inria.fr/Pierre.Briaud/), Sorbonne University, France - Inria, France
+- Pyrros Chaidos, National & Kapodistrian University of Athens, Greece,
+- [Léo Perrin](https://who.paris.inria.fr/Leo.Perrin/), Inria, France
+- Vesselin Velichkov, University of Edinburgh, Scotland - Clearmatics, England
+
+
+## Third-party implementations
+Please contact us if you have any **Anemoi** implementations to share.
+
+
+## License
+This repository is distributed under the terms of the MIT License.
diff --git a/scripts/anemoi-hash/anemoi.sage b/scripts/anemoi-hash/anemoi.sage
new file mode 100644
index 000000000..f99d5ca3d
--- /dev/null
+++ b/scripts/anemoi-hash/anemoi.sage
@@ -0,0 +1,893 @@
+#!/usr/bin/sage
+# -*- mode: python ; -*-
+
+from sage.all import *
+import hashlib
+import itertools
+
+from constants import *
+
+COST_ALPHA = {
+    3   : 2, 5   : 3, 7   : 4, 9   : 4,
+    11  : 5, 13  : 5, 15  : 5, 17  : 5,
+    19  : 6, 21  : 6, 23  : 6, 25  : 6,
+    27  : 6, 29  : 7, 31  : 7, 33  : 6,
+    35  : 7, 37  : 7, 39  : 7, 41  : 7,
+    43  : 7, 45  : 7, 47  : 8, 49  : 7,
+    51  : 7, 53  : 8, 55  : 8, 57  : 8,
+    59  : 8, 61  : 8, 63  : 8, 65  : 7,
+    67  : 8, 69  : 8, 71  : 9, 73  : 8,
+    75  : 8, 77  : 8, 79  : 9, 81  : 8,
+    83  : 8, 85  : 8, 87  : 9, 89  : 9,
+    91  : 9, 93  : 9, 95  : 9, 97  : 8,
+    99  : 8, 101 : 9, 103 : 9, 105 : 9,
+    107 : 9, 109 : 9, 111 : 9, 113 : 9,
+    115 : 9, 117 : 9, 119 : 9, 121 : 9,
+    123 : 9, 125 : 9, 127 : 10,
+}
+
+ALPHA_BY_COST = {
+    c : [x for x in range(3, 128, 2) if COST_ALPHA[x] == c]
+    for c in range(2, 11)
+}
+
+PI_0 = 1415926535897932384626433832795028841971693993751058209749445923078164062862089986280348253421170679
+PI_1 = 8214808651328230664709384460955058223172535940812848111745028410270193852110555964462294895493038196
+
+def get_prime(N):
+    """Returns the highest prime number that is strictly smaller than
+    2**N.
+
+    """
+    result = (1 << N) - 1
+    while not is_prime(result):
+        result -= 2
+    return result
+
+
+def get_n_rounds(s, l, alpha):
+    """Returns the number of rounds needed in Anemoi (based on the
+    complexity of algebraic attacks).
+
+    """
+    r = 0
+    complexity = 0
+    while complexity < 2**s:
+        r += 1
+        complexity = binomial(
+            2*l*r + alpha + 1 + 2*(l*r-2),
+            2*l*r
+        )**2
+    r += l+1 # security margin
+    return max(10, r)
+
+
+# Linear layer generation
+
+def is_mds(m):
+    for i in reversed(range(1, m.ncols()+1)):
+        if (0 in m.minors(i)):
+            return False
+    return True
+
+def M_2(x_input, b):
+    x = x_input[:]
+    x[0] += b*x[1]
+    x[1] += b*x[0]
+    return x
+
+def M_3(x_input, b):
+    """Figure 6 of [DL18]."""
+    x = x_input[:]
+    t = x[0] + b*x[2]
+    x[2] += x[1]
+    x[2] += b*x[0]
+    x[0] = t + x[2]
+    x[1] += t
+    return x
+
+
+def M_4(x_input, b):
+    """Figure 8 of [DL18]."""
+    x = x_input[:]
+    x[0] += x[1]
+    x[2] += x[3]
+    x[3] += b*x[0]
+    x[1]  = b*(x[1] + x[2])
+    x[0] += x[1]
+    x[2] += b*x[3]
+    x[1] += x[2]
+    x[3] += x[0]
+    return x
+
+def lfsr(x_input, b):
+    x = x_input[:]
+    l = len(x)
+    for r in range(0, l):
+        t = sum(b**(2**i) * x[i] for i in range(0, l))
+        x = x[1:] + [t]
+    return x
+
+def circulant_matrix(field, l):
+    for v in itertools.combinations_with_replacement(range(0,l+1), l):
+        mat = matrix.circulant(list(v)).change_ring(field)
+        if is_mds(mat):
+            return(mat)
+
+def get_mds(field, l):
+    a = field.multiplicative_generator()
+    b = field.one()
+    t = 0
+    while True:
+        # we construct the matrix
+        mat = []
+        b = b*a
+        t += 1
+        if l <= 4:
+            for i in range(0, l):
+                x_i = [field.one() * (j == i) for j in range(0, l)]
+                if l == 2:
+                    mat.append(M_2(x_i, b))
+                elif l == 3:
+                    mat.append(M_3(x_i, b))
+                elif l == 4:
+                    mat.append(M_4(x_i, b))
+            mat = Matrix(field, l, l, mat)
+            if is_mds(mat):
+                return mat
+        else:
+            return circulant_matrix(field, l)
+
+# AnemoiPermutation class
+        
+class AnemoiPermutation:
+    def __init__(self,
+                 q=None,
+                 alpha=None,
+                 n_rounds=None,
+                 mat=None,
+                 n_cols=1,
+                 security_level=128):
+        if q == None:
+            raise Exception("The characteristic of the field must be specified!")
+        self.q = q
+        self.prime_field = is_prime(q)  # if true then we work over a
+                                        # prime field with
+                                        # characteristic just under
+                                        # 2**N, otherwise the
+                                        # characteristic is 2**self
+        self.n_cols = n_cols # the number of parallel S-boxes in each round
+        self.security_level = security_level
+        
+        # initializing the other variables in the state:
+        # - q     is the characteristic of the field
+        # - g     is a generator of the multiplicative subgroup 
+        # - alpha is the main exponent (in the center of the Flystel)
+        # - beta  is the coefficient in the quadratic subfunction
+        # - gamma is the constant in the second quadratic subfunction
+        # - QUAD  is the secondary (quadratic) exponent
+        # - from_field is a function mapping field elements to integers
+        # - to_field   is a function mapping integers to field elements
+        self.F = GF(self.q)
+        if self.prime_field:
+            if alpha != None:
+                if gcd(alpha, self.q-1) != 1:
+                    raise Exception("alpha should be co-prime with the characteristic!")
+                else:
+                    self.alpha = alpha
+            else:
+                self.alpha = 3
+                while gcd(self.alpha, self.q-1) != 1:
+                    self.alpha += 1
+            self.QUAD = 2
+            self.to_field   = lambda x : self.F(x)
+            self.from_field = lambda x : Integer(x)
+        else:
+            self.alpha = 3
+            self.QUAD = 3
+            self.to_field   = lambda x : self.F.fetch_int(x)
+            self.from_field = lambda x : x.integer_representation()
+        self.g = self.F.multiplicative_generator()
+        self.beta = self.g
+        self.delta = self.g**(-1)
+        self.alpha_inv = inverse_mod(self.alpha, self.q-1)
+                   
+        # total number of rounds
+        if n_rounds != None:
+            self.n_rounds = n_rounds
+        else:
+            self.n_rounds = get_n_rounds(self.security_level,
+                                         self.n_cols,
+                                         self.alpha)
+                   
+        # Choosing constants: self.C and self.D are built from the
+        # digits of pi using an open butterfly
+        self.C = []
+        self.D = []
+        pi_F_0 = self.to_field(PI_0 % self.q)
+        pi_F_1 = self.to_field(PI_1 % self.q)
+        for r in range(0, self.n_rounds):
+            pi_0_r = pi_F_0**r
+            self.C.append([])
+            self.D.append([])
+            for i in range(0, self.n_cols):
+                pi_1_i = pi_F_1**i
+                pow_alpha = (pi_0_r + pi_1_i)**self.alpha
+                self.C[r].append(self.g * (pi_0_r)**2 + pow_alpha)
+                self.D[r].append(self.g * (pi_1_i)**2 + pow_alpha + self.delta)
+        if self.n_cols == 1:
+            if mat == None:
+                self.mat = get_mds(self.F, 2)  # a linear layer is needed to mix the column
+            else:
+                assert(mat.ncols() == 2)
+                assert(mat.nrows() == 2)
+                assert(is_mds(mat))
+                self.mat = mat
+        else:
+            if mat == None:
+                self.mat = get_mds(self.F, self.n_cols)
+            else:
+                assert(is_mds(mat))
+                self.mat = mat
+
+
+    def __str__(self):
+        result = "Anemoi instance over F_{:d} ({}), n_rounds={:d}, n_cols={:d}, s={:d}".format(
+            self.q,
+            "odd prime field" if self.prime_field else "characteristic 2",
+            self.n_rounds,
+            self.n_cols,
+            self.security_level
+        )
+        result += "\nalpha={}, beta={}, \delta={}\nM_x=\n{}\n".format(
+            self.alpha,
+            self.beta,
+            self.delta,
+            self.mat
+        )
+        result += "C={}\nD={}".format(
+            [[self.from_field(x) for x in self.C[r]] for r in range(0, self.n_rounds)],
+            [[self.from_field(x) for x in self.D[r]] for r in range(0, self.n_rounds)],
+        )
+        return result
+    
+        
+    # !SECTION! Sub-components
+    
+    def evaluate_sbox(self, _x, _y):
+        """Applies an open Flystel to the full state. """
+        x, y = _x, _y
+        x -= self.beta*y**self.QUAD
+        y -= x**self.alpha_inv
+        x += self.beta*y**self.QUAD + self.delta
+        return x, y
+    
+    def linear_layer(self, _x, _y):
+        x, y = _x[:], _y[:]
+        if self.n_cols == 1:
+            r = self.mat*vector([x[0], y[0]])
+            return [r[0]], [r[1]]
+        else:
+            x = self.mat*vector(x)
+            y = self.mat*vector(y[1:] + [y[0]])
+            return list(x), list(y)
+        
+
+    # !SECTION! Evaluation
+
+    def eval_with_intermediate_values(self, _x, _y):
+        """Returns a list of vectors x_i and y_i such that [x_i, y_i] is the
+        internal state of Anemoi at the end of round i.
+
+        The output is of length self.n_rounds+2 since it also returns
+        the input values, and since there is a last degenerate round
+        consisting only in a linear layer.
+
+        """        
+        x, y = _x[:], _y[:]
+        result = [[x[:], y[:]]]
+        for r in range(0, self.n_rounds):
+            for i in range(0, self.n_cols):
+                x[i] += self.C[r][i]
+                y[i] += self.D[r][i]
+            x, y = self.linear_layer(x, y)
+            for i in range(0, self.n_cols):
+                x[i], y[i] = self.evaluate_sbox(x[i], y[i])
+            result.append([x[:], y[:]])
+        # final call to the linear layer
+        x, y = self.linear_layer(x, y)
+        result.append([x[:], y[:]])
+        return result
+
+
+    def input_size(self):
+        return 2*self.n_cols
+    
+    
+    def __call__(self, _x):
+        if len(_x) != self.input_size():
+            raise Exception("wrong input size!")
+        else:
+            x, y = _x[:self.n_cols], _x[self.n_cols:]
+            u, v = self.eval_with_intermediate_values(x, y)[-1]
+            return u + v # concatenation, not a sum
+    
+
+    # !SECTION! Writing full system of equations
+
+    def get_polynomial_variables(self):
+        """Returns polynomial variables from the appropriate multivariate
+        polynomial ring to work with this Anemoi instance.
+
+        """
+        x_vars = []
+        y_vars = []
+        all_vars = []
+        for r in range(0, self.n_rounds+1):
+            x_vars.append(["X{:02d}{:02d}".format(r, i) for i in range(0, self.n_cols)])
+            y_vars.append(["Y{:02d}{:02d}".format(r, i) for i in range(0, self.n_cols)])
+            all_vars += x_vars[-1]
+            all_vars += y_vars[-1]
+        pol_ring = PolynomialRing(self.F, (self.n_rounds+1)*2*self.n_cols, all_vars)
+        pol_gens = pol_ring.gens()
+        result = {"X" : [], "Y" : []}
+        for r in range(0, self.n_rounds+1):
+            result["X"].append([])
+            result["Y"].append([])
+            for i in range(0, self.n_cols):
+                result["X"][r].append(pol_gens[self.n_cols*2*r + i])
+                result["Y"][r].append(pol_gens[self.n_cols*2*r + i + self.n_cols])
+        return result
+        
+
+    def verification_polynomials(self, pol_vars):
+        """Returns the list of all the equations that all the intermediate
+        values must satisfy. It implicitely relies on the open Flystel
+        function."""
+        equations = []
+        for r in range(0, self.n_rounds):
+            # the outputs of the open flystel are the state variables x, y at round r+1
+            u = pol_vars["X"][r+1]
+            v = pol_vars["Y"][r+1]
+            # the inputs of the open flystel are the state variables
+            # x, y at round r after undergoing the constant addition
+            # and the linear layer
+            x, y = pol_vars["X"][r], pol_vars["Y"][r]
+            x = [x[i] + self.C[r][i] for i in range(0, self.n_cols)]
+            y = [y[i] + self.D[r][i] for i in range(0, self.n_cols)]
+            x, y = self.linear_layer(x, y)
+            for i in range(0, self.n_cols):
+                equations.append(
+                    (y[i]-v[i])**self.alpha + self.beta*y[i]**self.QUAD - x[i]
+                )
+                equations.append(
+                    (y[i]-v[i])**self.alpha + self.beta*v[i]**self.QUAD + self.delta - u[i]
+                )
+        return equations
+
+    
+    def print_verification_polynomials(self):
+        """Simply prints the equations modeling a full call to this
+        AnemoiPermutation instance in a user (and computer) readable
+        format. 
+
+        The first lines contains a comma separated list of all the
+        variables, and the second contains the field size. The
+        following ones contain the equations. This format is intended
+        for use with Magma.
+
+        """
+        p_vars = self.get_polynomial_variables()
+        eqs = self.verification_polynomials(p_vars)
+        variables_string = ""
+        for r in range(0, self.n_rounds+1):
+            variables_string += str(p_vars["X"][r])[1:-1] + "," + str(p_vars["Y"][r])[1:-1] + ","
+        print(variables_string[:-1].replace(" ", ""))
+        print(self.q)
+        for f in eqs:
+            print(f)
+
+
+            
+# !SECTION! Modes of operation
+
+
+def jive(P, b, _x):
+    """Returns an output b times smaller than _x using the Jive mode of
+    operation and the permutation P.
+
+    """
+    if b < 2:
+        raise Exception("b must be at least equal to 2")
+    if P.input_size() % b != 0:
+        raise Exception("b must divide the input size!")
+    c = P.input_size()/b # length of the compressed output
+    if c * P.F.cardinality().nbits() < 2 * P.security_level:
+        raise Exception(f"digest size is too small for the targeted security level!")
+    x = _x[:]
+    u = P(x)
+    compressed = []
+    for i in range(0, c):
+        compressed.append(sum(x[i+c*j] + u[i+c*j]
+                              for j in range(0, b)))
+    return compressed
+        
+        
+def sponge_hash(P, r, h, _x):
+    """Uses Hirose's variant of the sponge construction to hash the
+    message x using the permutation P with rate r, outputting a digest
+    of size h.
+
+    """
+    x = _x[:]
+    if P.input_size() <= r:
+        raise Exception("rate must be strictly smaller than state size!")
+    if h * P.F.cardinality().nbits() < 2 * P.security_level:
+        raise Exception(f"digest size is too small for the targeted security level!")
+    # message padding (and domain separator computation)
+    if len(x) % r == 0 and len(x) != 0:
+        sigma = 1
+    else:
+        sigma = 0
+        x += [1]
+        # if x is still not long enough, append 0s
+        if len(x) % r != 0:
+            x += (r - (len(x) % r))*[0]
+    padded_x = [[x[pos+i] for i in range(0, r)]
+                for pos in range(0, len(x), r)]
+    # absorption phase
+    internal_state = [0] * P.input_size()
+    for pos in range(0, len(padded_x)):
+        for i in range(0, r):
+            internal_state[i] += padded_x[pos][i]
+        internal_state = P(internal_state)
+        if pos == len(padded_x)-1:
+            # adding sigma if it is the last block
+            internal_state[-1] += sigma
+    # squeezing
+    digest = []
+    pos = 0
+    while len(digest) < h:
+        digest.append(internal_state[pos])
+        pos += 1
+        if pos == r:
+            pos = 0
+            internal_state = P(internal_state)
+    return digest
+    
+
+# !SECTION! Tests
+
+def check_polynomial_verification(n_tests=10, q=2**63, alpha=3, n_rounds=3, n_cols=1):
+    """Let `A` be an AnemoiPermutation instance with the parameters input to this function.
+
+    It cerifies that the internal state values generated by
+    A.eval_with_intermediate_state() are indeed roots of the equations
+    generated by A.verification_polynomials(). This is repeated on
+    n_tests random inputs.
+
+    """
+    A = AnemoiPermutation(q=q, alpha=alpha, n_rounds=n_rounds, n_cols=n_cols)
+    # formal polynomial variables and equations
+    p_vars = A.get_polynomial_variables()
+    eqs = A.verification_polynomials(p_vars)
+    A.print_verification_polynomials()
+    # for n_tests random inputs, we check that the equations are
+    # coherent with the actual intermediate values
+    print("\n ======== Verification:")
+    print(A)
+    print("{} equations in {} variables.".format(
+        len(eqs),
+        (A.n_rounds+1) * 2 * A.n_cols,
+    ))
+    for t in range(0, n_tests):
+        # generate random input
+        x = [A.to_field(randint(0, A.q - 1))
+             for i in range(0, A.n_cols)]
+        y = [A.to_field(randint(0, A.q - 1))
+             for i in range(0, A.n_cols)]
+        # generate intermediate values, formal polynomial variables,
+        # and equations
+        iv = A.eval_with_intermediate_values(x, y)
+        p_vars = A.get_polynomial_variables()
+        eqs = A.verification_polynomials(p_vars)
+        # obtain variable assignment from the actual evaluation
+        assignment = {}
+        for r in range(0, A.n_rounds+1):
+            for i in range(0, A.n_cols):
+                assignment[p_vars["X"][r][i]] = iv[r][0][i]
+                assignment[p_vars["Y"][r][i]] = iv[r][1][i]
+        # printing the value of the equations for the actual
+        # intermediate states
+        print("\n--- ", t, "(all values except the input should be 0)")
+        print("input: ", x, y)
+        for r in range(0, A.n_rounds):
+            polynomial_values = [eqs[r*2*A.n_cols + i].subs(assignment)
+                                 for i in range(0, 2*A.n_cols)]
+            print("round {:3d}: {}\n           {}".format(
+                r, 
+                polynomial_values[0::2],
+                polynomial_values[1::2]
+            ))
+    
+
+def test_jive(n_tests=10, 
+              q=2**63, alpha=3, 
+              n_rounds=None, 
+              n_cols=1, 
+              b=2,
+              security_level=32):
+    """Let `A` be and AnemoiPermutation instance with the parameters input
+    to this function.
+
+    This function evaluates Jive_b on random inputs using `A` as its
+    permutation.
+
+    """
+    A = AnemoiPermutation(q=q, alpha=alpha, n_rounds=n_rounds, n_cols=n_cols, security_level=security_level)
+    print(A)
+    for t in range(0, n_tests):
+        # generate random input
+        x = [A.to_field(randint(0, A.q - 1))
+             for i in range(0, A.n_cols)]
+        y = [A.to_field(randint(0, A.q - 1))
+             for i in range(0, A.n_cols)]
+        print("x = {}\ny = {}\nAnemoiJive_{}(x,y) = {}".format(
+            x,
+            y,
+            b,
+            jive(A, b, x + y)
+        ))
+    
+
+def test_sponge(n_tests=10, 
+                q=2**63, 
+                alpha=3, 
+                n_rounds=None, 
+                n_cols=1, 
+                b=2,
+                security_level=32):
+    """Let `A` be an AnemoiPermutation instance with the parameters input
+    to this function.
+
+    This function evaluates sponge on random inputs using `A` as its
+    permutation, and a rate of A.input_size()-1 (so, a capacity of 1),
+    and generates a 2 word output.
+
+    """
+    A = AnemoiPermutation(q=q, alpha=alpha, n_rounds=n_rounds, n_cols=n_cols, security_level=security_level)
+    print(A)
+    for t in range(0, n_tests):
+        # generate random input of length t
+        x = [A.to_field(randint(0, A.q - 1))
+             for i in range(0, t)]
+        print("x = {}\nAnemoiSponge(x) = {}".format(
+            x,
+            sponge_hash(A, 2, 2, x)
+        ))
+
+def generate_test_vectors_jive(P, b, n):
+    """
+    Outputs `n` deterministic test vectors for the provided AnemoiPermutation
+    `P` with compression factor `b`.
+    """
+    assert n >= 4, "The number of test vectors should be greater than 4."
+    m = hashlib.sha512(str(P).encode())
+    m.update("Jive test vectors".encode())
+    m.update(f"B={b}".encode())
+    seed = Integer(m.digest().hex(), 16)
+
+    inputs = []
+    outputs = []
+    inputs.append([P.F(0) for _ in range(P.input_size())])
+    inputs.append([P.F(1) for _ in range(P.input_size())])
+    inputs.append([P.F(0) for _ in range(P.n_cols)] + [P.F(1) for _ in range(P.n_cols)])
+    inputs.append([P.F(1) for _ in range(P.n_cols)] + [P.F(0) for _ in range(P.n_cols)])
+    for i in range(n - 4):
+        input = []
+        for _ in range(P.input_size()):
+            input.append(P.to_field(seed))
+            m.update(str(seed).encode())
+            seed = Integer(m.digest().hex(), 16)
+        inputs.append(input)
+    for input in inputs:
+        outputs.append(jive(P, b, input))
+
+    print(
+        "Test vectors for Anemoi instance over F_{:d}, n_rounds={:d}, n_cols={:d}, s={:d}".format(
+        P.q,
+        P.n_rounds,
+        P.n_cols,
+        P.security_level)
+    )
+    return (inputs, outputs)
+
+
+def generate_test_vectors_sponge(P, r, h, n):
+    """
+    Outputs `n` deterministic test vectors for the provided AnemoiPermutation
+    `P` with rate `r` and digest size `h`.
+    """
+    assert n >= 4, "The number of test vectors should be greater than 4."
+    m = hashlib.sha512(str(P).encode())
+    m.update("Sponge test vectors".encode())
+    m.update(f"R={r}".encode())
+    m.update(f"H={h}".encode())
+    seed = Integer(m.digest().hex(), 16)
+
+    inputs = []
+    outputs = []
+    inputs.append([P.F(0) for _ in range(P.input_size())])
+    inputs.append([P.F(1) for _ in range(P.input_size())])
+    inputs.append([P.F(0) for _ in range(P.n_cols)] + [P.F(1) for _ in range(P.n_cols)])
+    inputs.append([P.F(1) for _ in range(P.n_cols)] + [P.F(0) for _ in range(P.n_cols)])
+    for i in range(n - 4):
+        input = []
+        for _ in range(i+1):
+            input.append(P.to_field(seed))
+            m.update(str(seed).encode())
+            seed = Integer(m.digest().hex(), 16)
+        inputs.append(input)
+    for input in inputs:
+        outputs.append(sponge_hash(P, r, h, input))
+
+    print(
+        "Test vectors for Anemoi instance over F_{:d}, n_rounds={:d}, n_cols={:d}, s={:d}".format(
+        P.q,
+        P.n_rounds,
+        P.n_cols,
+        P.security_level)
+    )
+    return (inputs, outputs)
+
+
+def generate_test_vectors_sbox(P, n):
+    """
+    Outputs `n` deterministic test vectors for the provided AnemoiPermutation
+    `P` with rate `r`, digest size `h` and.
+    """
+    assert n >= 4, "The number of test vectors should be greater than 4."
+    m = hashlib.sha512(str(P).encode())
+    m.update("S-Box test vectors".encode())
+    seed = Integer(m.digest().hex(), 16)
+
+    inputs = []
+    outputs = []
+    inputs.append([P.F(0) for _ in range(P.input_size())])
+    inputs.append([P.F(1) for _ in range(P.input_size())])
+    inputs.append([P.F(0) for _ in range(P.n_cols)] + [P.F(1) for _ in range(P.n_cols)])
+    inputs.append([P.F(1) for _ in range(P.n_cols)] + [P.F(0) for _ in range(P.n_cols)])
+
+    for _ in range(n - 4):
+        input = []
+        for _ in range(P.input_size()):
+            input.append(P.to_field(seed))
+            m.update(str(seed).encode())
+            seed = Integer(m.digest().hex(), 16)
+        inputs.append(input)
+    for input in inputs:
+        x = [0 for i in range(P.n_cols)]
+        y = [0 for i in range(P.n_cols)]
+        for i in range(P.n_cols):
+            x[i], y[i] = P.evaluate_sbox(input[i], input[P.n_cols + i])
+        x.extend(y)
+        outputs.append(x)
+
+    return (inputs, outputs)
+
+
+def generate_test_vectors_mds(P, n):
+    """
+    Outputs `n` deterministic test vectors for the provided AnemoiPermutation
+    `P` with rate `r`, digest size `h` and.
+    """
+    assert n >= 4, "The number of test vectors should be greater than 4."
+    m = hashlib.sha512(str(P).encode())
+    m.update("MDS test vectors".encode())
+    seed = Integer(m.digest().hex(), 16)
+
+    inputs = []
+    outputs = []
+    inputs.append([P.F(0) for _ in range(P.input_size())])
+    inputs.append([P.F(1) for _ in range(P.input_size())])
+    inputs.append([P.F(0) for _ in range(P.n_cols)] + [P.F(1) for _ in range(P.n_cols)])
+    inputs.append([P.F(1) for _ in range(P.n_cols)] + [P.F(0) for _ in range(P.n_cols)])
+    for _ in range(n - 4):
+        input = []
+        for _ in range(P.input_size()):
+            input.append(P.to_field(seed))
+            m.update(str(seed).encode())
+            seed = Integer(m.digest().hex(), 16)
+        inputs.append(input)
+    for input in inputs:
+        x,y = P.linear_layer(input[0:P.n_cols], input[P.n_cols:])
+        x.extend(y)
+        outputs.append(x)
+
+    return (inputs, outputs)
+
+
+def anemoi_instances():
+
+    # accumulating relevant Anemoi instances
+    A = []
+    
+    # 128-bit security level instantiations
+
+    A_BLS_12_381_SCALARFIELD_1_COL_128_BITS = AnemoiPermutation(
+        q=BLS12_381_SCALARFIELD,
+        n_cols=1,
+        security_level=128
+    )
+    A.append(
+        ("A_BLS_12_381_SCALARFIELD_1_COL_128_BITS",
+         A_BLS_12_381_SCALARFIELD_1_COL_128_BITS))
+    A_BLS_12_381_SCALARFIELD_4_COL_128_BITS =AnemoiPermutation(
+        q=BLS12_381_SCALARFIELD,
+        n_cols=4,
+        security_level=128
+    )
+    A.append(
+        ("A_BLS_12_381_SCALARFIELD_4_COL_128_BITS",
+         A_BLS_12_381_SCALARFIELD_4_COL_128_BITS))
+    A_BLS_12_381_SCALARFIELD_6_COL_128_BITS =AnemoiPermutation(
+        q=BLS12_381_SCALARFIELD,
+        mat=matrix.circulant([1, 1, 3, 4, 5, 6]),
+        n_cols=6,
+        security_level=128)
+    A.append(
+        ("A_BLS_12_381_SCALARFIELD_6_COL_128_BITS",
+         A_BLS_12_381_SCALARFIELD_6_COL_128_BITS))
+
+    A_BLS_12_377_SCALARFIELD_1_COL_128_BITS =AnemoiPermutation(
+        q=BLS12_377_SCALARFIELD,
+        n_cols=1,
+        security_level=128
+    )
+    A_BLS_12_377_SCALARFIELD_4_COL_128_BITS =AnemoiPermutation(
+        q=BLS12_377_SCALARFIELD,
+        n_cols=4,
+        security_level=128
+    )
+    A_BLS_12_377_SCALARFIELD_6_COL_128_BITS =AnemoiPermutation(
+        q=BLS12_377_SCALARFIELD,
+        mat=matrix.circulant([1, 1, 3, 4, 5, 6]),
+        n_cols=6,
+        security_level=128)
+
+    A_BN_254_SCALARFIELD_1_COL_128_BITS =AnemoiPermutation(
+        q=BN_254_SCALARFIELD,
+        n_cols=1,
+        security_level=128
+    )
+    A_BN_254_SCALARFIELD_4_COL_128_BITS =AnemoiPermutation(
+        q=BN_254_SCALARFIELD,
+        n_cols=4,
+        security_level=128
+    )
+    A_BN_254_SCALARFIELD_6_COL_128_BITS =AnemoiPermutation(
+        q=BN_254_SCALARFIELD,
+        mat=matrix.circulant([1, 1, 3, 4, 5, 6]),
+        n_cols=6,
+        security_level=128)
+
+    A_JUBJUB_SCALARFIELD_1_COL_128_BITS =AnemoiPermutation(
+        q=BLS12_381_SCALARFIELD,
+        n_cols=1,
+        security_level=128
+    )
+    A_JUBJUB_SCALARFIELD_4_COL_128_BITS =AnemoiPermutation(
+        q=BLS12_381_SCALARFIELD,
+        n_cols=4,
+        security_level=128
+    )
+    A_JUBJUB_SCALARFIELD_6_COL_128_BITS =AnemoiPermutation(
+        q=BLS12_381_SCALARFIELD,
+        mat=matrix.circulant([1, 1, 3, 4, 5, 6]),
+        n_cols=6,
+        security_level=128)
+
+    A_GOLDILOCKS_64_FIELD_1_COL_128_BITS =AnemoiPermutation(
+        q=GOLDILOCKS_64_FIELD,
+        n_cols=1,
+        security_level=128
+    )
+    A_GOLDILOCKS_64_FIELD_4_COL_128_BITS =AnemoiPermutation(
+        q=GOLDILOCKS_64_FIELD,
+        mat=matrix.circulant([1, 1, 2, 3]),
+        n_cols=4,
+        security_level=128
+    )
+    A_GOLDILOCKS_64_FIELD_6_COL_128_BITS =AnemoiPermutation(
+        q=GOLDILOCKS_64_FIELD,
+        mat=matrix.circulant([1, 1, 3, 4, 5, 6]),
+        n_cols=6,
+        security_level=128)
+
+
+    # 256-bit security level instantiations
+
+    A_BLS_12_381_SCALARFIELD_1_COL_256_BITS =AnemoiPermutation(
+        q=BLS12_381_SCALARFIELD,
+        n_cols=1,
+        security_level=256
+    )
+    A_BLS_12_381_SCALARFIELD_4_COL_256_BITS =AnemoiPermutation(
+        q=BLS12_381_SCALARFIELD,
+        n_cols=4,
+        security_level=256
+    )
+    A_BLS_12_381_SCALARFIELD_6_COL_256_BITS =AnemoiPermutation(
+        q=BLS12_381_SCALARFIELD,
+        mat=matrix.circulant([1, 1, 3, 4, 5, 6]),
+        n_cols=6,
+        security_level=256)
+
+    A_BLS_12_377_SCALARFIELD_1_COL_256_BITS =AnemoiPermutation(
+        q=BLS12_377_SCALARFIELD,
+        n_cols=1,
+        security_level=256
+    )
+    A_BLS_12_377_SCALARFIELD_4_COL_256_BITS =AnemoiPermutation(
+        q=BLS12_377_SCALARFIELD,
+        n_cols=4,
+        security_level=256
+    )
+    A_BLS_12_377_SCALARFIELD_6_COL_256_BITS =AnemoiPermutation(
+        q=BLS12_377_SCALARFIELD,
+        mat=matrix.circulant([1, 1, 3, 4, 5, 6]),
+        n_cols=6,
+        security_level=256)
+
+    A_BN_254_SCALARFIELD_1_COL_256_BITS =AnemoiPermutation(
+        q=BN_254_SCALARFIELD,
+        n_cols=1,
+        security_level=256
+    )
+    A_BN_254_SCALARFIELD_4_COL_256_BITS =AnemoiPermutation(
+        q=BN_254_SCALARFIELD,
+        n_cols=4,
+        security_level=256
+    )
+    A_BN_254_SCALARFIELD_6_COL_256_BITS =AnemoiPermutation(
+        q=BN_254_SCALARFIELD,
+        mat=matrix.circulant([1, 1, 3, 4, 5, 6]),
+        n_cols=6,
+        security_level=256)
+
+    A_JUBJUB_SCALARFIELD_1_COL_256_BITS =AnemoiPermutation(
+        q=BLS12_381_SCALARFIELD,
+        n_cols=1,
+        security_level=256
+    )
+    A_JUBJUB_SCALARFIELD_4_COL_256_BITS =AnemoiPermutation(
+        q=BLS12_381_SCALARFIELD,
+        n_cols=4,
+        security_level=256
+    )
+    A_JUBJUB_SCALARFIELD_6_COL_256_BITS =AnemoiPermutation(
+        q=BLS12_381_SCALARFIELD,
+        mat=matrix.circulant([1, 1, 3, 4, 5, 6]),
+        n_cols=6,
+        security_level=256)
+
+    A_GOLDILOCKS_64_FIELD_1_COL_256_BITS =AnemoiPermutation(
+        q=GOLDILOCKS_64_FIELD,
+        mat=matrix.circulant([1, 2]),
+        n_cols=1,
+        security_level=256
+    )
+    A_GOLDILOCKS_64_FIELD_4_COL_256_BITS =AnemoiPermutation(
+        q=GOLDILOCKS_64_FIELD,
+        mat=matrix.circulant([1, 1, 2, 3]),
+        n_cols=4,
+        security_level=256
+    )
+    A_GOLDILOCKS_64_FIELD_6_COL_256_BITS =AnemoiPermutation(
+        q=GOLDILOCKS_64_FIELD,
+        mat=matrix.circulant([1, 1, 3, 4, 5, 6]),
+        n_cols=6,
+        security_level=256
+    )
+
+    return A
diff --git a/scripts/anemoi-hash/constants.py b/scripts/anemoi-hash/constants.py
new file mode 100644
index 000000000..0cb69eda8
--- /dev/null
+++ b/scripts/anemoi-hash/constants.py
@@ -0,0 +1,17 @@
+# BLS12-381 Base field
+BLS12_381_BASEFIELD = 0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaab
+# BLS12-381 Scalar field
+BLS12_381_SCALARFIELD = 0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001
+
+# BLS12-377 Base field = BW6_761 Scalar field
+BLS12_377_BASEFIELD = 0x1ae3a4617c510eac63b05c06ca1493b1a22d9f300f5138f1ef3622fba094800170b5d44300000008508c00000000001
+# BLS12-377 Scalar field
+BLS12_377_SCALARFIELD = 0x12ab655e9a2ca55660b44d1e5c37b00159aa76fed00000010a11800000000001
+
+# BN-254 Base field
+BN_254_BASEFIELD = 0x2523648240000001ba344d80000000086121000000000013a700000000000013
+# BN-254 Scalar field
+BN_254_SCALARFIELD = 0x2523648240000001ba344d8000000007ff9f800000000010a10000000000000d
+
+# Small Goldilocks field
+GOLDILOCKS_64_FIELD = 0xffffffff00000001
diff --git a/scripts/anemoi-hash/parameters.sage b/scripts/anemoi-hash/parameters.sage
new file mode 100644
index 000000000..9375b3508
--- /dev/null
+++ b/scripts/anemoi-hash/parameters.sage
@@ -0,0 +1,42 @@
+#!/usr/bin/sage
+# -*- mode: python ; -*-
+
+from sage.all import *
+import hashlib
+import itertools
+
+from constants import *
+
+load('anemoi.sage')
+     
+def output_parameters():
+    instances = anemoi_instances()    
+    for i in range(len(instances)):
+#    for i in range(1):
+        A_str = instances[i][0]
+        A = instances[i][1]
+        zero = 0
+        width = 100
+        print("------------------------------------------------------")
+        print("instance         : {}".format(A_str))
+        print("prime field      : {}".format(A.prime_field))
+        print("Fr modulus       : {}".format(A.q))
+        print("n_cols           : {}".format(A.n_cols))
+        print("n_rounds         : {}".format(A.n_rounds))
+        print("security level   : {}".format(A.security_level))
+        print("mult generator g : {}".format(A.g))
+        print("Q power          : {}".format(A.QUAD))
+        print("alpha            : {}".format(A.alpha))
+        print("alpha_inv        : {}".format(A.alpha_inv))
+        print("beta             : {}".format(A.beta))
+        print("gamma            : {}".format(zero))
+        print("delta            : {}".format(A.delta))
+        print("matrix M         :\n{}".format(A.mat))
+        print("constants C      :\n{}".format(A.C))
+        print("constants D      :\n{}".format(A.D))
+    return instances
+                  
+if __name__ == "__main__":
+    A = output_parameters()
+
+

From fc915a53554cb5792fb6cc064150aa0ccb36cfd3 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Thu, 13 Oct 2022 10:47:23 +0100
Subject: [PATCH 065/112] anemoi: added directory __pycache__ from anemoi sage
 scripts to .gitignore

---
 .gitignore | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.gitignore b/.gitignore
index 6d887f0ab..263fbb7fa 100644
--- a/.gitignore
+++ b/.gitignore
@@ -52,3 +52,4 @@ build
 *~
 TAGS
 .dir-locals.el
+scripts/anemoi-hash/__pycache__

From 047f39df3cab28607bf58a883260debae3355105 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Mon, 17 Oct 2022 11:46:23 +0100
Subject: [PATCH 066/112] anemoi: updated sage scripts with latest fixes from
 the official anemoi-hash repo (matrix transpose bug fix, instances for
 several new curves)

---
 scripts/anemoi-hash/anemoi.sage     | 558 ++++++++++++++++++++++------
 scripts/anemoi-hash/constants.py    |  12 +-
 scripts/anemoi-hash/parameters.sage |   2 +-
 3 files changed, 462 insertions(+), 110 deletions(-)

diff --git a/scripts/anemoi-hash/anemoi.sage b/scripts/anemoi-hash/anemoi.sage
index f99d5ca3d..6e99615b8 100644
--- a/scripts/anemoi-hash/anemoi.sage
+++ b/scripts/anemoi-hash/anemoi.sage
@@ -71,13 +71,18 @@ def is_mds(m):
     return True
 
 def M_2(x_input, b):
+    """Fast matrix-vector multiplication algorithm for Anemoi MDS layer with \ell = 1,2."""
+
     x = x_input[:]
     x[0] += b*x[1]
     x[1] += b*x[0]
     return x
 
 def M_3(x_input, b):
-    """Figure 6 of [DL18]."""
+    """Fast matrix-vector multiplication algorithm for Anemoi MDS layer with \ell = 3.
+
+    From Figure 6 of [DL18](https://tosc.iacr.org/index.php/ToSC/article/view/888)."""
+
     x = x_input[:]
     t = x[0] + b*x[2]
     x[2] += x[1]
@@ -88,7 +93,10 @@ def M_3(x_input, b):
 
 
 def M_4(x_input, b):
-    """Figure 8 of [DL18]."""
+    """Fast matrix-vector multiplication algorithm for Anemoi MDS layer with \ell = 4.
+
+    Figure 8 of [DL18](https://tosc.iacr.org/index.php/ToSC/article/view/888)."""
+
     x = x_input[:]
     x[0] += x[1]
     x[2] += x[3]
@@ -108,8 +116,8 @@ def lfsr(x_input, b):
         x = x[1:] + [t]
     return x
 
-def circulant_matrix(field, l):
-    for v in itertools.combinations_with_replacement(range(0,l+1), l):
+def circulant_mds_matrix(field, l):
+    for v in itertools.combinations_with_replacement(range(0,l+2), l):
         mat = matrix.circulant(list(v)).change_ring(field)
         if is_mds(mat):
             return(mat)
@@ -132,20 +140,25 @@ def get_mds(field, l):
                     mat.append(M_3(x_i, b))
                 elif l == 4:
                     mat.append(M_4(x_i, b))
-            mat = Matrix(field, l, l, mat)
+            # Because the matrix has been generated through the matrix-vector
+            # algorithm with unit vectors, we need to transpose the result.
+            mat = Matrix(field, l, l, mat).transpose()
             if is_mds(mat):
                 return mat
+        # If l > 4, we default to a circulant matrix with small coefficients
+        # The matrix is identified by its first row, with coefficients
+        # lexicographically ordered.
         else:
-            return circulant_matrix(field, l)
+            return circulant_mds_matrix(field, l)
 
 # AnemoiPermutation class
-        
+
 class AnemoiPermutation:
     def __init__(self,
                  q=None,
                  alpha=None,
-                 n_rounds=None,
                  mat=None,
+                 n_rounds=None,
                  n_cols=1,
                  security_level=128):
         if q == None:
@@ -158,10 +171,10 @@ class AnemoiPermutation:
                                         # characteristic is 2**self
         self.n_cols = n_cols # the number of parallel S-boxes in each round
         self.security_level = security_level
-        
+
         # initializing the other variables in the state:
         # - q     is the characteristic of the field
-        # - g     is a generator of the multiplicative subgroup 
+        # - g     is a generator of the multiplicative subgroup
         # - alpha is the main exponent (in the center of the Flystel)
         # - beta  is the coefficient in the quadratic subfunction
         # - gamma is the constant in the second quadratic subfunction
@@ -191,7 +204,7 @@ class AnemoiPermutation:
         self.beta = self.g
         self.delta = self.g**(-1)
         self.alpha_inv = inverse_mod(self.alpha, self.q-1)
-                   
+
         # total number of rounds
         if n_rounds != None:
             self.n_rounds = n_rounds
@@ -199,7 +212,7 @@ class AnemoiPermutation:
             self.n_rounds = get_n_rounds(self.security_level,
                                          self.n_cols,
                                          self.alpha)
-                   
+
         # Choosing constants: self.C and self.D are built from the
         # digits of pi using an open butterfly
         self.C = []
@@ -219,7 +232,7 @@ class AnemoiPermutation:
             if mat == None:
                 self.mat = get_mds(self.F, 2)  # a linear layer is needed to mix the column
             else:
-                assert(mat.ncols() == 2)
+                assert(mat.nrows() == mat.ncols())
                 assert(mat.nrows() == 2)
                 assert(is_mds(mat))
                 self.mat = mat
@@ -227,6 +240,8 @@ class AnemoiPermutation:
             if mat == None:
                 self.mat = get_mds(self.F, self.n_cols)
             else:
+                assert(mat.nrows() == mat.ncols())
+                assert(mat.nrows() == self.n_cols)
                 assert(is_mds(mat))
                 self.mat = mat
 
@@ -250,10 +265,10 @@ class AnemoiPermutation:
             [[self.from_field(x) for x in self.D[r]] for r in range(0, self.n_rounds)],
         )
         return result
-    
-        
+
+
     # !SECTION! Sub-components
-    
+
     def evaluate_sbox(self, _x, _y):
         """Applies an open Flystel to the full state. """
         x, y = _x, _y
@@ -261,7 +276,7 @@ class AnemoiPermutation:
         y -= x**self.alpha_inv
         x += self.beta*y**self.QUAD + self.delta
         return x, y
-    
+
     def linear_layer(self, _x, _y):
         x, y = _x[:], _y[:]
         if self.n_cols == 1:
@@ -271,7 +286,7 @@ class AnemoiPermutation:
             x = self.mat*vector(x)
             y = self.mat*vector(y[1:] + [y[0]])
             return list(x), list(y)
-        
+
 
     # !SECTION! Evaluation
 
@@ -283,7 +298,7 @@ class AnemoiPermutation:
         the input values, and since there is a last degenerate round
         consisting only in a linear layer.
 
-        """        
+        """
         x, y = _x[:], _y[:]
         result = [[x[:], y[:]]]
         for r in range(0, self.n_rounds):
@@ -302,8 +317,8 @@ class AnemoiPermutation:
 
     def input_size(self):
         return 2*self.n_cols
-    
-    
+
+
     def __call__(self, _x):
         if len(_x) != self.input_size():
             raise Exception("wrong input size!")
@@ -311,7 +326,7 @@ class AnemoiPermutation:
             x, y = _x[:self.n_cols], _x[self.n_cols:]
             u, v = self.eval_with_intermediate_values(x, y)[-1]
             return u + v # concatenation, not a sum
-    
+
 
     # !SECTION! Writing full system of equations
 
@@ -338,7 +353,7 @@ class AnemoiPermutation:
                 result["X"][r].append(pol_gens[self.n_cols*2*r + i])
                 result["Y"][r].append(pol_gens[self.n_cols*2*r + i + self.n_cols])
         return result
-        
+
 
     def verification_polynomials(self, pol_vars):
         """Returns the list of all the equations that all the intermediate
@@ -365,11 +380,11 @@ class AnemoiPermutation:
                 )
         return equations
 
-    
+
     def print_verification_polynomials(self):
         """Simply prints the equations modeling a full call to this
         AnemoiPermutation instance in a user (and computer) readable
-        format. 
+        format.
 
         The first lines contains a comma separated list of all the
         variables, and the second contains the field size. The
@@ -388,7 +403,7 @@ class AnemoiPermutation:
             print(f)
 
 
-            
+
 # !SECTION! Modes of operation
 
 
@@ -411,8 +426,8 @@ def jive(P, b, _x):
         compressed.append(sum(x[i+c*j] + u[i+c*j]
                               for j in range(0, b)))
     return compressed
-        
-        
+
+
 def sponge_hash(P, r, h, _x):
     """Uses Hirose's variant of the sponge construction to hash the
     message x using the permutation P with rate r, outputting a digest
@@ -422,7 +437,10 @@ def sponge_hash(P, r, h, _x):
     x = _x[:]
     if P.input_size() <= r:
         raise Exception("rate must be strictly smaller than state size!")
-    if h * P.F.cardinality().nbits() < 2 * P.security_level:
+    # Digest size check: we allow the digest size to be 3 bits shorter than
+    # the theoretical target, as commonly used finite fields usually have a
+    # characteristic size slightly under 2**256.
+    if h * P.F.cardinality().nbits() < 2 * P.security_level - 3:
         raise Exception(f"digest size is too small for the targeted security level!")
     # message padding (and domain separator computation)
     if len(x) % r == 0 and len(x) != 0:
@@ -454,7 +472,7 @@ def sponge_hash(P, r, h, _x):
             pos = 0
             internal_state = P(internal_state)
     return digest
-    
+
 
 # !SECTION! Tests
 
@@ -505,16 +523,16 @@ def check_polynomial_verification(n_tests=10, q=2**63, alpha=3, n_rounds=3, n_co
             polynomial_values = [eqs[r*2*A.n_cols + i].subs(assignment)
                                  for i in range(0, 2*A.n_cols)]
             print("round {:3d}: {}\n           {}".format(
-                r, 
+                r,
                 polynomial_values[0::2],
                 polynomial_values[1::2]
             ))
-    
 
-def test_jive(n_tests=10, 
-              q=2**63, alpha=3, 
-              n_rounds=None, 
-              n_cols=1, 
+
+def test_jive(n_tests=10,
+              q=2**63, alpha=3,
+              n_rounds=None,
+              n_cols=1,
               b=2,
               security_level=32):
     """Let `A` be and AnemoiPermutation instance with the parameters input
@@ -538,13 +556,13 @@ def test_jive(n_tests=10,
             b,
             jive(A, b, x + y)
         ))
-    
 
-def test_sponge(n_tests=10, 
-                q=2**63, 
-                alpha=3, 
-                n_rounds=None, 
-                n_cols=1, 
+
+def test_sponge(n_tests=10,
+                q=2**63,
+                alpha=3,
+                n_rounds=None,
+                n_cols=1,
                 b=2,
                 security_level=32):
     """Let `A` be an AnemoiPermutation instance with the parameters input
@@ -707,187 +725,515 @@ def generate_test_vectors_mds(P, n):
     return (inputs, outputs)
 
 
-def anemoi_instances():
+def main():
+
+    # This is the first circulant matrix being found by the circulant_mds_matrix()
+    # script above. This is hardcoded to save some time when instantiating the different
+    # versions of Anemoi below.
+    CIRCULANT_FP6_MDS_MATRIX = matrix.circulant([1, 1, 3, 4, 5, 6])
 
-    # accumulating relevant Anemoi instances
-    A = []
-    
     # 128-bit security level instantiations
 
-    A_BLS_12_381_SCALARFIELD_1_COL_128_BITS = AnemoiPermutation(
+    A_BLS_12_381_BASEFIELD_1_COL_128_BITS = AnemoiPermutation(
+        q=BLS12_381_BASEFIELD,
+        n_cols=1,
+        security_level=128
+    )
+    A_BLS_12_381_BASEFIELD_2_COL_128_BITS = AnemoiPermutation(
+        q=BLS12_381_BASEFIELD,
+        n_cols=2,
+        security_level=128
+    )
+    A_BLS_12_381_BASEFIELD_3_COL_128_BITS = AnemoiPermutation(
+        q=BLS12_381_BASEFIELD,
+        n_cols=3,
+        security_level=128
+    )
+    A_BLS_12_381_BASEFIELD_4_COL_128_BITS = AnemoiPermutation(
+        q=BLS12_381_BASEFIELD,
+        n_cols=4,
+        security_level=128
+    )
+    A_BLS_12_381_BASEFIELD_6_COL_128_BITS = AnemoiPermutation(
+        q=BLS12_381_BASEFIELD,
+        mat=CIRCULANT_FP6_MDS_MATRIX,
+        n_cols=6,
+        security_level=128)
+
+    A_JUBJUB_BASEFIELD_1_COL_128_BITS = AnemoiPermutation(
         q=BLS12_381_SCALARFIELD,
         n_cols=1,
         security_level=128
     )
-    A.append(
-        ("A_BLS_12_381_SCALARFIELD_1_COL_128_BITS",
-         A_BLS_12_381_SCALARFIELD_1_COL_128_BITS))
-    A_BLS_12_381_SCALARFIELD_4_COL_128_BITS =AnemoiPermutation(
+    A_JUBJUB_BASEFIELD_2_COL_128_BITS = AnemoiPermutation(
+        q=BLS12_381_SCALARFIELD,
+        n_cols=2,
+        security_level=128
+    )
+    A_JUBJUB_BASEFIELD_3_COL_128_BITS = AnemoiPermutation(
+        q=BLS12_381_SCALARFIELD,
+        n_cols=3,
+        security_level=128
+    )
+    A_JUBJUB_BASEFIELD_4_COL_128_BITS = AnemoiPermutation(
         q=BLS12_381_SCALARFIELD,
         n_cols=4,
         security_level=128
     )
-    A.append(
-        ("A_BLS_12_381_SCALARFIELD_4_COL_128_BITS",
-         A_BLS_12_381_SCALARFIELD_4_COL_128_BITS))
-    A_BLS_12_381_SCALARFIELD_6_COL_128_BITS =AnemoiPermutation(
+    A_JUBJUB_BASEFIELD_6_COL_128_BITS = AnemoiPermutation(
         q=BLS12_381_SCALARFIELD,
-        mat=matrix.circulant([1, 1, 3, 4, 5, 6]),
+        mat=CIRCULANT_FP6_MDS_MATRIX,
         n_cols=6,
         security_level=128)
-    A.append(
-        ("A_BLS_12_381_SCALARFIELD_6_COL_128_BITS",
-         A_BLS_12_381_SCALARFIELD_6_COL_128_BITS))
 
-    A_BLS_12_377_SCALARFIELD_1_COL_128_BITS =AnemoiPermutation(
+    A_BLS_12_377_BASEFIELD_1_COL_128_BITS = AnemoiPermutation(
+        q=BLS12_377_BASEFIELD,
+        n_cols=1,
+        security_level=128
+    )
+    A_BLS_12_377_BASEFIELD_2_COL_128_BITS = AnemoiPermutation(
+        q=BLS12_377_BASEFIELD,
+        n_cols=2,
+        security_level=128
+    )
+    A_BLS_12_377_BASEFIELD_3_COL_128_BITS = AnemoiPermutation(
+        q=BLS12_377_BASEFIELD,
+        n_cols=3,
+        security_level=128
+    )
+    A_BLS_12_377_BASEFIELD_4_COL_128_BITS = AnemoiPermutation(
+        q=BLS12_377_BASEFIELD,
+        n_cols=4,
+        security_level=128
+    )
+    A_BLS_12_377_BASEFIELD_6_COL_128_BITS = AnemoiPermutation(
+        q=BLS12_377_BASEFIELD,
+        mat=CIRCULANT_FP6_MDS_MATRIX,
+        n_cols=6,
+        security_level=128)
+
+    A_ED_ON_BLS_12_377_BASEFIELD_1_COL_128_BITS = AnemoiPermutation(
         q=BLS12_377_SCALARFIELD,
         n_cols=1,
         security_level=128
     )
-    A_BLS_12_377_SCALARFIELD_4_COL_128_BITS =AnemoiPermutation(
+    A_ED_ON_BLS_12_377_BASEFIELD_2_COL_128_BITS = AnemoiPermutation(
+        q=BLS12_377_SCALARFIELD,
+        n_cols=2,
+        security_level=128
+    )
+    A_ED_ON_BLS_12_377_BASEFIELD_3_COL_128_BITS = AnemoiPermutation(
+        q=BLS12_377_SCALARFIELD,
+        n_cols=3,
+        security_level=128
+    )
+    A_ED_ON_BLS_12_377_BASEFIELD_4_COL_128_BITS = AnemoiPermutation(
         q=BLS12_377_SCALARFIELD,
         n_cols=4,
         security_level=128
     )
-    A_BLS_12_377_SCALARFIELD_6_COL_128_BITS =AnemoiPermutation(
+    A_ED_ON_BLS_12_377_BASEFIELD_6_COL_128_BITS = AnemoiPermutation(
         q=BLS12_377_SCALARFIELD,
-        mat=matrix.circulant([1, 1, 3, 4, 5, 6]),
+        mat=CIRCULANT_FP6_MDS_MATRIX,
         n_cols=6,
         security_level=128)
 
-    A_BN_254_SCALARFIELD_1_COL_128_BITS =AnemoiPermutation(
+    A_BN_254_BASEFIELD_1_COL_128_BITS = AnemoiPermutation(
+        q=BN_254_BASEFIELD,
+        n_cols=1,
+        security_level=128
+    )
+    A_BN_254_BASEFIELD_2_COL_128_BITS = AnemoiPermutation(
+        q=BN_254_BASEFIELD,
+        n_cols=2,
+        security_level=128
+    )
+    A_BN_254_BASEFIELD_3_COL_128_BITS = AnemoiPermutation(
+        q=BN_254_BASEFIELD,
+        n_cols=3,
+        security_level=128
+    )
+    A_BN_254_BASEFIELD_4_COL_128_BITS = AnemoiPermutation(
+        q=BN_254_BASEFIELD,
+        n_cols=4,
+        security_level=128
+    )
+    A_BN_254_BASEFIELD_6_COL_128_BITS = AnemoiPermutation(
+        q=BN_254_BASEFIELD,
+        mat=CIRCULANT_FP6_MDS_MATRIX,
+        n_cols=6,
+        security_level=128)
+
+    A_BN_254_SCALARFIELD_1_COL_128_BITS = AnemoiPermutation(
         q=BN_254_SCALARFIELD,
         n_cols=1,
         security_level=128
     )
-    A_BN_254_SCALARFIELD_4_COL_128_BITS =AnemoiPermutation(
+    A_BN_254_SCALARFIELD_2_COL_128_BITS = AnemoiPermutation(
+        q=BN_254_SCALARFIELD,
+        n_cols=2,
+        security_level=128
+    )
+    A_BN_254_SCALARFIELD_3_COL_128_BITS = AnemoiPermutation(
+        q=BN_254_SCALARFIELD,
+        n_cols=3,
+        security_level=128
+    )
+    A_BN_254_SCALARFIELD_4_COL_128_BITS = AnemoiPermutation(
         q=BN_254_SCALARFIELD,
         n_cols=4,
         security_level=128
     )
-    A_BN_254_SCALARFIELD_6_COL_128_BITS =AnemoiPermutation(
+    A_BN_254_SCALARFIELD_6_COL_128_BITS = AnemoiPermutation(
         q=BN_254_SCALARFIELD,
-        mat=matrix.circulant([1, 1, 3, 4, 5, 6]),
+        mat=CIRCULANT_FP6_MDS_MATRIX,
         n_cols=6,
         security_level=128)
 
-    A_JUBJUB_SCALARFIELD_1_COL_128_BITS =AnemoiPermutation(
-        q=BLS12_381_SCALARFIELD,
+    A_PALLAS_BASEFIELD_1_COL_128_BITS = AnemoiPermutation(
+        q=PALLAS_BASEFIELD,
         n_cols=1,
         security_level=128
     )
-    A_JUBJUB_SCALARFIELD_4_COL_128_BITS =AnemoiPermutation(
-        q=BLS12_381_SCALARFIELD,
+    A_PALLAS_BASEFIELD_2_COL_128_BITS = AnemoiPermutation(
+        q=PALLAS_BASEFIELD,
+        n_cols=2,
+        security_level=128
+    )
+    A_PALLAS_BASEFIELD_3_COL_128_BITS = AnemoiPermutation(
+        q=PALLAS_BASEFIELD,
+        n_cols=3,
+        security_level=128
+    )
+    A_PALLAS_BASEFIELD_4_COL_128_BITS = AnemoiPermutation(
+        q=PALLAS_BASEFIELD,
         n_cols=4,
         security_level=128
     )
-    A_JUBJUB_SCALARFIELD_6_COL_128_BITS =AnemoiPermutation(
-        q=BLS12_381_SCALARFIELD,
-        mat=matrix.circulant([1, 1, 3, 4, 5, 6]),
+    A_PALLAS_BASEFIELD_6_COL_128_BITS = AnemoiPermutation(
+        q=PALLAS_BASEFIELD,
+        mat=CIRCULANT_FP6_MDS_MATRIX,
         n_cols=6,
         security_level=128)
 
-    A_GOLDILOCKS_64_FIELD_1_COL_128_BITS =AnemoiPermutation(
+    A_VESTA_BASEFIELD_1_COL_128_BITS = AnemoiPermutation(
+        q=VESTA_BASEFIELD,
+        n_cols=1,
+        security_level=128
+    )
+    A_VESTA_BASEFIELD_2_COL_128_BITS = AnemoiPermutation(
+        q=VESTA_BASEFIELD,
+        n_cols=2,
+        security_level=128
+    )
+    A_VESTA_BASEFIELD_3_COL_128_BITS = AnemoiPermutation(
+        q=VESTA_BASEFIELD,
+        n_cols=3,
+        security_level=128
+    )
+    A_VESTA_BASEFIELD_4_COL_128_BITS = AnemoiPermutation(
+        q=VESTA_BASEFIELD,
+        n_cols=4,
+        security_level=128
+    )
+    A_VESTA_BASEFIELD_6_COL_128_BITS = AnemoiPermutation(
+        q=VESTA_BASEFIELD,
+        mat=CIRCULANT_FP6_MDS_MATRIX,
+        n_cols=6,
+        security_level=128)
+
+    A_GOLDILOCKS_64_FIELD_1_COL_128_BITS = AnemoiPermutation(
         q=GOLDILOCKS_64_FIELD,
         n_cols=1,
         security_level=128
     )
-    A_GOLDILOCKS_64_FIELD_4_COL_128_BITS =AnemoiPermutation(
+    A_GOLDILOCKS_64_FIELD_2_COL_128_BITS = AnemoiPermutation(
+        q=GOLDILOCKS_64_FIELD,
+        n_cols=2,
+        security_level=128
+    )
+    A_GOLDILOCKS_64_FIELD_3_COL_128_BITS = AnemoiPermutation(
+        q=GOLDILOCKS_64_FIELD,
+        n_cols=3,
+        security_level=128
+    )
+    A_GOLDILOCKS_64_FIELD_4_COL_128_BITS = AnemoiPermutation(
         q=GOLDILOCKS_64_FIELD,
-        mat=matrix.circulant([1, 1, 2, 3]),
         n_cols=4,
         security_level=128
     )
-    A_GOLDILOCKS_64_FIELD_6_COL_128_BITS =AnemoiPermutation(
+    A_GOLDILOCKS_64_FIELD_6_COL_128_BITS = AnemoiPermutation(
         q=GOLDILOCKS_64_FIELD,
-        mat=matrix.circulant([1, 1, 3, 4, 5, 6]),
+        mat=CIRCULANT_FP6_MDS_MATRIX,
         n_cols=6,
         security_level=128)
 
 
     # 256-bit security level instantiations
 
-    A_BLS_12_381_SCALARFIELD_1_COL_256_BITS =AnemoiPermutation(
+    A_BLS_12_381_BASEFIELD_1_COL_256_BITS = AnemoiPermutation(
+        q=BLS12_381_BASEFIELD,
+        n_cols=1,
+        security_level=256
+    )
+    A_BLS_12_381_BASEFIELD_2_COL_256_BITS = AnemoiPermutation(
+        q=BLS12_381_BASEFIELD,
+        n_cols=2,
+        security_level=256
+    )
+    A_BLS_12_381_BASEFIELD_3_COL_256_BITS = AnemoiPermutation(
+        q=BLS12_381_BASEFIELD,
+        n_cols=3,
+        security_level=256
+    )
+    A_BLS_12_381_BASEFIELD_4_COL_256_BITS = AnemoiPermutation(
+        q=BLS12_381_BASEFIELD,
+        n_cols=4,
+        security_level=256
+    )
+    A_BLS_12_381_BASEFIELD_6_COL_256_BITS = AnemoiPermutation(
+        q=BLS12_381_BASEFIELD,
+        mat=CIRCULANT_FP6_MDS_MATRIX,
+        n_cols=6,
+        security_level=256)
+
+    A_JUBJUB_BASEFIELD_1_COL_256_BITS = AnemoiPermutation(
         q=BLS12_381_SCALARFIELD,
         n_cols=1,
         security_level=256
     )
-    A_BLS_12_381_SCALARFIELD_4_COL_256_BITS =AnemoiPermutation(
+    A_JUBJUB_BASEFIELD_2_COL_256_BITS = AnemoiPermutation(
+        q=BLS12_381_SCALARFIELD,
+        n_cols=2,
+        security_level=256
+    )
+    A_JUBJUB_BASEFIELD_3_COL_256_BITS = AnemoiPermutation(
+        q=BLS12_381_SCALARFIELD,
+        n_cols=3,
+        security_level=256
+    )
+    A_JUBJUB_BASEFIELD_4_COL_256_BITS = AnemoiPermutation(
         q=BLS12_381_SCALARFIELD,
         n_cols=4,
         security_level=256
     )
-    A_BLS_12_381_SCALARFIELD_6_COL_256_BITS =AnemoiPermutation(
+    A_JUBJUB_BASEFIELD_6_COL_256_BITS = AnemoiPermutation(
         q=BLS12_381_SCALARFIELD,
-        mat=matrix.circulant([1, 1, 3, 4, 5, 6]),
+        mat=CIRCULANT_FP6_MDS_MATRIX,
         n_cols=6,
         security_level=256)
 
-    A_BLS_12_377_SCALARFIELD_1_COL_256_BITS =AnemoiPermutation(
+    A_BLS_12_377_BASEFIELD_1_COL_256_BITS = AnemoiPermutation(
+        q=BLS12_377_BASEFIELD,
+        n_cols=1,
+        security_level=256
+    )
+    A_BLS_12_377_BASEFIELD_2_COL_256_BITS = AnemoiPermutation(
+        q=BLS12_377_BASEFIELD,
+        n_cols=2,
+        security_level=256
+    )
+    A_BLS_12_377_BASEFIELD_3_COL_256_BITS = AnemoiPermutation(
+        q=BLS12_377_BASEFIELD,
+        n_cols=3,
+        security_level=256
+    )
+    A_BLS_12_377_BASEFIELD_4_COL_256_BITS = AnemoiPermutation(
+        q=BLS12_377_BASEFIELD,
+        n_cols=4,
+        security_level=256
+    )
+    A_BLS_12_377_BASEFIELD_6_COL_256_BITS = AnemoiPermutation(
+        q=BLS12_377_BASEFIELD,
+        mat=CIRCULANT_FP6_MDS_MATRIX,
+        n_cols=6,
+        security_level=256)
+
+    A_ED_ON_BLS_12_377_BASEFIELD_1_COL_256_BITS = AnemoiPermutation(
         q=BLS12_377_SCALARFIELD,
         n_cols=1,
         security_level=256
     )
-    A_BLS_12_377_SCALARFIELD_4_COL_256_BITS =AnemoiPermutation(
+    A_ED_ON_BLS_12_377_BASEFIELD_2_COL_256_BITS = AnemoiPermutation(
+        q=BLS12_377_SCALARFIELD,
+        n_cols=2,
+        security_level=256
+    )
+    A_ED_ON_BLS_12_377_BASEFIELD_3_COL_256_BITS = AnemoiPermutation(
+        q=BLS12_377_SCALARFIELD,
+        n_cols=3,
+        security_level=256
+    )
+    A_ED_ON_BLS_12_377_BASEFIELD_4_COL_256_BITS = AnemoiPermutation(
         q=BLS12_377_SCALARFIELD,
         n_cols=4,
         security_level=256
     )
-    A_BLS_12_377_SCALARFIELD_6_COL_256_BITS =AnemoiPermutation(
+    A_ED_ON_BLS_12_377_BASEFIELD_6_COL_256_BITS = AnemoiPermutation(
         q=BLS12_377_SCALARFIELD,
-        mat=matrix.circulant([1, 1, 3, 4, 5, 6]),
+        mat=CIRCULANT_FP6_MDS_MATRIX,
+        n_cols=6,
+        security_level=256)
+
+    A_BN_254_BASEFIELD_1_COL_256_BITS = AnemoiPermutation(
+        q=BN_254_BASEFIELD,
+        n_cols=1,
+        security_level=256
+    )
+    A_BN_254_BASEFIELD_2_COL_256_BITS = AnemoiPermutation(
+        q=BN_254_BASEFIELD,
+        n_cols=2,
+        security_level=256
+    )
+    A_BN_254_BASEFIELD_3_COL_256_BITS = AnemoiPermutation(
+        q=BN_254_BASEFIELD,
+        n_cols=3,
+        security_level=256
+    )
+    A_BN_254_BASEFIELD_4_COL_256_BITS = AnemoiPermutation(
+        q=BN_254_BASEFIELD,
+        n_cols=4,
+        security_level=256
+    )
+    A_BN_254_BASEFIELD_6_COL_256_BITS = AnemoiPermutation(
+        q=BN_254_BASEFIELD,
+        mat=CIRCULANT_FP6_MDS_MATRIX,
         n_cols=6,
         security_level=256)
 
-    A_BN_254_SCALARFIELD_1_COL_256_BITS =AnemoiPermutation(
+    A_BN_254_SCALARFIELD_1_COL_256_BITS = AnemoiPermutation(
         q=BN_254_SCALARFIELD,
         n_cols=1,
         security_level=256
     )
-    A_BN_254_SCALARFIELD_4_COL_256_BITS =AnemoiPermutation(
+    A_BN_254_SCALARFIELD_2_COL_256_BITS = AnemoiPermutation(
+        q=BN_254_SCALARFIELD,
+        n_cols=2,
+        security_level=256
+    )
+    A_BN_254_SCALARFIELD_3_COL_256_BITS = AnemoiPermutation(
+        q=BN_254_SCALARFIELD,
+        n_cols=3,
+        security_level=256
+    )
+    A_BN_254_SCALARFIELD_4_COL_256_BITS = AnemoiPermutation(
         q=BN_254_SCALARFIELD,
         n_cols=4,
         security_level=256
     )
-    A_BN_254_SCALARFIELD_6_COL_256_BITS =AnemoiPermutation(
+    A_BN_254_SCALARFIELD_6_COL_256_BITS = AnemoiPermutation(
         q=BN_254_SCALARFIELD,
-        mat=matrix.circulant([1, 1, 3, 4, 5, 6]),
+        mat=CIRCULANT_FP6_MDS_MATRIX,
         n_cols=6,
         security_level=256)
 
-    A_JUBJUB_SCALARFIELD_1_COL_256_BITS =AnemoiPermutation(
-        q=BLS12_381_SCALARFIELD,
+    A_PALLAS_BASEFIELD_1_COL_256_BITS = AnemoiPermutation(
+        q=PALLAS_BASEFIELD,
         n_cols=1,
         security_level=256
     )
-    A_JUBJUB_SCALARFIELD_4_COL_256_BITS =AnemoiPermutation(
-        q=BLS12_381_SCALARFIELD,
+    A_PALLAS_BASEFIELD_2_COL_256_BITS = AnemoiPermutation(
+        q=PALLAS_BASEFIELD,
+        n_cols=2,
+        security_level=256
+    )
+    A_PALLAS_BASEFIELD_3_COL_256_BITS = AnemoiPermutation(
+        q=PALLAS_BASEFIELD,
+        n_cols=3,
+        security_level=256
+    )
+    A_PALLAS_BASEFIELD_4_COL_256_BITS = AnemoiPermutation(
+        q=PALLAS_BASEFIELD,
         n_cols=4,
         security_level=256
     )
-    A_JUBJUB_SCALARFIELD_6_COL_256_BITS =AnemoiPermutation(
-        q=BLS12_381_SCALARFIELD,
-        mat=matrix.circulant([1, 1, 3, 4, 5, 6]),
+    A_PALLAS_BASEFIELD_6_COL_256_BITS = AnemoiPermutation(
+        q=PALLAS_BASEFIELD,
+        mat=CIRCULANT_FP6_MDS_MATRIX,
         n_cols=6,
         security_level=256)
 
-    A_GOLDILOCKS_64_FIELD_1_COL_256_BITS =AnemoiPermutation(
+    A_VESTA_BASEFIELD_1_COL_256_BITS = AnemoiPermutation(
+        q=VESTA_BASEFIELD,
+        n_cols=1,
+        security_level=256
+    )
+    A_VESTA_BASEFIELD_2_COL_256_BITS = AnemoiPermutation(
+        q=VESTA_BASEFIELD,
+        n_cols=2,
+        security_level=256
+    )
+    A_VESTA_BASEFIELD_3_COL_256_BITS = AnemoiPermutation(
+        q=VESTA_BASEFIELD,
+        n_cols=3,
+        security_level=256
+    )
+    A_VESTA_BASEFIELD_4_COL_256_BITS = AnemoiPermutation(
+        q=VESTA_BASEFIELD,
+        n_cols=4,
+        security_level=256
+    )
+    A_VESTA_BASEFIELD_6_COL_256_BITS = AnemoiPermutation(
+        q=VESTA_BASEFIELD,
+        mat=CIRCULANT_FP6_MDS_MATRIX,
+        n_cols=6,
+        security_level=256)
+
+    A_GOLDILOCKS_64_FIELD_1_COL_256_BITS = AnemoiPermutation(
         q=GOLDILOCKS_64_FIELD,
-        mat=matrix.circulant([1, 2]),
         n_cols=1,
         security_level=256
     )
-    A_GOLDILOCKS_64_FIELD_4_COL_256_BITS =AnemoiPermutation(
+    A_GOLDILOCKS_64_FIELD_2_COL_256_BITS = AnemoiPermutation(
         q=GOLDILOCKS_64_FIELD,
-        mat=matrix.circulant([1, 1, 2, 3]),
-        n_cols=4,
+        n_cols=2,
         security_level=256
     )
-    A_GOLDILOCKS_64_FIELD_6_COL_256_BITS =AnemoiPermutation(
+    A_GOLDILOCKS_64_FIELD_3_COL_256_BITS = AnemoiPermutation(
         q=GOLDILOCKS_64_FIELD,
-        mat=matrix.circulant([1, 1, 3, 4, 5, 6]),
-        n_cols=6,
+        n_cols=3,
+        security_level=256
+    )
+    A_GOLDILOCKS_64_FIELD_4_COL_256_BITS = AnemoiPermutation(
+        q=GOLDILOCKS_64_FIELD,
+        n_cols=4,
         security_level=256
     )
+    A_GOLDILOCKS_64_FIELD_6_COL_256_BITS = AnemoiPermutation(
+        q=GOLDILOCKS_64_FIELD,
+        mat=CIRCULANT_FP6_MDS_MATRIX,
+        n_cols=6,
+        security_level=256)
+
+def anemoi_selected_instances():
 
+    # accumulating selected Anemoi instances
+    A = []
+    
+    # 128-bit security level instantiations
+    A_BLS_12_381_SCALARFIELD_1_COL_128_BITS = AnemoiPermutation(
+        q=BLS12_381_SCALARFIELD,
+        n_cols=1,
+        security_level=128
+    )
+    A.append(
+        ("A_BLS_12_381_SCALARFIELD_1_COL_128_BITS",
+         A_BLS_12_381_SCALARFIELD_1_COL_128_BITS))
+    A_BLS_12_381_SCALARFIELD_4_COL_128_BITS =AnemoiPermutation(
+        q=BLS12_381_SCALARFIELD,
+        n_cols=4,
+        security_level=128
+    )
+    A.append(
+        ("A_BLS_12_381_SCALARFIELD_4_COL_128_BITS",
+         A_BLS_12_381_SCALARFIELD_4_COL_128_BITS))
+    A_BLS_12_381_SCALARFIELD_6_COL_128_BITS =AnemoiPermutation(
+        q=BLS12_381_SCALARFIELD,
+        mat=matrix.circulant([1, 1, 3, 4, 5, 6]),
+        n_cols=6,
+        security_level=128)
+    A.append(
+        ("A_BLS_12_381_SCALARFIELD_6_COL_128_BITS",
+         A_BLS_12_381_SCALARFIELD_6_COL_128_BITS))
     return A
+    
diff --git a/scripts/anemoi-hash/constants.py b/scripts/anemoi-hash/constants.py
index 0cb69eda8..a9e06eae1 100644
--- a/scripts/anemoi-hash/constants.py
+++ b/scripts/anemoi-hash/constants.py
@@ -5,13 +5,19 @@
 
 # BLS12-377 Base field = BW6_761 Scalar field
 BLS12_377_BASEFIELD = 0x1ae3a4617c510eac63b05c06ca1493b1a22d9f300f5138f1ef3622fba094800170b5d44300000008508c00000000001
-# BLS12-377 Scalar field
+# BLS12-377 Scalar field = Ed_on_bls_12_377 Base field
 BLS12_377_SCALARFIELD = 0x12ab655e9a2ca55660b44d1e5c37b00159aa76fed00000010a11800000000001
 
 # BN-254 Base field
-BN_254_BASEFIELD = 0x2523648240000001ba344d80000000086121000000000013a700000000000013
+BN_254_BASEFIELD = 0x30644e72e131a029b85045b68181585d97816a916871ca8d3c208c16d87cfd47
 # BN-254 Scalar field
-BN_254_SCALARFIELD = 0x2523648240000001ba344d8000000007ff9f800000000010a10000000000000d
+BN_254_SCALARFIELD = 0x30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f0000001
+
+# Pallas Base field = Vesta Scalar field
+PALLAS_BASEFIELD = 0x40000000000000000000000000000000224698fc094cf91b992d30ed00000001
+
+# Vesta Base field = Pallas Scalar field
+VESTA_BASEFIELD = 0x40000000000000000000000000000000224698fc0994a8dd8c46eb2100000001
 
 # Small Goldilocks field
 GOLDILOCKS_64_FIELD = 0xffffffff00000001
diff --git a/scripts/anemoi-hash/parameters.sage b/scripts/anemoi-hash/parameters.sage
index 9375b3508..6299ac4f9 100644
--- a/scripts/anemoi-hash/parameters.sage
+++ b/scripts/anemoi-hash/parameters.sage
@@ -10,7 +10,7 @@ from constants import *
 load('anemoi.sage')
      
 def output_parameters():
-    instances = anemoi_instances()    
+    instances = anemoi_selected_instances()    
     for i in range(len(instances)):
 #    for i in range(1):
         A_str = instances[i][0]

From 626962787e4a6b46fe62362c9dba4fd925e30eb6 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Mon, 17 Oct 2022 15:33:56 +0100
Subject: [PATCH 067/112] anemoi: added initial implementation of a
 parametrization class and its instantiation for the curve bls12-381

---
 .../hashes/anemoi/anemoi_components.hpp       | 34 +++++++++++++++++++
 .../hashes/anemoi/anemoi_components.tcc       | 16 +++++++++
 2 files changed, 50 insertions(+)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
index 19db79c2b..665aa01df 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
@@ -60,6 +60,40 @@ namespace libsnark
 #define DEBUG_FLYSTEL_GAMMA 5
 #define DEBUG_FLYSTEL_DELTA 0
 
+/// Instances of this class should expose the following Anemoi
+/// parameters for every supported curve (with example values for the curve
+/// BLS12_381:
+///
+/// - prime field      = True
+/// - mult generator g = 7
+/// - alpha            = 5
+/// - alpha_inv        =
+/// 20974350070050476191779096203274386335076221000211055129041463479975432473805
+/// - beta             = 7
+/// - gamma            = 0
+/// - delta            =
+/// 14981678621464625851270783002338847382197300714436467949315331057125308909861
+/// - quad_exponent    = 2
+///
+/// See
+/// scripts/anemoi-hash/parameters.sage for details.
+template<typename FieldT> class anemoi_parameters;
+
+template<> class anemoi_parameters<libff::bls12_381_Fr>
+{
+public:
+    using FieldT = libff::Fr<libff::bls12_381_pp>;
+    const bool b_prime_field;
+    const FieldT multiplicative_generator_g;
+    const FieldT alpha;
+    const FieldT alpha_inv;
+    const FieldT beta;
+    const FieldT gamma;
+    const FieldT delta;
+    const unsigned int quad_exponent;
+    anemoi_parameters();
+};
+
 /// Flystel Q_gamma function for prime fields:
 /// Qf(x) = beta x^2 + gamma
 /// x: input
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
index 8a5eaa6aa..24dca276c 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
@@ -18,6 +18,22 @@
 namespace libsnark
 {
 
+anemoi_parameters<libff::bls12_381_Fr>::anemoi_parameters()
+    : b_prime_field(false)
+    , multiplicative_generator_g(libff::Fr<libff::bls12_381_pp>(7))
+    , alpha(libff::Fr<libff::bls12_381_pp>(5))
+    , alpha_inv(libff::Fr<libff::bls12_381_pp>(
+          "2097435007005047619177909620327438633507622100021105512"
+          "9041463479975432473805"))
+    , beta(libff::Fr<libff::bls12_381_pp>(7))
+    , gamma(libff::Fr<libff::bls12_381_pp>(0))
+    , delta(libff::Fr<libff::bls12_381_pp>(
+          "14981678621464625851270783002338847382197300714436467949315"
+          "331057125308909861"))
+    , quad_exponent(2)
+{
+}
+
 // R1CS constraints for the operation y = const_a x^2 + const_b with x = input,
 // y = output. This operation is realized by the components \ref
 // flystel_Q_gamma_prime_field_gadget and \ref

From 2c25f012249555c7aa021cf46b31ff259b027d9c Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Wed, 19 Oct 2022 17:49:04 +0100
Subject: [PATCH 068/112] anemoi: created class with all anemoi parameters
 specialised by a given curve in a separate hpp file. removed all debug
 macros. added a separate class with anemoi parameters used for debug that is
 passed instead of the curve parameters class in debug mode. removed the
 interface of the anemoi round gadget as it is being developed in a dedicated
 branch.

---
 .../hashes/anemoi/anemoi_components.hpp       | 160 ++++-----------
 .../hashes/anemoi/anemoi_components.tcc       | 186 +++++++-----------
 .../hashes/anemoi/anemoi_parameters.hpp       |  93 +++++++++
 .../anemoi/tests/test_anemoi_gadget.cpp       |  88 ++++++---
 4 files changed, 265 insertions(+), 262 deletions(-)
 create mode 100644 libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.hpp

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
index 665aa01df..670b91f16 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
@@ -9,6 +9,8 @@
 #ifndef LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_COMPONENTS_HPP_
 #define LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_COMPONENTS_HPP_
 
+#include "libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.hpp"
+
 #include <libsnark/gadgetlib1/gadgets/basic_gadgets.hpp>
 
 /// Implementation of the Anenoi arithmetization-oriented hash function
@@ -25,82 +27,16 @@
 namespace libsnark
 {
 
-#define FLYSTEL_DEBUG
-#define FLYSTEL_MULTIPLICATIVE_SUBGROUP_GENERATOR 7
-// alpha constant used in the Flystel E transformation. note that
-// alpha is independent of the choice of the curve, but 1/alpha (see
-// below) depends on the curve (mores specifically -- on the modulus r of
-// its scalar field Fr)
-#define FLYSTEL_ALPHA_FIVE 5
-// the mapping f(x)=x^a=y: x,y \in Fr applied in the Flystel E
-// transformation (where a is alpha) is invertible if 1/a exists. then
-// f^-1(y)=y^1/a=x. 1/a exists if gcd(a,r-1)=1 where r is the modulus
-// of Fr. 1/a can be found with the extended Euclidean algorithm which
-// finds u,v s.t. ua+v(r-1)=1 mod (r-1)=ua and so u=1/a. parameter
-// FLYSTEL_ALPHA_FIVE_INVERSE gives the value of u=1/a for a=5 for the
-// curve BLS12-381 precomputed using the Sage command
-// inverse_mod(alpha, r-1). TODO: write a function anemoi_parameters()
-// specialized by ppT that loads the precomputed constants (including
-// alpha and the multiplicative subgroup generator
-// FLYSTEL_MULTIPLICATIVE_SUBGROUP_GENERATOR) for any curve
-#define FLYSTEL_ALPHA_FIVE_INVERSE                                             \
-    "209743500700504761917790962032743863350762210002110551290414634799754324" \
-    "73805"
-
-// original constants by specification
-// for BLS12-381
-// beta = g = first multiplicative generator = 7.
-// delta = g^(-1) =
-// 14981678621464625851270783002338847382197300714436467949315331057125308909861
-// gamma = 0
-
-// constants used for debug
-#define DEBUG_FLYSTEL_ALPHA 5
-#define DEBUG_FLYSTEL_BETA 2
-#define DEBUG_FLYSTEL_GAMMA 5
-#define DEBUG_FLYSTEL_DELTA 0
-
-/// Instances of this class should expose the following Anemoi
-/// parameters for every supported curve (with example values for the curve
-/// BLS12_381:
-///
-/// - prime field      = True
-/// - mult generator g = 7
-/// - alpha            = 5
-/// - alpha_inv        =
-/// 20974350070050476191779096203274386335076221000211055129041463479975432473805
-/// - beta             = 7
-/// - gamma            = 0
-/// - delta            =
-/// 14981678621464625851270783002338847382197300714436467949315331057125308909861
-/// - quad_exponent    = 2
-///
-/// See
-/// scripts/anemoi-hash/parameters.sage for details.
-template<typename FieldT> class anemoi_parameters;
-
-template<> class anemoi_parameters<libff::bls12_381_Fr>
-{
-public:
-    using FieldT = libff::Fr<libff::bls12_381_pp>;
-    const bool b_prime_field;
-    const FieldT multiplicative_generator_g;
-    const FieldT alpha;
-    const FieldT alpha_inv;
-    const FieldT beta;
-    const FieldT gamma;
-    const FieldT delta;
-    const unsigned int quad_exponent;
-    anemoi_parameters();
-};
-
 /// Flystel Q_gamma function for prime fields:
 /// Qf(x) = beta x^2 + gamma
 /// x: input
 /// y: output
-template<typename FieldT, size_t generator>
-class flystel_Q_gamma_prime_field_gadget : public gadget<FieldT>
+// template<typename ppT, size_t generator>
+template<typename ppT, class parameters = anemoi_parameters<libff::Fr<ppT>>>
+class flystel_Q_gamma_prime_field_gadget : public gadget<libff::Fr<ppT>>
 {
+    using FieldT = libff::Fr<ppT>;
+
 private:
     const FieldT beta;
     const FieldT gamma;
@@ -123,9 +59,11 @@ class flystel_Q_gamma_prime_field_gadget : public gadget<FieldT>
 /// Qf(x) = beta x^2 + delta
 /// x: input
 /// y: output
-template<typename FieldT, size_t generator>
-class flystel_Q_delta_prime_field_gadget : public gadget<FieldT>
+template<typename ppT, class parameters = anemoi_parameters<libff::Fr<ppT>>>
+class flystel_Q_delta_prime_field_gadget : public gadget<libff::Fr<ppT>>
 {
+    using FieldT = libff::Fr<ppT>;
+
 private:
     const FieldT beta;
     const FieldT delta;
@@ -151,9 +89,11 @@ class flystel_Q_delta_prime_field_gadget : public gadget<FieldT>
 /// x: input
 /// y: output
 /// beta, gamma: constants
-template<typename FieldT, size_t generator>
-class flystel_Q_gamma_binary_field_gadget : public gadget<FieldT>
+template<typename ppT, class parameters = anemoi_parameters<libff::Fr<ppT>>>
+class flystel_Q_gamma_binary_field_gadget : public gadget<libff::Fr<ppT>>
 {
+    using FieldT = libff::Fr<ppT>;
+
 private:
     const pb_variable<FieldT> internal;
     const FieldT beta;
@@ -180,9 +120,11 @@ class flystel_Q_gamma_binary_field_gadget : public gadget<FieldT>
 /// x: input
 /// y: output
 /// beta, delta: constants
-template<typename FieldT, size_t generator>
-class flystel_Q_delta_binary_field_gadget : public gadget<FieldT>
+template<typename ppT, class parameters = anemoi_parameters<libff::Fr<ppT>>>
+class flystel_Q_delta_binary_field_gadget : public gadget<libff::Fr<ppT>>
 {
+    using FieldT = libff::Fr<ppT>;
+
 private:
     const pb_variable<FieldT> internal;
     const FieldT beta;
@@ -205,9 +147,11 @@ class flystel_Q_delta_binary_field_gadget : public gadget<FieldT>
 /// Compute y = x^5
 /// x: input
 /// y: output
-template<typename FieldT>
-class flystel_E_power_five_gadget : public gadget<FieldT>
+template<typename ppT>
+class flystel_E_power_five_gadget : public gadget<libff::Fr<ppT>>
 {
+    using FieldT = libff::Fr<ppT>;
+
 private:
     // internal (i.e. intermediate) variables
     const pb_variable<FieldT> a0;
@@ -230,9 +174,11 @@ class flystel_E_power_five_gadget : public gadget<FieldT>
 /// Compute y = x^1/5
 /// x: input
 /// y: output
-template<typename FieldT>
-class flystel_E_root_five_gadget : public gadget<FieldT>
+template<typename ppT, class parameters = anemoi_parameters<libff::Fr<ppT>>>
+class flystel_E_root_five_gadget : public gadget<libff::Fr<ppT>>
 {
+    using FieldT = libff::Fr<ppT>;
+
 private:
     // internal (i.e. intermediate) variables
     const pb_variable<FieldT> a0;
@@ -266,9 +212,11 @@ class flystel_E_root_five_gadget : public gadget<FieldT>
 /// y1 = x1 - a1
 ///
 /// \note: in [BBCPSVW22] (x0,x1)->(y0,y1) is denoted with (x,y)->(u,v)
-template<typename FieldT, size_t generator>
-class flystel_prime_field_gadget : public gadget<FieldT>
+template<typename ppT, class parameters = anemoi_parameters<libff::Fr<ppT>>>
+class flystel_prime_field_gadget : public gadget<libff::Fr<ppT>>
 {
+    using FieldT = libff::Fr<ppT>;
+
 private:
     // internal (i.e. intermediate) variables
     const pb_variable<FieldT> a0;
@@ -281,9 +229,9 @@ class flystel_prime_field_gadget : public gadget<FieldT>
     const pb_variable<FieldT> output_y0;
     const pb_variable<FieldT> output_y1;
 
-    flystel_Q_gamma_prime_field_gadget<FieldT, generator> Q_gamma;
-    flystel_Q_delta_prime_field_gadget<FieldT, generator> Q_delta;
-    flystel_E_root_five_gadget<FieldT> E_root_five;
+    flystel_Q_gamma_prime_field_gadget<ppT, parameters> Q_gamma;
+    flystel_Q_delta_prime_field_gadget<ppT, parameters> Q_delta;
+    flystel_E_root_five_gadget<ppT, parameters> E_root_five;
 
     flystel_prime_field_gadget(
         protoboard<FieldT> &pb,
@@ -302,46 +250,8 @@ template<typename FieldT, size_t NumStateColumns_L>
 std::array<std::array<FieldT, NumStateColumns_L>, NumStateColumns_L>
 anemoi_permutation_mds(const FieldT g);
 
-/// One round of the Anemoi permutation mapping (Fr)^{2l} -> (Fr)^{2l}
-///
-/// NumStateColumns_L : l parameter - number of columns in the
-///                     state. can be 1,2,3,4. each column is composed of 2
-///                     elements in F_r. One Flystel Sbox accepts 1 column as
-///                     input. There are l Flystel-s in 1 round of the
-///                     Anemoi permutation applied in parallel.
-///
-/// x0,x1: input
-/// y0,y1: output
-///
-// template<typename FieldT, FieldT beta, FieldT gamma, FieldT delta>
-template<typename FieldT, size_t generator, size_t NumStateColumns_L>
-class anemoi_permutation_round_prime_field_gadget : public gadget<FieldT>
-{
-private:
-    // array of C round constants
-    std::array<FieldT, NumStateColumns_L> c_const;
-    // array of D round constants
-    std::array<FieldT, NumStateColumns_L> d_const;
-    // matrix M
-    std::array<std::array<FieldT, NumStateColumns_L>, NumStateColumns_L> M;
-    // array of Flystel S-boxes
-    std::array<flystel_prime_field_gadget<FieldT, generator>, NumStateColumns_L>
-        flystel;
-
-public:
-    std::array<pb_variable<FieldT>, 2 * NumStateColumns_L> input;
-    std::array<pb_variable<FieldT>, 2 * NumStateColumns_L> output;
-
-    anemoi_permutation_round_prime_field_gadget(
-        std::array<pb_variable<FieldT>, 2 * NumStateColumns_L> &input,
-        std::array<pb_variable<FieldT>, 2 * NumStateColumns_L> &output);
-
-    void generate_r1cs_constraints();
-    void generate_r1cs_witness();
-};
-
 } // namespace libsnark
 
-#include <libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc>
+#include "libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc"
 
 #endif // LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_COMPONENTS_HPP_
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
index 24dca276c..39c11d492 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
@@ -18,22 +18,6 @@
 namespace libsnark
 {
 
-anemoi_parameters<libff::bls12_381_Fr>::anemoi_parameters()
-    : b_prime_field(false)
-    , multiplicative_generator_g(libff::Fr<libff::bls12_381_pp>(7))
-    , alpha(libff::Fr<libff::bls12_381_pp>(5))
-    , alpha_inv(libff::Fr<libff::bls12_381_pp>(
-          "2097435007005047619177909620327438633507622100021105512"
-          "9041463479975432473805"))
-    , beta(libff::Fr<libff::bls12_381_pp>(7))
-    , gamma(libff::Fr<libff::bls12_381_pp>(0))
-    , delta(libff::Fr<libff::bls12_381_pp>(
-          "14981678621464625851270783002338847382197300714436467949315"
-          "331057125308909861"))
-    , quad_exponent(2)
-{
-}
-
 // R1CS constraints for the operation y = const_a x^2 + const_b with x = input,
 // y = output. This operation is realized by the components \ref
 // flystel_Q_gamma_prime_field_gadget and \ref
@@ -50,28 +34,24 @@ anemoi_parameters<libff::bls12_381_Fr>::anemoi_parameters()
 //
 // where A =(0, const_a, 0), B=(0, 1, 0) and C =(-const_b, 0, 1)
 
-template<typename FieldT, size_t generator>
-flystel_Q_gamma_prime_field_gadget<FieldT, generator>::
+// template<typename ppT, size_t generator>
+template<typename ppT, class parameters>
+flystel_Q_gamma_prime_field_gadget<ppT, parameters>::
     flystel_Q_gamma_prime_field_gadget(
-        protoboard<FieldT> &pb,
-        const linear_combination<FieldT> &input,
-        const pb_variable<FieldT> &output,
+        protoboard<libff::Fr<ppT>> &pb,
+        const linear_combination<libff::Fr<ppT>> &input,
+        const pb_variable<libff::Fr<ppT>> &output,
         const std::string &annotation_prefix)
-    : gadget<FieldT>(pb, annotation_prefix)
-#ifdef FLYSTEL_DEBUG
-    , beta(DEBUG_FLYSTEL_BETA)
-    , gamma(DEBUG_FLYSTEL_GAMMA)
-#else
-    , beta(FieldT(generator))
-    , gamma(FieldT(0))
-#endif // #ifdef FLYSTEL_DEBUG
+    : gadget<libff::Fr<ppT>>(pb, annotation_prefix)
+    , beta(parameters::beta)
+    , gamma(parameters::gamma)
     , input(input)
     , output(output)
 {
 }
 
-template<typename FieldT, size_t generator>
-void flystel_Q_gamma_prime_field_gadget<FieldT, generator>::
+template<typename ppT, class parameters>
+void flystel_Q_gamma_prime_field_gadget<ppT, parameters>::
     generate_r1cs_constraints()
 {
     // Constraint has the form:
@@ -85,38 +65,34 @@ void flystel_Q_gamma_prime_field_gadget<FieldT, generator>::
 
 // compute a witness y for a given input x for the computation y =
 // beta x^2 + gamma
-template<typename FieldT, size_t generator>
-void flystel_Q_gamma_prime_field_gadget<FieldT, generator>::
+template<typename ppT, class parameters>
+void flystel_Q_gamma_prime_field_gadget<ppT, parameters>::
     generate_r1cs_witness()
 {
+    using FieldT = libff::Fr<ppT>;
     const FieldT input_value =
         input.evaluate(this->pb.full_variable_assignment());
     // y = beta x^2 + gamma
     this->pb.val(output) = this->beta * input_value * input_value + this->gamma;
 }
 
-template<typename FieldT, size_t generator>
-flystel_Q_delta_prime_field_gadget<FieldT, generator>::
+template<typename ppT, class parameters>
+flystel_Q_delta_prime_field_gadget<ppT, parameters>::
     flystel_Q_delta_prime_field_gadget(
         protoboard<FieldT> &pb,
         const linear_combination<FieldT> &input,
         const pb_variable<FieldT> &output,
         const std::string &annotation_prefix)
     : gadget<FieldT>(pb, annotation_prefix)
-#ifdef FLYSTEL_DEBUG
-    , beta(DEBUG_FLYSTEL_BETA)
-    , delta(DEBUG_FLYSTEL_DELTA)
-#elif
-    , beta(FieldT(generator))
-    , delta(FieldT(generator).inverse())
-#endif // #ifdef FLYSTEL_DEBUG
+    , beta(parameters::beta)
+    , delta(parameters::delta)
     , input(input)
     , output(output)
 {
 }
 
-template<typename FieldT, size_t generator>
-void flystel_Q_delta_prime_field_gadget<FieldT, generator>::
+template<typename ppT, class parameters>
+void flystel_Q_delta_prime_field_gadget<ppT, parameters>::
     generate_r1cs_constraints()
 {
     // Constraint has the form:
@@ -130,8 +106,8 @@ void flystel_Q_delta_prime_field_gadget<FieldT, generator>::
 
 // compute a witness y for a given input x for the computation y =
 // beta x^2 + delta, where x=input, y=output
-template<typename FieldT, size_t generator>
-void flystel_Q_delta_prime_field_gadget<FieldT, generator>::
+template<typename ppT, class parameters>
+void flystel_Q_delta_prime_field_gadget<ppT, parameters>::
     generate_r1cs_witness()
 {
     const FieldT input_value =
@@ -156,8 +132,8 @@ void flystel_Q_delta_prime_field_gadget<FieldT, generator>::
 //
 // where A0=(0, beta, 0, 0), B0=(0, 1, 0, 0), C0=(0, 0, 1, 0) and
 // A1=(0, 0, 1, 0), B1=(0, 1, 0, 0), C1=(-gamma, 0, 0, 1)
-template<typename FieldT, size_t generator>
-flystel_Q_gamma_binary_field_gadget<FieldT, generator>::
+template<typename ppT, class parameters>
+flystel_Q_gamma_binary_field_gadget<ppT, parameters>::
     flystel_Q_gamma_binary_field_gadget(
         protoboard<FieldT> &pb,
         const linear_combination<FieldT> &input,
@@ -166,20 +142,15 @@ flystel_Q_gamma_binary_field_gadget<FieldT, generator>::
     : gadget<FieldT>(pb, annotation_prefix)
     , internal(pb_variable_allocate<FieldT>(
           pb, FMT(this->annotation_prefix, " internal")))
-#ifdef FLYSTEL_DEBUG
-    , beta(DEBUG_FLYSTEL_BETA)
-    , gamma(DEBUG_FLYSTEL_GAMMA)
-#elif
-    , beta(FieldT(generator))
-    , gamma(FieldT(0))
-#endif // #ifdef FLYSTEL_DEBUG
+    , beta(parameters::beta)
+    , gamma(parameters::gamma)
     , input(input)
     , output(output)
 {
 }
 
-template<typename FieldT, size_t generator>
-void flystel_Q_gamma_binary_field_gadget<FieldT, generator>::
+template<typename ppT, class parameters>
+void flystel_Q_gamma_binary_field_gadget<ppT, parameters>::
     generate_r1cs_constraints()
 {
     // (beta * input) * input = internal
@@ -192,8 +163,8 @@ void flystel_Q_gamma_binary_field_gadget<FieldT, generator>::
         FMT(this->annotation_prefix, " x_square * x = y - gamma"));
 }
 
-template<typename FieldT, size_t generator>
-void flystel_Q_gamma_binary_field_gadget<FieldT, generator>::
+template<typename ppT, class parameters>
+void flystel_Q_gamma_binary_field_gadget<ppT, parameters>::
     generate_r1cs_witness()
 {
     const FieldT input_value =
@@ -208,8 +179,8 @@ void flystel_Q_gamma_binary_field_gadget<FieldT, generator>::
 // x=input, y=output. This operation is represented with two
 // multiplications as y-delta = ((beta x * x) * x).
 // \see flystel_Q_delta_binary_field_gadget
-template<typename FieldT, size_t generator>
-flystel_Q_delta_binary_field_gadget<FieldT, generator>::
+template<typename ppT, class parameters>
+flystel_Q_delta_binary_field_gadget<ppT, parameters>::
     flystel_Q_delta_binary_field_gadget(
         protoboard<FieldT> &pb,
         const linear_combination<FieldT> &input,
@@ -218,20 +189,15 @@ flystel_Q_delta_binary_field_gadget<FieldT, generator>::
     : gadget<FieldT>(pb, annotation_prefix)
     , internal(pb_variable_allocate<FieldT>(
           pb, FMT(this->annotation_prefix, " internal")))
-#ifdef FLYSTEL_DEBUG
-    , beta(DEBUG_FLYSTEL_BETA)
-    , delta(DEBUG_FLYSTEL_DELTA)
-#elif
-    , beta(FieldT(generator))
-    , delta(FieldT(0))
-#endif // #ifdef FLYSTEL_DEBUG
+    , beta(parameters::beta)
+    , delta(parameters::delta)
     , input(input)
     , output(output)
 {
 }
 
-template<typename FieldT, size_t generator>
-void flystel_Q_delta_binary_field_gadget<FieldT, generator>::
+template<typename ppT, class parameters>
+void flystel_Q_delta_binary_field_gadget<ppT, parameters>::
     generate_r1cs_constraints()
 {
     // (beta * input) * input = internal
@@ -244,8 +210,8 @@ void flystel_Q_delta_binary_field_gadget<FieldT, generator>::
         FMT(this->annotation_prefix, " x_square * x = y - delta"));
 }
 
-template<typename FieldT, size_t generator>
-void flystel_Q_delta_binary_field_gadget<FieldT, generator>::
+template<typename ppT, class parameters>
+void flystel_Q_delta_binary_field_gadget<ppT, parameters>::
     generate_r1cs_witness()
 {
     const FieldT input_value =
@@ -273,11 +239,11 @@ void flystel_Q_delta_binary_field_gadget<FieldT, generator>::
 //
 // where A0=(01000), B0=(01000), C0=(00100); A1=(00100), B0=(00100),
 // C0=(00010) and A2=(01000), B2=(00010), C2=(00001)
-template<typename FieldT>
-flystel_E_power_five_gadget<FieldT>::flystel_E_power_five_gadget(
-    protoboard<FieldT> &pb,
-    const linear_combination<FieldT> &input,
-    const pb_variable<FieldT> &output,
+template<typename ppT>
+flystel_E_power_five_gadget<ppT>::flystel_E_power_five_gadget(
+    protoboard<libff::Fr<ppT>> &pb,
+    const linear_combination<libff::Fr<ppT>> &input,
+    const pb_variable<libff::Fr<ppT>> &output,
     const std::string &annotation_prefix)
     : gadget<FieldT>(pb, annotation_prefix)
     , a0(pb_variable_allocate(pb, FMT(annotation_prefix, " a0")))
@@ -287,8 +253,8 @@ flystel_E_power_five_gadget<FieldT>::flystel_E_power_five_gadget(
 {
 }
 
-template<typename FieldT>
-void flystel_E_power_five_gadget<FieldT>::generate_r1cs_constraints()
+template<typename ppT>
+void flystel_E_power_five_gadget<ppT>::generate_r1cs_constraints()
 {
     // x1*x1 = x2
     this->pb.add_r1cs_constraint(
@@ -304,8 +270,8 @@ void flystel_E_power_five_gadget<FieldT>::generate_r1cs_constraints()
         FMT(this->annotation_prefix, " x^1 * x^4 = x^5"));
 }
 
-template<typename FieldT>
-void flystel_E_power_five_gadget<FieldT>::generate_r1cs_witness()
+template<typename ppT>
+void flystel_E_power_five_gadget<ppT>::generate_r1cs_witness()
 {
     const FieldT input_value =
         input.evaluate(this->pb.full_variable_assignment());
@@ -336,11 +302,11 @@ void flystel_E_power_five_gadget<FieldT>::generate_r1cs_witness()
 //
 // where A0=(01000), B0=(01000), C0=(00100); A1=(00100), B0=(00100),
 // C0=(00010) and A2=(01000), B2=(00010), C2=(00001)
-template<typename FieldT>
-flystel_E_root_five_gadget<FieldT>::flystel_E_root_five_gadget(
-    protoboard<FieldT> &pb,
-    const linear_combination<FieldT> &input,
-    const pb_variable<FieldT> &output,
+template<typename ppT, class parameters>
+flystel_E_root_five_gadget<ppT, parameters>::flystel_E_root_five_gadget(
+    protoboard<libff::Fr<ppT>> &pb,
+    const linear_combination<libff::Fr<ppT>> &input,
+    const pb_variable<libff::Fr<ppT>> &output,
     const std::string &annotation_prefix)
     : gadget<FieldT>(pb, annotation_prefix)
     , a0(pb_variable_allocate(pb, FMT(annotation_prefix, " a0")))
@@ -350,9 +316,10 @@ flystel_E_root_five_gadget<FieldT>::flystel_E_root_five_gadget(
 {
 }
 
-template<typename FieldT>
-void flystel_E_root_five_gadget<FieldT>::generate_r1cs_constraints()
+template<typename ppT, class parameters>
+void flystel_E_root_five_gadget<ppT, parameters>::generate_r1cs_constraints()
 {
+    using FieldT = libff::Fr<ppT>;
     // y1*y1 = y2
     this->pb.add_r1cs_constraint(
         r1cs_constraint<FieldT>(output, output, a0),
@@ -367,13 +334,14 @@ void flystel_E_root_five_gadget<FieldT>::generate_r1cs_constraints()
         FMT(this->annotation_prefix, " y * y^4 = y^5"));
 }
 
-template<typename FieldT>
-void flystel_E_root_five_gadget<FieldT>::generate_r1cs_witness()
+template<typename ppT, class parameters>
+void flystel_E_root_five_gadget<ppT, parameters>::generate_r1cs_witness()
 {
     const FieldT input_value =
         input.evaluate(this->pb.full_variable_assignment());
     FieldT x = input_value; // this->pb.lc_val(input);
-    FieldT y = power(x, libff::bigint<5>(FLYSTEL_ALPHA_FIVE_INVERSE));
+    FieldT y = power(x, parameters::alpha_inv);
+
     // x2 = x1 * x1
     this->pb.val(a0) = y * y;
     // x3 = x2 * x2
@@ -382,15 +350,15 @@ void flystel_E_root_five_gadget<FieldT>::generate_r1cs_witness()
     this->pb.val(output) = y;
 }
 
-template<typename FieldT, size_t generator>
-flystel_prime_field_gadget<FieldT, generator>::flystel_prime_field_gadget(
-    protoboard<FieldT> &pb,
-    const linear_combination<FieldT> &x0,
-    const linear_combination<FieldT> &x1,
-    const pb_variable<FieldT> &y0,
-    const pb_variable<FieldT> &y1,
+template<typename ppT, class parameters>
+flystel_prime_field_gadget<ppT, parameters>::flystel_prime_field_gadget(
+    protoboard<libff::Fr<ppT>> &pb,
+    const linear_combination<libff::Fr<ppT>> &x0,
+    const linear_combination<libff::Fr<ppT>> &x1,
+    const pb_variable<libff::Fr<ppT>> &y0,
+    const pb_variable<libff::Fr<ppT>> &y1,
     const std::string &annotation_prefix)
-    : gadget<FieldT>(pb, annotation_prefix)
+    : gadget<libff::Fr<ppT>>(pb, annotation_prefix)
     , a0(pb_variable_allocate(pb, FMT(annotation_prefix, " a0")))
     , a1(pb_variable_allocate(pb, FMT(annotation_prefix, " a1")))
     , a2(pb_variable_allocate(pb, FMT(annotation_prefix, " a2")))
@@ -404,16 +372,16 @@ flystel_prime_field_gadget<FieldT, generator>::flystel_prime_field_gadget(
 {
 }
 
-template<typename FieldT, size_t generator>
-void flystel_prime_field_gadget<FieldT, generator>::generate_r1cs_constraints()
+template<typename ppT, class parameters>
+void flystel_prime_field_gadget<ppT, parameters>::generate_r1cs_constraints()
 {
     Q_gamma.generate_r1cs_constraints();
     Q_delta.generate_r1cs_constraints();
     E_root_five.generate_r1cs_constraints();
 }
 
-template<typename FieldT, size_t generator>
-void flystel_prime_field_gadget<FieldT, generator>::generate_r1cs_witness()
+template<typename ppT, class parameters>
+void flystel_prime_field_gadget<ppT, parameters>::generate_r1cs_witness()
 {
     Q_gamma.generate_r1cs_witness();
     E_root_five.generate_r1cs_witness();
@@ -457,18 +425,6 @@ anemoi_permutation_mds(const FieldT g)
         "Error: invalid number of columns. Must be 2,3 or 4 .");
 }
 
-template<typename FieldT, size_t generator, size_t NumStateColumns_L>
-anemoi_permutation_round_prime_field_gadget<
-    FieldT,
-    generator,
-    NumStateColumns_L>::
-    anemoi_permutation_round_prime_field_gadget(
-        std::array<pb_variable<FieldT>, 2 * NumStateColumns_L> &input,
-        std::array<pb_variable<FieldT>, 2 * NumStateColumns_L> &output)
-    : input(input), output(output)
-{
-}
-
 } // namespace libsnark
 
 #endif // LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_COMPONENTS_TCC_
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.hpp
new file mode 100644
index 000000000..1c85635f2
--- /dev/null
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.hpp
@@ -0,0 +1,93 @@
+/** @file
+ *****************************************************************************
+
+ *****************************************************************************
+ * @author     This file is part of libsnark, developed by SCIPR Lab
+ *             and contributors (see AUTHORS).
+ * @copyright  MIT license (see LICENSE file)
+ *****************************************************************************/
+
+#ifndef LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_PARAMETERS_HPP_
+#define LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_PARAMETERS_HPP_
+
+#include <libsnark/gadgetlib1/gadgets/basic_gadgets.hpp>
+
+namespace libsnark
+{
+
+/// Instances of this class expose the following Anemoi parameters for every
+/// supported curve
+///
+/// - prime_field      : is it a prime field (True) or a binary field (False)
+/// - mult_generator_g : the smallest generator of the multiplicative
+///                      subgroup of the scalar field Fr
+/// - alpha            : exponent applied in the Flystel E transformation: E(x)
+///                      = x^alpha
+/// - alpha_inv        : the inverse of alpha modulo r-1 where r is the
+///                      modulus of the scalar field Fr. alpha_inv is
+///                      the exponent applied in the inverse mapping
+///                      of E: E^{-1}(x) = x^{1/alpha}
+/// - beta             : multiplicative constant applied in the quadratic
+///                      mappings Q_delta = beta x^quad_exponent + delta and
+///                      Q_gamma = beta x^quad_exponent + gamma
+/// - gamma             : additive constant applied in the quadratic
+///                       mapping Q_gamma = beta x^quad_exponent + gamma
+/// - delta             : additive constant applied in the quadratic
+///                       mapping Q_delta = beta x^quad_exponent + delta
+/// - quad_exponent    : quadratic exponent applied in the mappings Q_gamma,
+///                      Q_delta. Note that quad_exponent=2 for prime fields and
+///                      quad_exponent=3 for binary fields
+///
+/// The values for the above parameters for each supported curve were generated
+/// with the following Sage script scripts/anemoi-hash/parameters.sage .
+template<typename ppT> class anemoi_parameters;
+
+template<> class anemoi_parameters<libff::bls12_381_pp>
+{
+public:
+    using ppT = libff::bls12_381_pp;
+    using FieldT = libff::Fr<ppT>;
+    static const bool b_prime_field = false;
+    static const libff::bigint<FieldT::num_limbs> multiplicative_generator_g;
+    static const libff::bigint<FieldT::num_limbs> alpha;
+    static const libff::bigint<FieldT::num_limbs> alpha_inv;
+    static const libff::bigint<FieldT::num_limbs> beta;
+    static const libff::bigint<FieldT::num_limbs> gamma;
+    static const libff::bigint<FieldT::num_limbs> delta;
+    static const libff::bigint<FieldT::num_limbs> quad_exponent;
+};
+
+const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>
+    anemoi_parameters<libff::bls12_381_pp>::multiplicative_generator_g =
+        libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>("7");
+
+const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>
+    anemoi_parameters<libff::bls12_381_pp>::alpha =
+        libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>("5");
+
+const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>
+    anemoi_parameters<libff::bls12_381_pp>::alpha_inv =
+        libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "209743500700504761917790962032743863350762210002110551290414634799"
+            "75432473805");
+
+const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>
+    anemoi_parameters<libff::bls12_381_pp>::beta = multiplicative_generator_g;
+
+const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>
+    anemoi_parameters<libff::bls12_381_pp>::gamma =
+        libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>("0");
+
+const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>
+    anemoi_parameters<libff::bls12_381_pp>::delta =
+        libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "14981678621464625851270783002338847382197300714436467949315"
+            "331057125308909861");
+
+const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>
+    anemoi_parameters<libff::bls12_381_pp>::quad_exponent =
+        libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>("2");
+
+} // namespace libsnark
+
+#endif // LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_PARAMETERS_HPP_
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
index 3e3380b81..508de2252 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
@@ -19,6 +19,53 @@
 
 using namespace libsnark;
 
+template<typename ppT> class debug_parameters;
+
+template<> class debug_parameters<libff::bls12_381_pp>
+{
+public:
+    using ppT = libff::bls12_381_pp;
+    using FieldT = libff::Fr<ppT>;
+    static const bool b_prime_field = false;
+    static const libff::bigint<FieldT::num_limbs> multiplicative_generator_g;
+    static const libff::bigint<FieldT::num_limbs> alpha;
+    static const libff::bigint<FieldT::num_limbs> alpha_inv;
+    static const libff::bigint<FieldT::num_limbs> beta;
+    static const libff::bigint<FieldT::num_limbs> gamma;
+    static const libff::bigint<FieldT::num_limbs> delta;
+    static const libff::bigint<FieldT::num_limbs> quad_exponent;
+};
+
+const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>
+    debug_parameters<libff::bls12_381_pp>::multiplicative_generator_g =
+        libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>("7");
+
+const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>
+    debug_parameters<libff::bls12_381_pp>::alpha =
+        libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>("5");
+
+const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>
+    debug_parameters<libff::bls12_381_pp>::alpha_inv =
+        libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "209743500700504761917790962032743863350762210002110551290414634799"
+            "75432473805");
+
+const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>
+    debug_parameters<libff::bls12_381_pp>::beta =
+        libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>("2");
+
+const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>
+    debug_parameters<libff::bls12_381_pp>::gamma =
+        libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>("5");
+
+const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>
+    debug_parameters<libff::bls12_381_pp>::delta =
+        libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>("0");
+
+const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>
+    debug_parameters<libff::bls12_381_pp>::quad_exponent =
+        libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>("2");
+
 template<typename ppT>
 void test_pb_verify_circuit(protoboard<libff::Fr<ppT>> &pb)
 {
@@ -33,7 +80,8 @@ void test_pb_verify_circuit(protoboard<libff::Fr<ppT>> &pb)
         keypair.vk, primary_input, proof));
 }
 
-template<typename ppT> void test_flystel_Q_gamma_prime_field_gadget()
+template<typename ppT, class parameters>
+void test_flystel_Q_gamma_prime_field_gadget()
 {
     using FieldT = libff::Fr<ppT>;
     protoboard<FieldT> pb;
@@ -46,10 +94,7 @@ template<typename ppT> void test_flystel_Q_gamma_prime_field_gadget()
     y.allocate(pb, "y");
 
     // create gadget
-    flystel_Q_gamma_prime_field_gadget<
-        FieldT,
-        FLYSTEL_MULTIPLICATIVE_SUBGROUP_GENERATOR>
-        d(pb, x, y, "d");
+    flystel_Q_gamma_prime_field_gadget<ppT, parameters> d(pb, x, y, "d");
     // generate contraints
     d.generate_r1cs_constraints();
     // set input value
@@ -65,7 +110,8 @@ template<typename ppT> void test_flystel_Q_gamma_prime_field_gadget()
     libff::print_time("flystel_power_two_gadget tests successful");
 }
 
-template<typename ppT> void test_flystel_Q_gamma_binary_field_gadge()
+template<typename ppT, class parameters = anemoi_parameters<libff::Fr<ppT>>>
+void test_flystel_Q_gamma_binary_field_gadget()
 {
     using FieldT = libff::Fr<ppT>;
 
@@ -79,10 +125,7 @@ template<typename ppT> void test_flystel_Q_gamma_binary_field_gadge()
     y.allocate(pb, "y");
 
     // create gadget
-    flystel_Q_gamma_binary_field_gadget<
-        FieldT,
-        FLYSTEL_MULTIPLICATIVE_SUBGROUP_GENERATOR>
-        d(pb, x, y, "d");
+    flystel_Q_gamma_binary_field_gadget<ppT, parameters> d(pb, x, y, "d");
     // generate contraints
     d.generate_r1cs_constraints();
     // set input value
@@ -112,7 +155,7 @@ template<typename ppT> void test_flystel_E_power_five_gadget()
     y.allocate(pb, "y");
 
     // create gadget
-    flystel_E_power_five_gadget<FieldT> d(pb, x, y, "d");
+    flystel_E_power_five_gadget<ppT> d(pb, x, y, "d");
     // generate contraints
     d.generate_r1cs_constraints();
     // set input value
@@ -128,7 +171,8 @@ template<typename ppT> void test_flystel_E_power_five_gadget()
     libff::print_time("flystel_E_power_five_gadget tests successful");
 }
 
-template<typename ppT> void test_flystel_E_root_five_gadget()
+template<typename ppT, class parameters = anemoi_parameters<libff::Fr<ppT>>>
+void test_flystel_E_root_five_gadget()
 {
     using FieldT = libff::Fr<ppT>;
 
@@ -142,7 +186,7 @@ template<typename ppT> void test_flystel_E_root_five_gadget()
     y.allocate(pb, "y");
 
     // create gadget
-    flystel_E_root_five_gadget<FieldT> d(pb, x, y, "d");
+    flystel_E_root_five_gadget<ppT, parameters> d(pb, x, y, "d");
     // generate contraints
     d.generate_r1cs_constraints();
     // set input value
@@ -162,7 +206,8 @@ template<typename ppT> void test_flystel_E_root_five_gadget()
     libff::print_time("flystel_E_root_five_gadget tests successful");
 }
 
-template<typename ppT> void test_flystel_prime_field_gadget()
+template<typename ppT, class parameters = anemoi_parameters<libff::Fr<ppT>>>
+void test_flystel_prime_field_gadget()
 {
     using FieldT = libff::Fr<ppT>;
 
@@ -173,10 +218,8 @@ template<typename ppT> void test_flystel_prime_field_gadget()
     pb_variable<FieldT> y0 = pb_variable_allocate(pb, "y0");
     pb_variable<FieldT> y1 = pb_variable_allocate(pb, "y1");
 
-    flystel_prime_field_gadget<
-        FieldT,
-        FLYSTEL_MULTIPLICATIVE_SUBGROUP_GENERATOR>
-        d(pb, x0, x1, y0, y1, "flystel");
+    flystel_prime_field_gadget<ppT, parameters> d(
+        pb, x0, x1, y0, y1, "flystel");
 
     // generate constraints
     d.generate_r1cs_constraints();
@@ -204,12 +247,13 @@ template<typename ppT> void test_for_curve()
     // Execute all tests for the given curve.
 
     ppT::init_public_params();
+    using parameters = debug_parameters<ppT>;
 
-    test_flystel_Q_gamma_prime_field_gadget<ppT>();
-    test_flystel_Q_gamma_binary_field_gadge<ppT>();
+    test_flystel_Q_gamma_prime_field_gadget<ppT, parameters>();
+    test_flystel_Q_gamma_binary_field_gadget<ppT, parameters>();
     test_flystel_E_power_five_gadget<ppT>();
-    test_flystel_E_root_five_gadget<ppT>();
-    test_flystel_prime_field_gadget<ppT>();
+    test_flystel_E_root_five_gadget<ppT, parameters>();
+    test_flystel_prime_field_gadget<ppT, parameters>();
 }
 
 TEST(TestAnemoiGadget, BLS12_381) { test_for_curve<libff::bls12_381_pp>(); }

From 567dfb685e334e4c7afa1e71790371486c805db7 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Fri, 4 Nov 2022 14:06:38 +0000
Subject: [PATCH 069/112] anemoi: removed x,y from all comments since the input
 and output/result variables have names that are self-explanatory
 (https://github.com/clearmatics/libsnark/pull/76#discussion_r1010462072)

---
 .../hashes/anemoi/anemoi_components.hpp       | 21 +------------------
 1 file changed, 1 insertion(+), 20 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
index 670b91f16..2ec83b25d 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
@@ -29,9 +29,6 @@ namespace libsnark
 
 /// Flystel Q_gamma function for prime fields:
 /// Qf(x) = beta x^2 + gamma
-/// x: input
-/// y: output
-// template<typename ppT, size_t generator>
 template<typename ppT, class parameters = anemoi_parameters<libff::Fr<ppT>>>
 class flystel_Q_gamma_prime_field_gadget : public gadget<libff::Fr<ppT>>
 {
@@ -57,8 +54,6 @@ class flystel_Q_gamma_prime_field_gadget : public gadget<libff::Fr<ppT>>
 
 /// Flystel Q_delta function for prime fields:
 /// Qf(x) = beta x^2 + delta
-/// x: input
-/// y: output
 template<typename ppT, class parameters = anemoi_parameters<libff::Fr<ppT>>>
 class flystel_Q_delta_prime_field_gadget : public gadget<libff::Fr<ppT>>
 {
@@ -84,11 +79,6 @@ class flystel_Q_delta_prime_field_gadget : public gadget<libff::Fr<ppT>>
 
 /// Flystel Q_gamma function for binary fields:
 /// Qi(x) = beta x^3 + gamma
-///
-/// Compute y = beta x^3 + gamma
-/// x: input
-/// y: output
-/// beta, gamma: constants
 template<typename ppT, class parameters = anemoi_parameters<libff::Fr<ppT>>>
 class flystel_Q_gamma_binary_field_gadget : public gadget<libff::Fr<ppT>>
 {
@@ -115,11 +105,6 @@ class flystel_Q_gamma_binary_field_gadget : public gadget<libff::Fr<ppT>>
 
 /// Flystel Q_delta function for binary fields:
 /// Qi(x) = beta x^3 + delta
-///
-/// Compute y = beta x^3 + delta
-/// x: input
-/// y: output
-/// beta, delta: constants
 template<typename ppT, class parameters = anemoi_parameters<libff::Fr<ppT>>>
 class flystel_Q_delta_binary_field_gadget : public gadget<libff::Fr<ppT>>
 {
@@ -145,8 +130,6 @@ class flystel_Q_delta_binary_field_gadget : public gadget<libff::Fr<ppT>>
 };
 
 /// Compute y = x^5
-/// x: input
-/// y: output
 template<typename ppT>
 class flystel_E_power_five_gadget : public gadget<libff::Fr<ppT>>
 {
@@ -171,9 +154,7 @@ class flystel_E_power_five_gadget : public gadget<libff::Fr<ppT>>
     void generate_r1cs_witness();
 };
 
-/// Compute y = x^1/5
-/// x: input
-/// y: output
+/// Compute y = x^1/5, x=input, y=output/result
 template<typename ppT, class parameters = anemoi_parameters<libff::Fr<ppT>>>
 class flystel_E_root_five_gadget : public gadget<libff::Fr<ppT>>
 {

From 777b44aeb24376f412b48235a0a905f17c14bedd Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Fri, 4 Nov 2022 14:10:49 +0000
Subject: [PATCH 070/112] anemoi: removed redundant comment

---
 libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc | 1 -
 1 file changed, 1 deletion(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
index 39c11d492..7d6e283f4 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
@@ -34,7 +34,6 @@ namespace libsnark
 //
 // where A =(0, const_a, 0), B=(0, 1, 0) and C =(-const_b, 0, 1)
 
-// template<typename ppT, size_t generator>
 template<typename ppT, class parameters>
 flystel_Q_gamma_prime_field_gadget<ppT, parameters>::
     flystel_Q_gamma_prime_field_gadget(

From 503c47f8370cbba6d4d83a81f71db6c02e8218aa Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Fri, 4 Nov 2022 14:20:15 +0000
Subject: [PATCH 071/112] anemoi: introduced BignumT type in anemoi_parameters
 class; removed unnecessary ppT type
 (https://github.com/clearmatics/libsnark/pull/76#discussion_r1010621453).

---
 .../gadgets/hashes/anemoi/anemoi_parameters.hpp | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.hpp
index 1c85635f2..11b1ca928 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.hpp
@@ -46,15 +46,16 @@ template<> class anemoi_parameters<libff::bls12_381_pp>
 {
 public:
     using ppT = libff::bls12_381_pp;
-    using FieldT = libff::Fr<ppT>;
+    using FieldT = libff::Fr<libff::bls12_381_pp>;
+    using BignumT = libff::bigint<FieldT::num_limbs>;
     static const bool b_prime_field = false;
-    static const libff::bigint<FieldT::num_limbs> multiplicative_generator_g;
-    static const libff::bigint<FieldT::num_limbs> alpha;
-    static const libff::bigint<FieldT::num_limbs> alpha_inv;
-    static const libff::bigint<FieldT::num_limbs> beta;
-    static const libff::bigint<FieldT::num_limbs> gamma;
-    static const libff::bigint<FieldT::num_limbs> delta;
-    static const libff::bigint<FieldT::num_limbs> quad_exponent;
+    static const BignumT multiplicative_generator_g;
+    static const BignumT alpha;
+    static const BignumT alpha_inv;
+    static const BignumT beta;
+    static const BignumT gamma;
+    static const BignumT delta;
+    static const BignumT quad_exponent;
 };
 
 const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>

From 079bcf630f92916f6b4a4cf83508fe9d45165ac6 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Fri, 4 Nov 2022 14:25:31 +0000
Subject: [PATCH 072/112] anemoi: moved the initialization of the members of
 the anemoi_parameters class to a .tcc file
 (https://github.com/clearmatics/libsnark/pull/76#discussion_r1010621945)

---
 .../hashes/anemoi/anemoi_parameters.hpp       | 33 +------------
 .../hashes/anemoi/anemoi_parameters.tcc       | 49 +++++++++++++++++++
 2 files changed, 51 insertions(+), 31 deletions(-)
 create mode 100644 libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.tcc

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.hpp
index 11b1ca928..f5dc97029 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.hpp
@@ -58,37 +58,8 @@ template<> class anemoi_parameters<libff::bls12_381_pp>
     static const BignumT quad_exponent;
 };
 
-const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>
-    anemoi_parameters<libff::bls12_381_pp>::multiplicative_generator_g =
-        libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>("7");
-
-const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>
-    anemoi_parameters<libff::bls12_381_pp>::alpha =
-        libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>("5");
-
-const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>
-    anemoi_parameters<libff::bls12_381_pp>::alpha_inv =
-        libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
-            "209743500700504761917790962032743863350762210002110551290414634799"
-            "75432473805");
-
-const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>
-    anemoi_parameters<libff::bls12_381_pp>::beta = multiplicative_generator_g;
-
-const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>
-    anemoi_parameters<libff::bls12_381_pp>::gamma =
-        libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>("0");
-
-const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>
-    anemoi_parameters<libff::bls12_381_pp>::delta =
-        libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
-            "14981678621464625851270783002338847382197300714436467949315"
-            "331057125308909861");
-
-const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>
-    anemoi_parameters<libff::bls12_381_pp>::quad_exponent =
-        libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>("2");
-
 } // namespace libsnark
 
+#include "libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.tcc"
+
 #endif // LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_PARAMETERS_HPP_
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.tcc
new file mode 100644
index 000000000..2c43980b8
--- /dev/null
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.tcc
@@ -0,0 +1,49 @@
+/** @file
+ *****************************************************************************
+
+ *****************************************************************************
+ * @author     This file is part of libsnark, developed by SCIPR Lab
+ *             and contributors (see AUTHORS).
+ * @copyright  MIT license (see LICENSE file)
+ *****************************************************************************/
+
+#ifndef LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_PARAMETERS_TCC_
+#define LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_PARAMETERS_TCC_
+
+namespace libsnark
+{
+
+const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>
+    anemoi_parameters<libff::bls12_381_pp>::multiplicative_generator_g =
+        libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>("7");
+
+const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>
+    anemoi_parameters<libff::bls12_381_pp>::alpha =
+        libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>("5");
+
+const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>
+    anemoi_parameters<libff::bls12_381_pp>::alpha_inv =
+        libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "209743500700504761917790962032743863350762210002110551290414634799"
+            "75432473805");
+
+const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>
+    anemoi_parameters<libff::bls12_381_pp>::beta = multiplicative_generator_g;
+
+const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>
+    anemoi_parameters<libff::bls12_381_pp>::gamma =
+        libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>("0");
+
+const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>
+    anemoi_parameters<libff::bls12_381_pp>::delta =
+        libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "14981678621464625851270783002338847382197300714436467949315"
+            "331057125308909861");
+
+const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>
+    anemoi_parameters<libff::bls12_381_pp>::quad_exponent =
+        libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>("2");
+
+} // namespace libsnark
+
+#endif // LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_PARAMETERS_TCC_

From 04e08d822c7122e363949964ad580535d1394923 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Fri, 4 Nov 2022 14:34:23 +0000
Subject: [PATCH 073/112] anemoi: removed specialization of debug_parameters
 class
 (https://github.com/clearmatics/libsnark/pull/76#discussion_r1010624908)

---
 .../anemoi/tests/test_anemoi_gadget.cpp       | 20 +++++++++----------
 1 file changed, 9 insertions(+), 11 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
index 508de2252..cca35be5b 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
@@ -19,9 +19,7 @@
 
 using namespace libsnark;
 
-template<typename ppT> class debug_parameters;
-
-template<> class debug_parameters<libff::bls12_381_pp>
+class debug_parameters_bls12_381
 {
 public:
     using ppT = libff::bls12_381_pp;
@@ -37,33 +35,33 @@ template<> class debug_parameters<libff::bls12_381_pp>
 };
 
 const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>
-    debug_parameters<libff::bls12_381_pp>::multiplicative_generator_g =
+    debug_parameters_bls12_381::multiplicative_generator_g =
         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>("7");
 
 const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>
-    debug_parameters<libff::bls12_381_pp>::alpha =
+    debug_parameters_bls12_381::alpha =
         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>("5");
 
 const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>
-    debug_parameters<libff::bls12_381_pp>::alpha_inv =
+    debug_parameters_bls12_381::alpha_inv =
         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
             "209743500700504761917790962032743863350762210002110551290414634799"
             "75432473805");
 
 const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>
-    debug_parameters<libff::bls12_381_pp>::beta =
+    debug_parameters_bls12_381::beta =
         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>("2");
 
 const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>
-    debug_parameters<libff::bls12_381_pp>::gamma =
+    debug_parameters_bls12_381::gamma =
         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>("5");
 
 const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>
-    debug_parameters<libff::bls12_381_pp>::delta =
+    debug_parameters_bls12_381::delta =
         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>("0");
 
 const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>
-    debug_parameters<libff::bls12_381_pp>::quad_exponent =
+    debug_parameters_bls12_381::quad_exponent =
         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>("2");
 
 template<typename ppT>
@@ -247,7 +245,7 @@ template<typename ppT> void test_for_curve()
     // Execute all tests for the given curve.
 
     ppT::init_public_params();
-    using parameters = debug_parameters<ppT>;
+    using parameters = debug_parameters_bls12_381;
 
     test_flystel_Q_gamma_prime_field_gadget<ppT, parameters>();
     test_flystel_Q_gamma_binary_field_gadget<ppT, parameters>();

From 912d15650f2a72876122d108012e580101823ba2 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Fri, 4 Nov 2022 14:43:27 +0000
Subject: [PATCH 074/112] anemoi: replaced types of members of class
 anemoi_parameters that have small values from const BignumT to constexpr
 size_t
 (https://github.com/clearmatics/libsnark/pull/76#discussion_r1010626635)

---
 .../hashes/anemoi/anemoi_parameters.hpp       | 10 +++++-----
 .../hashes/anemoi/anemoi_parameters.tcc       | 19 -------------------
 2 files changed, 5 insertions(+), 24 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.hpp
index f5dc97029..869b860e0 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.hpp
@@ -49,13 +49,13 @@ template<> class anemoi_parameters<libff::bls12_381_pp>
     using FieldT = libff::Fr<libff::bls12_381_pp>;
     using BignumT = libff::bigint<FieldT::num_limbs>;
     static const bool b_prime_field = false;
-    static const BignumT multiplicative_generator_g;
-    static const BignumT alpha;
+    static constexpr size_t multiplicative_generator_g = 7;
+    static constexpr size_t alpha = 5;
+    static constexpr size_t beta = multiplicative_generator_g;
+    static constexpr size_t gamma = 0;
+    static constexpr size_t quad_exponent = 2;
     static const BignumT alpha_inv;
-    static const BignumT beta;
-    static const BignumT gamma;
     static const BignumT delta;
-    static const BignumT quad_exponent;
 };
 
 } // namespace libsnark
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.tcc
index 2c43980b8..06941e0b5 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.tcc
@@ -13,37 +13,18 @@
 namespace libsnark
 {
 
-const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>
-    anemoi_parameters<libff::bls12_381_pp>::multiplicative_generator_g =
-        libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>("7");
-
-const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>
-    anemoi_parameters<libff::bls12_381_pp>::alpha =
-        libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>("5");
-
 const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>
     anemoi_parameters<libff::bls12_381_pp>::alpha_inv =
         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
             "209743500700504761917790962032743863350762210002110551290414634799"
             "75432473805");
 
-const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>
-    anemoi_parameters<libff::bls12_381_pp>::beta = multiplicative_generator_g;
-
-const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>
-    anemoi_parameters<libff::bls12_381_pp>::gamma =
-        libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>("0");
-
 const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>
     anemoi_parameters<libff::bls12_381_pp>::delta =
         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
             "14981678621464625851270783002338847382197300714436467949315"
             "331057125308909861");
 
-const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>
-    anemoi_parameters<libff::bls12_381_pp>::quad_exponent =
-        libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>("2");
-
 } // namespace libsnark
 
 #endif // LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_PARAMETERS_TCC_

From 7df5c34bd5d8be7f1abf2b48c367636aa2f5191e Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Tue, 8 Nov 2022 13:18:28 +0000
Subject: [PATCH 075/112] anemoi: changed types of debug_parameters_bls12_381
 parameters class from bignum to size_t to match the anemoi_parameters class

---
 .../hashes/anemoi/anemoi_parameters.hpp       |  1 -
 .../anemoi/tests/test_anemoi_gadget.cpp       | 38 +++++--------------
 2 files changed, 9 insertions(+), 30 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.hpp
index 869b860e0..8ccee045b 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.hpp
@@ -45,7 +45,6 @@ template<typename ppT> class anemoi_parameters;
 template<> class anemoi_parameters<libff::bls12_381_pp>
 {
 public:
-    using ppT = libff::bls12_381_pp;
     using FieldT = libff::Fr<libff::bls12_381_pp>;
     using BignumT = libff::bigint<FieldT::num_limbs>;
     static const bool b_prime_field = false;
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
index cca35be5b..cd426956a 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
@@ -22,48 +22,28 @@ using namespace libsnark;
 class debug_parameters_bls12_381
 {
 public:
-    using ppT = libff::bls12_381_pp;
-    using FieldT = libff::Fr<ppT>;
+    using FieldT = libff::Fr<libff::bls12_381_pp>;
+    using BignumT = libff::bigint<FieldT::num_limbs>;
     static const bool b_prime_field = false;
-    static const libff::bigint<FieldT::num_limbs> multiplicative_generator_g;
-    static const libff::bigint<FieldT::num_limbs> alpha;
-    static const libff::bigint<FieldT::num_limbs> alpha_inv;
-    static const libff::bigint<FieldT::num_limbs> beta;
-    static const libff::bigint<FieldT::num_limbs> gamma;
-    static const libff::bigint<FieldT::num_limbs> delta;
-    static const libff::bigint<FieldT::num_limbs> quad_exponent;
+    static constexpr size_t multiplicative_generator_g = 7;
+    static constexpr size_t alpha = 5;
+    static constexpr size_t beta = 2;
+    static constexpr size_t gamma = 5;
+    static constexpr size_t quad_exponent = 2;
+    static const BignumT alpha_inv;
+    static const BignumT delta;
 };
 
-const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>
-    debug_parameters_bls12_381::multiplicative_generator_g =
-        libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>("7");
-
-const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>
-    debug_parameters_bls12_381::alpha =
-        libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>("5");
-
 const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>
     debug_parameters_bls12_381::alpha_inv =
         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
             "209743500700504761917790962032743863350762210002110551290414634799"
             "75432473805");
 
-const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>
-    debug_parameters_bls12_381::beta =
-        libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>("2");
-
-const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>
-    debug_parameters_bls12_381::gamma =
-        libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>("5");
-
 const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>
     debug_parameters_bls12_381::delta =
         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>("0");
 
-const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>
-    debug_parameters_bls12_381::quad_exponent =
-        libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>("2");
-
 template<typename ppT>
 void test_pb_verify_circuit(protoboard<libff::Fr<ppT>> &pb)
 {

From 1b6ca9ad8eed0a1fbe507df34640e9e547bffcee Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Tue, 8 Nov 2022 13:25:12 +0000
Subject: [PATCH 076/112] anemoi: added static_assert in
 flystel_prime_field_gadget to make sure that alpha is equal to 5

---
 libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
index 7d6e283f4..48456b11e 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
@@ -369,6 +369,7 @@ flystel_prime_field_gadget<ppT, parameters>::flystel_prime_field_gadget(
     , Q_delta(pb, x1 - a1, a2, FMT(annotation_prefix, " Q_delta"))
     , E_root_five(pb, x0 - a0, a1, FMT(annotation_prefix, " E_root_five"))
 {
+    static_assert((parameters::alpha == 5), "Parameter alpha must be 5");
 }
 
 template<typename ppT, class parameters>

From fe543734a87466ff3b7a0c51946ed421b1aea646 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Tue, 8 Nov 2022 13:41:53 +0000
Subject: [PATCH 077/112] anemoi: added ppT to be used as a template parameter
 everywhere instead of FieldT

---
 .../hashes/anemoi/anemoi_components.tcc       | 48 +++++++++----------
 1 file changed, 24 insertions(+), 24 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
index 48456b11e..2b0e81daf 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
@@ -78,11 +78,11 @@ void flystel_Q_gamma_prime_field_gadget<ppT, parameters>::
 template<typename ppT, class parameters>
 flystel_Q_delta_prime_field_gadget<ppT, parameters>::
     flystel_Q_delta_prime_field_gadget(
-        protoboard<FieldT> &pb,
-        const linear_combination<FieldT> &input,
-        const pb_variable<FieldT> &output,
+        protoboard<libff::Fr<ppT>> &pb,
+        const linear_combination<libff::Fr<ppT>> &input,
+        const pb_variable<libff::Fr<ppT>> &output,
         const std::string &annotation_prefix)
-    : gadget<FieldT>(pb, annotation_prefix)
+    : gadget<libff::Fr<ppT>>(pb, annotation_prefix)
     , beta(parameters::beta)
     , delta(parameters::delta)
     , input(input)
@@ -134,12 +134,12 @@ void flystel_Q_delta_prime_field_gadget<ppT, parameters>::
 template<typename ppT, class parameters>
 flystel_Q_gamma_binary_field_gadget<ppT, parameters>::
     flystel_Q_gamma_binary_field_gadget(
-        protoboard<FieldT> &pb,
-        const linear_combination<FieldT> &input,
-        const pb_variable<FieldT> &output,
+        protoboard<libff::Fr<ppT>> &pb,
+        const linear_combination<libff::Fr<ppT>> &input,
+        const pb_variable<libff::Fr<ppT>> &output,
         const std::string &annotation_prefix)
-    : gadget<FieldT>(pb, annotation_prefix)
-    , internal(pb_variable_allocate<FieldT>(
+    : gadget<libff::Fr<ppT>>(pb, annotation_prefix)
+    , internal(pb_variable_allocate<libff::Fr<ppT>>(
           pb, FMT(this->annotation_prefix, " internal")))
     , beta(parameters::beta)
     , gamma(parameters::gamma)
@@ -154,11 +154,11 @@ void flystel_Q_gamma_binary_field_gadget<ppT, parameters>::
 {
     // (beta * input) * input = internal
     this->pb.add_r1cs_constraint(
-        r1cs_constraint<FieldT>(beta * input, input, internal),
+        r1cs_constraint<libff::Fr<ppT>>(beta * input, input, internal),
         FMT(this->annotation_prefix, " beta * x * x = x_square"));
     // internal * input = output - gamma
     this->pb.add_r1cs_constraint(
-        r1cs_constraint<FieldT>(internal, input, output - gamma),
+        r1cs_constraint<libff::Fr<ppT>>(internal, input, output - gamma),
         FMT(this->annotation_prefix, " x_square * x = y - gamma"));
 }
 
@@ -166,7 +166,7 @@ template<typename ppT, class parameters>
 void flystel_Q_gamma_binary_field_gadget<ppT, parameters>::
     generate_r1cs_witness()
 {
-    const FieldT input_value =
+    const libff::Fr<ppT> input_value =
         input.evaluate(this->pb.full_variable_assignment());
     // x_internal = beta x * x
     this->pb.val(internal) = (this->beta * input_value) * input_value;
@@ -181,12 +181,12 @@ void flystel_Q_gamma_binary_field_gadget<ppT, parameters>::
 template<typename ppT, class parameters>
 flystel_Q_delta_binary_field_gadget<ppT, parameters>::
     flystel_Q_delta_binary_field_gadget(
-        protoboard<FieldT> &pb,
-        const linear_combination<FieldT> &input,
-        const pb_variable<FieldT> &output,
+        protoboard<libff::Fr<ppT>> &pb,
+        const linear_combination<libff::Fr<ppT>> &input,
+        const pb_variable<libff::Fr<ppT>> &output,
         const std::string &annotation_prefix)
-    : gadget<FieldT>(pb, annotation_prefix)
-    , internal(pb_variable_allocate<FieldT>(
+    : gadget<libff::Fr<ppT>>(pb, annotation_prefix)
+    , internal(pb_variable_allocate<libff::Fr<ppT>>(
           pb, FMT(this->annotation_prefix, " internal")))
     , beta(parameters::beta)
     , delta(parameters::delta)
@@ -257,22 +257,22 @@ void flystel_E_power_five_gadget<ppT>::generate_r1cs_constraints()
 {
     // x1*x1 = x2
     this->pb.add_r1cs_constraint(
-        r1cs_constraint<FieldT>(input, input, a0),
+        r1cs_constraint<libff::Fr<ppT>>(input, input, a0),
         FMT(this->annotation_prefix, " x * x = x^2"));
     // x2*x2 = x3
     this->pb.add_r1cs_constraint(
-        r1cs_constraint<FieldT>(a0, a0, a1),
+        r1cs_constraint<libff::Fr<ppT>>(a0, a0, a1),
         FMT(this->annotation_prefix, " x^2 * x^2 = x^4"));
     // x1*x3 = x4
     this->pb.add_r1cs_constraint(
-        r1cs_constraint<FieldT>(input, a1, output),
+        r1cs_constraint<libff::Fr<ppT>>(input, a1, output),
         FMT(this->annotation_prefix, " x^1 * x^4 = x^5"));
 }
 
 template<typename ppT>
 void flystel_E_power_five_gadget<ppT>::generate_r1cs_witness()
 {
-    const FieldT input_value =
+    const libff::Fr<ppT> input_value =
         input.evaluate(this->pb.full_variable_assignment());
     // x2 = x1 * x1
     this->pb.val(a0) = (input_value)*input_value;
@@ -336,10 +336,10 @@ void flystel_E_root_five_gadget<ppT, parameters>::generate_r1cs_constraints()
 template<typename ppT, class parameters>
 void flystel_E_root_five_gadget<ppT, parameters>::generate_r1cs_witness()
 {
-    const FieldT input_value =
+    const libff::Fr<ppT> input_value =
         input.evaluate(this->pb.full_variable_assignment());
-    FieldT x = input_value; // this->pb.lc_val(input);
-    FieldT y = power(x, parameters::alpha_inv);
+    libff::Fr<ppT> x = input_value; // this->pb.lc_val(input);
+    libff::Fr<ppT> y = power(x, parameters::alpha_inv);
 
     // x2 = x1 * x1
     this->pb.val(a0) = y * y;

From 785f2e03f90de1f8d9112861492c712797044700 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Tue, 8 Nov 2022 13:44:13 +0000
Subject: [PATCH 078/112] anemoi: added definition of ppT in the paremeters and
 debug_parameters classes
 (https://github.com/clearmatics/libsnark/pull/76#discussion_r1015545665)

---
 .../gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.hpp     | 3 ++-
 .../gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp         | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.hpp
index 8ccee045b..eba09d354 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.hpp
@@ -45,7 +45,8 @@ template<typename ppT> class anemoi_parameters;
 template<> class anemoi_parameters<libff::bls12_381_pp>
 {
 public:
-    using FieldT = libff::Fr<libff::bls12_381_pp>;
+    using ppT = libff::bls12_381_pp;
+    using FieldT = libff::Fr<ppT>;
     using BignumT = libff::bigint<FieldT::num_limbs>;
     static const bool b_prime_field = false;
     static constexpr size_t multiplicative_generator_g = 7;
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
index cd426956a..e8e07d977 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
@@ -22,7 +22,8 @@ using namespace libsnark;
 class debug_parameters_bls12_381
 {
 public:
-    using FieldT = libff::Fr<libff::bls12_381_pp>;
+    using ppT = libff::bls12_381_pp;
+    using FieldT = libff::Fr<ppT>;
     using BignumT = libff::bigint<FieldT::num_limbs>;
     static const bool b_prime_field = false;
     static constexpr size_t multiplicative_generator_g = 7;

From 05faa470dde33351f2054c0a552a66276ecb5c6d Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Tue, 8 Nov 2022 13:47:52 +0000
Subject: [PATCH 079/112] anemoi: updated license text
 (https://github.com/clearmatics/libsnark/pull/76#discussion_r1015546429)

---
 .../gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.hpp | 7 +++----
 .../gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.tcc | 7 +++----
 2 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.hpp
index eba09d354..4f115c226 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.hpp
@@ -1,9 +1,8 @@
 /** @file
  *****************************************************************************
-
- *****************************************************************************
- * @author     This file is part of libsnark, developed by SCIPR Lab
- *             and contributors (see AUTHORS).
+ * @author     This file is part of libsnark, developed by Clearmatics Ltd
+ *             (originally developed by SCIPR Lab) and contributors
+ *             (see AUTHORS).
  * @copyright  MIT license (see LICENSE file)
  *****************************************************************************/
 
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.tcc
index 06941e0b5..5fddb2fb1 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.tcc
@@ -1,9 +1,8 @@
 /** @file
  *****************************************************************************
-
- *****************************************************************************
- * @author     This file is part of libsnark, developed by SCIPR Lab
- *             and contributors (see AUTHORS).
+ * @author     This file is part of libsnark, developed by Clearmatics Ltd
+ *             (originally developed by SCIPR Lab) and contributors
+ *             (see AUTHORS).
  * @copyright  MIT license (see LICENSE file)
  *****************************************************************************/
 

From 645cfc22409857e1b501ec27cf85cc8c6557c0c0 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Tue, 8 Nov 2022 14:22:36 +0000
Subject: [PATCH 080/112] anemoi: removed the copy of the official Anemoi SAGE
 implementation from the libsnark repo; added a readme file explaining how to
 download this implementation from the Anemoi repo

---
 scripts/anemoi-hash/LICENSE.md      |   19 -
 scripts/anemoi-hash/README.md       |   33 -
 scripts/anemoi-hash/anemoi.sage     | 1239 ---------------------------
 scripts/anemoi-hash/constants.py    |   23 -
 scripts/anemoi-hash/parameters.sage |   34 +-
 scripts/anemoi-hash/readme.md       |   17 +
 6 files changed, 50 insertions(+), 1315 deletions(-)
 delete mode 100644 scripts/anemoi-hash/LICENSE.md
 delete mode 100644 scripts/anemoi-hash/README.md
 delete mode 100644 scripts/anemoi-hash/anemoi.sage
 delete mode 100644 scripts/anemoi-hash/constants.py
 create mode 100644 scripts/anemoi-hash/readme.md

diff --git a/scripts/anemoi-hash/LICENSE.md b/scripts/anemoi-hash/LICENSE.md
deleted file mode 100644
index be5a79407..000000000
--- a/scripts/anemoi-hash/LICENSE.md
+++ /dev/null
@@ -1,19 +0,0 @@
-Copyright (c) 2022 - Bouvier, Briaud, Chaidos, Perrin, Velichkov
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
\ No newline at end of file
diff --git a/scripts/anemoi-hash/README.md b/scripts/anemoi-hash/README.md
deleted file mode 100644
index ade7e6ab0..000000000
--- a/scripts/anemoi-hash/README.md
+++ /dev/null
@@ -1,33 +0,0 @@
-# Anemoi: a Family of ZK-friendly AO Hash Functions
-
-This repository contains a first implementation in sage of the **Anemoi** family of hash functions.
-**Anemoi** is a family of Arithmetization Oriented Hash Functions that operates over prime and binary fields.
-
-Our paper on Anemoi can be found on ePrint: https://eprint.iacr.org/2022/840.
-
-## Contents
-The sage script ```anemoi.sage``` contains various routines to evaluate **Anemoi** (including **AnemoiJive** and **AnemoiSponge**) but also to generate the corresponding systems of equations.
-
-First some basics functions allow to provide well-chosen parameters: field, number of rounds, linear layer, ... for various instances of **Anemoi**.
-
-The class ```AnemoiPermutation``` then contains different sections:
-- Sub-components: ```evaluate_sbox``` and ```linear_layer``` respectively apply our **Flystel** construction and the linear layer.
-- Evaluation: ```eval_with_intermediate_values``` performs an evaluation of **Anemoi** using the SPN construction. The function also return intermediate values as this can be used to check the solutions of the systems of equations generated.
-- Writing full system of equations: ```get_polynomial_variables```, ```verification_polynomials``` and ```print_verification_polynomials``` allow to generate the corresponding multivariate system of polynomial equations. This indeed allowed us to perform our security analysis using Grobner basis attacks. 
-
-The two functions ```jive``` and ```sponge_hash``` are routines to evaluate **AnemoiJive** and **AnemoiSponge** that respectively correspond to our Merkle Compression function, and our Hash function.
-
-## Authors
-- [Clémence Bouvier](https://who.rocq.inria.fr/Clemence.Bouvier/), Sorbonne University, France - Inria, France
-- [Pierre Briaud](https://who.rocq.inria.fr/Pierre.Briaud/), Sorbonne University, France - Inria, France
-- Pyrros Chaidos, National & Kapodistrian University of Athens, Greece,
-- [Léo Perrin](https://who.paris.inria.fr/Leo.Perrin/), Inria, France
-- Vesselin Velichkov, University of Edinburgh, Scotland - Clearmatics, England
-
-
-## Third-party implementations
-Please contact us if you have any **Anemoi** implementations to share.
-
-
-## License
-This repository is distributed under the terms of the MIT License.
diff --git a/scripts/anemoi-hash/anemoi.sage b/scripts/anemoi-hash/anemoi.sage
deleted file mode 100644
index 6e99615b8..000000000
--- a/scripts/anemoi-hash/anemoi.sage
+++ /dev/null
@@ -1,1239 +0,0 @@
-#!/usr/bin/sage
-# -*- mode: python ; -*-
-
-from sage.all import *
-import hashlib
-import itertools
-
-from constants import *
-
-COST_ALPHA = {
-    3   : 2, 5   : 3, 7   : 4, 9   : 4,
-    11  : 5, 13  : 5, 15  : 5, 17  : 5,
-    19  : 6, 21  : 6, 23  : 6, 25  : 6,
-    27  : 6, 29  : 7, 31  : 7, 33  : 6,
-    35  : 7, 37  : 7, 39  : 7, 41  : 7,
-    43  : 7, 45  : 7, 47  : 8, 49  : 7,
-    51  : 7, 53  : 8, 55  : 8, 57  : 8,
-    59  : 8, 61  : 8, 63  : 8, 65  : 7,
-    67  : 8, 69  : 8, 71  : 9, 73  : 8,
-    75  : 8, 77  : 8, 79  : 9, 81  : 8,
-    83  : 8, 85  : 8, 87  : 9, 89  : 9,
-    91  : 9, 93  : 9, 95  : 9, 97  : 8,
-    99  : 8, 101 : 9, 103 : 9, 105 : 9,
-    107 : 9, 109 : 9, 111 : 9, 113 : 9,
-    115 : 9, 117 : 9, 119 : 9, 121 : 9,
-    123 : 9, 125 : 9, 127 : 10,
-}
-
-ALPHA_BY_COST = {
-    c : [x for x in range(3, 128, 2) if COST_ALPHA[x] == c]
-    for c in range(2, 11)
-}
-
-PI_0 = 1415926535897932384626433832795028841971693993751058209749445923078164062862089986280348253421170679
-PI_1 = 8214808651328230664709384460955058223172535940812848111745028410270193852110555964462294895493038196
-
-def get_prime(N):
-    """Returns the highest prime number that is strictly smaller than
-    2**N.
-
-    """
-    result = (1 << N) - 1
-    while not is_prime(result):
-        result -= 2
-    return result
-
-
-def get_n_rounds(s, l, alpha):
-    """Returns the number of rounds needed in Anemoi (based on the
-    complexity of algebraic attacks).
-
-    """
-    r = 0
-    complexity = 0
-    while complexity < 2**s:
-        r += 1
-        complexity = binomial(
-            2*l*r + alpha + 1 + 2*(l*r-2),
-            2*l*r
-        )**2
-    r += l+1 # security margin
-    return max(10, r)
-
-
-# Linear layer generation
-
-def is_mds(m):
-    for i in reversed(range(1, m.ncols()+1)):
-        if (0 in m.minors(i)):
-            return False
-    return True
-
-def M_2(x_input, b):
-    """Fast matrix-vector multiplication algorithm for Anemoi MDS layer with \ell = 1,2."""
-
-    x = x_input[:]
-    x[0] += b*x[1]
-    x[1] += b*x[0]
-    return x
-
-def M_3(x_input, b):
-    """Fast matrix-vector multiplication algorithm for Anemoi MDS layer with \ell = 3.
-
-    From Figure 6 of [DL18](https://tosc.iacr.org/index.php/ToSC/article/view/888)."""
-
-    x = x_input[:]
-    t = x[0] + b*x[2]
-    x[2] += x[1]
-    x[2] += b*x[0]
-    x[0] = t + x[2]
-    x[1] += t
-    return x
-
-
-def M_4(x_input, b):
-    """Fast matrix-vector multiplication algorithm for Anemoi MDS layer with \ell = 4.
-
-    Figure 8 of [DL18](https://tosc.iacr.org/index.php/ToSC/article/view/888)."""
-
-    x = x_input[:]
-    x[0] += x[1]
-    x[2] += x[3]
-    x[3] += b*x[0]
-    x[1]  = b*(x[1] + x[2])
-    x[0] += x[1]
-    x[2] += b*x[3]
-    x[1] += x[2]
-    x[3] += x[0]
-    return x
-
-def lfsr(x_input, b):
-    x = x_input[:]
-    l = len(x)
-    for r in range(0, l):
-        t = sum(b**(2**i) * x[i] for i in range(0, l))
-        x = x[1:] + [t]
-    return x
-
-def circulant_mds_matrix(field, l):
-    for v in itertools.combinations_with_replacement(range(0,l+2), l):
-        mat = matrix.circulant(list(v)).change_ring(field)
-        if is_mds(mat):
-            return(mat)
-
-def get_mds(field, l):
-    a = field.multiplicative_generator()
-    b = field.one()
-    t = 0
-    while True:
-        # we construct the matrix
-        mat = []
-        b = b*a
-        t += 1
-        if l <= 4:
-            for i in range(0, l):
-                x_i = [field.one() * (j == i) for j in range(0, l)]
-                if l == 2:
-                    mat.append(M_2(x_i, b))
-                elif l == 3:
-                    mat.append(M_3(x_i, b))
-                elif l == 4:
-                    mat.append(M_4(x_i, b))
-            # Because the matrix has been generated through the matrix-vector
-            # algorithm with unit vectors, we need to transpose the result.
-            mat = Matrix(field, l, l, mat).transpose()
-            if is_mds(mat):
-                return mat
-        # If l > 4, we default to a circulant matrix with small coefficients
-        # The matrix is identified by its first row, with coefficients
-        # lexicographically ordered.
-        else:
-            return circulant_mds_matrix(field, l)
-
-# AnemoiPermutation class
-
-class AnemoiPermutation:
-    def __init__(self,
-                 q=None,
-                 alpha=None,
-                 mat=None,
-                 n_rounds=None,
-                 n_cols=1,
-                 security_level=128):
-        if q == None:
-            raise Exception("The characteristic of the field must be specified!")
-        self.q = q
-        self.prime_field = is_prime(q)  # if true then we work over a
-                                        # prime field with
-                                        # characteristic just under
-                                        # 2**N, otherwise the
-                                        # characteristic is 2**self
-        self.n_cols = n_cols # the number of parallel S-boxes in each round
-        self.security_level = security_level
-
-        # initializing the other variables in the state:
-        # - q     is the characteristic of the field
-        # - g     is a generator of the multiplicative subgroup
-        # - alpha is the main exponent (in the center of the Flystel)
-        # - beta  is the coefficient in the quadratic subfunction
-        # - gamma is the constant in the second quadratic subfunction
-        # - QUAD  is the secondary (quadratic) exponent
-        # - from_field is a function mapping field elements to integers
-        # - to_field   is a function mapping integers to field elements
-        self.F = GF(self.q)
-        if self.prime_field:
-            if alpha != None:
-                if gcd(alpha, self.q-1) != 1:
-                    raise Exception("alpha should be co-prime with the characteristic!")
-                else:
-                    self.alpha = alpha
-            else:
-                self.alpha = 3
-                while gcd(self.alpha, self.q-1) != 1:
-                    self.alpha += 1
-            self.QUAD = 2
-            self.to_field   = lambda x : self.F(x)
-            self.from_field = lambda x : Integer(x)
-        else:
-            self.alpha = 3
-            self.QUAD = 3
-            self.to_field   = lambda x : self.F.fetch_int(x)
-            self.from_field = lambda x : x.integer_representation()
-        self.g = self.F.multiplicative_generator()
-        self.beta = self.g
-        self.delta = self.g**(-1)
-        self.alpha_inv = inverse_mod(self.alpha, self.q-1)
-
-        # total number of rounds
-        if n_rounds != None:
-            self.n_rounds = n_rounds
-        else:
-            self.n_rounds = get_n_rounds(self.security_level,
-                                         self.n_cols,
-                                         self.alpha)
-
-        # Choosing constants: self.C and self.D are built from the
-        # digits of pi using an open butterfly
-        self.C = []
-        self.D = []
-        pi_F_0 = self.to_field(PI_0 % self.q)
-        pi_F_1 = self.to_field(PI_1 % self.q)
-        for r in range(0, self.n_rounds):
-            pi_0_r = pi_F_0**r
-            self.C.append([])
-            self.D.append([])
-            for i in range(0, self.n_cols):
-                pi_1_i = pi_F_1**i
-                pow_alpha = (pi_0_r + pi_1_i)**self.alpha
-                self.C[r].append(self.g * (pi_0_r)**2 + pow_alpha)
-                self.D[r].append(self.g * (pi_1_i)**2 + pow_alpha + self.delta)
-        if self.n_cols == 1:
-            if mat == None:
-                self.mat = get_mds(self.F, 2)  # a linear layer is needed to mix the column
-            else:
-                assert(mat.nrows() == mat.ncols())
-                assert(mat.nrows() == 2)
-                assert(is_mds(mat))
-                self.mat = mat
-        else:
-            if mat == None:
-                self.mat = get_mds(self.F, self.n_cols)
-            else:
-                assert(mat.nrows() == mat.ncols())
-                assert(mat.nrows() == self.n_cols)
-                assert(is_mds(mat))
-                self.mat = mat
-
-
-    def __str__(self):
-        result = "Anemoi instance over F_{:d} ({}), n_rounds={:d}, n_cols={:d}, s={:d}".format(
-            self.q,
-            "odd prime field" if self.prime_field else "characteristic 2",
-            self.n_rounds,
-            self.n_cols,
-            self.security_level
-        )
-        result += "\nalpha={}, beta={}, \delta={}\nM_x=\n{}\n".format(
-            self.alpha,
-            self.beta,
-            self.delta,
-            self.mat
-        )
-        result += "C={}\nD={}".format(
-            [[self.from_field(x) for x in self.C[r]] for r in range(0, self.n_rounds)],
-            [[self.from_field(x) for x in self.D[r]] for r in range(0, self.n_rounds)],
-        )
-        return result
-
-
-    # !SECTION! Sub-components
-
-    def evaluate_sbox(self, _x, _y):
-        """Applies an open Flystel to the full state. """
-        x, y = _x, _y
-        x -= self.beta*y**self.QUAD
-        y -= x**self.alpha_inv
-        x += self.beta*y**self.QUAD + self.delta
-        return x, y
-
-    def linear_layer(self, _x, _y):
-        x, y = _x[:], _y[:]
-        if self.n_cols == 1:
-            r = self.mat*vector([x[0], y[0]])
-            return [r[0]], [r[1]]
-        else:
-            x = self.mat*vector(x)
-            y = self.mat*vector(y[1:] + [y[0]])
-            return list(x), list(y)
-
-
-    # !SECTION! Evaluation
-
-    def eval_with_intermediate_values(self, _x, _y):
-        """Returns a list of vectors x_i and y_i such that [x_i, y_i] is the
-        internal state of Anemoi at the end of round i.
-
-        The output is of length self.n_rounds+2 since it also returns
-        the input values, and since there is a last degenerate round
-        consisting only in a linear layer.
-
-        """
-        x, y = _x[:], _y[:]
-        result = [[x[:], y[:]]]
-        for r in range(0, self.n_rounds):
-            for i in range(0, self.n_cols):
-                x[i] += self.C[r][i]
-                y[i] += self.D[r][i]
-            x, y = self.linear_layer(x, y)
-            for i in range(0, self.n_cols):
-                x[i], y[i] = self.evaluate_sbox(x[i], y[i])
-            result.append([x[:], y[:]])
-        # final call to the linear layer
-        x, y = self.linear_layer(x, y)
-        result.append([x[:], y[:]])
-        return result
-
-
-    def input_size(self):
-        return 2*self.n_cols
-
-
-    def __call__(self, _x):
-        if len(_x) != self.input_size():
-            raise Exception("wrong input size!")
-        else:
-            x, y = _x[:self.n_cols], _x[self.n_cols:]
-            u, v = self.eval_with_intermediate_values(x, y)[-1]
-            return u + v # concatenation, not a sum
-
-
-    # !SECTION! Writing full system of equations
-
-    def get_polynomial_variables(self):
-        """Returns polynomial variables from the appropriate multivariate
-        polynomial ring to work with this Anemoi instance.
-
-        """
-        x_vars = []
-        y_vars = []
-        all_vars = []
-        for r in range(0, self.n_rounds+1):
-            x_vars.append(["X{:02d}{:02d}".format(r, i) for i in range(0, self.n_cols)])
-            y_vars.append(["Y{:02d}{:02d}".format(r, i) for i in range(0, self.n_cols)])
-            all_vars += x_vars[-1]
-            all_vars += y_vars[-1]
-        pol_ring = PolynomialRing(self.F, (self.n_rounds+1)*2*self.n_cols, all_vars)
-        pol_gens = pol_ring.gens()
-        result = {"X" : [], "Y" : []}
-        for r in range(0, self.n_rounds+1):
-            result["X"].append([])
-            result["Y"].append([])
-            for i in range(0, self.n_cols):
-                result["X"][r].append(pol_gens[self.n_cols*2*r + i])
-                result["Y"][r].append(pol_gens[self.n_cols*2*r + i + self.n_cols])
-        return result
-
-
-    def verification_polynomials(self, pol_vars):
-        """Returns the list of all the equations that all the intermediate
-        values must satisfy. It implicitely relies on the open Flystel
-        function."""
-        equations = []
-        for r in range(0, self.n_rounds):
-            # the outputs of the open flystel are the state variables x, y at round r+1
-            u = pol_vars["X"][r+1]
-            v = pol_vars["Y"][r+1]
-            # the inputs of the open flystel are the state variables
-            # x, y at round r after undergoing the constant addition
-            # and the linear layer
-            x, y = pol_vars["X"][r], pol_vars["Y"][r]
-            x = [x[i] + self.C[r][i] for i in range(0, self.n_cols)]
-            y = [y[i] + self.D[r][i] for i in range(0, self.n_cols)]
-            x, y = self.linear_layer(x, y)
-            for i in range(0, self.n_cols):
-                equations.append(
-                    (y[i]-v[i])**self.alpha + self.beta*y[i]**self.QUAD - x[i]
-                )
-                equations.append(
-                    (y[i]-v[i])**self.alpha + self.beta*v[i]**self.QUAD + self.delta - u[i]
-                )
-        return equations
-
-
-    def print_verification_polynomials(self):
-        """Simply prints the equations modeling a full call to this
-        AnemoiPermutation instance in a user (and computer) readable
-        format.
-
-        The first lines contains a comma separated list of all the
-        variables, and the second contains the field size. The
-        following ones contain the equations. This format is intended
-        for use with Magma.
-
-        """
-        p_vars = self.get_polynomial_variables()
-        eqs = self.verification_polynomials(p_vars)
-        variables_string = ""
-        for r in range(0, self.n_rounds+1):
-            variables_string += str(p_vars["X"][r])[1:-1] + "," + str(p_vars["Y"][r])[1:-1] + ","
-        print(variables_string[:-1].replace(" ", ""))
-        print(self.q)
-        for f in eqs:
-            print(f)
-
-
-
-# !SECTION! Modes of operation
-
-
-def jive(P, b, _x):
-    """Returns an output b times smaller than _x using the Jive mode of
-    operation and the permutation P.
-
-    """
-    if b < 2:
-        raise Exception("b must be at least equal to 2")
-    if P.input_size() % b != 0:
-        raise Exception("b must divide the input size!")
-    c = P.input_size()/b # length of the compressed output
-    if c * P.F.cardinality().nbits() < 2 * P.security_level:
-        raise Exception(f"digest size is too small for the targeted security level!")
-    x = _x[:]
-    u = P(x)
-    compressed = []
-    for i in range(0, c):
-        compressed.append(sum(x[i+c*j] + u[i+c*j]
-                              for j in range(0, b)))
-    return compressed
-
-
-def sponge_hash(P, r, h, _x):
-    """Uses Hirose's variant of the sponge construction to hash the
-    message x using the permutation P with rate r, outputting a digest
-    of size h.
-
-    """
-    x = _x[:]
-    if P.input_size() <= r:
-        raise Exception("rate must be strictly smaller than state size!")
-    # Digest size check: we allow the digest size to be 3 bits shorter than
-    # the theoretical target, as commonly used finite fields usually have a
-    # characteristic size slightly under 2**256.
-    if h * P.F.cardinality().nbits() < 2 * P.security_level - 3:
-        raise Exception(f"digest size is too small for the targeted security level!")
-    # message padding (and domain separator computation)
-    if len(x) % r == 0 and len(x) != 0:
-        sigma = 1
-    else:
-        sigma = 0
-        x += [1]
-        # if x is still not long enough, append 0s
-        if len(x) % r != 0:
-            x += (r - (len(x) % r))*[0]
-    padded_x = [[x[pos+i] for i in range(0, r)]
-                for pos in range(0, len(x), r)]
-    # absorption phase
-    internal_state = [0] * P.input_size()
-    for pos in range(0, len(padded_x)):
-        for i in range(0, r):
-            internal_state[i] += padded_x[pos][i]
-        internal_state = P(internal_state)
-        if pos == len(padded_x)-1:
-            # adding sigma if it is the last block
-            internal_state[-1] += sigma
-    # squeezing
-    digest = []
-    pos = 0
-    while len(digest) < h:
-        digest.append(internal_state[pos])
-        pos += 1
-        if pos == r:
-            pos = 0
-            internal_state = P(internal_state)
-    return digest
-
-
-# !SECTION! Tests
-
-def check_polynomial_verification(n_tests=10, q=2**63, alpha=3, n_rounds=3, n_cols=1):
-    """Let `A` be an AnemoiPermutation instance with the parameters input to this function.
-
-    It cerifies that the internal state values generated by
-    A.eval_with_intermediate_state() are indeed roots of the equations
-    generated by A.verification_polynomials(). This is repeated on
-    n_tests random inputs.
-
-    """
-    A = AnemoiPermutation(q=q, alpha=alpha, n_rounds=n_rounds, n_cols=n_cols)
-    # formal polynomial variables and equations
-    p_vars = A.get_polynomial_variables()
-    eqs = A.verification_polynomials(p_vars)
-    A.print_verification_polynomials()
-    # for n_tests random inputs, we check that the equations are
-    # coherent with the actual intermediate values
-    print("\n ======== Verification:")
-    print(A)
-    print("{} equations in {} variables.".format(
-        len(eqs),
-        (A.n_rounds+1) * 2 * A.n_cols,
-    ))
-    for t in range(0, n_tests):
-        # generate random input
-        x = [A.to_field(randint(0, A.q - 1))
-             for i in range(0, A.n_cols)]
-        y = [A.to_field(randint(0, A.q - 1))
-             for i in range(0, A.n_cols)]
-        # generate intermediate values, formal polynomial variables,
-        # and equations
-        iv = A.eval_with_intermediate_values(x, y)
-        p_vars = A.get_polynomial_variables()
-        eqs = A.verification_polynomials(p_vars)
-        # obtain variable assignment from the actual evaluation
-        assignment = {}
-        for r in range(0, A.n_rounds+1):
-            for i in range(0, A.n_cols):
-                assignment[p_vars["X"][r][i]] = iv[r][0][i]
-                assignment[p_vars["Y"][r][i]] = iv[r][1][i]
-        # printing the value of the equations for the actual
-        # intermediate states
-        print("\n--- ", t, "(all values except the input should be 0)")
-        print("input: ", x, y)
-        for r in range(0, A.n_rounds):
-            polynomial_values = [eqs[r*2*A.n_cols + i].subs(assignment)
-                                 for i in range(0, 2*A.n_cols)]
-            print("round {:3d}: {}\n           {}".format(
-                r,
-                polynomial_values[0::2],
-                polynomial_values[1::2]
-            ))
-
-
-def test_jive(n_tests=10,
-              q=2**63, alpha=3,
-              n_rounds=None,
-              n_cols=1,
-              b=2,
-              security_level=32):
-    """Let `A` be and AnemoiPermutation instance with the parameters input
-    to this function.
-
-    This function evaluates Jive_b on random inputs using `A` as its
-    permutation.
-
-    """
-    A = AnemoiPermutation(q=q, alpha=alpha, n_rounds=n_rounds, n_cols=n_cols, security_level=security_level)
-    print(A)
-    for t in range(0, n_tests):
-        # generate random input
-        x = [A.to_field(randint(0, A.q - 1))
-             for i in range(0, A.n_cols)]
-        y = [A.to_field(randint(0, A.q - 1))
-             for i in range(0, A.n_cols)]
-        print("x = {}\ny = {}\nAnemoiJive_{}(x,y) = {}".format(
-            x,
-            y,
-            b,
-            jive(A, b, x + y)
-        ))
-
-
-def test_sponge(n_tests=10,
-                q=2**63,
-                alpha=3,
-                n_rounds=None,
-                n_cols=1,
-                b=2,
-                security_level=32):
-    """Let `A` be an AnemoiPermutation instance with the parameters input
-    to this function.
-
-    This function evaluates sponge on random inputs using `A` as its
-    permutation, and a rate of A.input_size()-1 (so, a capacity of 1),
-    and generates a 2 word output.
-
-    """
-    A = AnemoiPermutation(q=q, alpha=alpha, n_rounds=n_rounds, n_cols=n_cols, security_level=security_level)
-    print(A)
-    for t in range(0, n_tests):
-        # generate random input of length t
-        x = [A.to_field(randint(0, A.q - 1))
-             for i in range(0, t)]
-        print("x = {}\nAnemoiSponge(x) = {}".format(
-            x,
-            sponge_hash(A, 2, 2, x)
-        ))
-
-def generate_test_vectors_jive(P, b, n):
-    """
-    Outputs `n` deterministic test vectors for the provided AnemoiPermutation
-    `P` with compression factor `b`.
-    """
-    assert n >= 4, "The number of test vectors should be greater than 4."
-    m = hashlib.sha512(str(P).encode())
-    m.update("Jive test vectors".encode())
-    m.update(f"B={b}".encode())
-    seed = Integer(m.digest().hex(), 16)
-
-    inputs = []
-    outputs = []
-    inputs.append([P.F(0) for _ in range(P.input_size())])
-    inputs.append([P.F(1) for _ in range(P.input_size())])
-    inputs.append([P.F(0) for _ in range(P.n_cols)] + [P.F(1) for _ in range(P.n_cols)])
-    inputs.append([P.F(1) for _ in range(P.n_cols)] + [P.F(0) for _ in range(P.n_cols)])
-    for i in range(n - 4):
-        input = []
-        for _ in range(P.input_size()):
-            input.append(P.to_field(seed))
-            m.update(str(seed).encode())
-            seed = Integer(m.digest().hex(), 16)
-        inputs.append(input)
-    for input in inputs:
-        outputs.append(jive(P, b, input))
-
-    print(
-        "Test vectors for Anemoi instance over F_{:d}, n_rounds={:d}, n_cols={:d}, s={:d}".format(
-        P.q,
-        P.n_rounds,
-        P.n_cols,
-        P.security_level)
-    )
-    return (inputs, outputs)
-
-
-def generate_test_vectors_sponge(P, r, h, n):
-    """
-    Outputs `n` deterministic test vectors for the provided AnemoiPermutation
-    `P` with rate `r` and digest size `h`.
-    """
-    assert n >= 4, "The number of test vectors should be greater than 4."
-    m = hashlib.sha512(str(P).encode())
-    m.update("Sponge test vectors".encode())
-    m.update(f"R={r}".encode())
-    m.update(f"H={h}".encode())
-    seed = Integer(m.digest().hex(), 16)
-
-    inputs = []
-    outputs = []
-    inputs.append([P.F(0) for _ in range(P.input_size())])
-    inputs.append([P.F(1) for _ in range(P.input_size())])
-    inputs.append([P.F(0) for _ in range(P.n_cols)] + [P.F(1) for _ in range(P.n_cols)])
-    inputs.append([P.F(1) for _ in range(P.n_cols)] + [P.F(0) for _ in range(P.n_cols)])
-    for i in range(n - 4):
-        input = []
-        for _ in range(i+1):
-            input.append(P.to_field(seed))
-            m.update(str(seed).encode())
-            seed = Integer(m.digest().hex(), 16)
-        inputs.append(input)
-    for input in inputs:
-        outputs.append(sponge_hash(P, r, h, input))
-
-    print(
-        "Test vectors for Anemoi instance over F_{:d}, n_rounds={:d}, n_cols={:d}, s={:d}".format(
-        P.q,
-        P.n_rounds,
-        P.n_cols,
-        P.security_level)
-    )
-    return (inputs, outputs)
-
-
-def generate_test_vectors_sbox(P, n):
-    """
-    Outputs `n` deterministic test vectors for the provided AnemoiPermutation
-    `P` with rate `r`, digest size `h` and.
-    """
-    assert n >= 4, "The number of test vectors should be greater than 4."
-    m = hashlib.sha512(str(P).encode())
-    m.update("S-Box test vectors".encode())
-    seed = Integer(m.digest().hex(), 16)
-
-    inputs = []
-    outputs = []
-    inputs.append([P.F(0) for _ in range(P.input_size())])
-    inputs.append([P.F(1) for _ in range(P.input_size())])
-    inputs.append([P.F(0) for _ in range(P.n_cols)] + [P.F(1) for _ in range(P.n_cols)])
-    inputs.append([P.F(1) for _ in range(P.n_cols)] + [P.F(0) for _ in range(P.n_cols)])
-
-    for _ in range(n - 4):
-        input = []
-        for _ in range(P.input_size()):
-            input.append(P.to_field(seed))
-            m.update(str(seed).encode())
-            seed = Integer(m.digest().hex(), 16)
-        inputs.append(input)
-    for input in inputs:
-        x = [0 for i in range(P.n_cols)]
-        y = [0 for i in range(P.n_cols)]
-        for i in range(P.n_cols):
-            x[i], y[i] = P.evaluate_sbox(input[i], input[P.n_cols + i])
-        x.extend(y)
-        outputs.append(x)
-
-    return (inputs, outputs)
-
-
-def generate_test_vectors_mds(P, n):
-    """
-    Outputs `n` deterministic test vectors for the provided AnemoiPermutation
-    `P` with rate `r`, digest size `h` and.
-    """
-    assert n >= 4, "The number of test vectors should be greater than 4."
-    m = hashlib.sha512(str(P).encode())
-    m.update("MDS test vectors".encode())
-    seed = Integer(m.digest().hex(), 16)
-
-    inputs = []
-    outputs = []
-    inputs.append([P.F(0) for _ in range(P.input_size())])
-    inputs.append([P.F(1) for _ in range(P.input_size())])
-    inputs.append([P.F(0) for _ in range(P.n_cols)] + [P.F(1) for _ in range(P.n_cols)])
-    inputs.append([P.F(1) for _ in range(P.n_cols)] + [P.F(0) for _ in range(P.n_cols)])
-    for _ in range(n - 4):
-        input = []
-        for _ in range(P.input_size()):
-            input.append(P.to_field(seed))
-            m.update(str(seed).encode())
-            seed = Integer(m.digest().hex(), 16)
-        inputs.append(input)
-    for input in inputs:
-        x,y = P.linear_layer(input[0:P.n_cols], input[P.n_cols:])
-        x.extend(y)
-        outputs.append(x)
-
-    return (inputs, outputs)
-
-
-def main():
-
-    # This is the first circulant matrix being found by the circulant_mds_matrix()
-    # script above. This is hardcoded to save some time when instantiating the different
-    # versions of Anemoi below.
-    CIRCULANT_FP6_MDS_MATRIX = matrix.circulant([1, 1, 3, 4, 5, 6])
-
-    # 128-bit security level instantiations
-
-    A_BLS_12_381_BASEFIELD_1_COL_128_BITS = AnemoiPermutation(
-        q=BLS12_381_BASEFIELD,
-        n_cols=1,
-        security_level=128
-    )
-    A_BLS_12_381_BASEFIELD_2_COL_128_BITS = AnemoiPermutation(
-        q=BLS12_381_BASEFIELD,
-        n_cols=2,
-        security_level=128
-    )
-    A_BLS_12_381_BASEFIELD_3_COL_128_BITS = AnemoiPermutation(
-        q=BLS12_381_BASEFIELD,
-        n_cols=3,
-        security_level=128
-    )
-    A_BLS_12_381_BASEFIELD_4_COL_128_BITS = AnemoiPermutation(
-        q=BLS12_381_BASEFIELD,
-        n_cols=4,
-        security_level=128
-    )
-    A_BLS_12_381_BASEFIELD_6_COL_128_BITS = AnemoiPermutation(
-        q=BLS12_381_BASEFIELD,
-        mat=CIRCULANT_FP6_MDS_MATRIX,
-        n_cols=6,
-        security_level=128)
-
-    A_JUBJUB_BASEFIELD_1_COL_128_BITS = AnemoiPermutation(
-        q=BLS12_381_SCALARFIELD,
-        n_cols=1,
-        security_level=128
-    )
-    A_JUBJUB_BASEFIELD_2_COL_128_BITS = AnemoiPermutation(
-        q=BLS12_381_SCALARFIELD,
-        n_cols=2,
-        security_level=128
-    )
-    A_JUBJUB_BASEFIELD_3_COL_128_BITS = AnemoiPermutation(
-        q=BLS12_381_SCALARFIELD,
-        n_cols=3,
-        security_level=128
-    )
-    A_JUBJUB_BASEFIELD_4_COL_128_BITS = AnemoiPermutation(
-        q=BLS12_381_SCALARFIELD,
-        n_cols=4,
-        security_level=128
-    )
-    A_JUBJUB_BASEFIELD_6_COL_128_BITS = AnemoiPermutation(
-        q=BLS12_381_SCALARFIELD,
-        mat=CIRCULANT_FP6_MDS_MATRIX,
-        n_cols=6,
-        security_level=128)
-
-    A_BLS_12_377_BASEFIELD_1_COL_128_BITS = AnemoiPermutation(
-        q=BLS12_377_BASEFIELD,
-        n_cols=1,
-        security_level=128
-    )
-    A_BLS_12_377_BASEFIELD_2_COL_128_BITS = AnemoiPermutation(
-        q=BLS12_377_BASEFIELD,
-        n_cols=2,
-        security_level=128
-    )
-    A_BLS_12_377_BASEFIELD_3_COL_128_BITS = AnemoiPermutation(
-        q=BLS12_377_BASEFIELD,
-        n_cols=3,
-        security_level=128
-    )
-    A_BLS_12_377_BASEFIELD_4_COL_128_BITS = AnemoiPermutation(
-        q=BLS12_377_BASEFIELD,
-        n_cols=4,
-        security_level=128
-    )
-    A_BLS_12_377_BASEFIELD_6_COL_128_BITS = AnemoiPermutation(
-        q=BLS12_377_BASEFIELD,
-        mat=CIRCULANT_FP6_MDS_MATRIX,
-        n_cols=6,
-        security_level=128)
-
-    A_ED_ON_BLS_12_377_BASEFIELD_1_COL_128_BITS = AnemoiPermutation(
-        q=BLS12_377_SCALARFIELD,
-        n_cols=1,
-        security_level=128
-    )
-    A_ED_ON_BLS_12_377_BASEFIELD_2_COL_128_BITS = AnemoiPermutation(
-        q=BLS12_377_SCALARFIELD,
-        n_cols=2,
-        security_level=128
-    )
-    A_ED_ON_BLS_12_377_BASEFIELD_3_COL_128_BITS = AnemoiPermutation(
-        q=BLS12_377_SCALARFIELD,
-        n_cols=3,
-        security_level=128
-    )
-    A_ED_ON_BLS_12_377_BASEFIELD_4_COL_128_BITS = AnemoiPermutation(
-        q=BLS12_377_SCALARFIELD,
-        n_cols=4,
-        security_level=128
-    )
-    A_ED_ON_BLS_12_377_BASEFIELD_6_COL_128_BITS = AnemoiPermutation(
-        q=BLS12_377_SCALARFIELD,
-        mat=CIRCULANT_FP6_MDS_MATRIX,
-        n_cols=6,
-        security_level=128)
-
-    A_BN_254_BASEFIELD_1_COL_128_BITS = AnemoiPermutation(
-        q=BN_254_BASEFIELD,
-        n_cols=1,
-        security_level=128
-    )
-    A_BN_254_BASEFIELD_2_COL_128_BITS = AnemoiPermutation(
-        q=BN_254_BASEFIELD,
-        n_cols=2,
-        security_level=128
-    )
-    A_BN_254_BASEFIELD_3_COL_128_BITS = AnemoiPermutation(
-        q=BN_254_BASEFIELD,
-        n_cols=3,
-        security_level=128
-    )
-    A_BN_254_BASEFIELD_4_COL_128_BITS = AnemoiPermutation(
-        q=BN_254_BASEFIELD,
-        n_cols=4,
-        security_level=128
-    )
-    A_BN_254_BASEFIELD_6_COL_128_BITS = AnemoiPermutation(
-        q=BN_254_BASEFIELD,
-        mat=CIRCULANT_FP6_MDS_MATRIX,
-        n_cols=6,
-        security_level=128)
-
-    A_BN_254_SCALARFIELD_1_COL_128_BITS = AnemoiPermutation(
-        q=BN_254_SCALARFIELD,
-        n_cols=1,
-        security_level=128
-    )
-    A_BN_254_SCALARFIELD_2_COL_128_BITS = AnemoiPermutation(
-        q=BN_254_SCALARFIELD,
-        n_cols=2,
-        security_level=128
-    )
-    A_BN_254_SCALARFIELD_3_COL_128_BITS = AnemoiPermutation(
-        q=BN_254_SCALARFIELD,
-        n_cols=3,
-        security_level=128
-    )
-    A_BN_254_SCALARFIELD_4_COL_128_BITS = AnemoiPermutation(
-        q=BN_254_SCALARFIELD,
-        n_cols=4,
-        security_level=128
-    )
-    A_BN_254_SCALARFIELD_6_COL_128_BITS = AnemoiPermutation(
-        q=BN_254_SCALARFIELD,
-        mat=CIRCULANT_FP6_MDS_MATRIX,
-        n_cols=6,
-        security_level=128)
-
-    A_PALLAS_BASEFIELD_1_COL_128_BITS = AnemoiPermutation(
-        q=PALLAS_BASEFIELD,
-        n_cols=1,
-        security_level=128
-    )
-    A_PALLAS_BASEFIELD_2_COL_128_BITS = AnemoiPermutation(
-        q=PALLAS_BASEFIELD,
-        n_cols=2,
-        security_level=128
-    )
-    A_PALLAS_BASEFIELD_3_COL_128_BITS = AnemoiPermutation(
-        q=PALLAS_BASEFIELD,
-        n_cols=3,
-        security_level=128
-    )
-    A_PALLAS_BASEFIELD_4_COL_128_BITS = AnemoiPermutation(
-        q=PALLAS_BASEFIELD,
-        n_cols=4,
-        security_level=128
-    )
-    A_PALLAS_BASEFIELD_6_COL_128_BITS = AnemoiPermutation(
-        q=PALLAS_BASEFIELD,
-        mat=CIRCULANT_FP6_MDS_MATRIX,
-        n_cols=6,
-        security_level=128)
-
-    A_VESTA_BASEFIELD_1_COL_128_BITS = AnemoiPermutation(
-        q=VESTA_BASEFIELD,
-        n_cols=1,
-        security_level=128
-    )
-    A_VESTA_BASEFIELD_2_COL_128_BITS = AnemoiPermutation(
-        q=VESTA_BASEFIELD,
-        n_cols=2,
-        security_level=128
-    )
-    A_VESTA_BASEFIELD_3_COL_128_BITS = AnemoiPermutation(
-        q=VESTA_BASEFIELD,
-        n_cols=3,
-        security_level=128
-    )
-    A_VESTA_BASEFIELD_4_COL_128_BITS = AnemoiPermutation(
-        q=VESTA_BASEFIELD,
-        n_cols=4,
-        security_level=128
-    )
-    A_VESTA_BASEFIELD_6_COL_128_BITS = AnemoiPermutation(
-        q=VESTA_BASEFIELD,
-        mat=CIRCULANT_FP6_MDS_MATRIX,
-        n_cols=6,
-        security_level=128)
-
-    A_GOLDILOCKS_64_FIELD_1_COL_128_BITS = AnemoiPermutation(
-        q=GOLDILOCKS_64_FIELD,
-        n_cols=1,
-        security_level=128
-    )
-    A_GOLDILOCKS_64_FIELD_2_COL_128_BITS = AnemoiPermutation(
-        q=GOLDILOCKS_64_FIELD,
-        n_cols=2,
-        security_level=128
-    )
-    A_GOLDILOCKS_64_FIELD_3_COL_128_BITS = AnemoiPermutation(
-        q=GOLDILOCKS_64_FIELD,
-        n_cols=3,
-        security_level=128
-    )
-    A_GOLDILOCKS_64_FIELD_4_COL_128_BITS = AnemoiPermutation(
-        q=GOLDILOCKS_64_FIELD,
-        n_cols=4,
-        security_level=128
-    )
-    A_GOLDILOCKS_64_FIELD_6_COL_128_BITS = AnemoiPermutation(
-        q=GOLDILOCKS_64_FIELD,
-        mat=CIRCULANT_FP6_MDS_MATRIX,
-        n_cols=6,
-        security_level=128)
-
-
-    # 256-bit security level instantiations
-
-    A_BLS_12_381_BASEFIELD_1_COL_256_BITS = AnemoiPermutation(
-        q=BLS12_381_BASEFIELD,
-        n_cols=1,
-        security_level=256
-    )
-    A_BLS_12_381_BASEFIELD_2_COL_256_BITS = AnemoiPermutation(
-        q=BLS12_381_BASEFIELD,
-        n_cols=2,
-        security_level=256
-    )
-    A_BLS_12_381_BASEFIELD_3_COL_256_BITS = AnemoiPermutation(
-        q=BLS12_381_BASEFIELD,
-        n_cols=3,
-        security_level=256
-    )
-    A_BLS_12_381_BASEFIELD_4_COL_256_BITS = AnemoiPermutation(
-        q=BLS12_381_BASEFIELD,
-        n_cols=4,
-        security_level=256
-    )
-    A_BLS_12_381_BASEFIELD_6_COL_256_BITS = AnemoiPermutation(
-        q=BLS12_381_BASEFIELD,
-        mat=CIRCULANT_FP6_MDS_MATRIX,
-        n_cols=6,
-        security_level=256)
-
-    A_JUBJUB_BASEFIELD_1_COL_256_BITS = AnemoiPermutation(
-        q=BLS12_381_SCALARFIELD,
-        n_cols=1,
-        security_level=256
-    )
-    A_JUBJUB_BASEFIELD_2_COL_256_BITS = AnemoiPermutation(
-        q=BLS12_381_SCALARFIELD,
-        n_cols=2,
-        security_level=256
-    )
-    A_JUBJUB_BASEFIELD_3_COL_256_BITS = AnemoiPermutation(
-        q=BLS12_381_SCALARFIELD,
-        n_cols=3,
-        security_level=256
-    )
-    A_JUBJUB_BASEFIELD_4_COL_256_BITS = AnemoiPermutation(
-        q=BLS12_381_SCALARFIELD,
-        n_cols=4,
-        security_level=256
-    )
-    A_JUBJUB_BASEFIELD_6_COL_256_BITS = AnemoiPermutation(
-        q=BLS12_381_SCALARFIELD,
-        mat=CIRCULANT_FP6_MDS_MATRIX,
-        n_cols=6,
-        security_level=256)
-
-    A_BLS_12_377_BASEFIELD_1_COL_256_BITS = AnemoiPermutation(
-        q=BLS12_377_BASEFIELD,
-        n_cols=1,
-        security_level=256
-    )
-    A_BLS_12_377_BASEFIELD_2_COL_256_BITS = AnemoiPermutation(
-        q=BLS12_377_BASEFIELD,
-        n_cols=2,
-        security_level=256
-    )
-    A_BLS_12_377_BASEFIELD_3_COL_256_BITS = AnemoiPermutation(
-        q=BLS12_377_BASEFIELD,
-        n_cols=3,
-        security_level=256
-    )
-    A_BLS_12_377_BASEFIELD_4_COL_256_BITS = AnemoiPermutation(
-        q=BLS12_377_BASEFIELD,
-        n_cols=4,
-        security_level=256
-    )
-    A_BLS_12_377_BASEFIELD_6_COL_256_BITS = AnemoiPermutation(
-        q=BLS12_377_BASEFIELD,
-        mat=CIRCULANT_FP6_MDS_MATRIX,
-        n_cols=6,
-        security_level=256)
-
-    A_ED_ON_BLS_12_377_BASEFIELD_1_COL_256_BITS = AnemoiPermutation(
-        q=BLS12_377_SCALARFIELD,
-        n_cols=1,
-        security_level=256
-    )
-    A_ED_ON_BLS_12_377_BASEFIELD_2_COL_256_BITS = AnemoiPermutation(
-        q=BLS12_377_SCALARFIELD,
-        n_cols=2,
-        security_level=256
-    )
-    A_ED_ON_BLS_12_377_BASEFIELD_3_COL_256_BITS = AnemoiPermutation(
-        q=BLS12_377_SCALARFIELD,
-        n_cols=3,
-        security_level=256
-    )
-    A_ED_ON_BLS_12_377_BASEFIELD_4_COL_256_BITS = AnemoiPermutation(
-        q=BLS12_377_SCALARFIELD,
-        n_cols=4,
-        security_level=256
-    )
-    A_ED_ON_BLS_12_377_BASEFIELD_6_COL_256_BITS = AnemoiPermutation(
-        q=BLS12_377_SCALARFIELD,
-        mat=CIRCULANT_FP6_MDS_MATRIX,
-        n_cols=6,
-        security_level=256)
-
-    A_BN_254_BASEFIELD_1_COL_256_BITS = AnemoiPermutation(
-        q=BN_254_BASEFIELD,
-        n_cols=1,
-        security_level=256
-    )
-    A_BN_254_BASEFIELD_2_COL_256_BITS = AnemoiPermutation(
-        q=BN_254_BASEFIELD,
-        n_cols=2,
-        security_level=256
-    )
-    A_BN_254_BASEFIELD_3_COL_256_BITS = AnemoiPermutation(
-        q=BN_254_BASEFIELD,
-        n_cols=3,
-        security_level=256
-    )
-    A_BN_254_BASEFIELD_4_COL_256_BITS = AnemoiPermutation(
-        q=BN_254_BASEFIELD,
-        n_cols=4,
-        security_level=256
-    )
-    A_BN_254_BASEFIELD_6_COL_256_BITS = AnemoiPermutation(
-        q=BN_254_BASEFIELD,
-        mat=CIRCULANT_FP6_MDS_MATRIX,
-        n_cols=6,
-        security_level=256)
-
-    A_BN_254_SCALARFIELD_1_COL_256_BITS = AnemoiPermutation(
-        q=BN_254_SCALARFIELD,
-        n_cols=1,
-        security_level=256
-    )
-    A_BN_254_SCALARFIELD_2_COL_256_BITS = AnemoiPermutation(
-        q=BN_254_SCALARFIELD,
-        n_cols=2,
-        security_level=256
-    )
-    A_BN_254_SCALARFIELD_3_COL_256_BITS = AnemoiPermutation(
-        q=BN_254_SCALARFIELD,
-        n_cols=3,
-        security_level=256
-    )
-    A_BN_254_SCALARFIELD_4_COL_256_BITS = AnemoiPermutation(
-        q=BN_254_SCALARFIELD,
-        n_cols=4,
-        security_level=256
-    )
-    A_BN_254_SCALARFIELD_6_COL_256_BITS = AnemoiPermutation(
-        q=BN_254_SCALARFIELD,
-        mat=CIRCULANT_FP6_MDS_MATRIX,
-        n_cols=6,
-        security_level=256)
-
-    A_PALLAS_BASEFIELD_1_COL_256_BITS = AnemoiPermutation(
-        q=PALLAS_BASEFIELD,
-        n_cols=1,
-        security_level=256
-    )
-    A_PALLAS_BASEFIELD_2_COL_256_BITS = AnemoiPermutation(
-        q=PALLAS_BASEFIELD,
-        n_cols=2,
-        security_level=256
-    )
-    A_PALLAS_BASEFIELD_3_COL_256_BITS = AnemoiPermutation(
-        q=PALLAS_BASEFIELD,
-        n_cols=3,
-        security_level=256
-    )
-    A_PALLAS_BASEFIELD_4_COL_256_BITS = AnemoiPermutation(
-        q=PALLAS_BASEFIELD,
-        n_cols=4,
-        security_level=256
-    )
-    A_PALLAS_BASEFIELD_6_COL_256_BITS = AnemoiPermutation(
-        q=PALLAS_BASEFIELD,
-        mat=CIRCULANT_FP6_MDS_MATRIX,
-        n_cols=6,
-        security_level=256)
-
-    A_VESTA_BASEFIELD_1_COL_256_BITS = AnemoiPermutation(
-        q=VESTA_BASEFIELD,
-        n_cols=1,
-        security_level=256
-    )
-    A_VESTA_BASEFIELD_2_COL_256_BITS = AnemoiPermutation(
-        q=VESTA_BASEFIELD,
-        n_cols=2,
-        security_level=256
-    )
-    A_VESTA_BASEFIELD_3_COL_256_BITS = AnemoiPermutation(
-        q=VESTA_BASEFIELD,
-        n_cols=3,
-        security_level=256
-    )
-    A_VESTA_BASEFIELD_4_COL_256_BITS = AnemoiPermutation(
-        q=VESTA_BASEFIELD,
-        n_cols=4,
-        security_level=256
-    )
-    A_VESTA_BASEFIELD_6_COL_256_BITS = AnemoiPermutation(
-        q=VESTA_BASEFIELD,
-        mat=CIRCULANT_FP6_MDS_MATRIX,
-        n_cols=6,
-        security_level=256)
-
-    A_GOLDILOCKS_64_FIELD_1_COL_256_BITS = AnemoiPermutation(
-        q=GOLDILOCKS_64_FIELD,
-        n_cols=1,
-        security_level=256
-    )
-    A_GOLDILOCKS_64_FIELD_2_COL_256_BITS = AnemoiPermutation(
-        q=GOLDILOCKS_64_FIELD,
-        n_cols=2,
-        security_level=256
-    )
-    A_GOLDILOCKS_64_FIELD_3_COL_256_BITS = AnemoiPermutation(
-        q=GOLDILOCKS_64_FIELD,
-        n_cols=3,
-        security_level=256
-    )
-    A_GOLDILOCKS_64_FIELD_4_COL_256_BITS = AnemoiPermutation(
-        q=GOLDILOCKS_64_FIELD,
-        n_cols=4,
-        security_level=256
-    )
-    A_GOLDILOCKS_64_FIELD_6_COL_256_BITS = AnemoiPermutation(
-        q=GOLDILOCKS_64_FIELD,
-        mat=CIRCULANT_FP6_MDS_MATRIX,
-        n_cols=6,
-        security_level=256)
-
-def anemoi_selected_instances():
-
-    # accumulating selected Anemoi instances
-    A = []
-    
-    # 128-bit security level instantiations
-    A_BLS_12_381_SCALARFIELD_1_COL_128_BITS = AnemoiPermutation(
-        q=BLS12_381_SCALARFIELD,
-        n_cols=1,
-        security_level=128
-    )
-    A.append(
-        ("A_BLS_12_381_SCALARFIELD_1_COL_128_BITS",
-         A_BLS_12_381_SCALARFIELD_1_COL_128_BITS))
-    A_BLS_12_381_SCALARFIELD_4_COL_128_BITS =AnemoiPermutation(
-        q=BLS12_381_SCALARFIELD,
-        n_cols=4,
-        security_level=128
-    )
-    A.append(
-        ("A_BLS_12_381_SCALARFIELD_4_COL_128_BITS",
-         A_BLS_12_381_SCALARFIELD_4_COL_128_BITS))
-    A_BLS_12_381_SCALARFIELD_6_COL_128_BITS =AnemoiPermutation(
-        q=BLS12_381_SCALARFIELD,
-        mat=matrix.circulant([1, 1, 3, 4, 5, 6]),
-        n_cols=6,
-        security_level=128)
-    A.append(
-        ("A_BLS_12_381_SCALARFIELD_6_COL_128_BITS",
-         A_BLS_12_381_SCALARFIELD_6_COL_128_BITS))
-    return A
-    
diff --git a/scripts/anemoi-hash/constants.py b/scripts/anemoi-hash/constants.py
deleted file mode 100644
index a9e06eae1..000000000
--- a/scripts/anemoi-hash/constants.py
+++ /dev/null
@@ -1,23 +0,0 @@
-# BLS12-381 Base field
-BLS12_381_BASEFIELD = 0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaab
-# BLS12-381 Scalar field
-BLS12_381_SCALARFIELD = 0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001
-
-# BLS12-377 Base field = BW6_761 Scalar field
-BLS12_377_BASEFIELD = 0x1ae3a4617c510eac63b05c06ca1493b1a22d9f300f5138f1ef3622fba094800170b5d44300000008508c00000000001
-# BLS12-377 Scalar field = Ed_on_bls_12_377 Base field
-BLS12_377_SCALARFIELD = 0x12ab655e9a2ca55660b44d1e5c37b00159aa76fed00000010a11800000000001
-
-# BN-254 Base field
-BN_254_BASEFIELD = 0x30644e72e131a029b85045b68181585d97816a916871ca8d3c208c16d87cfd47
-# BN-254 Scalar field
-BN_254_SCALARFIELD = 0x30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f0000001
-
-# Pallas Base field = Vesta Scalar field
-PALLAS_BASEFIELD = 0x40000000000000000000000000000000224698fc094cf91b992d30ed00000001
-
-# Vesta Base field = Pallas Scalar field
-VESTA_BASEFIELD = 0x40000000000000000000000000000000224698fc0994a8dd8c46eb2100000001
-
-# Small Goldilocks field
-GOLDILOCKS_64_FIELD = 0xffffffff00000001
diff --git a/scripts/anemoi-hash/parameters.sage b/scripts/anemoi-hash/parameters.sage
index 6299ac4f9..72071b06e 100644
--- a/scripts/anemoi-hash/parameters.sage
+++ b/scripts/anemoi-hash/parameters.sage
@@ -8,7 +8,39 @@ import itertools
 from constants import *
 
 load('anemoi.sage')
-     
+
+def anemoi_selected_instances():
+
+    # accumulating selected Anemoi instances
+    A = []
+    
+    # 128-bit security level instantiations
+    A_BLS_12_381_SCALARFIELD_1_COL_128_BITS = AnemoiPermutation(
+        q=BLS12_381_SCALARFIELD,
+        n_cols=1,
+        security_level=128
+    )
+    A.append(
+        ("A_BLS_12_381_SCALARFIELD_1_COL_128_BITS",
+         A_BLS_12_381_SCALARFIELD_1_COL_128_BITS))
+    A_BLS_12_381_SCALARFIELD_4_COL_128_BITS =AnemoiPermutation(
+        q=BLS12_381_SCALARFIELD,
+        n_cols=4,
+        security_level=128
+    )
+    A.append(
+        ("A_BLS_12_381_SCALARFIELD_4_COL_128_BITS",
+         A_BLS_12_381_SCALARFIELD_4_COL_128_BITS))
+    A_BLS_12_381_SCALARFIELD_6_COL_128_BITS =AnemoiPermutation(
+        q=BLS12_381_SCALARFIELD,
+        mat=matrix.circulant([1, 1, 3, 4, 5, 6]),
+        n_cols=6,
+        security_level=128)
+    A.append(
+        ("A_BLS_12_381_SCALARFIELD_6_COL_128_BITS",
+         A_BLS_12_381_SCALARFIELD_6_COL_128_BITS))
+    return A
+    
 def output_parameters():
     instances = anemoi_selected_instances()    
     for i in range(len(instances)):
diff --git a/scripts/anemoi-hash/readme.md b/scripts/anemoi-hash/readme.md
new file mode 100644
index 000000000..db603465a
--- /dev/null
+++ b/scripts/anemoi-hash/readme.md
@@ -0,0 +1,17 @@
+The sage script parameters.sage requires the official Anemoi SAGE
+implementation from [1]. To run it, do the following steps;
+
+1. execute git clone https://github.com/anemoi-hash/anemoi-hash.git
+
+2. put the downloaded contents in the same directory as file
+parameters.sage.
+
+3. edit file anemoi.sage to replace "if __name__ == "__main__":" with
+"def main():"
+
+4. load parameters.sage in SAGE.
+
+Tested with 'SageMath version 9.3, Release Date: 2021-05-09' on 8 Nov
+2022.
+
+[1] https://github.com/anemoi-hash/anemoi-hash

From cac4bb168a9ecf35d0e0a404856ad5e18bfb5baf Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Thu, 3 Nov 2022 11:36:23 +0000
Subject: [PATCH 081/112] anemoi: removed duplicate gadgets for the flystel
 Q-functions for prime and binary fields
 (https://github.com/clearmatics/libsnark/issues/77,
 https://github.com/clearmatics/libsnark/pull/65#discussion_r992421012,
 https://github.com/clearmatics/libsnark/pull/65#discussion_r992423162)

---
 .../hashes/anemoi/anemoi_components.hpp       |  91 +++-----
 .../hashes/anemoi/anemoi_components.tcc       | 194 ++++++------------
 .../anemoi/tests/test_anemoi_gadget.cpp       |   7 +-
 3 files changed, 88 insertions(+), 204 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
index 2ec83b25d..8444d654b 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
@@ -27,74 +27,27 @@
 namespace libsnark
 {
 
-/// Flystel Q_gamma function for prime fields:
-/// Qf(x) = beta x^2 + gamma
-template<typename ppT, class parameters = anemoi_parameters<libff::Fr<ppT>>>
-class flystel_Q_gamma_prime_field_gadget : public gadget<libff::Fr<ppT>>
-{
-    using FieldT = libff::Fr<ppT>;
-
-private:
-    const FieldT beta;
-    const FieldT gamma;
-
-public:
-    const linear_combination<FieldT> input;
-    const pb_variable<FieldT> output;
-
-    flystel_Q_gamma_prime_field_gadget(
-        protoboard<FieldT> &pb,
-        const linear_combination<FieldT> &input,
-        const pb_variable<FieldT> &output,
-        const std::string &annotation_prefix);
-
-    void generate_r1cs_constraints();
-    void generate_r1cs_witness();
-};
-
-/// Flystel Q_delta function for prime fields:
-/// Qf(x) = beta x^2 + delta
-template<typename ppT, class parameters = anemoi_parameters<libff::Fr<ppT>>>
-class flystel_Q_delta_prime_field_gadget : public gadget<libff::Fr<ppT>>
-{
-    using FieldT = libff::Fr<ppT>;
-
-private:
-    const FieldT beta;
-    const FieldT delta;
-
-public:
-    const linear_combination<FieldT> input;
-    const pb_variable<FieldT> output;
-
-    flystel_Q_delta_prime_field_gadget(
-        protoboard<FieldT> &pb,
-        const linear_combination<FieldT> &input,
-        const pb_variable<FieldT> &output,
-        const std::string &annotation_prefix);
-
-    void generate_r1cs_constraints();
-    void generate_r1cs_witness();
-};
-
-/// Flystel Q_gamma function for binary fields:
-/// Qi(x) = beta x^3 + gamma
-template<typename ppT, class parameters = anemoi_parameters<libff::Fr<ppT>>>
-class flystel_Q_gamma_binary_field_gadget : public gadget<libff::Fr<ppT>>
+/// Combined gadget for the Flystel Q-functions for prime fields Q(x) = A x^2 +
+/// B:
+/// Q_gamma(x) = beta x^2 + gamma: A = beta, B = gamma
+/// Q_delta(x) = beta x^2 + delta: A = beta, B = delta
+template<typename ppT>
+class flystel_Q_prime_field_gadget : public gadget<libff::Fr<ppT>>
 {
     using FieldT = libff::Fr<ppT>;
 
 private:
-    const pb_variable<FieldT> internal;
-    const FieldT beta;
-    const FieldT gamma;
+    const FieldT A;
+    const FieldT B;
 
 public:
     const linear_combination<FieldT> input;
     const pb_variable<FieldT> output;
 
-    flystel_Q_gamma_binary_field_gadget(
+    flystel_Q_prime_field_gadget(
         protoboard<FieldT> &pb,
+        const FieldT A,
+        const FieldT B,
         const linear_combination<FieldT> &input,
         const pb_variable<FieldT> &output,
         const std::string &annotation_prefix);
@@ -103,24 +56,28 @@ class flystel_Q_gamma_binary_field_gadget : public gadget<libff::Fr<ppT>>
     void generate_r1cs_witness();
 };
 
-/// Flystel Q_delta function for binary fields:
-/// Qi(x) = beta x^3 + delta
-template<typename ppT, class parameters = anemoi_parameters<libff::Fr<ppT>>>
-class flystel_Q_delta_binary_field_gadget : public gadget<libff::Fr<ppT>>
+/// Combined gadget for the Flystel Q-functions for binary fields Q(x) = A x^3 +
+/// B:
+/// Q_gamma(x) = beta x^3 + gamma: A = beta, B = gamma
+/// Q_delta(x) = beta x^3 + delta: A = beta, B = delta
+template<typename ppT>
+class flystel_Q_binary_field_gadget : public gadget<libff::Fr<ppT>>
 {
     using FieldT = libff::Fr<ppT>;
 
 private:
     const pb_variable<FieldT> internal;
-    const FieldT beta;
-    const FieldT delta;
+    const FieldT A;
+    const FieldT B;
 
 public:
     const linear_combination<FieldT> input;
     const pb_variable<FieldT> output;
 
-    flystel_Q_delta_binary_field_gadget(
+    flystel_Q_binary_field_gadget(
         protoboard<FieldT> &pb,
+        const FieldT A,
+        const FieldT B,
         const linear_combination<FieldT> &input,
         const pb_variable<FieldT> &output,
         const std::string &annotation_prefix);
@@ -210,8 +167,8 @@ class flystel_prime_field_gadget : public gadget<libff::Fr<ppT>>
     const pb_variable<FieldT> output_y0;
     const pb_variable<FieldT> output_y1;
 
-    flystel_Q_gamma_prime_field_gadget<ppT, parameters> Q_gamma;
-    flystel_Q_delta_prime_field_gadget<ppT, parameters> Q_delta;
+    flystel_Q_prime_field_gadget<ppT> Q_gamma;
+    flystel_Q_prime_field_gadget<ppT> Q_delta;
     flystel_E_root_five_gadget<ppT, parameters> E_root_five;
 
     flystel_prime_field_gadget(
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
index 2b0e81daf..5f110bb1d 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
@@ -34,85 +34,44 @@ namespace libsnark
 //
 // where A =(0, const_a, 0), B=(0, 1, 0) and C =(-const_b, 0, 1)
 
-template<typename ppT, class parameters>
-flystel_Q_gamma_prime_field_gadget<ppT, parameters>::
-    flystel_Q_gamma_prime_field_gadget(
-        protoboard<libff::Fr<ppT>> &pb,
-        const linear_combination<libff::Fr<ppT>> &input,
-        const pb_variable<libff::Fr<ppT>> &output,
-        const std::string &annotation_prefix)
+template<typename ppT>
+flystel_Q_prime_field_gadget<ppT>::flystel_Q_prime_field_gadget(
+    protoboard<libff::Fr<ppT>> &pb,
+    const libff::Fr<ppT> A,
+    const libff::Fr<ppT> B,
+    const linear_combination<libff::Fr<ppT>> &input,
+    const pb_variable<libff::Fr<ppT>> &output,
+    const std::string &annotation_prefix)
     : gadget<libff::Fr<ppT>>(pb, annotation_prefix)
-    , beta(parameters::beta)
-    , gamma(parameters::gamma)
+    , A(A)
+    , B(B)
     , input(input)
     , output(output)
 {
 }
 
-template<typename ppT, class parameters>
-void flystel_Q_gamma_prime_field_gadget<ppT, parameters>::
-    generate_r1cs_constraints()
+template<typename ppT>
+void flystel_Q_prime_field_gadget<ppT>::generate_r1cs_constraints()
 {
     // Constraint has the form:
-    //   beta * input^2 + gamma = output
+    //   A * input^2 + B = output
     // which can be written as
-    //   (beta * input) * input = output - gamma
+    //   (A * input) * input = output - B
     this->pb.add_r1cs_constraint(
-        {input * beta, input, output - gamma},
-        FMT(this->annotation_prefix, " beta * x = y - gamma"));
+        {input * A, input, output - B},
+        FMT(this->annotation_prefix, " A * x = y - B"));
 }
 
 // compute a witness y for a given input x for the computation y =
-// beta x^2 + gamma
-template<typename ppT, class parameters>
-void flystel_Q_gamma_prime_field_gadget<ppT, parameters>::
-    generate_r1cs_witness()
+// A x^2 + B
+template<typename ppT>
+void flystel_Q_prime_field_gadget<ppT>::generate_r1cs_witness()
 {
     using FieldT = libff::Fr<ppT>;
     const FieldT input_value =
         input.evaluate(this->pb.full_variable_assignment());
-    // y = beta x^2 + gamma
-    this->pb.val(output) = this->beta * input_value * input_value + this->gamma;
-}
-
-template<typename ppT, class parameters>
-flystel_Q_delta_prime_field_gadget<ppT, parameters>::
-    flystel_Q_delta_prime_field_gadget(
-        protoboard<libff::Fr<ppT>> &pb,
-        const linear_combination<libff::Fr<ppT>> &input,
-        const pb_variable<libff::Fr<ppT>> &output,
-        const std::string &annotation_prefix)
-    : gadget<libff::Fr<ppT>>(pb, annotation_prefix)
-    , beta(parameters::beta)
-    , delta(parameters::delta)
-    , input(input)
-    , output(output)
-{
-}
-
-template<typename ppT, class parameters>
-void flystel_Q_delta_prime_field_gadget<ppT, parameters>::
-    generate_r1cs_constraints()
-{
-    // Constraint has the form:
-    //   beta * input^2 + delta = output
-    // which can be written as
-    //   (beta * input) * input = output - delta
-    this->pb.add_r1cs_constraint(
-        {input * beta, input, output - delta},
-        FMT(this->annotation_prefix, " beta * x = y - delta"));
-}
-
-// compute a witness y for a given input x for the computation y =
-// beta x^2 + delta, where x=input, y=output
-template<typename ppT, class parameters>
-void flystel_Q_delta_prime_field_gadget<ppT, parameters>::
-    generate_r1cs_witness()
-{
-    const FieldT input_value =
-        input.evaluate(this->pb.full_variable_assignment());
-    // y = beta x^2 + delta
-    this->pb.val(output) = this->beta * input_value * input_value + this->delta;
+    // y = A x^2 + B
+    this->pb.val(output) = A * input_value * input_value + B;
 }
 
 // R1CS constraints for the operation y = beta x^3 + gamma with
@@ -131,94 +90,47 @@ void flystel_Q_delta_prime_field_gadget<ppT, parameters>::
 //
 // where A0=(0, beta, 0, 0), B0=(0, 1, 0, 0), C0=(0, 0, 1, 0) and
 // A1=(0, 0, 1, 0), B1=(0, 1, 0, 0), C1=(-gamma, 0, 0, 1)
-template<typename ppT, class parameters>
-flystel_Q_gamma_binary_field_gadget<ppT, parameters>::
-    flystel_Q_gamma_binary_field_gadget(
-        protoboard<libff::Fr<ppT>> &pb,
-        const linear_combination<libff::Fr<ppT>> &input,
-        const pb_variable<libff::Fr<ppT>> &output,
-        const std::string &annotation_prefix)
-    : gadget<libff::Fr<ppT>>(pb, annotation_prefix)
-    , internal(pb_variable_allocate<libff::Fr<ppT>>(
-          pb, FMT(this->annotation_prefix, " internal")))
-    , beta(parameters::beta)
-    , gamma(parameters::gamma)
-    , input(input)
-    , output(output)
-{
-}
-
-template<typename ppT, class parameters>
-void flystel_Q_gamma_binary_field_gadget<ppT, parameters>::
-    generate_r1cs_constraints()
-{
-    // (beta * input) * input = internal
-    this->pb.add_r1cs_constraint(
-        r1cs_constraint<libff::Fr<ppT>>(beta * input, input, internal),
-        FMT(this->annotation_prefix, " beta * x * x = x_square"));
-    // internal * input = output - gamma
-    this->pb.add_r1cs_constraint(
-        r1cs_constraint<libff::Fr<ppT>>(internal, input, output - gamma),
-        FMT(this->annotation_prefix, " x_square * x = y - gamma"));
-}
-
-template<typename ppT, class parameters>
-void flystel_Q_gamma_binary_field_gadget<ppT, parameters>::
-    generate_r1cs_witness()
-{
-    const libff::Fr<ppT> input_value =
-        input.evaluate(this->pb.full_variable_assignment());
-    // x_internal = beta x * x
-    this->pb.val(internal) = (this->beta * input_value) * input_value;
-    // y = beta x^3 + gamma = x_internal * x + gamma
-    this->pb.val(output) = this->pb.val(internal) * input_value + this->gamma;
-}
 
-// R1CS constraints for the operation y = beta x^3 + delta with
-// x=input, y=output. This operation is represented with two
-// multiplications as y-delta = ((beta x * x) * x).
-// \see flystel_Q_delta_binary_field_gadget
-template<typename ppT, class parameters>
-flystel_Q_delta_binary_field_gadget<ppT, parameters>::
-    flystel_Q_delta_binary_field_gadget(
-        protoboard<libff::Fr<ppT>> &pb,
-        const linear_combination<libff::Fr<ppT>> &input,
-        const pb_variable<libff::Fr<ppT>> &output,
-        const std::string &annotation_prefix)
+template<typename ppT>
+flystel_Q_binary_field_gadget<ppT>::flystel_Q_binary_field_gadget(
+    protoboard<libff::Fr<ppT>> &pb,
+    const libff::Fr<ppT> A,
+    const libff::Fr<ppT> B,
+    const linear_combination<libff::Fr<ppT>> &input,
+    const pb_variable<libff::Fr<ppT>> &output,
+    const std::string &annotation_prefix)
     : gadget<libff::Fr<ppT>>(pb, annotation_prefix)
     , internal(pb_variable_allocate<libff::Fr<ppT>>(
           pb, FMT(this->annotation_prefix, " internal")))
-    , beta(parameters::beta)
-    , delta(parameters::delta)
+    , A(A)
+    , B(B)
     , input(input)
     , output(output)
 {
 }
 
-template<typename ppT, class parameters>
-void flystel_Q_delta_binary_field_gadget<ppT, parameters>::
-    generate_r1cs_constraints()
+template<typename ppT>
+void flystel_Q_binary_field_gadget<ppT>::generate_r1cs_constraints()
 {
-    // (beta * input) * input = internal
+    // (A * input) * input = internal
     this->pb.add_r1cs_constraint(
-        r1cs_constraint<FieldT>(beta * input, input, internal),
-        FMT(this->annotation_prefix, " beta * x * x = x_square"));
-    // internal * input = output - delta
+        r1cs_constraint<FieldT>(A * input, input, internal),
+        FMT(this->annotation_prefix, " A * x * x = x_square"));
+    // internal * input = output - B
     this->pb.add_r1cs_constraint(
-        r1cs_constraint<FieldT>(internal, input, output - delta),
-        FMT(this->annotation_prefix, " x_square * x = y - delta"));
+        r1cs_constraint<FieldT>(internal, input, output - B),
+        FMT(this->annotation_prefix, " x_square * x = y - B"));
 }
 
-template<typename ppT, class parameters>
-void flystel_Q_delta_binary_field_gadget<ppT, parameters>::
-    generate_r1cs_witness()
+template<typename ppT>
+void flystel_Q_binary_field_gadget<ppT>::generate_r1cs_witness()
 {
     const FieldT input_value =
         input.evaluate(this->pb.full_variable_assignment());
-    // x_internal = beta x * x
-    this->pb.val(internal) = (this->beta * input_value) * input_value;
-    // y = beta x^3 + delta = x_internal * x + delta
-    this->pb.val(output) = this->pb.val(internal) * input_value + this->delta;
+    // x_internal = A x * x
+    this->pb.val(internal) = (A * input_value) * input_value;
+    // y = A x^3 + B = x_internal * x + B
+    this->pb.val(output) = this->pb.val(internal) * input_value + B;
 }
 
 // R1CS constraints for the operation y = x^5 with x=input,
@@ -365,8 +277,20 @@ flystel_prime_field_gadget<ppT, parameters>::flystel_prime_field_gadget(
     , input_x1(x1)
     , output_y0(y0)
     , output_y1(y1)
-    , Q_gamma(pb, x1, a0, FMT(annotation_prefix, " Q_gamma"))
-    , Q_delta(pb, x1 - a1, a2, FMT(annotation_prefix, " Q_delta"))
+    , Q_gamma(
+          pb,
+          parameters::beta,
+          parameters::gamma,
+          x1,
+          a0,
+          FMT(annotation_prefix, " Q_gamma"))
+    , Q_delta(
+          pb,
+          parameters::beta,
+          parameters::delta,
+          x1 - a1,
+          a2,
+          FMT(annotation_prefix, " Q_delta"))
     , E_root_five(pb, x0 - a0, a1, FMT(annotation_prefix, " E_root_five"))
 {
     static_assert((parameters::alpha == 5), "Parameter alpha must be 5");
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
index e8e07d977..749e95f2a 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
@@ -73,7 +73,9 @@ void test_flystel_Q_gamma_prime_field_gadget()
     y.allocate(pb, "y");
 
     // create gadget
-    flystel_Q_gamma_prime_field_gadget<ppT, parameters> d(pb, x, y, "d");
+    flystel_Q_prime_field_gadget<ppT> d(
+        pb, parameters::beta, parameters::gamma, x, y, "d");
+
     // generate contraints
     d.generate_r1cs_constraints();
     // set input value
@@ -104,7 +106,8 @@ void test_flystel_Q_gamma_binary_field_gadget()
     y.allocate(pb, "y");
 
     // create gadget
-    flystel_Q_gamma_binary_field_gadget<ppT, parameters> d(pb, x, y, "d");
+    flystel_Q_binary_field_gadget<ppT> d(
+        pb, parameters::beta, parameters::gamma, x, y, "d");
     // generate contraints
     d.generate_r1cs_constraints();
     // set input value

From 8a6e6359cf9137824037e4154ba3c063c8524115 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Fri, 4 Nov 2022 12:30:14 +0000
Subject: [PATCH 082/112] anemoi: added static_assert on the allowed dimensions
 of the mds matrix (https://github.com/clearmatics/libsnark/issues/77,
 https://github.com/clearmatics/libsnark/pull/65#discussion_r992467709)

---
 .../gadgets/hashes/anemoi/anemoi_components.tcc          | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
index 5f110bb1d..1fde7314c 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
@@ -325,6 +325,11 @@ template<typename FieldT, size_t NumStateColumns_L>
 std::array<std::array<FieldT, NumStateColumns_L>, NumStateColumns_L>
 anemoi_permutation_mds(const FieldT g)
 {
+    static_assert(
+        (NumStateColumns_L == 2) || (NumStateColumns_L == 3) ||
+            (NumStateColumns_L == 4),
+        "NumStateColumns_L must be 2,3 or 4");
+
     std::array<std::array<FieldT, NumStateColumns_L>, NumStateColumns_L> M;
     const FieldT g2 = g * g;
     if (NumStateColumns_L == 2) {
@@ -343,10 +348,6 @@ anemoi_permutation_mds(const FieldT g)
             {1 + g, 1 + 2 * g, g, 1 + g}};
         return M;
     }
-    // If we are here, then the number of columns NumStateColumns_L has invalid
-    // value outside of the set {2,3,4}
-    throw std::logic_error(
-        "Error: invalid number of columns. Must be 2,3 or 4 .");
 }
 
 } // namespace libsnark

From d0f143f9a1436d41db4354ac9ddab7643e1fdb86 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Tue, 8 Nov 2022 12:38:50 +0000
Subject: [PATCH 083/112] anemoi: added r1cs gadget for the round
 transformation of the anemoi permutation

---
 libsnark/CMakeLists.txt                       |   2 +-
 .../hashes/anemoi/anemoi_components.hpp       |  63 +++-
 .../hashes/anemoi/anemoi_components.tcc       | 356 +++++++++++++++++-
 .../hashes/anemoi/tests/anemoi_outputs.cpp    | 111 ++++++
 .../hashes/anemoi/tests/anemoi_outputs.hpp    |  29 ++
 .../anemoi/tests/test_anemoi_gadget.cpp       |  92 ++++-
 6 files changed, 623 insertions(+), 30 deletions(-)
 create mode 100644 libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/anemoi_outputs.cpp
 create mode 100644 libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/anemoi_outputs.hpp

diff --git a/libsnark/CMakeLists.txt b/libsnark/CMakeLists.txt
index 35bc673b5..2194d0ed7 100644
--- a/libsnark/CMakeLists.txt
+++ b/libsnark/CMakeLists.txt
@@ -205,7 +205,7 @@ if ("${IS_LIBSNARK_PARENT}")
   libsnark_test(test_r1cs_ppzksnark_verifier_gadget gadgetlib1/tests/test_r1cs_ppzksnark_verifier_gadget.cpp)
   libsnark_test(test_r1cs_gg_ppzksnark_verifier_gadget gadgetlib1/tests/test_r1cs_gg_ppzksnark_verifier_gadget.cpp)
   libsnark_test(test_kzg10_verifier_gadget gadgetlib1/tests/test_kzg10_verifier_gadget.cpp)
-  libsnark_test(test_anemoi_gadget gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp)
+  libsnark_test(test_anemoi_gadget gadgetlib1/gadgets/hashes/anemoi/tests/anemoi_outputs.cpp gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp)
 
   # TODO (howardwu): Resolve runtime on targets:
   # libsnark_test(zk_proof_systems_uscs_ppzksnark_test zk_proof_systems/ppzksnark/uscs_ppzksnark/tests/test_uscs_ppzksnark.cpp)
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
index 8444d654b..d5dc85779 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
@@ -138,14 +138,14 @@ class flystel_E_root_five_gadget : public gadget<libff::Fr<ppT>>
 
 /// Anemoi closed Flystel component for fields of prime characteristic
 ///
-/// x0,x1: input (x,y in the paper)
-/// y0,y1: output (u,v in the paper)
+/// x0,x1: input (x,y in [BBCPSVW22])
+/// y0,y1: output (u,v in [BBCPSVW22])
 ///
 /// The component performs the following computation:
 ///
-/// a0 = (beta x1^2 + gamma) = Q_gamma(x1)
-/// a1 = (x0 - a0)^{1/alpha} = E_root_five(x0-a0)
-/// a2 = beta (x1-a1)^2 + delta = Q_delta(x1-a1)
+/// a0 = (beta x1^2 + gamma) == Q_gamma(x1)
+/// a1 = (x0 - a0)^{1/alpha} == E_root_five(x0-a0)
+/// a2 = beta (x1-a1)^2 + delta == Q_delta(x1-a1)
 /// y0 = x0 - a0 + a2
 /// y1 = x1 - a1
 ///
@@ -188,6 +188,59 @@ template<typename FieldT, size_t NumStateColumns_L>
 std::array<std::array<FieldT, NumStateColumns_L>, NumStateColumns_L>
 anemoi_permutation_mds(const FieldT g);
 
+/// One round of the Anemoi permutation mapping (Fr)^{2L} -> (Fr)^{2L}
+///
+/// NumStateColumns_L : L parameter - number of columns in the
+///                     state. can be 1,2,3,4. Each column is composed
+///                     of 2 elements in Fr. One Flystel Sbox accepts
+///                     1 column as input. There are L Flystel-s in 1
+///                     round of the Anemoi permutation applied in
+///                     parallel.
+template<
+    typename ppT,
+    size_t NumStateColumns_L,
+    class parameters = anemoi_parameters<libff::Fr<ppT>>>
+class anemoi_permutation_round_prime_field_gadget
+    : public gadget<libff::Fr<ppT>>
+{
+    using FieldT = libff::Fr<ppT>;
+
+private:
+    // vector of C round constants
+    std::vector<FieldT> C_const;
+    // vector of D round constants
+    std::vector<FieldT> D_const;
+    // matrix M
+    std::vector<std::vector<FieldT>> M_matrix;
+    // vector of Flystel S-boxes
+    std::vector<flystel_prime_field_gadget<ppT, parameters>> Flystel;
+
+public:
+    const pb_linear_combination_array<FieldT> X_left_input;
+    const pb_linear_combination_array<FieldT> X_right_input;
+    const pb_variable_array<FieldT> Y_left_output;
+    const pb_variable_array<FieldT> Y_right_output;
+
+    anemoi_permutation_round_prime_field_gadget(
+        protoboard<FieldT> &pb,
+        const std::vector<FieldT> &C_const,
+        const std::vector<FieldT> &D_const,
+        const pb_linear_combination_array<FieldT> &X_left_input,
+        const pb_linear_combination_array<FieldT> &X_right_input,
+        const pb_variable_array<FieldT> &Y_left_output,
+        const pb_variable_array<FieldT> &Y_right_output,
+        const std::string &annotation_prefix);
+
+    const std::vector<linear_combination<FieldT>> anemoi_permutation_add_constants(
+        const std::vector<linear_combination<FieldT>> &input);
+
+    const std::vector<linear_combination<FieldT>> anemoi_permutation_mulitply_matrix(
+        const std::vector<linear_combination<FieldT>> &input);
+
+    void generate_r1cs_constraints();
+    void generate_r1cs_witness();
+};
+
 } // namespace libsnark
 
 #include "libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc"
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
index 1fde7314c..20425e4d7 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
@@ -72,6 +72,15 @@ void flystel_Q_prime_field_gadget<ppT>::generate_r1cs_witness()
         input.evaluate(this->pb.full_variable_assignment());
     // y = A x^2 + B
     this->pb.val(output) = A * input_value * input_value + B;
+#if 1 // DEBUG
+    printf("[%s:%d] Q A B\n", __FILE__, __LINE__);
+    A.print();
+    B.print();
+    printf("[%s:%d] Q input\n", __FILE__, __LINE__);
+    input_value.print();
+    printf("[%s:%d] Q output\n", __FILE__, __LINE__);
+    this->pb.val(output).print();
+#endif // #if 1 // DEBUG
 }
 
 // R1CS constraints for the operation y = beta x^3 + gamma with
@@ -316,37 +325,354 @@ void flystel_prime_field_gadget<ppT, parameters>::generate_r1cs_witness()
     const FieldT input_x1_value =
         input_x1.evaluate(this->pb.full_variable_assignment());
 
+#if 1 // DEBUG
+    printf("[%s:%d] Flystel input left\n", __FILE__, __LINE__);
+    input_x0_value.print();
+    printf("[%s:%d] Flystel input right\n", __FILE__, __LINE__);
+    input_x1_value.print();
+#endif // #if 1 // DEBUG
+
     this->pb.lc_val(output_y0) =
         input_x0_value - this->pb.val(a0) + this->pb.val(a2);
     this->pb.lc_val(output_y1) = input_x1_value - this->pb.val(a1);
+
+#if 1 // DEBUG
+    printf("[%s:%d] Flystel output left\n", __FILE__, __LINE__);
+    this->pb.lc_val(output_y0).print();
+    printf("[%s:%d] Flystel output right\n", __FILE__, __LINE__);
+    this->pb.lc_val(output_y1).print();
+#endif // #if 1 // DEBUG
+}
+
+template<typename ppT, size_t NumStateColumns_L>
+std::vector<std::vector<libff::Fr<ppT>>> anemoi_permutation_mds(
+    const libff::Fr<ppT> g)
+{
+    static_assert(
+        (NumStateColumns_L == 1) || (NumStateColumns_L == 2) ||
+            (NumStateColumns_L == 3) || (NumStateColumns_L == 4),
+        "NumStateColumns_L must be 2,3 or 4");
+
+    const libff::Fr<ppT> g2 = g * g;
+
+    // allocate matrix M of dimension LxL
+    std::vector<std::vector<libff::Fr<ppT>>> M;
+    M.resize(NumStateColumns_L, std::vector<libff::Fr<ppT>>(NumStateColumns_L));
+
+    if (NumStateColumns_L == 2) {
+        // M[0]
+        M[0][0] = 1;
+        M[0][1] = g;
+        // M[1]
+        M[1][0] = g;
+        M[1][1] = g2 + 1;
+    }
+    if (NumStateColumns_L == 3) {
+        // M[0]
+        M[0][0] = g + 1;
+        M[0][1] = 1;
+        M[0][2] = g + 1;
+        // M[1]
+        M[1][0] = 1;
+        M[1][1] = 1;
+        M[1][2] = g;
+        // M[2]
+        M[2][0] = g;
+        M[2][1] = 1;
+        M[2][2] = 1;
+    }
+    if (NumStateColumns_L == 4) {
+        // M[0]
+        M[0][0] = 1;
+        M[0][1] = g + 1;
+        M[0][2] = g;
+        M[0][3] = g;
+        // M[1]
+        M[1][0] = g2;
+        M[1][1] = g + g2;
+        M[1][2] = g + 1;
+        M[1][3] = g + g + 1;
+        // M[2]
+        M[2][0] = g2;
+        M[2][1] = g2;
+        M[2][2] = 1;
+        M[2][3] = g + 1;
+        // M[3]
+        M[3][0] = g + 1;
+        M[3][1] = g + g + 1;
+        M[3][2] = g;
+        M[3][3] = g + 1;
+    }
+    return M;
+}
+
+// Fast matrix-vector multiplication algorithm for Anemoi MDS layer with \ell =
+// 1,2 for inputs of type "linear combination of FieldT elements"
+template<typename ppT>
+std::vector<linear_combination<libff::Fr<ppT>>> anemoi_fast_multiply_mds_2x2(
+    const std::vector<linear_combination<libff::Fr<ppT>>> X_input,
+    const libff::Fr<ppT> g)
+{
+    if (!(X_input.size() == 2)) {
+        throw std::invalid_argument("input vector must be of length 2");
+    }
+    std::vector<linear_combination<libff::Fr<ppT>>> X = X_input;
+    X[0] = X[0] + (g * X[1]);
+    X[1] = X[1] + (g * X[0]);
+    return X;
+}
+
+// Fast matrix-vector multiplication algorithm for Anemoi MDS layer with \ell
+// = 3 for inputs of type "linear combination of FieldT elements". From Figure 6
+// of [DL18](https://tosc.iacr.org/index.php/ToSC/article/view/888).
+template<typename ppT>
+std::vector<linear_combination<libff::Fr<ppT>>> anemoi_fast_multiply_mds_3x3(
+    const std::vector<linear_combination<libff::Fr<ppT>>> X_input,
+    const libff::Fr<ppT> g)
+{
+    if (!(X_input.size() == 3)) {
+        throw std::invalid_argument("input vector must be of length 3");
+    }
+    std::vector<linear_combination<libff::Fr<ppT>>> X = X_input;
+    linear_combination<libff::Fr<ppT>> t = X[0] + (g * X[2]);
+    X[2] = X[2] + X[1];
+    X[2] = X[2] + (g * X[0]);
+    X[0] = t + X[2];
+    X[1] = X[1] + t;
+    return X;
+}
+
+// Fast matrix-vector multiplication algorithm for Anemoi MDS layer with \ell
+// = 4 for inputs of type "linear combination of FieldT elements". Figure 8 of
+// [DL18](https://tosc.iacr.org/index.php/ToSC/article/view/888).
+template<typename ppT>
+std::vector<linear_combination<libff::Fr<ppT>>> anemoi_fast_multiply_mds_4x4(
+    const std::vector<linear_combination<libff::Fr<ppT>>> X_input,
+    const libff::Fr<ppT> g)
+{
+    if (!(X_input.size() == 4)) {
+        throw std::invalid_argument("input vector must be of length 4");
+    }
+    std::vector<linear_combination<libff::Fr<ppT>>> X = X_input;
+    X[0] = X[0] + X[1];
+    X[2] = X[2] + X[3];
+    X[3] = X[3] + (g * X[0]);
+    X[1] = g * (X[1] + X[2]);
+    X[0] = X[0] + X[1];
+    X[2] = X[2] + (g * X[3]);
+    X[1] = X[1] + X[2];
+    X[3] = X[3] + X[0];
+    return X;
+}
+
+// multiply matrix by a vector of elements of type "linear combination of FieldT
+// elements"
+template<typename ppT, size_t NumStateColumns_L>
+std::vector<linear_combination<libff::Fr<ppT>>> anemoi_fast_multiply_mds(
+    const std::vector<linear_combination<libff::Fr<ppT>>> X,
+    const libff::Fr<ppT> g)
+{
+    static_assert(
+        (NumStateColumns_L == 1) || (NumStateColumns_L == 2) ||
+            (NumStateColumns_L == 3) || (NumStateColumns_L == 4),
+        "NumStateColumns_L must be 2,3 or 4");
+    if (!(X.size() == NumStateColumns_L)) {
+        throw std::invalid_argument("invalid length of input vector");
+    }
+
+    std::vector<linear_combination<libff::Fr<ppT>>> Y;
+    if (NumStateColumns_L == 2) {
+        Y = anemoi_fast_multiply_mds_2x2<ppT>(X, g);
+    }
+    if (NumStateColumns_L == 3) {
+        Y = anemoi_fast_multiply_mds_3x3<ppT>(X, g);
+    }
+    if (NumStateColumns_L == 4) {
+        Y = anemoi_fast_multiply_mds_4x4<ppT>(X, g);
+    }
+    return Y;
 }
 
-template<typename FieldT, size_t NumStateColumns_L>
-std::array<std::array<FieldT, NumStateColumns_L>, NumStateColumns_L>
-anemoi_permutation_mds(const FieldT g)
+// multiply matrix by a vector of elements of type "linear combination of FieldT
+// elements"
+template<typename ppT, size_t NumStateColumns_L>
+std::vector<linear_combination<libff::Fr<ppT>>> anemoi_fast_multiply_mds(
+    const pb_linear_combination_array<libff::Fr<ppT>> X, const libff::Fr<ppT> g)
 {
     static_assert(
         (NumStateColumns_L == 2) || (NumStateColumns_L == 3) ||
             (NumStateColumns_L == 4),
         "NumStateColumns_L must be 2,3 or 4");
+    if (!(X.size() == NumStateColumns_L)) {
+        throw std::invalid_argument("invalid length of input vector");
+    }
 
-    std::array<std::array<FieldT, NumStateColumns_L>, NumStateColumns_L> M;
-    const FieldT g2 = g * g;
+    std::vector<linear_combination<libff::Fr<ppT>>> Y;
     if (NumStateColumns_L == 2) {
-        M = {{1, g}, {g, g2 + 1}};
-        return M;
+        Y = anemoi_fast_multiply_mds_2x2<ppT>(X, g);
     }
     if (NumStateColumns_L == 3) {
-        M = {{g + 1, 1, g + 1}, {1, 1, g}, {g, 1, 1}};
-        return M;
+        Y = anemoi_fast_multiply_mds_3x3<ppT>(X, g);
     }
     if (NumStateColumns_L == 4) {
-        M = {
-            {1, 1 + g, g, g},
-            {g2, g + g2, 1 + g, 1 + 2 * g},
-            {g2, g2, 1, 1 + g},
-            {1 + g, 1 + 2 * g, g, 1 + g}};
-        return M;
+        Y = anemoi_fast_multiply_mds_4x4<ppT>(X, g);
+    }
+    return Y;
+}
+
+// rotate left by 1 a vector of elements of type "linear combination of FieldT
+// elements": (x1_0 x1_1 ... x1_{L-1}) -> (x1_1 ... x1_{L-1} x_0)
+template<typename ppT>
+std::vector<linear_combination<libff::Fr<ppT>>> anemoi_vector_left_rotate_by_one(
+    const std::vector<linear_combination<libff::Fr<ppT>>> X_input)
+{
+    if (!((X_input.size() == 2) || (X_input.size() == 3) ||
+          (X_input.size() == 4))) {
+        throw std::invalid_argument("invalid length of input vector");
+    }
+    std::vector<linear_combination<libff::Fr<ppT>>> X = X_input;
+    rotate(X.begin(), X.begin() + 1, X.end());
+    return X;
+}
+
+// rotate left by 1 a vector of elements of type "linear combination of FieldT
+// elements": (x1_0 x1_1 ... x1_{L-1}) -> (x1_1 ... x1_{L-1} x_0)
+template<typename ppT>
+pb_linear_combination_array<libff::Fr<ppT>> anemoi_vector_left_rotate_by_one(
+    const pb_linear_combination_array<libff::Fr<ppT>> X_input)
+{
+    if (!((X_input.size() == 2) || (X_input.size() == 3) ||
+          (X_input.size() == 4))) {
+        throw std::invalid_argument("invalid length of input vector");
+    }
+    pb_linear_combination_array<libff::Fr<ppT>> X = X_input;
+    rotate(X.begin(), X.begin() + 1, X.end());
+    return X;
+}
+
+template<typename ppT, size_t NumStateColumns_L, class parameters>
+anemoi_permutation_round_prime_field_gadget<
+    ppT,
+    NumStateColumns_L,
+    parameters>::
+    anemoi_permutation_round_prime_field_gadget(
+        protoboard<libff::Fr<ppT>> &pb,
+        const std::vector<FieldT> &C,
+        const std::vector<FieldT> &D,
+        const pb_linear_combination_array<FieldT> &X_left,
+        const pb_linear_combination_array<FieldT> &X_right,
+        const pb_variable_array<FieldT> &Y_left,
+        const pb_variable_array<FieldT> &Y_right,
+        const std::string &annotation_prefix)
+    : gadget<libff::Fr<ppT>>(pb, annotation_prefix)
+    , C_const(C)
+    , D_const(D)
+    , X_left_input(X_left)
+    , X_right_input(X_right)
+    , Y_left_output(Y_left)
+    , Y_right_output(Y_right)
+{
+    const libff::Fr<ppT> g = parameters::multiplicative_generator_g;
+    const size_t ncols = NumStateColumns_L;
+
+    // temporary variables (Z_left, Z_right) modified in-place during
+    // the computation from (X_left, X_right) to (Y_left, Y_right)
+    std::vector<linear_combination<libff::Fr<ppT>>> Z_left;
+    std::vector<linear_combination<libff::Fr<ppT>>> Z_right;
+
+    // add constants Z_left[i]+=C[i], Z_right[i]+=D[i]
+    for (size_t i = 0; i < ncols; i++) {
+        Z_left.push_back(X_left[i] + C[i]);
+        Z_right.push_back(X_right[i] + D[i]);
+    }
+
+    if (ncols > 1) {
+        M_matrix = anemoi_permutation_mds<ppT, ncols>(g);
+    } else { // ncols == 1
+        // the MDS matrix for a state with 1 column (L=1) is the same as
+        // for a state with 2 columns (L=2)
+        M_matrix = anemoi_permutation_mds<ppT, 2>(g);
+    }
+
+#if 1  // DEBUG
+#endif // #if 1 // DEBUG
+
+    // multiply by matrix M
+    if (ncols > 1) {
+        // l > 1:
+        // Z_left  = (zL_0 zL_1 ... zL_{l-1})
+        // Z_right = (zR_0 zR_1 ... zR_{l-1})
+        // Z_left = M Z_left
+        // Z_right = M (Z_right <<< 1)
+        // where (Z_right <<< 1) = (zR_1 ... zR_{l-1} zR_0)
+        Z_left = anemoi_fast_multiply_mds<ppT, NumStateColumns_L>(Z_left, g);
+        std::vector<linear_combination<libff::Fr<ppT>>> Z_right_lrot =
+            anemoi_vector_left_rotate_by_one<ppT>(Z_right);
+        Z_right =
+            anemoi_fast_multiply_mds<ppT, NumStateColumns_L>(Z_right_lrot, g);
+    } else { // ncols == 1
+        // l = 1:
+        // Z_left = zL_0
+        // Z_right = zR_0
+        // Z = Z_left || Z_right
+        // Z = M Z
+        // Z_left  = Z[0]
+        // Z_right = Z[1]
+        assert(Z_left.size() == 1);
+        assert(Z_right.size() == 1);
+        std::vector<linear_combination<libff::Fr<ppT>>> Z;
+        Z.push_back(Z_left[0]);
+        Z.push_back(Z_right[0]);
+        // for L=1 still calling multiply routine for L=2
+        Z = anemoi_fast_multiply_mds<ppT, 2>(Z, g);
+        assert(Z.size() == 2);
+        Z_left.clear();
+        Z_right.clear();
+        Z_left.push_back(Z[0]);
+        Z_right.push_back(Z[1]);
+    }
+
+    // apply layer of L Flystel S-boxes
+    for (size_t i = 0; i < ncols; i++) {
+        flystel_prime_field_gadget<ppT, parameters> H(
+            pb, Z_left[i], Z_right[i], Y_left[i], Y_right[i], "Flystel[i]");
+        Flystel.push_back(H);
+    }
+}
+
+template<typename ppT, size_t NumStateColumns_L, class parameters>
+void anemoi_permutation_round_prime_field_gadget<
+    ppT,
+    NumStateColumns_L,
+    parameters>::generate_r1cs_constraints()
+{
+    for (size_t i = 0; i < NumStateColumns_L; i++) {
+        Flystel[i].generate_r1cs_constraints();
+    }
+}
+
+template<typename ppT, size_t NumStateColumns_L, class parameters>
+void anemoi_permutation_round_prime_field_gadget<
+    ppT,
+    NumStateColumns_L,
+    parameters>::generate_r1cs_witness()
+{
+    for (size_t i = 0; i < NumStateColumns_L; i++) {
+        Flystel[i].generate_r1cs_witness();
+    }
+
+#if 1 // DEBUG
+    printf("[%s:%d] h0_left\n", __FILE__, __LINE__);
+    FieldT h0_left = this->pb.lc_val(Flystel[0].output_y0);
+    h0_left.print();
+    FieldT h0_right = this->pb.lc_val(Flystel[0].output_y1);
+    h0_right.print();
+    printf("\n");
+#endif // #if 1 // DEBUG
+
+    for (size_t i = 0; i < NumStateColumns_L; i++) {
+        this->pb.val(Y_left_output[i]) = this->pb.val(Flystel[i].output_y0);
+        this->pb.val(Y_right_output[i]) = this->pb.val(Flystel[i].output_y1);
     }
 }
 
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/anemoi_outputs.cpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/anemoi_outputs.cpp
new file mode 100644
index 000000000..d174b280c
--- /dev/null
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/anemoi_outputs.cpp
@@ -0,0 +1,111 @@
+/** @file
+ *****************************************************************************
+ * @author     This file is part of libff, developed by Clearmatics Ltd
+ *             (originally developed by SCIPR Lab) and contributors
+ *             (see AUTHORS).
+ * @copyright  MIT license (see LICENSE file)
+ *****************************************************************************/
+#ifndef LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_TESTS_ANEMOI_OUTPUTS_CPP_
+#define LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_TESTS_ANEMOI_OUTPUTS_CPP_
+
+#include "libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/anemoi_outputs.hpp"
+
+namespace libsnark
+{
+
+std::vector<libff::Fr<libff::bls12_381_pp>> anemoi_expected_output_one_round(
+    const size_t &NumStateColumns_L)
+{
+    std::vector<libff::Fr<libff::bls12_381_pp>> Y_expect_one_round;
+
+    assert(
+        ((NumStateColumns_L == 1) || (NumStateColumns_L == 2) ||
+         (NumStateColumns_L == 3) || (NumStateColumns_L == 4)));
+
+    // Expected output for 1 round, L=1: Y_left || Y_right
+    if (NumStateColumns_L == 1) {
+        Y_expect_one_round = {
+            libff::Fr<libff::bls12_381_pp>(
+                "16886130779841338454685815420547293349389636023659763220356242"
+                "191375349870484"),
+            libff::Fr<libff::bls12_381_pp>(
+                "25110401710643410245000460073920576016937556620262171420761605"
+                "822971640233467")};
+    }
+
+    // Expected output for 1 round, L=2: Y_left || Y_right
+    if (NumStateColumns_L == 2) {
+        Y_expect_one_round = {
+            libff::Fr<libff::bls12_381_pp>(
+                "1175380475393374013893416228835342241561414"
+                "1018732075580217124721246447701179"),
+            libff::Fr<libff::bls12_381_pp>(
+                "5134979568569792732148078272800590308409837"
+                "4830632868723399131618498422926132"),
+            libff::Fr<libff::bls12_381_pp>(
+                "3727673203363049293464225228142251472192664"
+                "376552350730266112321515955286600"),
+            libff::Fr<libff::bls12_381_pp>(
+                "1961381747459264641165654006524664686879236"
+                "9344942410316218713185877778202296")};
+    }
+
+    // Expected output for 1 round, L=3: Y_left || Y_right
+    if (NumStateColumns_L == 3) {
+        Y_expect_one_round = {
+            libff::Fr<libff::bls12_381_pp>(
+                "34028487665369117219732649464748473746959762451803899118620720"
+                "068928912690818"),
+            libff::Fr<libff::bls12_381_pp>(
+                "23656628590950976492304898550690305252497146294682073762427630"
+                "253215753757615"),
+            libff::Fr<libff::bls12_381_pp>(
+                "50489879152443944169393928755102146404491652050126328897483718"
+                "597599270365689"),
+            libff::Fr<libff::bls12_381_pp>(
+                "48428584324500458296574300843220437759994411990569443572079173"
+                "839484309978119"),
+            libff::Fr<libff::bls12_381_pp>(
+                "11634702739956834435596217222823133671340499123246628858964783"
+                "053003807419954"),
+            libff::Fr<libff::bls12_381_pp>(
+                "21780864109569366263860246478259162683407782976390816039852496"
+                "900891891832562")};
+    }
+
+    // Expected output for 1 round, L=4: Y_left || Y_right
+    if (NumStateColumns_L == 4) {
+        //        Y_expect_one_round = {0, 0, 0, 0, 0, 0, 0, 0};
+        Y_expect_one_round = {
+            libff::Fr<libff::bls12_381_pp>(
+                "17041780326162393669606616053498620031347218348431899833333341"
+                "812514930377576,"),
+            libff::Fr<libff::bls12_381_pp>(
+                "30554768545485035781675432957894191123666596590949762067679457"
+                "455353618615899,"),
+            libff::Fr<libff::bls12_381_pp>(
+                "42087151902926409355779626374174416555426768306907549437379349"
+                "373759646788220,"),
+            libff::Fr<libff::bls12_381_pp>(
+                "14414386843800103337001169291703636864672990050174868447277039"
+                "577479472767841"),
+            libff::Fr<libff::bls12_381_pp>(
+                "31520834268440017158677087966007788520972054097794068312302569"
+                "32773289540941,"),
+            libff::Fr<libff::bls12_381_pp>(
+                "38028057056256168614342506654290572930068443685959285901110523"
+                "458386878293466,"),
+            libff::Fr<libff::bls12_381_pp>(
+                "29773101755555543082186573665458252067898132238258590143518897"
+                "95128931607232,"),
+            libff::Fr<libff::bls12_381_pp>(
+                "51937274826670493627644353962426329420272866410811452792266413"
+                "243735248502826")};
+    }
+
+    return Y_expect_one_round;
+}
+
+} // namespace libsnark
+
+#endif // LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_TESTS_ANEMOI_OUTPUTS_CPP_
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/anemoi_outputs.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/anemoi_outputs.hpp
new file mode 100644
index 000000000..d539d3fab
--- /dev/null
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/anemoi_outputs.hpp
@@ -0,0 +1,29 @@
+/** @file
+ *****************************************************************************
+ * @author     This file is part of libff, developed by Clearmatics Ltd
+ *             (originally developed by SCIPR Lab) and contributors
+ *             (see AUTHORS).
+ * @copyright  MIT license (see LICENSE file)
+ *****************************************************************************/
+#ifndef LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_TESTS_ANEMOI_OUTPUTS_HPP_
+#define LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_TESTS_ANEMOI_OUTPUTS_HPP_
+
+#include <libff/algebra/curves/bls12_381/bls12_381_init.hpp>
+#include <libff/algebra/curves/bls12_381/bls12_381_pp.hpp>
+#include <vector>
+
+// Functions returning the expected outputs from Anemoi for each
+// tested curve. An implementation of each function should be provided for each
+// tested curve.
+
+namespace libsnark
+{
+
+// Returns the expected outputs from 1 round of the Anemoi permutation for
+// BLS12_381
+std::vector<libff::Fr<libff::bls12_381_pp>> anemoi_expected_output_one_round(
+    const size_t &NumStateColumns_L);
+
+} // namespace libsnark
+
+#endif // LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_TESTS_ANEMOI_OUTPUTS_HPP_
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
index 749e95f2a..01f8f3292 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
@@ -6,6 +6,8 @@
  * @copyright  MIT license (see LICENSE file)
  *****************************************************************************/
 
+#include "libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/anemoi_outputs.hpp"
+
 #include <gtest/gtest.h>
 #include <libff/algebra/curves/bls12_381/bls12_381_init.hpp>
 #include <libff/algebra/curves/bls12_381/bls12_381_pp.hpp>
@@ -19,7 +21,7 @@
 
 using namespace libsnark;
 
-class debug_parameters_bls12_381
+class parameters_debug_bls12_381
 {
 public:
     using ppT = libff::bls12_381_pp;
@@ -36,13 +38,13 @@ class debug_parameters_bls12_381
 };
 
 const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>
-    debug_parameters_bls12_381::alpha_inv =
+    parameters_debug_bls12_381::alpha_inv =
         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
             "209743500700504761917790962032743863350762210002110551290414634799"
             "75432473805");
 
 const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>
-    debug_parameters_bls12_381::delta =
+    parameters_debug_bls12_381::delta =
         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>("0");
 
 template<typename ppT>
@@ -224,18 +226,90 @@ void test_flystel_prime_field_gadget()
     libff::print_time("flystel_prime_field_gadget tests successful");
 }
 
+template<
+    typename ppT,
+    size_t NumStateColumns_L,
+    class parameters = anemoi_parameters<libff::Fr<ppT>>>
+void test_anemoi_permutation_round_prime_field_gadget()
+{
+    using FieldT = libff::Fr<ppT>;
+
+    //        const size_t NumStateColumns_L = L;
+
+    protoboard<FieldT> pb;
+    std::vector<FieldT> C;
+    std::vector<FieldT> D;
+
+    pb_variable_array<FieldT> X_left;
+    pb_variable_array<FieldT> X_right;
+    pb_variable_array<FieldT> Y_left;
+    pb_variable_array<FieldT> Y_right;
+
+    X_left.allocate(pb, NumStateColumns_L, "left inputs");
+    X_right.allocate(pb, NumStateColumns_L, "right inputs");
+
+    Y_left.allocate(pb, NumStateColumns_L, "left outputs");
+    Y_right.allocate(pb, NumStateColumns_L, "right outputs");
+
+    // WARNINIG! test with zero constants. TODO add the original
+    // constants of Anemoi
+    for (size_t i = 0; i < NumStateColumns_L; i++) {
+        C.push_back(FieldT(0));
+        D.push_back(FieldT(0));
+    }
+
+    anemoi_permutation_round_prime_field_gadget<
+        ppT,
+        NumStateColumns_L,
+        parameters>
+        d(pb, C, D, X_left, X_right, Y_left, Y_right, "anemoi permutation");
+
+    // generate constraints
+    d.generate_r1cs_constraints();
+
+    // Input values: X_left = 0,1,2...L-1 ; X_right = L, L+1, 2L-1
+    for (size_t i = 0; i < NumStateColumns_L; i++) {
+        pb.val(X_left[i]) = FieldT(i);
+        pb.val(X_right[i]) = FieldT(NumStateColumns_L + i);
+    }
+
+    // generate witness for the given input
+    d.generate_r1cs_witness();
+
+    std::vector<FieldT> Y_expect =
+        anemoi_expected_output_one_round(NumStateColumns_L);
+
+    for (size_t i = 0; i < NumStateColumns_L; i++) {
+        ASSERT_EQ(Y_expect[i], pb.val(Y_left[i]));
+        ASSERT_EQ(Y_expect[NumStateColumns_L + i], pb.val(Y_right[i]));
+    }
+
+    ASSERT_TRUE(pb.is_satisfied());
+    test_pb_verify_circuit<ppT>(pb);
+
+    libff::print_time(
+        "anemoi_permutation_round_prime_field_gadget tests successful");
+}
+
 template<typename ppT> void test_for_curve()
 {
     // Execute all tests for the given curve.
 
     ppT::init_public_params();
-    using parameters = debug_parameters_bls12_381;
-
-    test_flystel_Q_gamma_prime_field_gadget<ppT, parameters>();
-    test_flystel_Q_gamma_binary_field_gadget<ppT, parameters>();
+    // Use debug parameters with small values for the small gadgets
+    using parameters_debug = parameters_debug_bls12_381;
+    test_flystel_Q_gamma_prime_field_gadget<ppT, parameters_debug>();
+    test_flystel_Q_gamma_binary_field_gadget<ppT, parameters_debug>();
     test_flystel_E_power_five_gadget<ppT>();
-    test_flystel_E_root_five_gadget<ppT, parameters>();
-    test_flystel_prime_field_gadget<ppT, parameters>();
+    test_flystel_E_root_five_gadget<ppT, parameters_debug>();
+    test_flystel_prime_field_gadget<ppT, parameters_debug>();
+    // Use the original parameters for the full permutation
+    using parameters = anemoi_parameters<ppT>;
+    test_anemoi_permutation_round_prime_field_gadget<ppT, 1, parameters>();
+    test_anemoi_permutation_round_prime_field_gadget<ppT, 2, parameters>();
+    test_anemoi_permutation_round_prime_field_gadget<ppT, 3, parameters>();
+    //    test_anemoi_permutation_round_prime_field_gadget<ppT, 4,
+    //    parameters>();
 }
 
 TEST(TestAnemoiGadget, BLS12_381) { test_for_curve<libff::bls12_381_pp>(); }

From fe1fb91c47ad152ec56b880e27608c65089b25a6 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Thu, 15 Dec 2022 13:25:57 +0000
Subject: [PATCH 084/112] anemoi: removed redundant debug code

---
 .../hashes/anemoi/anemoi_components.tcc       | 80 ++-----------------
 .../anemoi/tests/test_anemoi_gadget.cpp       |  6 +-
 2 files changed, 11 insertions(+), 75 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
index 20425e4d7..a718bb3c8 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
@@ -72,15 +72,6 @@ void flystel_Q_prime_field_gadget<ppT>::generate_r1cs_witness()
         input.evaluate(this->pb.full_variable_assignment());
     // y = A x^2 + B
     this->pb.val(output) = A * input_value * input_value + B;
-#if 1 // DEBUG
-    printf("[%s:%d] Q A B\n", __FILE__, __LINE__);
-    A.print();
-    B.print();
-    printf("[%s:%d] Q input\n", __FILE__, __LINE__);
-    input_value.print();
-    printf("[%s:%d] Q output\n", __FILE__, __LINE__);
-    this->pb.val(output).print();
-#endif // #if 1 // DEBUG
 }
 
 // R1CS constraints for the operation y = beta x^3 + gamma with
@@ -325,23 +316,9 @@ void flystel_prime_field_gadget<ppT, parameters>::generate_r1cs_witness()
     const FieldT input_x1_value =
         input_x1.evaluate(this->pb.full_variable_assignment());
 
-#if 1 // DEBUG
-    printf("[%s:%d] Flystel input left\n", __FILE__, __LINE__);
-    input_x0_value.print();
-    printf("[%s:%d] Flystel input right\n", __FILE__, __LINE__);
-    input_x1_value.print();
-#endif // #if 1 // DEBUG
-
     this->pb.lc_val(output_y0) =
         input_x0_value - this->pb.val(a0) + this->pb.val(a2);
     this->pb.lc_val(output_y1) = input_x1_value - this->pb.val(a1);
-
-#if 1 // DEBUG
-    printf("[%s:%d] Flystel output left\n", __FILE__, __LINE__);
-    this->pb.lc_val(output_y0).print();
-    printf("[%s:%d] Flystel output right\n", __FILE__, __LINE__);
-    this->pb.lc_val(output_y1).print();
-#endif // #if 1 // DEBUG
 }
 
 template<typename ppT, size_t NumStateColumns_L>
@@ -360,48 +337,17 @@ std::vector<std::vector<libff::Fr<ppT>>> anemoi_permutation_mds(
     M.resize(NumStateColumns_L, std::vector<libff::Fr<ppT>>(NumStateColumns_L));
 
     if (NumStateColumns_L == 2) {
-        // M[0]
-        M[0][0] = 1;
-        M[0][1] = g;
-        // M[1]
-        M[1][0] = g;
-        M[1][1] = g2 + 1;
+        M = {{1, g}, {g, g2 + 1}};
     }
     if (NumStateColumns_L == 3) {
-        // M[0]
-        M[0][0] = g + 1;
-        M[0][1] = 1;
-        M[0][2] = g + 1;
-        // M[1]
-        M[1][0] = 1;
-        M[1][1] = 1;
-        M[1][2] = g;
-        // M[2]
-        M[2][0] = g;
-        M[2][1] = 1;
-        M[2][2] = 1;
+        M = {{g + 1, 1, g + 1}, {1, 1, g}, {g, 1, 1}};
     }
     if (NumStateColumns_L == 4) {
-        // M[0]
-        M[0][0] = 1;
-        M[0][1] = g + 1;
-        M[0][2] = g;
-        M[0][3] = g;
-        // M[1]
-        M[1][0] = g2;
-        M[1][1] = g + g2;
-        M[1][2] = g + 1;
-        M[1][3] = g + g + 1;
-        // M[2]
-        M[2][0] = g2;
-        M[2][1] = g2;
-        M[2][2] = 1;
-        M[2][3] = g + 1;
-        // M[3]
-        M[3][0] = g + 1;
-        M[3][1] = g + g + 1;
-        M[3][2] = g;
-        M[3][3] = g + 1;
+        M = {
+            {1, g + 1, g, g},
+            {g2, g + g2, g + 1, g + g + 1},
+            {g2, g2, 1, g + 1},
+            {g + 1, g + g + 1, g, g + 1}};
     }
     return M;
 }
@@ -594,9 +540,6 @@ anemoi_permutation_round_prime_field_gadget<
         M_matrix = anemoi_permutation_mds<ppT, 2>(g);
     }
 
-#if 1  // DEBUG
-#endif // #if 1 // DEBUG
-
     // multiply by matrix M
     if (ncols > 1) {
         // l > 1:
@@ -661,15 +604,6 @@ void anemoi_permutation_round_prime_field_gadget<
         Flystel[i].generate_r1cs_witness();
     }
 
-#if 1 // DEBUG
-    printf("[%s:%d] h0_left\n", __FILE__, __LINE__);
-    FieldT h0_left = this->pb.lc_val(Flystel[0].output_y0);
-    h0_left.print();
-    FieldT h0_right = this->pb.lc_val(Flystel[0].output_y1);
-    h0_right.print();
-    printf("\n");
-#endif // #if 1 // DEBUG
-
     for (size_t i = 0; i < NumStateColumns_L; i++) {
         this->pb.val(Y_left_output[i]) = this->pb.val(Flystel[i].output_y0);
         this->pb.val(Y_right_output[i]) = this->pb.val(Flystel[i].output_y1);
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
index 01f8f3292..ec7388107 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
@@ -308,8 +308,10 @@ template<typename ppT> void test_for_curve()
     test_anemoi_permutation_round_prime_field_gadget<ppT, 1, parameters>();
     test_anemoi_permutation_round_prime_field_gadget<ppT, 2, parameters>();
     test_anemoi_permutation_round_prime_field_gadget<ppT, 3, parameters>();
-    //    test_anemoi_permutation_round_prime_field_gadget<ppT, 4,
-    //    parameters>();
+    // TODO code for L=4 is still WIP. The test values match, but a
+    // bigint assertion error is generated in libff.
+    // test_anemoi_permutation_round_prime_field_gadget<ppT, 4,
+    // parameters>();
 }
 
 TEST(TestAnemoiGadget, BLS12_381) { test_for_curve<libff::bls12_381_pp>(); }

From 502ef715181cdf793a10efd039c8058b58fb0f8e Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Mon, 9 Jan 2023 12:48:03 +0000
Subject: [PATCH 085/112] anemoi: added proper fomatting of annotation prefix
 string
 (https://github.com/clearmatics/libsnark/pull/98#discussion_r1055583864)

---
 .../gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
index a718bb3c8..1263f6172 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
@@ -578,7 +578,12 @@ anemoi_permutation_round_prime_field_gadget<
     // apply layer of L Flystel S-boxes
     for (size_t i = 0; i < ncols; i++) {
         flystel_prime_field_gadget<ppT, parameters> H(
-            pb, Z_left[i], Z_right[i], Y_left[i], Y_right[i], "Flystel[i]");
+            pb,
+            Z_left[i],
+            Z_right[i],
+            Y_left[i],
+            Y_right[i],
+            FMT(this->annotation_prefix, " Flystel[%zu]", i));
         Flystel.push_back(H);
     }
 }

From 7584a1a9890d3131254b8641b0c3987f5aa0d13b Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Mon, 9 Jan 2023 12:56:48 +0000
Subject: [PATCH 086/112] anemoi: replaced method push_back with emplace_back
 (https://github.com/clearmatics/libsnark/pull/98#discussion_r1055584081)

---
 libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
index 1263f6172..17db8b0fb 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
@@ -584,7 +584,7 @@ anemoi_permutation_round_prime_field_gadget<
             Y_left[i],
             Y_right[i],
             FMT(this->annotation_prefix, " Flystel[%zu]", i));
-        Flystel.push_back(H);
+        Flystel.emplace_back(H);
     }
 }
 

From c9fab73ae40bf68916c846abaec3a2a6e3e3678d Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Mon, 9 Jan 2023 12:58:56 +0000
Subject: [PATCH 087/112] anemoi: removed unnecessary guards from cpp file
 (https://github.com/clearmatics/libsnark/pull/98#discussion_r1055586736)

---
 .../gadgetlib1/gadgets/hashes/anemoi/tests/anemoi_outputs.cpp | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/anemoi_outputs.cpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/anemoi_outputs.cpp
index d174b280c..6366e24f7 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/anemoi_outputs.cpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/anemoi_outputs.cpp
@@ -5,8 +5,6 @@
  *             (see AUTHORS).
  * @copyright  MIT license (see LICENSE file)
  *****************************************************************************/
-#ifndef LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_TESTS_ANEMOI_OUTPUTS_CPP_
-#define LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_TESTS_ANEMOI_OUTPUTS_CPP_
 
 #include "libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/anemoi_outputs.hpp"
 
@@ -107,5 +105,3 @@ std::vector<libff::Fr<libff::bls12_381_pp>> anemoi_expected_output_one_round(
 }
 
 } // namespace libsnark
-
-#endif // LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_TESTS_ANEMOI_OUTPUTS_CPP_

From 759cfeab48a4b03f65462b92238ce31643300d9b Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Wed, 11 Jan 2023 11:48:39 +0000
Subject: [PATCH 088/112] anemoi: updated sage script for generating anemoi
 parameters to handle 1,2,3,4 columns and to store the results in a file

---
 scripts/anemoi-hash/parameters.sage | 73 +++++++++++++++++++++++------
 1 file changed, 58 insertions(+), 15 deletions(-)

diff --git a/scripts/anemoi-hash/parameters.sage b/scripts/anemoi-hash/parameters.sage
index 72071b06e..37b77c6b2 100644
--- a/scripts/anemoi-hash/parameters.sage
+++ b/scripts/anemoi-hash/parameters.sage
@@ -4,6 +4,7 @@
 from sage.all import *
 import hashlib
 import itertools
+import datetime
 
 from constants import *
 
@@ -14,7 +15,9 @@ def anemoi_selected_instances():
     # accumulating selected Anemoi instances
     A = []
     
-    # 128-bit security level instantiations
+    # - 128-bit security level instantiations
+    # -- BLS12_381_SCALRFIELD
+    # --- 1 col
     A_BLS_12_381_SCALARFIELD_1_COL_128_BITS = AnemoiPermutation(
         q=BLS12_381_SCALARFIELD,
         n_cols=1,
@@ -23,7 +26,26 @@ def anemoi_selected_instances():
     A.append(
         ("A_BLS_12_381_SCALARFIELD_1_COL_128_BITS",
          A_BLS_12_381_SCALARFIELD_1_COL_128_BITS))
-    A_BLS_12_381_SCALARFIELD_4_COL_128_BITS =AnemoiPermutation(
+    # --- 2 col    
+    A_BLS_12_381_SCALARFIELD_2_COL_128_BITS = AnemoiPermutation(
+        q=BLS12_381_SCALARFIELD,
+        n_cols=2,
+        security_level=128
+    )
+    A.append(
+        ("A_BLS_12_381_SCALARFIELD_2_COL_128_BITS",
+         A_BLS_12_381_SCALARFIELD_2_COL_128_BITS))    
+    # --- 3 col    
+    A_BLS_12_381_SCALARFIELD_3_COL_128_BITS = AnemoiPermutation(
+        q=BLS12_381_SCALARFIELD,
+        n_cols=3,
+        security_level=128
+    )
+    A.append(
+        ("A_BLS_12_381_SCALARFIELD_3_COL_128_BITS",
+         A_BLS_12_381_SCALARFIELD_3_COL_128_BITS))    
+    # ---4 col    
+    A_BLS_12_381_SCALARFIELD_4_COL_128_BITS = AnemoiPermutation(
         q=BLS12_381_SCALARFIELD,
         n_cols=4,
         security_level=128
@@ -31,21 +53,14 @@ def anemoi_selected_instances():
     A.append(
         ("A_BLS_12_381_SCALARFIELD_4_COL_128_BITS",
          A_BLS_12_381_SCALARFIELD_4_COL_128_BITS))
-    A_BLS_12_381_SCALARFIELD_6_COL_128_BITS =AnemoiPermutation(
-        q=BLS12_381_SCALARFIELD,
-        mat=matrix.circulant([1, 1, 3, 4, 5, 6]),
-        n_cols=6,
-        security_level=128)
-    A.append(
-        ("A_BLS_12_381_SCALARFIELD_6_COL_128_BITS",
-         A_BLS_12_381_SCALARFIELD_6_COL_128_BITS))
     return A
     
 def output_parameters():
-    instances = anemoi_selected_instances()    
+    instances = anemoi_selected_instances()
     for i in range(len(instances)):
-#    for i in range(1):
+        # string name
         A_str = instances[i][0]
+        # actual instance that can be called as A[i][1].*
         A = instances[i][1]
         zero = 0
         width = 100
@@ -66,9 +81,37 @@ def output_parameters():
         print("matrix M         :\n{}".format(A.mat))
         print("constants C      :\n{}".format(A.C))
         print("constants D      :\n{}".format(A.D))
-    return instances
+        return instances
+
+# same as output_parameters() but stores parameters to file
+def output_parameters_to_file():
+    instances = anemoi_selected_instances()
+    f = open("/tmp/anemoi-parameters.txt", "w")
+    e = datetime.datetime.now()
+    f.write("This file was automatically generated with SAGE script parameters.sage on %s/%s/%s at %s:%s:%s\n" % (e.day, e.month, e.year, e.hour, e.minute, e.second))
+    for i in range(len(instances)):
+        A_str = instances[i][0]
+        A = instances[i][1]
+        zero = 0
+        width = 100
+        f.write("------------------------------------------------------")
+        f.write("instance         : {}\n".format(A_str))
+        f.write("prime field      : {}\n".format(A.prime_field))
+        f.write("Fr modulus       : {}\n".format(A.q))
+        f.write("n_cols           : {}\n".format(A.n_cols))
+        f.write("n_rounds         : {}\n".format(A.n_rounds))
+        f.write("security level   : {}\n".format(A.security_level))
+        f.write("mult generator g : {}\n".format(A.g))
+        f.write("Q power          : {}\n".format(A.QUAD))
+        f.write("alpha            : {}\n".format(A.alpha))
+        f.write("alpha_inv        : {}\n".format(A.alpha_inv))
+        f.write("beta             : {}\n".format(A.beta))
+        f.write("gamma            : {}\n".format(zero))
+        f.write("delta            : {}\n".format(A.delta))
+        f.write("matrix M         :\n{}\n".format(A.mat))
+        f.write("constants C      :\n{}\n".format(A.C))
+        f.write("constants D      :\n{}\n".format(A.D))
                   
 if __name__ == "__main__":
     A = output_parameters()
-
-
+    output_parameters_to_file()

From fab27a7c5a51e987c82191a45d38f85f6a548f89 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Wed, 11 Jan 2023 11:50:18 +0000
Subject: [PATCH 089/112] anemoi: added file with all parameters for different
 instances of anemoi for fast reference. it is automatically generated in sage
 with the script parameters.sage.

---
 scripts/anemoi-hash/anemoi-parameters.txt | 84 +++++++++++++++++++++++
 1 file changed, 84 insertions(+)
 create mode 100644 scripts/anemoi-hash/anemoi-parameters.txt

diff --git a/scripts/anemoi-hash/anemoi-parameters.txt b/scripts/anemoi-hash/anemoi-parameters.txt
new file mode 100644
index 000000000..f9af0455f
--- /dev/null
+++ b/scripts/anemoi-hash/anemoi-parameters.txt
@@ -0,0 +1,84 @@
+This file was automatically generated with SAGE script parameters.sage on 11/1/2023 at 11:28:56
+------------------------------------------------------instance         : A_BLS_12_381_SCALARFIELD_1_COL_128_BITS
+prime field      : True
+Fr modulus       : 52435875175126190479447740508185965837690552500527637822603658699938581184513
+n_cols           : 1
+n_rounds         : 19
+security level   : 128
+mult generator g : 7
+Q power          : 2
+alpha            : 5
+alpha_inv        : 20974350070050476191779096203274386335076221000211055129041463479975432473805
+beta             : 7
+gamma            : 0
+delta            : 14981678621464625851270783002338847382197300714436467949315331057125308909861
+matrix M         :
+[ 1  7]
+[ 7 50]
+constants C      :
+[[39], [41362478282768062297187132445775312675360473883834860695283235286481594490621], [9548818195234740988996233204400874453525674173109474205108603996010297049928], [25365440569177822667580105183435418073995888230868180942004497015015045856900], [34023498397393406644117994167986720327178154686105264833093891093045919619309], [38816051319719761886041858113129205506758421478656182868737326994635468402951], [35167418087531820804128377095512663922179887277669504047069913414630376083753], [25885868839756469722325652387535232478219821850603640827385444642154834700231], [8867588811641202981080659274007552529205713737251862066053445622305818871963], [36439756010140137556111047750162544185710881404522379792044818039722752946048], [7788624504122357216765350546787885309160020166693449889975992574536033007374], [3134147137704626983201116226440762775442116005053282329971088789984415999550], [50252287380741824818995733304361249016282047978221591906573165442023106203143], [48434698978712278012409706205559577163572452744833134361195687109159129985373], [32960510617530186159512413633821386297955642598241661044178889571655571939473], [12850897859166761094422335671106280470381427571695744605265713866647560628356], [14578036872634298798382048587794204613583128573535557156943783762854124345644], [21588109842058901916690548710649523388049643745013696896704903154857389904594], [35731638686520516424752846654442973203189295883541072759390882351699754104989]]
+constants D      :
+[[14981678621464625851270783002338847382197300714436467949315331057125308909900], [28253420209785428420233456008091632509255652343634529984400816700490470131093], [51511939407083344002778208487678590135577660247075600880835916725469990319313], [46291121544435738125248657675097664742296276807186696922340332893747842754587], [3650460179273129580093806058710273018999560093475503119057680216309578390988], [45802223370746268123059159806400152299867771061127345631244786118574025749328], [11798621276624967315721748990709309216351696098813162382053396097866233042733], [42372918959432199162670834641599336326433006968669415662488070504036922966492], [52181371244193189669553521955614617990714056725501643636576377752669773323445], [23791984554824031672195249524658580601428376029501889159059009332107176394097], [33342520831620303764059548442834699069640109058400548818586964467754352720368], [16791548253207744974576845515705461794133799104808996134617754018912057476556], [11087343419860825311828133337767238110556416596687749174422888171911517001265], [11931207770538477937808955037363240956790374856666237106403111503668796872571], [3296943608590459582451043049934874894049468383833500962645016062634514172805], [7080580976521357573320018355401935489220216583936865937104131954142364033647], [25990144965911478244481527888046366474489820502460615136523859419965697796405], [33907313384235729375566529911940467295099705980234607934575786561097199483218], [25996950265608465541351207283024962044374873682152889814392533334239395044136]]
+------------------------------------------------------instance         : A_BLS_12_381_SCALARFIELD_2_COL_128_BITS
+prime field      : True
+Fr modulus       : 52435875175126190479447740508185965837690552500527637822603658699938581184513
+n_cols           : 2
+n_rounds         : 12
+security level   : 128
+mult generator g : 7
+Q power          : 2
+alpha            : 5
+alpha_inv        : 20974350070050476191779096203274386335076221000211055129041463479975432473805
+beta             : 7
+gamma            : 0
+delta            : 14981678621464625851270783002338847382197300714436467949315331057125308909861
+matrix M         :
+[ 1  7]
+[ 7 50]
+constants C      :
+[[39, 17756515227822460609684409997111995494590448775258437999344446424780281143353], [41362478282768062297187132445775312675360473883834860695283235286481594490621, 3384073892082712848969991795331397937188893616190315628722966662742467187281], [9548818195234740988996233204400874453525674173109474205108603996010297049928, 51311880822158488881090781617710146800056386303122657365679608608648067582435], [25365440569177822667580105183435418073995888230868180942004497015015045856900, 29347609441914902330741511702270026847909178228078752565372729158237774700914], [34023498397393406644117994167986720327178154686105264833093891093045919619309, 2339620320400167830454536231899316133967303509954474267430948538955691907104], [38816051319719761886041858113129205506758421478656182868737326994635468402951, 27338042530319738113354246208426108832239651080023276643867223794985578055610], [35167418087531820804128377095512663922179887277669504047069913414630376083753, 42192983528513372869128514327443204912824559545179630597589572656156258515752], [25885868839756469722325652387535232478219821850603640827385444642154834700231, 42721818980548514490325424436763032046927347769153393863616095871384405840432], [8867588811641202981080659274007552529205713737251862066053445622305818871963, 23473499332437056484066006746048591864129988909190267521144125882222313735740], [36439756010140137556111047750162544185710881404522379792044818039722752946048, 16497366583607480604161417644040292299204496829635795525393416854929276060989], [7788624504122357216765350546787885309160020166693449889975992574536033007374, 16727395967350522643500778393489915391834352737211416857240725807058479128000], [3134147137704626983201116226440762775442116005053282329971088789984415999550, 46525506418681456193255596516104416743523037046982280449529426136392814992763]]
+constants D      :
+[[14981678621464625851270783002338847382197300714436467949315331057125308909900, 48720959343719104324739338388885839802998711550637402773896395605948383052052], [28253420209785428420233456008091632509255652343634529984400816700490470131093, 6257781313532096835800460747082714697295034136932481743077166200794135826591], [51511939407083344002778208487678590135577660247075600880835916725469990319313, 4386017178186728799761421274050927732938229436976005221436222062273391481632], [46291121544435738125248657675097664742296276807186696922340332893747842754587, 13820180736478645172746469075181304604729976364812127548341524461074783412926], [3650460179273129580093806058710273018999560093475503119057680216309578390988, 40385222771838099109662234020243831589690223478794847201235014486200724862134], [45802223370746268123059159806400152299867771061127345631244786118574025749328, 50306980075778262214155693291132052551559962723436936231611301042966928400825], [11798621276624967315721748990709309216351696098813162382053396097866233042733, 34806952212038537244506031612074847133207330427265785757809673463434908473570], [42372918959432199162670834641599336326433006968669415662488070504036922966492, 22755759419530071315007011572076166983660942447634027701351681157370705921018], [52181371244193189669553521955614617990714056725501643636576377752669773323445, 30334172084294870556875274308904688414158741457854908094300017436690480001547], [23791984554824031672195249524658580601428376029501889159059009332107176394097, 19832360622723392584029764807971325641132953515557801717644226271356492507876], [33342520831620303764059548442834699069640109058400548818586964467754352720368, 5828182614154296575131381170785760240834851189333374788484657124381010655319], [16791548253207744974576845515705461794133799104808996134617754018912057476556, 23729797853490401568967730686618146850735129707152853256809050789424668284094]]
+------------------------------------------------------instance         : A_BLS_12_381_SCALARFIELD_3_COL_128_BITS
+prime field      : True
+Fr modulus       : 52435875175126190479447740508185965837690552500527637822603658699938581184513
+n_cols           : 3
+n_rounds         : 10
+security level   : 128
+mult generator g : 7
+Q power          : 2
+alpha            : 5
+alpha_inv        : 20974350070050476191779096203274386335076221000211055129041463479975432473805
+beta             : 7
+gamma            : 0
+delta            : 14981678621464625851270783002338847382197300714436467949315331057125308909861
+matrix M         :
+[8 1 8]
+[1 1 7]
+[7 1 1]
+constants C      :
+[[39, 17756515227822460609684409997111995494590448775258437999344446424780281143353, 10188916128123599964772546147951904500865009616764646948187915341627970346879], [41362478282768062297187132445775312675360473883834860695283235286481594490621, 3384073892082712848969991795331397937188893616190315628722966662742467187281, 38536464596998108028197905645250196649287447208374169339784649587982292038621], [9548818195234740988996233204400874453525674173109474205108603996010297049928, 51311880822158488881090781617710146800056386303122657365679608608648067582435, 24596965950552905296088269899880882549715354660832391374009234980535928382152], [25365440569177822667580105183435418073995888230868180942004497015015045856900, 29347609441914902330741511702270026847909178228078752565372729158237774700914, 14356478667385969079309349540394948109414829921001045845599553435706989367858], [34023498397393406644117994167986720327178154686105264833093891093045919619309, 2339620320400167830454536231899316133967303509954474267430948538955691907104, 12136748919666286297989154404429099226154686992028401568133058190732008277996], [38816051319719761886041858113129205506758421478656182868737326994635468402951, 27338042530319738113354246208426108832239651080023276643867223794985578055610, 15580674179713644540398409523441814073810768449493940562136422009899312699155], [35167418087531820804128377095512663922179887277669504047069913414630376083753, 42192983528513372869128514327443204912824559545179630597589572656156258515752, 47389212411441573266379092392931599970417884729397156841216318364858334633325], [25885868839756469722325652387535232478219821850603640827385444642154834700231, 42721818980548514490325424436763032046927347769153393863616095871384405840432, 5855288403637341107158034195599277569854359593529752399086836976954392351035], [8867588811641202981080659274007552529205713737251862066053445622305818871963, 23473499332437056484066006746048591864129988909190267521144125882222313735740, 5696063807157149622355481994320806474692190935543821893362808351446578125354], [36439756010140137556111047750162544185710881404522379792044818039722752946048, 16497366583607480604161417644040292299204496829635795525393416854929276060989, 31479323495970113713816467604460499675889579912370034974841212556442942086146]]
+constants D      :
+[[14981678621464625851270783002338847382197300714436467949315331057125308909900, 48720959343719104324739338388885839802998711550637402773896395605948383052052, 11709610427641952476226704950218052763560489079301307464225164120801969364960], [28253420209785428420233456008091632509255652343634529984400816700490470131093, 6257781313532096835800460747082714697295034136932481743077166200794135826591, 11966422202069200811427605007493817363680804416274031195624148724039857787313], [51511939407083344002778208487678590135577660247075600880835916725469990319313, 4386017178186728799761421274050927732938229436976005221436222062273391481632, 663227665329044490605880474899933274574966982371072793854806732105730575244], [46291121544435738125248657675097664742296276807186696922340332893747842754587, 13820180736478645172746469075181304604729976364812127548341524461074783412926, 21821175320697611197161277831984495658213397245419754392657307036488476373765], [3650460179273129580093806058710273018999560093475503119057680216309578390988, 40385222771838099109662234020243831589690223478794847201235014486200724862134, 20738601554725926373596082603265918636164823648026470243422423735982938342408], [45802223370746268123059159806400152299867771061127345631244786118574025749328, 50306980075778262214155693291132052551559962723436936231611301042966928400825, 9105861908793877437599087016640061747418296780065295891365798855886560153752], [11798621276624967315721748990709309216351696098813162382053396097866233042733, 34806952212038537244506031612074847133207330427265785757809673463434908473570, 10559431278588446438155840088055546145087872298641007742921718770142881700525], [42372918959432199162670834641599336326433006968669415662488070504036922966492, 22755759419530071315007011572076166983660942447634027701351681157370705921018, 8881354201366797207686592249590682298565723459695719800911380560885170725516], [52181371244193189669553521955614617990714056725501643636576377752669773323445, 30334172084294870556875274308904688414158741457854908094300017436690480001547, 35548861917762862971011720475855172816698712671893796030607658203859222685056], [23791984554824031672195249524658580601428376029501889159059009332107176394097, 19832360622723392584029764807971325641132953515557801717644226271356492507876, 5370567718707734490084045178883836972105253285449736908577321570876055642415]]
+------------------------------------------------------instance         : A_BLS_12_381_SCALARFIELD_4_COL_128_BITS
+prime field      : True
+Fr modulus       : 52435875175126190479447740508185965837690552500527637822603658699938581184513
+n_cols           : 4
+n_rounds         : 10
+security level   : 128
+mult generator g : 7
+Q power          : 2
+alpha            : 5
+alpha_inv        : 20974350070050476191779096203274386335076221000211055129041463479975432473805
+beta             : 7
+gamma            : 0
+delta            : 14981678621464625851270783002338847382197300714436467949315331057125308909861
+matrix M         :
+[ 1  8  7  7]
+[49 56  8 15]
+[49 49  1  8]
+[ 8 15  7  8]
+constants C      :
+[[39, 17756515227822460609684409997111995494590448775258437999344446424780281143353, 10188916128123599964772546147951904500865009616764646948187915341627970346879, 3814237141406755457246679946340702245820791055503616462386588886553626328449], [41362478282768062297187132445775312675360473883834860695283235286481594490621, 3384073892082712848969991795331397937188893616190315628722966662742467187281, 38536464596998108028197905645250196649287447208374169339784649587982292038621, 37592197675289757358471908199906415982484124338112374453435292524131427342810], [9548818195234740988996233204400874453525674173109474205108603996010297049928, 51311880822158488881090781617710146800056386303122657365679608608648067582435, 24596965950552905296088269899880882549715354660832391374009234980535928382152, 34036826250287807194659359129722586818079652442547178531030410684351456041117], [25365440569177822667580105183435418073995888230868180942004497015015045856900, 29347609441914902330741511702270026847909178228078752565372729158237774700914, 14356478667385969079309349540394948109414829921001045845599553435706989367858, 9488013611624811735432450930006811652991761655550510302915118428283918068143], [34023498397393406644117994167986720327178154686105264833093891093045919619309, 2339620320400167830454536231899316133967303509954474267430948538955691907104, 12136748919666286297989154404429099226154686992028401568133058190732008277996, 19442569822772655270268482835742480365499256802520510905846953360427433130058], [38816051319719761886041858113129205506758421478656182868737326994635468402951, 27338042530319738113354246208426108832239651080023276643867223794985578055610, 15580674179713644540398409523441814073810768449493940562136422009899312699155, 4362660876979205605782410963041525734654031488177761934879852229226211686053], [35167418087531820804128377095512663922179887277669504047069913414630376083753, 42192983528513372869128514327443204912824559545179630597589572656156258515752, 47389212411441573266379092392931599970417884729397156841216318364858334633325, 41487656259632727393098274178738763934249662924287956242704596746920012242443], [25885868839756469722325652387535232478219821850603640827385444642154834700231, 42721818980548514490325424436763032046927347769153393863616095871384405840432, 5855288403637341107158034195599277569854359593529752399086836976954392351035, 18845851722124019325834426094831743068408557621685658713002749358354699910772], [8867588811641202981080659274007552529205713737251862066053445622305818871963, 23473499332437056484066006746048591864129988909190267521144125882222313735740, 5696063807157149622355481994320806474692190935543821893362808351446578125354, 48558031599255072862103809681060565464555437399403822458902024251997890071747], [36439756010140137556111047750162544185710881404522379792044818039722752946048, 16497366583607480604161417644040292299204496829635795525393416854929276060989, 31479323495970113713816467604460499675889579912370034974841212556442942086146, 52327065242455117582590188333899352706031813782154293138553490341266149456684]]
+constants D      :
+[[14981678621464625851270783002338847382197300714436467949315331057125308909900, 48720959343719104324739338388885839802998711550637402773896395605948383052052, 11709610427641952476226704950218052763560489079301307464225164120801969364960, 3188799073106888901912065951229864304299742047220134499402570163601813730969], [28253420209785428420233456008091632509255652343634529984400816700490470131093, 6257781313532096835800460747082714697295034136932481743077166200794135826591, 11966422202069200811427605007493817363680804416274031195624148724039857787313, 8876022912542631074912834764773050492660953075192093830253524158063181475941], [51511939407083344002778208487678590135577660247075600880835916725469990319313, 4386017178186728799761421274050927732938229436976005221436222062273391481632, 663227665329044490605880474899933274574966982371072793854806732105730575244, 7956955597245727322388196907364651338722736293265717471854714933795446618648], [46291121544435738125248657675097664742296276807186696922340332893747842754587, 13820180736478645172746469075181304604729976364812127548341524461074783412926, 21821175320697611197161277831984495658213397245419754392657307036488476373765, 14806577897118234786495606424219372997573800509149076370951604526939593458489], [3650460179273129580093806058710273018999560093475503119057680216309578390988, 40385222771838099109662234020243831589690223478794847201235014486200724862134, 20738601554725926373596082603265918636164823648026470243422423735982938342408, 25898290090014076279086638237202313571292864987698437102115051403552551578909], [45802223370746268123059159806400152299867771061127345631244786118574025749328, 50306980075778262214155693291132052551559962723436936231611301042966928400825, 9105861908793877437599087016640061747418296780065295891365798855886560153752, 48177591413367409915642056167048753041735583848456612607691620273026228709602], [11798621276624967315721748990709309216351696098813162382053396097866233042733, 34806952212038537244506031612074847133207330427265785757809673463434908473570, 10559431278588446438155840088055546145087872298641007742921718770142881700525, 2511742758961381498086249076485723904703122022711664665388729650078747694082], [42372918959432199162670834641599336326433006968669415662488070504036922966492, 22755759419530071315007011572076166983660942447634027701351681157370705921018, 8881354201366797207686592249590682298565723459695719800911380560885170725516, 19725785152035256359574211351446161592903393017031483635806025440159666669692], [52181371244193189669553521955614617990714056725501643636576377752669773323445, 30334172084294870556875274308904688414158741457854908094300017436690480001547, 35548861917762862971011720475855172816698712671893796030607658203859222685056, 23828822166916376664523534857031979764654878164406016294521947902346141831375], [23791984554824031672195249524658580601428376029501889159059009332107176394097, 19832360622723392584029764807971325641132953515557801717644226271356492507876, 5370567718707734490084045178883836972105253285449736908577321570876055642415, 24072177097374519292068993110945703798030958684413852593268331853573451397392]]

From cd8616dd5a185094379aec866786e866ef109196 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Wed, 11 Jan 2023 17:16:32 +0000
Subject: [PATCH 090/112] anemoi: updated parameters script

---
 scripts/anemoi-hash/parameters.sage           | 73 ++++++++++++++-----
 .../{anemoi-parameters.txt => parameters.txt} | 42 +++++------
 2 files changed, 76 insertions(+), 39 deletions(-)
 rename scripts/anemoi-hash/{anemoi-parameters.txt => parameters.txt} (64%)

diff --git a/scripts/anemoi-hash/parameters.sage b/scripts/anemoi-hash/parameters.sage
index 37b77c6b2..38bb97630 100644
--- a/scripts/anemoi-hash/parameters.sage
+++ b/scripts/anemoi-hash/parameters.sage
@@ -15,44 +15,44 @@ def anemoi_selected_instances():
     # accumulating selected Anemoi instances
     A = []
     
-    # - 128-bit security level instantiations
+    # - 256-bit security level instantiations
     # -- BLS12_381_SCALRFIELD
     # --- 1 col
-    A_BLS_12_381_SCALARFIELD_1_COL_128_BITS = AnemoiPermutation(
+    A_BLS_12_381_SCALARFIELD_1_COL_256_BITS = AnemoiPermutation(
         q=BLS12_381_SCALARFIELD,
         n_cols=1,
-        security_level=128
+        security_level=256
     )
     A.append(
-        ("A_BLS_12_381_SCALARFIELD_1_COL_128_BITS",
-         A_BLS_12_381_SCALARFIELD_1_COL_128_BITS))
+        ("A_BLS_12_381_SCALARFIELD_1_COL_256_BITS",
+         A_BLS_12_381_SCALARFIELD_1_COL_256_BITS))
     # --- 2 col    
-    A_BLS_12_381_SCALARFIELD_2_COL_128_BITS = AnemoiPermutation(
+    A_BLS_12_381_SCALARFIELD_2_COL_256_BITS = AnemoiPermutation(
         q=BLS12_381_SCALARFIELD,
         n_cols=2,
-        security_level=128
+        security_level=256
     )
     A.append(
-        ("A_BLS_12_381_SCALARFIELD_2_COL_128_BITS",
-         A_BLS_12_381_SCALARFIELD_2_COL_128_BITS))    
+        ("A_BLS_12_381_SCALARFIELD_2_COL_256_BITS",
+         A_BLS_12_381_SCALARFIELD_2_COL_256_BITS))    
     # --- 3 col    
-    A_BLS_12_381_SCALARFIELD_3_COL_128_BITS = AnemoiPermutation(
+    A_BLS_12_381_SCALARFIELD_3_COL_256_BITS = AnemoiPermutation(
         q=BLS12_381_SCALARFIELD,
         n_cols=3,
-        security_level=128
+        security_level=256
     )
     A.append(
-        ("A_BLS_12_381_SCALARFIELD_3_COL_128_BITS",
-         A_BLS_12_381_SCALARFIELD_3_COL_128_BITS))    
+        ("A_BLS_12_381_SCALARFIELD_3_COL_256_BITS",
+         A_BLS_12_381_SCALARFIELD_3_COL_256_BITS))    
     # ---4 col    
-    A_BLS_12_381_SCALARFIELD_4_COL_128_BITS = AnemoiPermutation(
+    A_BLS_12_381_SCALARFIELD_4_COL_256_BITS = AnemoiPermutation(
         q=BLS12_381_SCALARFIELD,
         n_cols=4,
-        security_level=128
+        security_level=256
     )
     A.append(
-        ("A_BLS_12_381_SCALARFIELD_4_COL_128_BITS",
-         A_BLS_12_381_SCALARFIELD_4_COL_128_BITS))
+        ("A_BLS_12_381_SCALARFIELD_4_COL_256_BITS",
+         A_BLS_12_381_SCALARFIELD_4_COL_256_BITS))
     return A
     
 def output_parameters():
@@ -86,7 +86,7 @@ def output_parameters():
 # same as output_parameters() but stores parameters to file
 def output_parameters_to_file():
     instances = anemoi_selected_instances()
-    f = open("/tmp/anemoi-parameters.txt", "w")
+    f = open("parameters.txt", "w")
     e = datetime.datetime.now()
     f.write("This file was automatically generated with SAGE script parameters.sage on %s/%s/%s at %s:%s:%s\n" % (e.day, e.month, e.year, e.hour, e.minute, e.second))
     for i in range(len(instances)):
@@ -111,7 +111,44 @@ def output_parameters_to_file():
         f.write("matrix M         :\n{}\n".format(A.mat))
         f.write("constants C      :\n{}\n".format(A.C))
         f.write("constants D      :\n{}\n".format(A.D))
+
+def output_constants_in_libsnark_format_to_file(instances):
+    f = open("constants.txt", "w")
+    e = datetime.datetime.now()
+    f.write("// Automatically generated with SAGE script parameters.sage on %s/%s/%s at %s:%s:%s\n" % (e.day, e.month, e.year, e.hour, e.minute, e.second))
+    i_str = ["one", "two", "three", "four", "five", "six"]
+    for i in range(len(instances)):
+        A_str = instances[i][0]
+        A = instances[i][1]
+        f.write("// C constants for L = {} columns\n".format(i+1))
+        f.write("const std::vector<std::vector<BignumT>> anemoi_parameters<ppT>::C_constants_col_{} = ".format(i_str[i]))
+        f.write("{\n")
+        for iround in range(len(A.C)):
+            f.write("{")
+            for icol in range(len(A.C[iround])):
+                f.write("BignumT(\"{}\")".format(A.C[iround][icol]))
+                if icol < (len(A.C[iround]) - 1):
+                    f.write(", ")
+            f.write("}")
+            if iround < (len(A.C) - 1):
+                f.write(",\n")
+        f.write("\n};\n")
+        f.write("// D constants for L = {} columns\n".format(i+1))
+        f.write("const std::vector<std::vector<BignumT>> anemoi_parameters<ppT>::D_constants_col_{} = ".format(i_str[i]))
+        f.write("{\n")
+        for iround in range(len(A.D)):
+            f.write("{")
+            for icol in range(len(A.D[iround])):
+                f.write("BignumT(\"{}\")".format(A.D[iround][icol]))
+                if icol < (len(A.D[iround]) - 1):
+                    f.write(", ")
+            f.write("}")
+            if iround < (len(A.D) - 1):
+                f.write(",\n")
+        f.write("\n};\n")
+        
                   
 if __name__ == "__main__":
     A = output_parameters()
     output_parameters_to_file()
+    output_constants_in_libsnark_format_to_file(A)
diff --git a/scripts/anemoi-hash/anemoi-parameters.txt b/scripts/anemoi-hash/parameters.txt
similarity index 64%
rename from scripts/anemoi-hash/anemoi-parameters.txt
rename to scripts/anemoi-hash/parameters.txt
index f9af0455f..3453df745 100644
--- a/scripts/anemoi-hash/anemoi-parameters.txt
+++ b/scripts/anemoi-hash/parameters.txt
@@ -1,10 +1,10 @@
-This file was automatically generated with SAGE script parameters.sage on 11/1/2023 at 11:28:56
-------------------------------------------------------instance         : A_BLS_12_381_SCALARFIELD_1_COL_128_BITS
+This file was automatically generated with SAGE script parameters.sage on 11/1/2023 at 12:34:47
+------------------------------------------------------instance         : A_BLS_12_381_SCALARFIELD_1_COL_256_BITS
 prime field      : True
 Fr modulus       : 52435875175126190479447740508185965837690552500527637822603658699938581184513
 n_cols           : 1
-n_rounds         : 19
-security level   : 128
+n_rounds         : 35
+security level   : 256
 mult generator g : 7
 Q power          : 2
 alpha            : 5
@@ -16,15 +16,15 @@ matrix M         :
 [ 1  7]
 [ 7 50]
 constants C      :
-[[39], [41362478282768062297187132445775312675360473883834860695283235286481594490621], [9548818195234740988996233204400874453525674173109474205108603996010297049928], [25365440569177822667580105183435418073995888230868180942004497015015045856900], [34023498397393406644117994167986720327178154686105264833093891093045919619309], [38816051319719761886041858113129205506758421478656182868737326994635468402951], [35167418087531820804128377095512663922179887277669504047069913414630376083753], [25885868839756469722325652387535232478219821850603640827385444642154834700231], [8867588811641202981080659274007552529205713737251862066053445622305818871963], [36439756010140137556111047750162544185710881404522379792044818039722752946048], [7788624504122357216765350546787885309160020166693449889975992574536033007374], [3134147137704626983201116226440762775442116005053282329971088789984415999550], [50252287380741824818995733304361249016282047978221591906573165442023106203143], [48434698978712278012409706205559577163572452744833134361195687109159129985373], [32960510617530186159512413633821386297955642598241661044178889571655571939473], [12850897859166761094422335671106280470381427571695744605265713866647560628356], [14578036872634298798382048587794204613583128573535557156943783762854124345644], [21588109842058901916690548710649523388049643745013696896704903154857389904594], [35731638686520516424752846654442973203189295883541072759390882351699754104989]]
+[[39], [41362478282768062297187132445775312675360473883834860695283235286481594490621], [9548818195234740988996233204400874453525674173109474205108603996010297049928], [25365440569177822667580105183435418073995888230868180942004497015015045856900], [34023498397393406644117994167986720327178154686105264833093891093045919619309], [38816051319719761886041858113129205506758421478656182868737326994635468402951], [35167418087531820804128377095512663922179887277669504047069913414630376083753], [25885868839756469722325652387535232478219821850603640827385444642154834700231], [8867588811641202981080659274007552529205713737251862066053445622305818871963], [36439756010140137556111047750162544185710881404522379792044818039722752946048], [7788624504122357216765350546787885309160020166693449889975992574536033007374], [3134147137704626983201116226440762775442116005053282329971088789984415999550], [50252287380741824818995733304361249016282047978221591906573165442023106203143], [48434698978712278012409706205559577163572452744833134361195687109159129985373], [32960510617530186159512413633821386297955642598241661044178889571655571939473], [12850897859166761094422335671106280470381427571695744605265713866647560628356], [14578036872634298798382048587794204613583128573535557156943783762854124345644], [21588109842058901916690548710649523388049643745013696896704903154857389904594], [35731638686520516424752846654442973203189295883541072759390882351699754104989], [34141830003233180772153845227433233456603143306530920011579259084215824391544], [30272543670850635882116596228256005460817517173808721139136515002908946750291], [37683635932819613269415877826861899850715644544228484729419295166414535174481], [17775527261802885986986645640222787995352295964229797630532600737667449540308], [22420532689128953802236395249244886540493833930566819892833754476317231258312], [17817507996551311718550138702317054228619937438194672345623808375428004673958], [5907960848989041605787426770777938946362788429322103525767702134624204537201], [45757545232231504879512064503009899934993643016194437621544917886299650707409], [33515759043263620296673917858948500523317584244492947880241667732620512600816], [37821070921466573719422449374875944365196556093514024521592687983958120860990], [7929930502054589212738745246913303052577853923752241654515807520533378749565], [7293738197873102537561743233253745300908719293335917846485104247108708549476], [13208511832929613997827945811817609450525777531320720392028697949327330418879], [47601068405545977094206867034439330296268579133978932743804424355927206954636], [40633845194961453876435667652624836740098917149997638131301477678515012057005], [37331959339943987941138389074829800878836721688168741771815937326790200186032]]
 constants D      :
-[[14981678621464625851270783002338847382197300714436467949315331057125308909900], [28253420209785428420233456008091632509255652343634529984400816700490470131093], [51511939407083344002778208487678590135577660247075600880835916725469990319313], [46291121544435738125248657675097664742296276807186696922340332893747842754587], [3650460179273129580093806058710273018999560093475503119057680216309578390988], [45802223370746268123059159806400152299867771061127345631244786118574025749328], [11798621276624967315721748990709309216351696098813162382053396097866233042733], [42372918959432199162670834641599336326433006968669415662488070504036922966492], [52181371244193189669553521955614617990714056725501643636576377752669773323445], [23791984554824031672195249524658580601428376029501889159059009332107176394097], [33342520831620303764059548442834699069640109058400548818586964467754352720368], [16791548253207744974576845515705461794133799104808996134617754018912057476556], [11087343419860825311828133337767238110556416596687749174422888171911517001265], [11931207770538477937808955037363240956790374856666237106403111503668796872571], [3296943608590459582451043049934874894049468383833500962645016062634514172805], [7080580976521357573320018355401935489220216583936865937104131954142364033647], [25990144965911478244481527888046366474489820502460615136523859419965697796405], [33907313384235729375566529911940467295099705980234607934575786561097199483218], [25996950265608465541351207283024962044374873682152889814392533334239395044136]]
-------------------------------------------------------instance         : A_BLS_12_381_SCALARFIELD_2_COL_128_BITS
+[[14981678621464625851270783002338847382197300714436467949315331057125308909900], [28253420209785428420233456008091632509255652343634529984400816700490470131093], [51511939407083344002778208487678590135577660247075600880835916725469990319313], [46291121544435738125248657675097664742296276807186696922340332893747842754587], [3650460179273129580093806058710273018999560093475503119057680216309578390988], [45802223370746268123059159806400152299867771061127345631244786118574025749328], [11798621276624967315721748990709309216351696098813162382053396097866233042733], [42372918959432199162670834641599336326433006968669415662488070504036922966492], [52181371244193189669553521955614617990714056725501643636576377752669773323445], [23791984554824031672195249524658580601428376029501889159059009332107176394097], [33342520831620303764059548442834699069640109058400548818586964467754352720368], [16791548253207744974576845515705461794133799104808996134617754018912057476556], [11087343419860825311828133337767238110556416596687749174422888171911517001265], [11931207770538477937808955037363240956790374856666237106403111503668796872571], [3296943608590459582451043049934874894049468383833500962645016062634514172805], [7080580976521357573320018355401935489220216583936865937104131954142364033647], [25990144965911478244481527888046366474489820502460615136523859419965697796405], [33907313384235729375566529911940467295099705980234607934575786561097199483218], [25996950265608465541351207283024962044374873682152889814392533334239395044136], [17878892320641464292190655092475335317049416605865175118054314040434534086821], [25443622609028754422863910981890932539396181992608938932620284900889552530362], [22139259742385789282636884420521494319351728843330026183835085771185820492424], [45448382075902671012464289343805949149301534282710134601239493945748506785132], [41900508241768653579170772170767890898893412801669825310751782528515999085573], [22063224403978957224019523657689160135721512619033626306684452466460943730461], [28320302898501762496022972705485257155369496122209662839984168714501264885500], [42875555652342076423440573943728695126719825375565595739353452728374263558032], [4922724176456376719735450248405681608821487385270058531091824814910623278042], [39213702476897230061267827505998212959520351869791901669597592300297466204227], [3779261478156072582337106630839435214997069649894818322014932220444906128664], [34880344207305841934478362921316426935733796073861894538699922220093706975247], [36900166050532535100140467096778695435256231928718661582709665229160044742454], [33198626842416951770999373575562924316466288191115775738856021866337799605112], [48724661174099803087833386541056949772571293683753357488628494212068867653992], [42670454105867422732314626050573286810568926822676628223016424398663193502895]]
+------------------------------------------------------instance         : A_BLS_12_381_SCALARFIELD_2_COL_256_BITS
 prime field      : True
 Fr modulus       : 52435875175126190479447740508185965837690552500527637822603658699938581184513
 n_cols           : 2
-n_rounds         : 12
-security level   : 128
+n_rounds         : 20
+security level   : 256
 mult generator g : 7
 Q power          : 2
 alpha            : 5
@@ -36,15 +36,15 @@ matrix M         :
 [ 1  7]
 [ 7 50]
 constants C      :
-[[39, 17756515227822460609684409997111995494590448775258437999344446424780281143353], [41362478282768062297187132445775312675360473883834860695283235286481594490621, 3384073892082712848969991795331397937188893616190315628722966662742467187281], [9548818195234740988996233204400874453525674173109474205108603996010297049928, 51311880822158488881090781617710146800056386303122657365679608608648067582435], [25365440569177822667580105183435418073995888230868180942004497015015045856900, 29347609441914902330741511702270026847909178228078752565372729158237774700914], [34023498397393406644117994167986720327178154686105264833093891093045919619309, 2339620320400167830454536231899316133967303509954474267430948538955691907104], [38816051319719761886041858113129205506758421478656182868737326994635468402951, 27338042530319738113354246208426108832239651080023276643867223794985578055610], [35167418087531820804128377095512663922179887277669504047069913414630376083753, 42192983528513372869128514327443204912824559545179630597589572656156258515752], [25885868839756469722325652387535232478219821850603640827385444642154834700231, 42721818980548514490325424436763032046927347769153393863616095871384405840432], [8867588811641202981080659274007552529205713737251862066053445622305818871963, 23473499332437056484066006746048591864129988909190267521144125882222313735740], [36439756010140137556111047750162544185710881404522379792044818039722752946048, 16497366583607480604161417644040292299204496829635795525393416854929276060989], [7788624504122357216765350546787885309160020166693449889975992574536033007374, 16727395967350522643500778393489915391834352737211416857240725807058479128000], [3134147137704626983201116226440762775442116005053282329971088789984415999550, 46525506418681456193255596516104416743523037046982280449529426136392814992763]]
+[[39, 17756515227822460609684409997111995494590448775258437999344446424780281143353], [41362478282768062297187132445775312675360473883834860695283235286481594490621, 3384073892082712848969991795331397937188893616190315628722966662742467187281], [9548818195234740988996233204400874453525674173109474205108603996010297049928, 51311880822158488881090781617710146800056386303122657365679608608648067582435], [25365440569177822667580105183435418073995888230868180942004497015015045856900, 29347609441914902330741511702270026847909178228078752565372729158237774700914], [34023498397393406644117994167986720327178154686105264833093891093045919619309, 2339620320400167830454536231899316133967303509954474267430948538955691907104], [38816051319719761886041858113129205506758421478656182868737326994635468402951, 27338042530319738113354246208426108832239651080023276643867223794985578055610], [35167418087531820804128377095512663922179887277669504047069913414630376083753, 42192983528513372869128514327443204912824559545179630597589572656156258515752], [25885868839756469722325652387535232478219821850603640827385444642154834700231, 42721818980548514490325424436763032046927347769153393863616095871384405840432], [8867588811641202981080659274007552529205713737251862066053445622305818871963, 23473499332437056484066006746048591864129988909190267521144125882222313735740], [36439756010140137556111047750162544185710881404522379792044818039722752946048, 16497366583607480604161417644040292299204496829635795525393416854929276060989], [7788624504122357216765350546787885309160020166693449889975992574536033007374, 16727395967350522643500778393489915391834352737211416857240725807058479128000], [3134147137704626983201116226440762775442116005053282329971088789984415999550, 46525506418681456193255596516104416743523037046982280449529426136392814992763], [50252287380741824818995733304361249016282047978221591906573165442023106203143, 46030886964045328670650579467522042981756109464584907077434772786649263902996], [48434698978712278012409706205559577163572452744833134361195687109159129985373, 19216533213230709497947223526297848065365334472367022650183395435586190711770], [32960510617530186159512413633821386297955642598241661044178889571655571939473, 7889715292813995933863223756089425964393897180189452806863798954507930091839], [12850897859166761094422335671106280470381427571695744605265713866647560628356, 38904040165181111823255670195939815931292647227116255264107979988806956289548], [14578036872634298798382048587794204613583128573535557156943783762854124345644, 39889360541014555144282299111081174118245884910289471727743747142236304617512], [21588109842058901916690548710649523388049643745013696896704903154857389904594, 24621630539822708325987461182639243839218230216578207719742880580327336278872], [35731638686520516424752846654442973203189295883541072759390882351699754104989, 46440234052380105790888469652474218885021684932521963866506932102071884869246], [34141830003233180772153845227433233456603143306530920011579259084215824391544, 21639810626664099060384095964841331546055348345600486078107882966779265621748]]
 constants D      :
-[[14981678621464625851270783002338847382197300714436467949315331057125308909900, 48720959343719104324739338388885839802998711550637402773896395605948383052052], [28253420209785428420233456008091632509255652343634529984400816700490470131093, 6257781313532096835800460747082714697295034136932481743077166200794135826591], [51511939407083344002778208487678590135577660247075600880835916725469990319313, 4386017178186728799761421274050927732938229436976005221436222062273391481632], [46291121544435738125248657675097664742296276807186696922340332893747842754587, 13820180736478645172746469075181304604729976364812127548341524461074783412926], [3650460179273129580093806058710273018999560093475503119057680216309578390988, 40385222771838099109662234020243831589690223478794847201235014486200724862134], [45802223370746268123059159806400152299867771061127345631244786118574025749328, 50306980075778262214155693291132052551559962723436936231611301042966928400825], [11798621276624967315721748990709309216351696098813162382053396097866233042733, 34806952212038537244506031612074847133207330427265785757809673463434908473570], [42372918959432199162670834641599336326433006968669415662488070504036922966492, 22755759419530071315007011572076166983660942447634027701351681157370705921018], [52181371244193189669553521955614617990714056725501643636576377752669773323445, 30334172084294870556875274308904688414158741457854908094300017436690480001547], [23791984554824031672195249524658580601428376029501889159059009332107176394097, 19832360622723392584029764807971325641132953515557801717644226271356492507876], [33342520831620303764059548442834699069640109058400548818586964467754352720368, 5828182614154296575131381170785760240834851189333374788484657124381010655319], [16791548253207744974576845515705461794133799104808996134617754018912057476556, 23729797853490401568967730686618146850735129707152853256809050789424668284094]]
-------------------------------------------------------instance         : A_BLS_12_381_SCALARFIELD_3_COL_128_BITS
+[[14981678621464625851270783002338847382197300714436467949315331057125308909900, 48720959343719104324739338388885839802998711550637402773896395605948383052052], [28253420209785428420233456008091632509255652343634529984400816700490470131093, 6257781313532096835800460747082714697295034136932481743077166200794135826591], [51511939407083344002778208487678590135577660247075600880835916725469990319313, 4386017178186728799761421274050927732938229436976005221436222062273391481632], [46291121544435738125248657675097664742296276807186696922340332893747842754587, 13820180736478645172746469075181304604729976364812127548341524461074783412926], [3650460179273129580093806058710273018999560093475503119057680216309578390988, 40385222771838099109662234020243831589690223478794847201235014486200724862134], [45802223370746268123059159806400152299867771061127345631244786118574025749328, 50306980075778262214155693291132052551559962723436936231611301042966928400825], [11798621276624967315721748990709309216351696098813162382053396097866233042733, 34806952212038537244506031612074847133207330427265785757809673463434908473570], [42372918959432199162670834641599336326433006968669415662488070504036922966492, 22755759419530071315007011572076166983660942447634027701351681157370705921018], [52181371244193189669553521955614617990714056725501643636576377752669773323445, 30334172084294870556875274308904688414158741457854908094300017436690480001547], [23791984554824031672195249524658580601428376029501889159059009332107176394097, 19832360622723392584029764807971325641132953515557801717644226271356492507876], [33342520831620303764059548442834699069640109058400548818586964467754352720368, 5828182614154296575131381170785760240834851189333374788484657124381010655319], [16791548253207744974576845515705461794133799104808996134617754018912057476556, 23729797853490401568967730686618146850735129707152853256809050789424668284094], [11087343419860825311828133337767238110556416596687749174422888171911517001265, 22848708497596347027267124890363029002241440143993561170521113640580467699956], [11931207770538477937808955037363240956790374856666237106403111503668796872571, 51131682674615117766578358255722474622484771145670260043231096654077231782319], [3296943608590459582451043049934874894049468383833500962645016062634514172805, 46644788953432477700033739069823877324389237527251427373170202269468246508522], [7080580976521357573320018355401935489220216583936865937104131954142364033647, 49116488776967726165937498269670467876342398300299873421183016200344552693677], [25990144965911478244481527888046366474489820502460615136523859419965697796405, 14848358953597561974718183292582367067672986399629388709956782223452089882598], [33907313384235729375566529911940467295099705980234607934575786561097199483218, 487724401305363169199847265179218834788702012213977760246723410671357671821], [25996950265608465541351207283024962044374873682152889814392533334239395044136, 252435950773882291823235162305238814727672291548639924141542508715737622718], [17878892320641464292190655092475335317049416605865175118054314040434534086821, 21359638438504400444205051219318430332712583705877238009819556047040768315863]]
+------------------------------------------------------instance         : A_BLS_12_381_SCALARFIELD_3_COL_256_BITS
 prime field      : True
 Fr modulus       : 52435875175126190479447740508185965837690552500527637822603658699938581184513
 n_cols           : 3
-n_rounds         : 10
-security level   : 128
+n_rounds         : 15
+security level   : 256
 mult generator g : 7
 Q power          : 2
 alpha            : 5
@@ -57,15 +57,15 @@ matrix M         :
 [1 1 7]
 [7 1 1]
 constants C      :
-[[39, 17756515227822460609684409997111995494590448775258437999344446424780281143353, 10188916128123599964772546147951904500865009616764646948187915341627970346879], [41362478282768062297187132445775312675360473883834860695283235286481594490621, 3384073892082712848969991795331397937188893616190315628722966662742467187281, 38536464596998108028197905645250196649287447208374169339784649587982292038621], [9548818195234740988996233204400874453525674173109474205108603996010297049928, 51311880822158488881090781617710146800056386303122657365679608608648067582435, 24596965950552905296088269899880882549715354660832391374009234980535928382152], [25365440569177822667580105183435418073995888230868180942004497015015045856900, 29347609441914902330741511702270026847909178228078752565372729158237774700914, 14356478667385969079309349540394948109414829921001045845599553435706989367858], [34023498397393406644117994167986720327178154686105264833093891093045919619309, 2339620320400167830454536231899316133967303509954474267430948538955691907104, 12136748919666286297989154404429099226154686992028401568133058190732008277996], [38816051319719761886041858113129205506758421478656182868737326994635468402951, 27338042530319738113354246208426108832239651080023276643867223794985578055610, 15580674179713644540398409523441814073810768449493940562136422009899312699155], [35167418087531820804128377095512663922179887277669504047069913414630376083753, 42192983528513372869128514327443204912824559545179630597589572656156258515752, 47389212411441573266379092392931599970417884729397156841216318364858334633325], [25885868839756469722325652387535232478219821850603640827385444642154834700231, 42721818980548514490325424436763032046927347769153393863616095871384405840432, 5855288403637341107158034195599277569854359593529752399086836976954392351035], [8867588811641202981080659274007552529205713737251862066053445622305818871963, 23473499332437056484066006746048591864129988909190267521144125882222313735740, 5696063807157149622355481994320806474692190935543821893362808351446578125354], [36439756010140137556111047750162544185710881404522379792044818039722752946048, 16497366583607480604161417644040292299204496829635795525393416854929276060989, 31479323495970113713816467604460499675889579912370034974841212556442942086146]]
+[[39, 17756515227822460609684409997111995494590448775258437999344446424780281143353, 10188916128123599964772546147951904500865009616764646948187915341627970346879], [41362478282768062297187132445775312675360473883834860695283235286481594490621, 3384073892082712848969991795331397937188893616190315628722966662742467187281, 38536464596998108028197905645250196649287447208374169339784649587982292038621], [9548818195234740988996233204400874453525674173109474205108603996010297049928, 51311880822158488881090781617710146800056386303122657365679608608648067582435, 24596965950552905296088269899880882549715354660832391374009234980535928382152], [25365440569177822667580105183435418073995888230868180942004497015015045856900, 29347609441914902330741511702270026847909178228078752565372729158237774700914, 14356478667385969079309349540394948109414829921001045845599553435706989367858], [34023498397393406644117994167986720327178154686105264833093891093045919619309, 2339620320400167830454536231899316133967303509954474267430948538955691907104, 12136748919666286297989154404429099226154686992028401568133058190732008277996], [38816051319719761886041858113129205506758421478656182868737326994635468402951, 27338042530319738113354246208426108832239651080023276643867223794985578055610, 15580674179713644540398409523441814073810768449493940562136422009899312699155], [35167418087531820804128377095512663922179887277669504047069913414630376083753, 42192983528513372869128514327443204912824559545179630597589572656156258515752, 47389212411441573266379092392931599970417884729397156841216318364858334633325], [25885868839756469722325652387535232478219821850603640827385444642154834700231, 42721818980548514490325424436763032046927347769153393863616095871384405840432, 5855288403637341107158034195599277569854359593529752399086836976954392351035], [8867588811641202981080659274007552529205713737251862066053445622305818871963, 23473499332437056484066006746048591864129988909190267521144125882222313735740, 5696063807157149622355481994320806474692190935543821893362808351446578125354], [36439756010140137556111047750162544185710881404522379792044818039722752946048, 16497366583607480604161417644040292299204496829635795525393416854929276060989, 31479323495970113713816467604460499675889579912370034974841212556442942086146], [7788624504122357216765350546787885309160020166693449889975992574536033007374, 16727395967350522643500778393489915391834352737211416857240725807058479128000, 23309928720180143362408827385573327479858409115358010770730151873313341134036], [3134147137704626983201116226440762775442116005053282329971088789984415999550, 46525506418681456193255596516104416743523037046982280449529426136392814992763, 49173726739193834431163563658537303836196227863071274122448243716476847774081], [50252287380741824818995733304361249016282047978221591906573165442023106203143, 46030886964045328670650579467522042981756109464584907077434772786649263902996, 47125716430962246750225343878325061379201112039537908060878336544274638889887], [48434698978712278012409706205559577163572452744833134361195687109159129985373, 19216533213230709497947223526297848065365334472367022650183395435586190711770, 28979268638217444507045957173243175542161823382530964742692324059406064069673], [32960510617530186159512413633821386297955642598241661044178889571655571939473, 7889715292813995933863223756089425964393897180189452806863798954507930091839, 13352827863506000187484638938754778045801927238336090826457172216796844151715]]
 constants D      :
-[[14981678621464625851270783002338847382197300714436467949315331057125308909900, 48720959343719104324739338388885839802998711550637402773896395605948383052052, 11709610427641952476226704950218052763560489079301307464225164120801969364960], [28253420209785428420233456008091632509255652343634529984400816700490470131093, 6257781313532096835800460747082714697295034136932481743077166200794135826591, 11966422202069200811427605007493817363680804416274031195624148724039857787313], [51511939407083344002778208487678590135577660247075600880835916725469990319313, 4386017178186728799761421274050927732938229436976005221436222062273391481632, 663227665329044490605880474899933274574966982371072793854806732105730575244], [46291121544435738125248657675097664742296276807186696922340332893747842754587, 13820180736478645172746469075181304604729976364812127548341524461074783412926, 21821175320697611197161277831984495658213397245419754392657307036488476373765], [3650460179273129580093806058710273018999560093475503119057680216309578390988, 40385222771838099109662234020243831589690223478794847201235014486200724862134, 20738601554725926373596082603265918636164823648026470243422423735982938342408], [45802223370746268123059159806400152299867771061127345631244786118574025749328, 50306980075778262214155693291132052551559962723436936231611301042966928400825, 9105861908793877437599087016640061747418296780065295891365798855886560153752], [11798621276624967315721748990709309216351696098813162382053396097866233042733, 34806952212038537244506031612074847133207330427265785757809673463434908473570, 10559431278588446438155840088055546145087872298641007742921718770142881700525], [42372918959432199162670834641599336326433006968669415662488070504036922966492, 22755759419530071315007011572076166983660942447634027701351681157370705921018, 8881354201366797207686592249590682298565723459695719800911380560885170725516], [52181371244193189669553521955614617990714056725501643636576377752669773323445, 30334172084294870556875274308904688414158741457854908094300017436690480001547, 35548861917762862971011720475855172816698712671893796030607658203859222685056], [23791984554824031672195249524658580601428376029501889159059009332107176394097, 19832360622723392584029764807971325641132953515557801717644226271356492507876, 5370567718707734490084045178883836972105253285449736908577321570876055642415]]
-------------------------------------------------------instance         : A_BLS_12_381_SCALARFIELD_4_COL_128_BITS
+[[14981678621464625851270783002338847382197300714436467949315331057125308909900, 48720959343719104324739338388885839802998711550637402773896395605948383052052, 11709610427641952476226704950218052763560489079301307464225164120801969364960], [28253420209785428420233456008091632509255652343634529984400816700490470131093, 6257781313532096835800460747082714697295034136932481743077166200794135826591, 11966422202069200811427605007493817363680804416274031195624148724039857787313], [51511939407083344002778208487678590135577660247075600880835916725469990319313, 4386017178186728799761421274050927732938229436976005221436222062273391481632, 663227665329044490605880474899933274574966982371072793854806732105730575244], [46291121544435738125248657675097664742296276807186696922340332893747842754587, 13820180736478645172746469075181304604729976364812127548341524461074783412926, 21821175320697611197161277831984495658213397245419754392657307036488476373765], [3650460179273129580093806058710273018999560093475503119057680216309578390988, 40385222771838099109662234020243831589690223478794847201235014486200724862134, 20738601554725926373596082603265918636164823648026470243422423735982938342408], [45802223370746268123059159806400152299867771061127345631244786118574025749328, 50306980075778262214155693291132052551559962723436936231611301042966928400825, 9105861908793877437599087016640061747418296780065295891365798855886560153752], [11798621276624967315721748990709309216351696098813162382053396097866233042733, 34806952212038537244506031612074847133207330427265785757809673463434908473570, 10559431278588446438155840088055546145087872298641007742921718770142881700525], [42372918959432199162670834641599336326433006968669415662488070504036922966492, 22755759419530071315007011572076166983660942447634027701351681157370705921018, 8881354201366797207686592249590682298565723459695719800911380560885170725516], [52181371244193189669553521955614617990714056725501643636576377752669773323445, 30334172084294870556875274308904688414158741457854908094300017436690480001547, 35548861917762862971011720475855172816698712671893796030607658203859222685056], [23791984554824031672195249524658580601428376029501889159059009332107176394097, 19832360622723392584029764807971325641132953515557801717644226271356492507876, 5370567718707734490084045178883836972105253285449736908577321570876055642415], [33342520831620303764059548442834699069640109058400548818586964467754352720368, 5828182614154296575131381170785760240834851189333374788484657124381010655319, 35402840725731816569886401081547442120836676755165302266063041488580350955250], [16791548253207744974576845515705461794133799104808996134617754018912057476556, 23729797853490401568967730686618146850735129707152853256809050789424668284094, 49370143532750679082722668747729303735386089710927180493816826667453179359307], [11087343419860825311828133337767238110556416596687749174422888171911517001265, 22848708497596347027267124890363029002241440143993561170521113640580467699956, 46935663323261164382688860219844317191664211906631895718053635696150320980742], [11931207770538477937808955037363240956790374856666237106403111503668796872571, 51131682674615117766578358255722474622484771145670260043231096654077231782319, 31450668283223561572076322313160106053568476742991897877225324875903002249604], [3296943608590459582451043049934874894049468383833500962645016062634514172805, 46644788953432477700033739069823877324389237527251427373170202269468246508522, 22664151707746190750054384662981533360084484272555761134248875129763057677780]]
+------------------------------------------------------instance         : A_BLS_12_381_SCALARFIELD_4_COL_256_BITS
 prime field      : True
 Fr modulus       : 52435875175126190479447740508185965837690552500527637822603658699938581184513
 n_cols           : 4
-n_rounds         : 10
-security level   : 128
+n_rounds         : 14
+security level   : 256
 mult generator g : 7
 Q power          : 2
 alpha            : 5
@@ -79,6 +79,6 @@ matrix M         :
 [49 49  1  8]
 [ 8 15  7  8]
 constants C      :
-[[39, 17756515227822460609684409997111995494590448775258437999344446424780281143353, 10188916128123599964772546147951904500865009616764646948187915341627970346879, 3814237141406755457246679946340702245820791055503616462386588886553626328449], [41362478282768062297187132445775312675360473883834860695283235286481594490621, 3384073892082712848969991795331397937188893616190315628722966662742467187281, 38536464596998108028197905645250196649287447208374169339784649587982292038621, 37592197675289757358471908199906415982484124338112374453435292524131427342810], [9548818195234740988996233204400874453525674173109474205108603996010297049928, 51311880822158488881090781617710146800056386303122657365679608608648067582435, 24596965950552905296088269899880882549715354660832391374009234980535928382152, 34036826250287807194659359129722586818079652442547178531030410684351456041117], [25365440569177822667580105183435418073995888230868180942004497015015045856900, 29347609441914902330741511702270026847909178228078752565372729158237774700914, 14356478667385969079309349540394948109414829921001045845599553435706989367858, 9488013611624811735432450930006811652991761655550510302915118428283918068143], [34023498397393406644117994167986720327178154686105264833093891093045919619309, 2339620320400167830454536231899316133967303509954474267430948538955691907104, 12136748919666286297989154404429099226154686992028401568133058190732008277996, 19442569822772655270268482835742480365499256802520510905846953360427433130058], [38816051319719761886041858113129205506758421478656182868737326994635468402951, 27338042530319738113354246208426108832239651080023276643867223794985578055610, 15580674179713644540398409523441814073810768449493940562136422009899312699155, 4362660876979205605782410963041525734654031488177761934879852229226211686053], [35167418087531820804128377095512663922179887277669504047069913414630376083753, 42192983528513372869128514327443204912824559545179630597589572656156258515752, 47389212411441573266379092392931599970417884729397156841216318364858334633325, 41487656259632727393098274178738763934249662924287956242704596746920012242443], [25885868839756469722325652387535232478219821850603640827385444642154834700231, 42721818980548514490325424436763032046927347769153393863616095871384405840432, 5855288403637341107158034195599277569854359593529752399086836976954392351035, 18845851722124019325834426094831743068408557621685658713002749358354699910772], [8867588811641202981080659274007552529205713737251862066053445622305818871963, 23473499332437056484066006746048591864129988909190267521144125882222313735740, 5696063807157149622355481994320806474692190935543821893362808351446578125354, 48558031599255072862103809681060565464555437399403822458902024251997890071747], [36439756010140137556111047750162544185710881404522379792044818039722752946048, 16497366583607480604161417644040292299204496829635795525393416854929276060989, 31479323495970113713816467604460499675889579912370034974841212556442942086146, 52327065242455117582590188333899352706031813782154293138553490341266149456684]]
+[[39, 17756515227822460609684409997111995494590448775258437999344446424780281143353, 10188916128123599964772546147951904500865009616764646948187915341627970346879, 3814237141406755457246679946340702245820791055503616462386588886553626328449], [41362478282768062297187132445775312675360473883834860695283235286481594490621, 3384073892082712848969991795331397937188893616190315628722966662742467187281, 38536464596998108028197905645250196649287447208374169339784649587982292038621, 37592197675289757358471908199906415982484124338112374453435292524131427342810], [9548818195234740988996233204400874453525674173109474205108603996010297049928, 51311880822158488881090781617710146800056386303122657365679608608648067582435, 24596965950552905296088269899880882549715354660832391374009234980535928382152, 34036826250287807194659359129722586818079652442547178531030410684351456041117], [25365440569177822667580105183435418073995888230868180942004497015015045856900, 29347609441914902330741511702270026847909178228078752565372729158237774700914, 14356478667385969079309349540394948109414829921001045845599553435706989367858, 9488013611624811735432450930006811652991761655550510302915118428283918068143], [34023498397393406644117994167986720327178154686105264833093891093045919619309, 2339620320400167830454536231899316133967303509954474267430948538955691907104, 12136748919666286297989154404429099226154686992028401568133058190732008277996, 19442569822772655270268482835742480365499256802520510905846953360427433130058], [38816051319719761886041858113129205506758421478656182868737326994635468402951, 27338042530319738113354246208426108832239651080023276643867223794985578055610, 15580674179713644540398409523441814073810768449493940562136422009899312699155, 4362660876979205605782410963041525734654031488177761934879852229226211686053], [35167418087531820804128377095512663922179887277669504047069913414630376083753, 42192983528513372869128514327443204912824559545179630597589572656156258515752, 47389212411441573266379092392931599970417884729397156841216318364858334633325, 41487656259632727393098274178738763934249662924287956242704596746920012242443], [25885868839756469722325652387535232478219821850603640827385444642154834700231, 42721818980548514490325424436763032046927347769153393863616095871384405840432, 5855288403637341107158034195599277569854359593529752399086836976954392351035, 18845851722124019325834426094831743068408557621685658713002749358354699910772], [8867588811641202981080659274007552529205713737251862066053445622305818871963, 23473499332437056484066006746048591864129988909190267521144125882222313735740, 5696063807157149622355481994320806474692190935543821893362808351446578125354, 48558031599255072862103809681060565464555437399403822458902024251997890071747], [36439756010140137556111047750162544185710881404522379792044818039722752946048, 16497366583607480604161417644040292299204496829635795525393416854929276060989, 31479323495970113713816467604460499675889579912370034974841212556442942086146, 52327065242455117582590188333899352706031813782154293138553490341266149456684], [7788624504122357216765350546787885309160020166693449889975992574536033007374, 16727395967350522643500778393489915391834352737211416857240725807058479128000, 23309928720180143362408827385573327479858409115358010770730151873313341134036, 50067221443187587661574090167146914206862394380328488561819141296175188378275], [3134147137704626983201116226440762775442116005053282329971088789984415999550, 46525506418681456193255596516104416743523037046982280449529426136392814992763, 49173726739193834431163563658537303836196227863071274122448243716476847774081, 29046982289309321832219638744094773109240645964319387745189941342957948119206], [50252287380741824818995733304361249016282047978221591906573165442023106203143, 46030886964045328670650579467522042981756109464584907077434772786649263902996, 47125716430962246750225343878325061379201112039537908060878336544274638889887, 25651603343685475797092525752511524795234780786110942738828507305471634791967], [48434698978712278012409706205559577163572452744833134361195687109159129985373, 19216533213230709497947223526297848065365334472367022650183395435586190711770, 28979268638217444507045957173243175542161823382530964742692324059406064069673, 39595222492786803580155098254110905458620599931601547304699191792976275820627]]
 constants D      :
-[[14981678621464625851270783002338847382197300714436467949315331057125308909900, 48720959343719104324739338388885839802998711550637402773896395605948383052052, 11709610427641952476226704950218052763560489079301307464225164120801969364960, 3188799073106888901912065951229864304299742047220134499402570163601813730969], [28253420209785428420233456008091632509255652343634529984400816700490470131093, 6257781313532096835800460747082714697295034136932481743077166200794135826591, 11966422202069200811427605007493817363680804416274031195624148724039857787313, 8876022912542631074912834764773050492660953075192093830253524158063181475941], [51511939407083344002778208487678590135577660247075600880835916725469990319313, 4386017178186728799761421274050927732938229436976005221436222062273391481632, 663227665329044490605880474899933274574966982371072793854806732105730575244, 7956955597245727322388196907364651338722736293265717471854714933795446618648], [46291121544435738125248657675097664742296276807186696922340332893747842754587, 13820180736478645172746469075181304604729976364812127548341524461074783412926, 21821175320697611197161277831984495658213397245419754392657307036488476373765, 14806577897118234786495606424219372997573800509149076370951604526939593458489], [3650460179273129580093806058710273018999560093475503119057680216309578390988, 40385222771838099109662234020243831589690223478794847201235014486200724862134, 20738601554725926373596082603265918636164823648026470243422423735982938342408, 25898290090014076279086638237202313571292864987698437102115051403552551578909], [45802223370746268123059159806400152299867771061127345631244786118574025749328, 50306980075778262214155693291132052551559962723436936231611301042966928400825, 9105861908793877437599087016640061747418296780065295891365798855886560153752, 48177591413367409915642056167048753041735583848456612607691620273026228709602], [11798621276624967315721748990709309216351696098813162382053396097866233042733, 34806952212038537244506031612074847133207330427265785757809673463434908473570, 10559431278588446438155840088055546145087872298641007742921718770142881700525, 2511742758961381498086249076485723904703122022711664665388729650078747694082], [42372918959432199162670834641599336326433006968669415662488070504036922966492, 22755759419530071315007011572076166983660942447634027701351681157370705921018, 8881354201366797207686592249590682298565723459695719800911380560885170725516, 19725785152035256359574211351446161592903393017031483635806025440159666669692], [52181371244193189669553521955614617990714056725501643636576377752669773323445, 30334172084294870556875274308904688414158741457854908094300017436690480001547, 35548861917762862971011720475855172816698712671893796030607658203859222685056, 23828822166916376664523534857031979764654878164406016294521947902346141831375], [23791984554824031672195249524658580601428376029501889159059009332107176394097, 19832360622723392584029764807971325641132953515557801717644226271356492507876, 5370567718707734490084045178883836972105253285449736908577321570876055642415, 24072177097374519292068993110945703798030958684413852593268331853573451397392]]
+[[14981678621464625851270783002338847382197300714436467949315331057125308909900, 48720959343719104324739338388885839802998711550637402773896395605948383052052, 11709610427641952476226704950218052763560489079301307464225164120801969364960, 3188799073106888901912065951229864304299742047220134499402570163601813730969], [28253420209785428420233456008091632509255652343634529984400816700490470131093, 6257781313532096835800460747082714697295034136932481743077166200794135826591, 11966422202069200811427605007493817363680804416274031195624148724039857787313, 8876022912542631074912834764773050492660953075192093830253524158063181475941], [51511939407083344002778208487678590135577660247075600880835916725469990319313, 4386017178186728799761421274050927732938229436976005221436222062273391481632, 663227665329044490605880474899933274574966982371072793854806732105730575244, 7956955597245727322388196907364651338722736293265717471854714933795446618648], [46291121544435738125248657675097664742296276807186696922340332893747842754587, 13820180736478645172746469075181304604729976364812127548341524461074783412926, 21821175320697611197161277831984495658213397245419754392657307036488476373765, 14806577897118234786495606424219372997573800509149076370951604526939593458489], [3650460179273129580093806058710273018999560093475503119057680216309578390988, 40385222771838099109662234020243831589690223478794847201235014486200724862134, 20738601554725926373596082603265918636164823648026470243422423735982938342408, 25898290090014076279086638237202313571292864987698437102115051403552551578909], [45802223370746268123059159806400152299867771061127345631244786118574025749328, 50306980075778262214155693291132052551559962723436936231611301042966928400825, 9105861908793877437599087016640061747418296780065295891365798855886560153752, 48177591413367409915642056167048753041735583848456612607691620273026228709602], [11798621276624967315721748990709309216351696098813162382053396097866233042733, 34806952212038537244506031612074847133207330427265785757809673463434908473570, 10559431278588446438155840088055546145087872298641007742921718770142881700525, 2511742758961381498086249076485723904703122022711664665388729650078747694082], [42372918959432199162670834641599336326433006968669415662488070504036922966492, 22755759419530071315007011572076166983660942447634027701351681157370705921018, 8881354201366797207686592249590682298565723459695719800911380560885170725516, 19725785152035256359574211351446161592903393017031483635806025440159666669692], [52181371244193189669553521955614617990714056725501643636576377752669773323445, 30334172084294870556875274308904688414158741457854908094300017436690480001547, 35548861917762862971011720475855172816698712671893796030607658203859222685056, 23828822166916376664523534857031979764654878164406016294521947902346141831375], [23791984554824031672195249524658580601428376029501889159059009332107176394097, 19832360622723392584029764807971325641132953515557801717644226271356492507876, 5370567718707734490084045178883836972105253285449736908577321570876055642415, 24072177097374519292068993110945703798030958684413852593268331853573451397392], [33342520831620303764059548442834699069640109058400548818586964467754352720368, 5828182614154296575131381170785760240834851189333374788484657124381010655319, 35402840725731816569886401081547442120836676755165302266063041488580350955250, 7578125905794851322815150557558076805933581048787999755527104709377805399415], [16791548253207744974576845515705461794133799104808996134617754018912057476556, 23729797853490401568967730686618146850735129707152853256809050789424668284094, 49370143532750679082722668747729303735386089710927180493816826667453179359307, 27097266715047947416989971035909786804213979341355151637537256791808468088871], [11087343419860825311828133337767238110556416596687749174422888171911517001265, 22848708497596347027267124890363029002241440143993561170521113640580467699956, 46935663323261164382688860219844317191664211906631895718053635696150320980742, 23315417868166174362767269296653794403481352182384787916982538955221505267261], [11931207770538477937808955037363240956790374856666237106403111503668796872571, 51131682674615117766578358255722474622484771145670260043231096654077231782319, 31450668283223561572076322313160106053568476742991897877225324875903002249604, 39920489769974701578396690596650849765810724821242337960210925107347402384997]]

From 2bc1e601d05747d65810e5a721bcdfe4764befd8 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Wed, 11 Jan 2023 17:17:01 +0000
Subject: [PATCH 091/112] anemoi: removed parameters.txt file; its content is
 generated by the parameters.sage script

---
 scripts/anemoi-hash/parameters.txt | 84 ------------------------------
 1 file changed, 84 deletions(-)
 delete mode 100644 scripts/anemoi-hash/parameters.txt

diff --git a/scripts/anemoi-hash/parameters.txt b/scripts/anemoi-hash/parameters.txt
deleted file mode 100644
index 3453df745..000000000
--- a/scripts/anemoi-hash/parameters.txt
+++ /dev/null
@@ -1,84 +0,0 @@
-This file was automatically generated with SAGE script parameters.sage on 11/1/2023 at 12:34:47
-------------------------------------------------------instance         : A_BLS_12_381_SCALARFIELD_1_COL_256_BITS
-prime field      : True
-Fr modulus       : 52435875175126190479447740508185965837690552500527637822603658699938581184513
-n_cols           : 1
-n_rounds         : 35
-security level   : 256
-mult generator g : 7
-Q power          : 2
-alpha            : 5
-alpha_inv        : 20974350070050476191779096203274386335076221000211055129041463479975432473805
-beta             : 7
-gamma            : 0
-delta            : 14981678621464625851270783002338847382197300714436467949315331057125308909861
-matrix M         :
-[ 1  7]
-[ 7 50]
-constants C      :
-[[39], [41362478282768062297187132445775312675360473883834860695283235286481594490621], [9548818195234740988996233204400874453525674173109474205108603996010297049928], [25365440569177822667580105183435418073995888230868180942004497015015045856900], [34023498397393406644117994167986720327178154686105264833093891093045919619309], [38816051319719761886041858113129205506758421478656182868737326994635468402951], [35167418087531820804128377095512663922179887277669504047069913414630376083753], [25885868839756469722325652387535232478219821850603640827385444642154834700231], [8867588811641202981080659274007552529205713737251862066053445622305818871963], [36439756010140137556111047750162544185710881404522379792044818039722752946048], [7788624504122357216765350546787885309160020166693449889975992574536033007374], [3134147137704626983201116226440762775442116005053282329971088789984415999550], [50252287380741824818995733304361249016282047978221591906573165442023106203143], [48434698978712278012409706205559577163572452744833134361195687109159129985373], [32960510617530186159512413633821386297955642598241661044178889571655571939473], [12850897859166761094422335671106280470381427571695744605265713866647560628356], [14578036872634298798382048587794204613583128573535557156943783762854124345644], [21588109842058901916690548710649523388049643745013696896704903154857389904594], [35731638686520516424752846654442973203189295883541072759390882351699754104989], [34141830003233180772153845227433233456603143306530920011579259084215824391544], [30272543670850635882116596228256005460817517173808721139136515002908946750291], [37683635932819613269415877826861899850715644544228484729419295166414535174481], [17775527261802885986986645640222787995352295964229797630532600737667449540308], [22420532689128953802236395249244886540493833930566819892833754476317231258312], [17817507996551311718550138702317054228619937438194672345623808375428004673958], [5907960848989041605787426770777938946362788429322103525767702134624204537201], [45757545232231504879512064503009899934993643016194437621544917886299650707409], [33515759043263620296673917858948500523317584244492947880241667732620512600816], [37821070921466573719422449374875944365196556093514024521592687983958120860990], [7929930502054589212738745246913303052577853923752241654515807520533378749565], [7293738197873102537561743233253745300908719293335917846485104247108708549476], [13208511832929613997827945811817609450525777531320720392028697949327330418879], [47601068405545977094206867034439330296268579133978932743804424355927206954636], [40633845194961453876435667652624836740098917149997638131301477678515012057005], [37331959339943987941138389074829800878836721688168741771815937326790200186032]]
-constants D      :
-[[14981678621464625851270783002338847382197300714436467949315331057125308909900], [28253420209785428420233456008091632509255652343634529984400816700490470131093], [51511939407083344002778208487678590135577660247075600880835916725469990319313], [46291121544435738125248657675097664742296276807186696922340332893747842754587], [3650460179273129580093806058710273018999560093475503119057680216309578390988], [45802223370746268123059159806400152299867771061127345631244786118574025749328], [11798621276624967315721748990709309216351696098813162382053396097866233042733], [42372918959432199162670834641599336326433006968669415662488070504036922966492], [52181371244193189669553521955614617990714056725501643636576377752669773323445], [23791984554824031672195249524658580601428376029501889159059009332107176394097], [33342520831620303764059548442834699069640109058400548818586964467754352720368], [16791548253207744974576845515705461794133799104808996134617754018912057476556], [11087343419860825311828133337767238110556416596687749174422888171911517001265], [11931207770538477937808955037363240956790374856666237106403111503668796872571], [3296943608590459582451043049934874894049468383833500962645016062634514172805], [7080580976521357573320018355401935489220216583936865937104131954142364033647], [25990144965911478244481527888046366474489820502460615136523859419965697796405], [33907313384235729375566529911940467295099705980234607934575786561097199483218], [25996950265608465541351207283024962044374873682152889814392533334239395044136], [17878892320641464292190655092475335317049416605865175118054314040434534086821], [25443622609028754422863910981890932539396181992608938932620284900889552530362], [22139259742385789282636884420521494319351728843330026183835085771185820492424], [45448382075902671012464289343805949149301534282710134601239493945748506785132], [41900508241768653579170772170767890898893412801669825310751782528515999085573], [22063224403978957224019523657689160135721512619033626306684452466460943730461], [28320302898501762496022972705485257155369496122209662839984168714501264885500], [42875555652342076423440573943728695126719825375565595739353452728374263558032], [4922724176456376719735450248405681608821487385270058531091824814910623278042], [39213702476897230061267827505998212959520351869791901669597592300297466204227], [3779261478156072582337106630839435214997069649894818322014932220444906128664], [34880344207305841934478362921316426935733796073861894538699922220093706975247], [36900166050532535100140467096778695435256231928718661582709665229160044742454], [33198626842416951770999373575562924316466288191115775738856021866337799605112], [48724661174099803087833386541056949772571293683753357488628494212068867653992], [42670454105867422732314626050573286810568926822676628223016424398663193502895]]
-------------------------------------------------------instance         : A_BLS_12_381_SCALARFIELD_2_COL_256_BITS
-prime field      : True
-Fr modulus       : 52435875175126190479447740508185965837690552500527637822603658699938581184513
-n_cols           : 2
-n_rounds         : 20
-security level   : 256
-mult generator g : 7
-Q power          : 2
-alpha            : 5
-alpha_inv        : 20974350070050476191779096203274386335076221000211055129041463479975432473805
-beta             : 7
-gamma            : 0
-delta            : 14981678621464625851270783002338847382197300714436467949315331057125308909861
-matrix M         :
-[ 1  7]
-[ 7 50]
-constants C      :
-[[39, 17756515227822460609684409997111995494590448775258437999344446424780281143353], [41362478282768062297187132445775312675360473883834860695283235286481594490621, 3384073892082712848969991795331397937188893616190315628722966662742467187281], [9548818195234740988996233204400874453525674173109474205108603996010297049928, 51311880822158488881090781617710146800056386303122657365679608608648067582435], [25365440569177822667580105183435418073995888230868180942004497015015045856900, 29347609441914902330741511702270026847909178228078752565372729158237774700914], [34023498397393406644117994167986720327178154686105264833093891093045919619309, 2339620320400167830454536231899316133967303509954474267430948538955691907104], [38816051319719761886041858113129205506758421478656182868737326994635468402951, 27338042530319738113354246208426108832239651080023276643867223794985578055610], [35167418087531820804128377095512663922179887277669504047069913414630376083753, 42192983528513372869128514327443204912824559545179630597589572656156258515752], [25885868839756469722325652387535232478219821850603640827385444642154834700231, 42721818980548514490325424436763032046927347769153393863616095871384405840432], [8867588811641202981080659274007552529205713737251862066053445622305818871963, 23473499332437056484066006746048591864129988909190267521144125882222313735740], [36439756010140137556111047750162544185710881404522379792044818039722752946048, 16497366583607480604161417644040292299204496829635795525393416854929276060989], [7788624504122357216765350546787885309160020166693449889975992574536033007374, 16727395967350522643500778393489915391834352737211416857240725807058479128000], [3134147137704626983201116226440762775442116005053282329971088789984415999550, 46525506418681456193255596516104416743523037046982280449529426136392814992763], [50252287380741824818995733304361249016282047978221591906573165442023106203143, 46030886964045328670650579467522042981756109464584907077434772786649263902996], [48434698978712278012409706205559577163572452744833134361195687109159129985373, 19216533213230709497947223526297848065365334472367022650183395435586190711770], [32960510617530186159512413633821386297955642598241661044178889571655571939473, 7889715292813995933863223756089425964393897180189452806863798954507930091839], [12850897859166761094422335671106280470381427571695744605265713866647560628356, 38904040165181111823255670195939815931292647227116255264107979988806956289548], [14578036872634298798382048587794204613583128573535557156943783762854124345644, 39889360541014555144282299111081174118245884910289471727743747142236304617512], [21588109842058901916690548710649523388049643745013696896704903154857389904594, 24621630539822708325987461182639243839218230216578207719742880580327336278872], [35731638686520516424752846654442973203189295883541072759390882351699754104989, 46440234052380105790888469652474218885021684932521963866506932102071884869246], [34141830003233180772153845227433233456603143306530920011579259084215824391544, 21639810626664099060384095964841331546055348345600486078107882966779265621748]]
-constants D      :
-[[14981678621464625851270783002338847382197300714436467949315331057125308909900, 48720959343719104324739338388885839802998711550637402773896395605948383052052], [28253420209785428420233456008091632509255652343634529984400816700490470131093, 6257781313532096835800460747082714697295034136932481743077166200794135826591], [51511939407083344002778208487678590135577660247075600880835916725469990319313, 4386017178186728799761421274050927732938229436976005221436222062273391481632], [46291121544435738125248657675097664742296276807186696922340332893747842754587, 13820180736478645172746469075181304604729976364812127548341524461074783412926], [3650460179273129580093806058710273018999560093475503119057680216309578390988, 40385222771838099109662234020243831589690223478794847201235014486200724862134], [45802223370746268123059159806400152299867771061127345631244786118574025749328, 50306980075778262214155693291132052551559962723436936231611301042966928400825], [11798621276624967315721748990709309216351696098813162382053396097866233042733, 34806952212038537244506031612074847133207330427265785757809673463434908473570], [42372918959432199162670834641599336326433006968669415662488070504036922966492, 22755759419530071315007011572076166983660942447634027701351681157370705921018], [52181371244193189669553521955614617990714056725501643636576377752669773323445, 30334172084294870556875274308904688414158741457854908094300017436690480001547], [23791984554824031672195249524658580601428376029501889159059009332107176394097, 19832360622723392584029764807971325641132953515557801717644226271356492507876], [33342520831620303764059548442834699069640109058400548818586964467754352720368, 5828182614154296575131381170785760240834851189333374788484657124381010655319], [16791548253207744974576845515705461794133799104808996134617754018912057476556, 23729797853490401568967730686618146850735129707152853256809050789424668284094], [11087343419860825311828133337767238110556416596687749174422888171911517001265, 22848708497596347027267124890363029002241440143993561170521113640580467699956], [11931207770538477937808955037363240956790374856666237106403111503668796872571, 51131682674615117766578358255722474622484771145670260043231096654077231782319], [3296943608590459582451043049934874894049468383833500962645016062634514172805, 46644788953432477700033739069823877324389237527251427373170202269468246508522], [7080580976521357573320018355401935489220216583936865937104131954142364033647, 49116488776967726165937498269670467876342398300299873421183016200344552693677], [25990144965911478244481527888046366474489820502460615136523859419965697796405, 14848358953597561974718183292582367067672986399629388709956782223452089882598], [33907313384235729375566529911940467295099705980234607934575786561097199483218, 487724401305363169199847265179218834788702012213977760246723410671357671821], [25996950265608465541351207283024962044374873682152889814392533334239395044136, 252435950773882291823235162305238814727672291548639924141542508715737622718], [17878892320641464292190655092475335317049416605865175118054314040434534086821, 21359638438504400444205051219318430332712583705877238009819556047040768315863]]
-------------------------------------------------------instance         : A_BLS_12_381_SCALARFIELD_3_COL_256_BITS
-prime field      : True
-Fr modulus       : 52435875175126190479447740508185965837690552500527637822603658699938581184513
-n_cols           : 3
-n_rounds         : 15
-security level   : 256
-mult generator g : 7
-Q power          : 2
-alpha            : 5
-alpha_inv        : 20974350070050476191779096203274386335076221000211055129041463479975432473805
-beta             : 7
-gamma            : 0
-delta            : 14981678621464625851270783002338847382197300714436467949315331057125308909861
-matrix M         :
-[8 1 8]
-[1 1 7]
-[7 1 1]
-constants C      :
-[[39, 17756515227822460609684409997111995494590448775258437999344446424780281143353, 10188916128123599964772546147951904500865009616764646948187915341627970346879], [41362478282768062297187132445775312675360473883834860695283235286481594490621, 3384073892082712848969991795331397937188893616190315628722966662742467187281, 38536464596998108028197905645250196649287447208374169339784649587982292038621], [9548818195234740988996233204400874453525674173109474205108603996010297049928, 51311880822158488881090781617710146800056386303122657365679608608648067582435, 24596965950552905296088269899880882549715354660832391374009234980535928382152], [25365440569177822667580105183435418073995888230868180942004497015015045856900, 29347609441914902330741511702270026847909178228078752565372729158237774700914, 14356478667385969079309349540394948109414829921001045845599553435706989367858], [34023498397393406644117994167986720327178154686105264833093891093045919619309, 2339620320400167830454536231899316133967303509954474267430948538955691907104, 12136748919666286297989154404429099226154686992028401568133058190732008277996], [38816051319719761886041858113129205506758421478656182868737326994635468402951, 27338042530319738113354246208426108832239651080023276643867223794985578055610, 15580674179713644540398409523441814073810768449493940562136422009899312699155], [35167418087531820804128377095512663922179887277669504047069913414630376083753, 42192983528513372869128514327443204912824559545179630597589572656156258515752, 47389212411441573266379092392931599970417884729397156841216318364858334633325], [25885868839756469722325652387535232478219821850603640827385444642154834700231, 42721818980548514490325424436763032046927347769153393863616095871384405840432, 5855288403637341107158034195599277569854359593529752399086836976954392351035], [8867588811641202981080659274007552529205713737251862066053445622305818871963, 23473499332437056484066006746048591864129988909190267521144125882222313735740, 5696063807157149622355481994320806474692190935543821893362808351446578125354], [36439756010140137556111047750162544185710881404522379792044818039722752946048, 16497366583607480604161417644040292299204496829635795525393416854929276060989, 31479323495970113713816467604460499675889579912370034974841212556442942086146], [7788624504122357216765350546787885309160020166693449889975992574536033007374, 16727395967350522643500778393489915391834352737211416857240725807058479128000, 23309928720180143362408827385573327479858409115358010770730151873313341134036], [3134147137704626983201116226440762775442116005053282329971088789984415999550, 46525506418681456193255596516104416743523037046982280449529426136392814992763, 49173726739193834431163563658537303836196227863071274122448243716476847774081], [50252287380741824818995733304361249016282047978221591906573165442023106203143, 46030886964045328670650579467522042981756109464584907077434772786649263902996, 47125716430962246750225343878325061379201112039537908060878336544274638889887], [48434698978712278012409706205559577163572452744833134361195687109159129985373, 19216533213230709497947223526297848065365334472367022650183395435586190711770, 28979268638217444507045957173243175542161823382530964742692324059406064069673], [32960510617530186159512413633821386297955642598241661044178889571655571939473, 7889715292813995933863223756089425964393897180189452806863798954507930091839, 13352827863506000187484638938754778045801927238336090826457172216796844151715]]
-constants D      :
-[[14981678621464625851270783002338847382197300714436467949315331057125308909900, 48720959343719104324739338388885839802998711550637402773896395605948383052052, 11709610427641952476226704950218052763560489079301307464225164120801969364960], [28253420209785428420233456008091632509255652343634529984400816700490470131093, 6257781313532096835800460747082714697295034136932481743077166200794135826591, 11966422202069200811427605007493817363680804416274031195624148724039857787313], [51511939407083344002778208487678590135577660247075600880835916725469990319313, 4386017178186728799761421274050927732938229436976005221436222062273391481632, 663227665329044490605880474899933274574966982371072793854806732105730575244], [46291121544435738125248657675097664742296276807186696922340332893747842754587, 13820180736478645172746469075181304604729976364812127548341524461074783412926, 21821175320697611197161277831984495658213397245419754392657307036488476373765], [3650460179273129580093806058710273018999560093475503119057680216309578390988, 40385222771838099109662234020243831589690223478794847201235014486200724862134, 20738601554725926373596082603265918636164823648026470243422423735982938342408], [45802223370746268123059159806400152299867771061127345631244786118574025749328, 50306980075778262214155693291132052551559962723436936231611301042966928400825, 9105861908793877437599087016640061747418296780065295891365798855886560153752], [11798621276624967315721748990709309216351696098813162382053396097866233042733, 34806952212038537244506031612074847133207330427265785757809673463434908473570, 10559431278588446438155840088055546145087872298641007742921718770142881700525], [42372918959432199162670834641599336326433006968669415662488070504036922966492, 22755759419530071315007011572076166983660942447634027701351681157370705921018, 8881354201366797207686592249590682298565723459695719800911380560885170725516], [52181371244193189669553521955614617990714056725501643636576377752669773323445, 30334172084294870556875274308904688414158741457854908094300017436690480001547, 35548861917762862971011720475855172816698712671893796030607658203859222685056], [23791984554824031672195249524658580601428376029501889159059009332107176394097, 19832360622723392584029764807971325641132953515557801717644226271356492507876, 5370567718707734490084045178883836972105253285449736908577321570876055642415], [33342520831620303764059548442834699069640109058400548818586964467754352720368, 5828182614154296575131381170785760240834851189333374788484657124381010655319, 35402840725731816569886401081547442120836676755165302266063041488580350955250], [16791548253207744974576845515705461794133799104808996134617754018912057476556, 23729797853490401568967730686618146850735129707152853256809050789424668284094, 49370143532750679082722668747729303735386089710927180493816826667453179359307], [11087343419860825311828133337767238110556416596687749174422888171911517001265, 22848708497596347027267124890363029002241440143993561170521113640580467699956, 46935663323261164382688860219844317191664211906631895718053635696150320980742], [11931207770538477937808955037363240956790374856666237106403111503668796872571, 51131682674615117766578358255722474622484771145670260043231096654077231782319, 31450668283223561572076322313160106053568476742991897877225324875903002249604], [3296943608590459582451043049934874894049468383833500962645016062634514172805, 46644788953432477700033739069823877324389237527251427373170202269468246508522, 22664151707746190750054384662981533360084484272555761134248875129763057677780]]
-------------------------------------------------------instance         : A_BLS_12_381_SCALARFIELD_4_COL_256_BITS
-prime field      : True
-Fr modulus       : 52435875175126190479447740508185965837690552500527637822603658699938581184513
-n_cols           : 4
-n_rounds         : 14
-security level   : 256
-mult generator g : 7
-Q power          : 2
-alpha            : 5
-alpha_inv        : 20974350070050476191779096203274386335076221000211055129041463479975432473805
-beta             : 7
-gamma            : 0
-delta            : 14981678621464625851270783002338847382197300714436467949315331057125308909861
-matrix M         :
-[ 1  8  7  7]
-[49 56  8 15]
-[49 49  1  8]
-[ 8 15  7  8]
-constants C      :
-[[39, 17756515227822460609684409997111995494590448775258437999344446424780281143353, 10188916128123599964772546147951904500865009616764646948187915341627970346879, 3814237141406755457246679946340702245820791055503616462386588886553626328449], [41362478282768062297187132445775312675360473883834860695283235286481594490621, 3384073892082712848969991795331397937188893616190315628722966662742467187281, 38536464596998108028197905645250196649287447208374169339784649587982292038621, 37592197675289757358471908199906415982484124338112374453435292524131427342810], [9548818195234740988996233204400874453525674173109474205108603996010297049928, 51311880822158488881090781617710146800056386303122657365679608608648067582435, 24596965950552905296088269899880882549715354660832391374009234980535928382152, 34036826250287807194659359129722586818079652442547178531030410684351456041117], [25365440569177822667580105183435418073995888230868180942004497015015045856900, 29347609441914902330741511702270026847909178228078752565372729158237774700914, 14356478667385969079309349540394948109414829921001045845599553435706989367858, 9488013611624811735432450930006811652991761655550510302915118428283918068143], [34023498397393406644117994167986720327178154686105264833093891093045919619309, 2339620320400167830454536231899316133967303509954474267430948538955691907104, 12136748919666286297989154404429099226154686992028401568133058190732008277996, 19442569822772655270268482835742480365499256802520510905846953360427433130058], [38816051319719761886041858113129205506758421478656182868737326994635468402951, 27338042530319738113354246208426108832239651080023276643867223794985578055610, 15580674179713644540398409523441814073810768449493940562136422009899312699155, 4362660876979205605782410963041525734654031488177761934879852229226211686053], [35167418087531820804128377095512663922179887277669504047069913414630376083753, 42192983528513372869128514327443204912824559545179630597589572656156258515752, 47389212411441573266379092392931599970417884729397156841216318364858334633325, 41487656259632727393098274178738763934249662924287956242704596746920012242443], [25885868839756469722325652387535232478219821850603640827385444642154834700231, 42721818980548514490325424436763032046927347769153393863616095871384405840432, 5855288403637341107158034195599277569854359593529752399086836976954392351035, 18845851722124019325834426094831743068408557621685658713002749358354699910772], [8867588811641202981080659274007552529205713737251862066053445622305818871963, 23473499332437056484066006746048591864129988909190267521144125882222313735740, 5696063807157149622355481994320806474692190935543821893362808351446578125354, 48558031599255072862103809681060565464555437399403822458902024251997890071747], [36439756010140137556111047750162544185710881404522379792044818039722752946048, 16497366583607480604161417644040292299204496829635795525393416854929276060989, 31479323495970113713816467604460499675889579912370034974841212556442942086146, 52327065242455117582590188333899352706031813782154293138553490341266149456684], [7788624504122357216765350546787885309160020166693449889975992574536033007374, 16727395967350522643500778393489915391834352737211416857240725807058479128000, 23309928720180143362408827385573327479858409115358010770730151873313341134036, 50067221443187587661574090167146914206862394380328488561819141296175188378275], [3134147137704626983201116226440762775442116005053282329971088789984415999550, 46525506418681456193255596516104416743523037046982280449529426136392814992763, 49173726739193834431163563658537303836196227863071274122448243716476847774081, 29046982289309321832219638744094773109240645964319387745189941342957948119206], [50252287380741824818995733304361249016282047978221591906573165442023106203143, 46030886964045328670650579467522042981756109464584907077434772786649263902996, 47125716430962246750225343878325061379201112039537908060878336544274638889887, 25651603343685475797092525752511524795234780786110942738828507305471634791967], [48434698978712278012409706205559577163572452744833134361195687109159129985373, 19216533213230709497947223526297848065365334472367022650183395435586190711770, 28979268638217444507045957173243175542161823382530964742692324059406064069673, 39595222492786803580155098254110905458620599931601547304699191792976275820627]]
-constants D      :
-[[14981678621464625851270783002338847382197300714436467949315331057125308909900, 48720959343719104324739338388885839802998711550637402773896395605948383052052, 11709610427641952476226704950218052763560489079301307464225164120801969364960, 3188799073106888901912065951229864304299742047220134499402570163601813730969], [28253420209785428420233456008091632509255652343634529984400816700490470131093, 6257781313532096835800460747082714697295034136932481743077166200794135826591, 11966422202069200811427605007493817363680804416274031195624148724039857787313, 8876022912542631074912834764773050492660953075192093830253524158063181475941], [51511939407083344002778208487678590135577660247075600880835916725469990319313, 4386017178186728799761421274050927732938229436976005221436222062273391481632, 663227665329044490605880474899933274574966982371072793854806732105730575244, 7956955597245727322388196907364651338722736293265717471854714933795446618648], [46291121544435738125248657675097664742296276807186696922340332893747842754587, 13820180736478645172746469075181304604729976364812127548341524461074783412926, 21821175320697611197161277831984495658213397245419754392657307036488476373765, 14806577897118234786495606424219372997573800509149076370951604526939593458489], [3650460179273129580093806058710273018999560093475503119057680216309578390988, 40385222771838099109662234020243831589690223478794847201235014486200724862134, 20738601554725926373596082603265918636164823648026470243422423735982938342408, 25898290090014076279086638237202313571292864987698437102115051403552551578909], [45802223370746268123059159806400152299867771061127345631244786118574025749328, 50306980075778262214155693291132052551559962723436936231611301042966928400825, 9105861908793877437599087016640061747418296780065295891365798855886560153752, 48177591413367409915642056167048753041735583848456612607691620273026228709602], [11798621276624967315721748990709309216351696098813162382053396097866233042733, 34806952212038537244506031612074847133207330427265785757809673463434908473570, 10559431278588446438155840088055546145087872298641007742921718770142881700525, 2511742758961381498086249076485723904703122022711664665388729650078747694082], [42372918959432199162670834641599336326433006968669415662488070504036922966492, 22755759419530071315007011572076166983660942447634027701351681157370705921018, 8881354201366797207686592249590682298565723459695719800911380560885170725516, 19725785152035256359574211351446161592903393017031483635806025440159666669692], [52181371244193189669553521955614617990714056725501643636576377752669773323445, 30334172084294870556875274308904688414158741457854908094300017436690480001547, 35548861917762862971011720475855172816698712671893796030607658203859222685056, 23828822166916376664523534857031979764654878164406016294521947902346141831375], [23791984554824031672195249524658580601428376029501889159059009332107176394097, 19832360622723392584029764807971325641132953515557801717644226271356492507876, 5370567718707734490084045178883836972105253285449736908577321570876055642415, 24072177097374519292068993110945703798030958684413852593268331853573451397392], [33342520831620303764059548442834699069640109058400548818586964467754352720368, 5828182614154296575131381170785760240834851189333374788484657124381010655319, 35402840725731816569886401081547442120836676755165302266063041488580350955250, 7578125905794851322815150557558076805933581048787999755527104709377805399415], [16791548253207744974576845515705461794133799104808996134617754018912057476556, 23729797853490401568967730686618146850735129707152853256809050789424668284094, 49370143532750679082722668747729303735386089710927180493816826667453179359307, 27097266715047947416989971035909786804213979341355151637537256791808468088871], [11087343419860825311828133337767238110556416596687749174422888171911517001265, 22848708497596347027267124890363029002241440143993561170521113640580467699956, 46935663323261164382688860219844317191664211906631895718053635696150320980742, 23315417868166174362767269296653794403481352182384787916982538955221505267261], [11931207770538477937808955037363240956790374856666237106403111503668796872571, 51131682674615117766578358255722474622484771145670260043231096654077231782319, 31450668283223561572076322313160106053568476742991897877225324875903002249604, 39920489769974701578396690596650849765810724821242337960210925107347402384997]]

From 928ba7b87cef5c8377a22966a60e486ec5e9cb3a Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Wed, 11 Jan 2023 18:01:25 +0000
Subject: [PATCH 092/112] anemoi: added the original round constants instead of
 just adding zero constants
 (https://github.com/clearmatics/libsnark/pull/98#discussion_r1055590350)

---
 .../hashes/anemoi/anemoi_parameters.hpp       |   8 +
 .../hashes/anemoi/anemoi_parameters.tcc       | 744 +++++++++++++++++-
 .../hashes/anemoi/tests/anemoi_outputs.cpp    | 112 ++-
 .../anemoi/tests/test_anemoi_gadget.cpp       |  27 +-
 4 files changed, 809 insertions(+), 82 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.hpp
index 4f115c226..e2b20c2da 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.hpp
@@ -55,6 +55,14 @@ template<> class anemoi_parameters<libff::bls12_381_pp>
     static constexpr size_t quad_exponent = 2;
     static const BignumT alpha_inv;
     static const BignumT delta;
+    static const std::vector<std::vector<BignumT>> C_constants_col_one;
+    static const std::vector<std::vector<BignumT>> D_constants_col_one;
+    static const std::vector<std::vector<BignumT>> C_constants_col_two;
+    static const std::vector<std::vector<BignumT>> D_constants_col_two;
+    static const std::vector<std::vector<BignumT>> C_constants_col_three;
+    static const std::vector<std::vector<BignumT>> D_constants_col_three;
+    static const std::vector<std::vector<BignumT>> C_constants_col_four;
+    static const std::vector<std::vector<BignumT>> D_constants_col_four;
 };
 
 } // namespace libsnark
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.tcc
index 5fddb2fb1..a05a0cb60 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.tcc
@@ -11,19 +11,745 @@
 
 namespace libsnark
 {
+using ppT = libff::bls12_381_pp;
+using FieldT = libff::Fr<ppT>;
+using BignumT = libff::bigint<FieldT::num_limbs>;
 
-const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>
-    anemoi_parameters<libff::bls12_381_pp>::alpha_inv =
-        libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
-            "209743500700504761917790962032743863350762210002110551290414634799"
+const BignumT anemoi_parameters<ppT>::alpha_inv =
+    BignumT("209743500700504761917790962032743863350762210002110551290414634799"
             "75432473805");
-
-const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>
-    anemoi_parameters<libff::bls12_381_pp>::delta =
-        libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
-            "14981678621464625851270783002338847382197300714436467949315"
+const BignumT anemoi_parameters<ppT>::delta =
+    BignumT("14981678621464625851270783002338847382197300714436467949315"
             "331057125308909861");
 
+// Automatically generated with SAGE script
+// libsnark/scripts/anemoi-hash/parameters.sage
+
+// C constants for L = 1 columns
+const std::vector<std::vector<BignumT>>
+    anemoi_parameters<ppT>::C_constants_col_one = {
+        {BignumT("39")},
+        {BignumT("4136247828276806229718713244577531267536047388383486069528323"
+                 "5286481594490621")},
+        {BignumT("9548818195234740988996233204400874453525674173109474205108603"
+                 "996010297049928")},
+        {BignumT("2536544056917782266758010518343541807399588823086818094200449"
+                 "7015015045856900")},
+        {BignumT("3402349839739340664411799416798672032717815468610526483309389"
+                 "1093045919619309")},
+        {BignumT("3881605131971976188604185811312920550675842147865618286873732"
+                 "6994635468402951")},
+        {BignumT("3516741808753182080412837709551266392217988727766950404706991"
+                 "3414630376083753")},
+        {BignumT("2588586883975646972232565238753523247821982185060364082738544"
+                 "4642154834700231")},
+        {BignumT("8867588811641202981080659274007552529205713737251862066053445"
+                 "622305818871963")},
+        {BignumT("3643975601014013755611104775016254418571088140452237979204481"
+                 "8039722752946048")},
+        {BignumT("7788624504122357216765350546787885309160020166693449889975992"
+                 "574536033007374")},
+        {BignumT("3134147137704626983201116226440762775442116005053282329971088"
+                 "789984415999550")},
+        {BignumT("5025228738074182481899573330436124901628204797822159190657316"
+                 "5442023106203143")},
+        {BignumT("4843469897871227801240970620555957716357245274483313436119568"
+                 "7109159129985373")},
+        {BignumT("3296051061753018615951241363382138629795564259824166104417888"
+                 "9571655571939473")},
+        {BignumT("1285089785916676109442233567110628047038142757169574460526571"
+                 "3866647560628356")},
+        {BignumT("1457803687263429879838204858779420461358312857353555715694378"
+                 "3762854124345644")},
+        {BignumT("2158810984205890191669054871064952338804964374501369689670490"
+                 "3154857389904594")},
+        {BignumT("3573163868652051642475284665444297320318929588354107275939088"
+                 "2351699754104989")},
+        {BignumT("3414183000323318077215384522743323345660314330653092001157925"
+                 "9084215824391544")},
+        {BignumT("3027254367085063588211659622825600546081751717380872113913651"
+                 "5002908946750291")},
+        {BignumT("3768363593281961326941587782686189985071564454422848472941929"
+                 "5166414535174481")},
+        {BignumT("1777552726180288598698664564022278799535229596422979763053260"
+                 "0737667449540308")},
+        {BignumT("2242053268912895380223639524924488654049383393056681989283375"
+                 "4476317231258312")},
+        {BignumT("1781750799655131171855013870231705422861993743819467234562380"
+                 "8375428004673958")},
+        {BignumT("5907960848989041605787426770777938946362788429322103525767702"
+                 "134624204537201")},
+        {BignumT("4575754523223150487951206450300989993499364301619443762154491"
+                 "7886299650707409")},
+        {BignumT("3351575904326362029667391785894850052331758424449294788024166"
+                 "7732620512600816")},
+        {BignumT("3782107092146657371942244937487594436519655609351402452159268"
+                 "7983958120860990")},
+        {BignumT("7929930502054589212738745246913303052577853923752241654515807"
+                 "520533378749565")},
+        {BignumT("7293738197873102537561743233253745300908719293335917846485104"
+                 "247108708549476")},
+        {BignumT("1320851183292961399782794581181760945052577753132072039202869"
+                 "7949327330418879")},
+        {BignumT("4760106840554597709420686703443933029626857913397893274380442"
+                 "4355927206954636")},
+        {BignumT("4063384519496145387643566765262483674009891714999763813130147"
+                 "7678515012057005")},
+        {BignumT("3733195933994398794113838907482980087883672168816874177181593"
+                 "7326790200186032")}};
+// D constants for L = 1 columns
+const std::vector<std::vector<BignumT>>
+    anemoi_parameters<ppT>::D_constants_col_one = {
+        {BignumT("1498167862146462585127078300233884738219730071443646794931533"
+                 "1057125308909900")},
+        {BignumT("2825342020978542842023345600809163250925565234363452998440081"
+                 "6700490470131093")},
+        {BignumT("5151193940708334400277820848767859013557766024707560088083591"
+                 "6725469990319313")},
+        {BignumT("4629112154443573812524865767509766474229627680718669692234033"
+                 "2893747842754587")},
+        {BignumT("3650460179273129580093806058710273018999560093475503119057680"
+                 "216309578390988")},
+        {BignumT("4580222337074626812305915980640015229986777106112734563124478"
+                 "6118574025749328")},
+        {BignumT("1179862127662496731572174899070930921635169609881316238205339"
+                 "6097866233042733")},
+        {BignumT("4237291895943219916267083464159933632643300696866941566248807"
+                 "0504036922966492")},
+        {BignumT("5218137124419318966955352195561461799071405672550164363657637"
+                 "7752669773323445")},
+        {BignumT("2379198455482403167219524952465858060142837602950188915905900"
+                 "9332107176394097")},
+        {BignumT("3334252083162030376405954844283469906964010905840054881858696"
+                 "4467754352720368")},
+        {BignumT("1679154825320774497457684551570546179413379910480899613461775"
+                 "4018912057476556")},
+        {BignumT("1108734341986082531182813333776723811055641659668774917442288"
+                 "8171911517001265")},
+        {BignumT("1193120777053847793780895503736324095679037485666623710640311"
+                 "1503668796872571")},
+        {BignumT("3296943608590459582451043049934874894049468383833500962645016"
+                 "062634514172805")},
+        {BignumT("7080580976521357573320018355401935489220216583936865937104131"
+                 "954142364033647")},
+        {BignumT("2599014496591147824448152788804636647448982050246061513652385"
+                 "9419965697796405")},
+        {BignumT("3390731338423572937556652991194046729509970598023460793457578"
+                 "6561097199483218")},
+        {BignumT("2599695026560846554135120728302496204437487368215288981439253"
+                 "3334239395044136")},
+        {BignumT("1787889232064146429219065509247533531704941660586517511805431"
+                 "4040434534086821")},
+        {BignumT("2544362260902875442286391098189093253939618199260893893262028"
+                 "4900889552530362")},
+        {BignumT("2213925974238578928263688442052149431935172884333002618383508"
+                 "5771185820492424")},
+        {BignumT("4544838207590267101246428934380594914930153428271013460123949"
+                 "3945748506785132")},
+        {BignumT("4190050824176865357917077217076789089889341280166982531075178"
+                 "2528515999085573")},
+        {BignumT("2206322440397895722401952365768916013572151261903362630668445"
+                 "2466460943730461")},
+        {BignumT("2832030289850176249602297270548525715536949612220966283998416"
+                 "8714501264885500")},
+        {BignumT("4287555565234207642344057394372869512671982537556559573935345"
+                 "2728374263558032")},
+        {BignumT("4922724176456376719735450248405681608821487385270058531091824"
+                 "814910623278042")},
+        {BignumT("3921370247689723006126782750599821295952035186979190166959759"
+                 "2300297466204227")},
+        {BignumT("3779261478156072582337106630839435214997069649894818322014932"
+                 "220444906128664")},
+        {BignumT("3488034420730584193447836292131642693573379607386189453869992"
+                 "2220093706975247")},
+        {BignumT("3690016605053253510014046709677869543525623192871866158270966"
+                 "5229160044742454")},
+        {BignumT("3319862684241695177099937357556292431646628819111577573885602"
+                 "1866337799605112")},
+        {BignumT("4872466117409980308783338654105694977257129368375335748862849"
+                 "4212068867653992")},
+        {BignumT("4267045410586742273231462605057328681056892682267662822301642"
+                 "4398663193502895")}};
+// C constants for L = 2 columns
+const std::vector<std::vector<BignumT>>
+    anemoi_parameters<ppT>::C_constants_col_two = {
+        {BignumT("39"),
+         BignumT("1775651522782246060968440999711199549459044877525843799934444"
+                 "6424780281143353")},
+        {BignumT("4136247828276806229718713244577531267536047388383486069528323"
+                 "5286481594490621"),
+         BignumT("3384073892082712848969991795331397937188893616190315628722966"
+                 "662742467187281")},
+        {BignumT("9548818195234740988996233204400874453525674173109474205108603"
+                 "996010297049928"),
+         BignumT("5131188082215848888109078161771014680005638630312265736567960"
+                 "8608648067582435")},
+        {BignumT("2536544056917782266758010518343541807399588823086818094200449"
+                 "7015015045856900"),
+         BignumT("2934760944191490233074151170227002684790917822807875256537272"
+                 "9158237774700914")},
+        {BignumT("3402349839739340664411799416798672032717815468610526483309389"
+                 "1093045919619309"),
+         BignumT("2339620320400167830454536231899316133967303509954474267430948"
+                 "538955691907104")},
+        {BignumT("3881605131971976188604185811312920550675842147865618286873732"
+                 "6994635468402951"),
+         BignumT("2733804253031973811335424620842610883223965108002327664386722"
+                 "3794985578055610")},
+        {BignumT("3516741808753182080412837709551266392217988727766950404706991"
+                 "3414630376083753"),
+         BignumT("4219298352851337286912851432744320491282455954517963059758957"
+                 "2656156258515752")},
+        {BignumT("2588586883975646972232565238753523247821982185060364082738544"
+                 "4642154834700231"),
+         BignumT("4272181898054851449032542443676303204692734776915339386361609"
+                 "5871384405840432")},
+        {BignumT("8867588811641202981080659274007552529205713737251862066053445"
+                 "622305818871963"),
+         BignumT("2347349933243705648406600674604859186412998890919026752114412"
+                 "5882222313735740")},
+        {BignumT("3643975601014013755611104775016254418571088140452237979204481"
+                 "8039722752946048"),
+         BignumT("1649736658360748060416141764404029229920449682963579552539341"
+                 "6854929276060989")},
+        {BignumT("7788624504122357216765350546787885309160020166693449889975992"
+                 "574536033007374"),
+         BignumT("1672739596735052264350077839348991539183435273721141685724072"
+                 "5807058479128000")},
+        {BignumT("3134147137704626983201116226440762775442116005053282329971088"
+                 "789984415999550"),
+         BignumT("4652550641868145619325559651610441674352303704698228044952942"
+                 "6136392814992763")},
+        {BignumT("5025228738074182481899573330436124901628204797822159190657316"
+                 "5442023106203143"),
+         BignumT("4603088696404532867065057946752204298175610946458490707743477"
+                 "2786649263902996")},
+        {BignumT("4843469897871227801240970620555957716357245274483313436119568"
+                 "7109159129985373"),
+         BignumT("1921653321323070949794722352629784806536533447236702265018339"
+                 "5435586190711770")},
+        {BignumT("3296051061753018615951241363382138629795564259824166104417888"
+                 "9571655571939473"),
+         BignumT("7889715292813995933863223756089425964393897180189452806863798"
+                 "954507930091839")},
+        {BignumT("1285089785916676109442233567110628047038142757169574460526571"
+                 "3866647560628356"),
+         BignumT("3890404016518111182325567019593981593129264722711625526410797"
+                 "9988806956289548")},
+        {BignumT("1457803687263429879838204858779420461358312857353555715694378"
+                 "3762854124345644"),
+         BignumT("3988936054101455514428229911108117411824588491028947172774374"
+                 "7142236304617512")},
+        {BignumT("2158810984205890191669054871064952338804964374501369689670490"
+                 "3154857389904594"),
+         BignumT("2462163053982270832598746118263924383921823021657820771974288"
+                 "0580327336278872")},
+        {BignumT("3573163868652051642475284665444297320318929588354107275939088"
+                 "2351699754104989"),
+         BignumT("4644023405238010579088846965247421888502168493252196386650693"
+                 "2102071884869246")},
+        {BignumT("3414183000323318077215384522743323345660314330653092001157925"
+                 "9084215824391544"),
+         BignumT("2163981062666409906038409596484133154605534834560048607810788"
+                 "2966779265621748")}};
+// D constants for L = 2 columns
+const std::vector<std::vector<BignumT>>
+    anemoi_parameters<ppT>::D_constants_col_two = {
+        {BignumT("1498167862146462585127078300233884738219730071443646794931533"
+                 "1057125308909900"),
+         BignumT("4872095934371910432473933838888583980299871155063740277389639"
+                 "5605948383052052")},
+        {BignumT("2825342020978542842023345600809163250925565234363452998440081"
+                 "6700490470131093"),
+         BignumT("6257781313532096835800460747082714697295034136932481743077166"
+                 "200794135826591")},
+        {BignumT("5151193940708334400277820848767859013557766024707560088083591"
+                 "6725469990319313"),
+         BignumT("4386017178186728799761421274050927732938229436976005221436222"
+                 "062273391481632")},
+        {BignumT("4629112154443573812524865767509766474229627680718669692234033"
+                 "2893747842754587"),
+         BignumT("1382018073647864517274646907518130460472997636481212754834152"
+                 "4461074783412926")},
+        {BignumT("3650460179273129580093806058710273018999560093475503119057680"
+                 "216309578390988"),
+         BignumT("4038522277183809910966223402024383158969022347879484720123501"
+                 "4486200724862134")},
+        {BignumT("4580222337074626812305915980640015229986777106112734563124478"
+                 "6118574025749328"),
+         BignumT("5030698007577826221415569329113205255155996272343693623161130"
+                 "1042966928400825")},
+        {BignumT("1179862127662496731572174899070930921635169609881316238205339"
+                 "6097866233042733"),
+         BignumT("3480695221203853724450603161207484713320733042726578575780967"
+                 "3463434908473570")},
+        {BignumT("4237291895943219916267083464159933632643300696866941566248807"
+                 "0504036922966492"),
+         BignumT("2275575941953007131500701157207616698366094244763402770135168"
+                 "1157370705921018")},
+        {BignumT("5218137124419318966955352195561461799071405672550164363657637"
+                 "7752669773323445"),
+         BignumT("3033417208429487055687527430890468841415874145785490809430001"
+                 "7436690480001547")},
+        {BignumT("2379198455482403167219524952465858060142837602950188915905900"
+                 "9332107176394097"),
+         BignumT("1983236062272339258402976480797132564113295351555780171764422"
+                 "6271356492507876")},
+        {BignumT("3334252083162030376405954844283469906964010905840054881858696"
+                 "4467754352720368"),
+         BignumT("5828182614154296575131381170785760240834851189333374788484657"
+                 "124381010655319")},
+        {BignumT("1679154825320774497457684551570546179413379910480899613461775"
+                 "4018912057476556"),
+         BignumT("2372979785349040156896773068661814685073512970715285325680905"
+                 "0789424668284094")},
+        {BignumT("1108734341986082531182813333776723811055641659668774917442288"
+                 "8171911517001265"),
+         BignumT("2284870849759634702726712489036302900224144014399356117052111"
+                 "3640580467699956")},
+        {BignumT("1193120777053847793780895503736324095679037485666623710640311"
+                 "1503668796872571"),
+         BignumT("5113168267461511776657835825572247462248477114567026004323109"
+                 "6654077231782319")},
+        {BignumT("3296943608590459582451043049934874894049468383833500962645016"
+                 "062634514172805"),
+         BignumT("4664478895343247770003373906982387732438923752725142737317020"
+                 "2269468246508522")},
+        {BignumT("7080580976521357573320018355401935489220216583936865937104131"
+                 "954142364033647"),
+         BignumT("4911648877696772616593749826967046787634239830029987342118301"
+                 "6200344552693677")},
+        {BignumT("2599014496591147824448152788804636647448982050246061513652385"
+                 "9419965697796405"),
+         BignumT("1484835895359756197471818329258236706767298639962938870995678"
+                 "2223452089882598")},
+        {BignumT("3390731338423572937556652991194046729509970598023460793457578"
+                 "6561097199483218"),
+         BignumT("4877244013053631691998472651792188347887020122139777602467234"
+                 "10671357671821")},
+        {BignumT("2599695026560846554135120728302496204437487368215288981439253"
+                 "3334239395044136"),
+         BignumT("2524359507738822918232351623052388147276722915486399241415425"
+                 "08715737622718")},
+        {BignumT("1787889232064146429219065509247533531704941660586517511805431"
+                 "4040434534086821"),
+         BignumT("2135963843850440044420505121931843033271258370587723800981955"
+                 "6047040768315863")}};
+// C constants for L = 3 columns
+const std::vector<std::vector<BignumT>>
+    anemoi_parameters<ppT>::C_constants_col_three = {
+        {BignumT("39"),
+         BignumT("1775651522782246060968440999711199549459044877525843799934444"
+                 "6424780281143353"),
+         BignumT("1018891612812359996477254614795190450086500961676464694818791"
+                 "5341627970346879")},
+        {BignumT("4136247828276806229718713244577531267536047388383486069528323"
+                 "5286481594490621"),
+         BignumT("3384073892082712848969991795331397937188893616190315628722966"
+                 "662742467187281"),
+         BignumT("3853646459699810802819790564525019664928744720837416933978464"
+                 "9587982292038621")},
+        {BignumT("9548818195234740988996233204400874453525674173109474205108603"
+                 "996010297049928"),
+         BignumT("5131188082215848888109078161771014680005638630312265736567960"
+                 "8608648067582435"),
+         BignumT("2459696595055290529608826989988088254971535466083239137400923"
+                 "4980535928382152")},
+        {BignumT("2536544056917782266758010518343541807399588823086818094200449"
+                 "7015015045856900"),
+         BignumT("2934760944191490233074151170227002684790917822807875256537272"
+                 "9158237774700914"),
+         BignumT("1435647866738596907930934954039494810941482992100104584559955"
+                 "3435706989367858")},
+        {BignumT("3402349839739340664411799416798672032717815468610526483309389"
+                 "1093045919619309"),
+         BignumT("2339620320400167830454536231899316133967303509954474267430948"
+                 "538955691907104"),
+         BignumT("1213674891966628629798915440442909922615468699202840156813305"
+                 "8190732008277996")},
+        {BignumT("3881605131971976188604185811312920550675842147865618286873732"
+                 "6994635468402951"),
+         BignumT("2733804253031973811335424620842610883223965108002327664386722"
+                 "3794985578055610"),
+         BignumT("1558067417971364454039840952344181407381076844949394056213642"
+                 "2009899312699155")},
+        {BignumT("3516741808753182080412837709551266392217988727766950404706991"
+                 "3414630376083753"),
+         BignumT("4219298352851337286912851432744320491282455954517963059758957"
+                 "2656156258515752"),
+         BignumT("4738921241144157326637909239293159997041788472939715684121631"
+                 "8364858334633325")},
+        {BignumT("2588586883975646972232565238753523247821982185060364082738544"
+                 "4642154834700231"),
+         BignumT("4272181898054851449032542443676303204692734776915339386361609"
+                 "5871384405840432"),
+         BignumT("5855288403637341107158034195599277569854359593529752399086836"
+                 "976954392351035")},
+        {BignumT("8867588811641202981080659274007552529205713737251862066053445"
+                 "622305818871963"),
+         BignumT("2347349933243705648406600674604859186412998890919026752114412"
+                 "5882222313735740"),
+         BignumT("5696063807157149622355481994320806474692190935543821893362808"
+                 "351446578125354")},
+        {BignumT("3643975601014013755611104775016254418571088140452237979204481"
+                 "8039722752946048"),
+         BignumT("1649736658360748060416141764404029229920449682963579552539341"
+                 "6854929276060989"),
+         BignumT("3147932349597011371381646760446049967588957991237003497484121"
+                 "2556442942086146")},
+        {BignumT("7788624504122357216765350546787885309160020166693449889975992"
+                 "574536033007374"),
+         BignumT("1672739596735052264350077839348991539183435273721141685724072"
+                 "5807058479128000"),
+         BignumT("2330992872018014336240882738557332747985840911535801077073015"
+                 "1873313341134036")},
+        {BignumT("3134147137704626983201116226440762775442116005053282329971088"
+                 "789984415999550"),
+         BignumT("4652550641868145619325559651610441674352303704698228044952942"
+                 "6136392814992763"),
+         BignumT("4917372673919383443116356365853730383619622786307127412244824"
+                 "3716476847774081")},
+        {BignumT("5025228738074182481899573330436124901628204797822159190657316"
+                 "5442023106203143"),
+         BignumT("4603088696404532867065057946752204298175610946458490707743477"
+                 "2786649263902996"),
+         BignumT("4712571643096224675022534387832506137920111203953790806087833"
+                 "6544274638889887")},
+        {BignumT("4843469897871227801240970620555957716357245274483313436119568"
+                 "7109159129985373"),
+         BignumT("1921653321323070949794722352629784806536533447236702265018339"
+                 "5435586190711770"),
+         BignumT("2897926863821744450704595717324317554216182338253096474269232"
+                 "4059406064069673")},
+        {BignumT("3296051061753018615951241363382138629795564259824166104417888"
+                 "9571655571939473"),
+         BignumT("7889715292813995933863223756089425964393897180189452806863798"
+                 "954507930091839"),
+         BignumT("1335282786350600018748463893875477804580192723833609082645717"
+                 "2216796844151715")}};
+// D constants for L = 3 columns
+const std::vector<std::vector<BignumT>>
+    anemoi_parameters<ppT>::D_constants_col_three = {
+        {BignumT("1498167862146462585127078300233884738219730071443646794931533"
+                 "1057125308909900"),
+         BignumT("4872095934371910432473933838888583980299871155063740277389639"
+                 "5605948383052052"),
+         BignumT("1170961042764195247622670495021805276356048907930130746422516"
+                 "4120801969364960")},
+        {BignumT("2825342020978542842023345600809163250925565234363452998440081"
+                 "6700490470131093"),
+         BignumT("6257781313532096835800460747082714697295034136932481743077166"
+                 "200794135826591"),
+         BignumT("1196642220206920081142760500749381736368080441627403119562414"
+                 "8724039857787313")},
+        {BignumT("5151193940708334400277820848767859013557766024707560088083591"
+                 "6725469990319313"),
+         BignumT("4386017178186728799761421274050927732938229436976005221436222"
+                 "062273391481632"),
+         BignumT("6632276653290444906058804748999332745749669823710727938548067"
+                 "32105730575244")},
+        {BignumT("4629112154443573812524865767509766474229627680718669692234033"
+                 "2893747842754587"),
+         BignumT("1382018073647864517274646907518130460472997636481212754834152"
+                 "4461074783412926"),
+         BignumT("2182117532069761119716127783198449565821339724541975439265730"
+                 "7036488476373765")},
+        {BignumT("3650460179273129580093806058710273018999560093475503119057680"
+                 "216309578390988"),
+         BignumT("4038522277183809910966223402024383158969022347879484720123501"
+                 "4486200724862134"),
+         BignumT("2073860155472592637359608260326591863616482364802647024342242"
+                 "3735982938342408")},
+        {BignumT("4580222337074626812305915980640015229986777106112734563124478"
+                 "6118574025749328"),
+         BignumT("5030698007577826221415569329113205255155996272343693623161130"
+                 "1042966928400825"),
+         BignumT("9105861908793877437599087016640061747418296780065295891365798"
+                 "855886560153752")},
+        {BignumT("1179862127662496731572174899070930921635169609881316238205339"
+                 "6097866233042733"),
+         BignumT("3480695221203853724450603161207484713320733042726578575780967"
+                 "3463434908473570"),
+         BignumT("1055943127858844643815584008805554614508787229864100774292171"
+                 "8770142881700525")},
+        {BignumT("4237291895943219916267083464159933632643300696866941566248807"
+                 "0504036922966492"),
+         BignumT("2275575941953007131500701157207616698366094244763402770135168"
+                 "1157370705921018"),
+         BignumT("8881354201366797207686592249590682298565723459695719800911380"
+                 "560885170725516")},
+        {BignumT("5218137124419318966955352195561461799071405672550164363657637"
+                 "7752669773323445"),
+         BignumT("3033417208429487055687527430890468841415874145785490809430001"
+                 "7436690480001547"),
+         BignumT("3554886191776286297101172047585517281669871267189379603060765"
+                 "8203859222685056")},
+        {BignumT("2379198455482403167219524952465858060142837602950188915905900"
+                 "9332107176394097"),
+         BignumT("1983236062272339258402976480797132564113295351555780171764422"
+                 "6271356492507876"),
+         BignumT("5370567718707734490084045178883836972105253285449736908577321"
+                 "570876055642415")},
+        {BignumT("3334252083162030376405954844283469906964010905840054881858696"
+                 "4467754352720368"),
+         BignumT("5828182614154296575131381170785760240834851189333374788484657"
+                 "124381010655319"),
+         BignumT("3540284072573181656988640108154744212083667675516530226606304"
+                 "1488580350955250")},
+        {BignumT("1679154825320774497457684551570546179413379910480899613461775"
+                 "4018912057476556"),
+         BignumT("2372979785349040156896773068661814685073512970715285325680905"
+                 "0789424668284094"),
+         BignumT("4937014353275067908272266874772930373538608971092718049381682"
+                 "6667453179359307")},
+        {BignumT("1108734341986082531182813333776723811055641659668774917442288"
+                 "8171911517001265"),
+         BignumT("2284870849759634702726712489036302900224144014399356117052111"
+                 "3640580467699956"),
+         BignumT("4693566332326116438268886021984431719166421190663189571805363"
+                 "5696150320980742")},
+        {BignumT("1193120777053847793780895503736324095679037485666623710640311"
+                 "1503668796872571"),
+         BignumT("5113168267461511776657835825572247462248477114567026004323109"
+                 "6654077231782319"),
+         BignumT("3145066828322356157207632231316010605356847674299189787722532"
+                 "4875903002249604")},
+        {BignumT("3296943608590459582451043049934874894049468383833500962645016"
+                 "062634514172805"),
+         BignumT("4664478895343247770003373906982387732438923752725142737317020"
+                 "2269468246508522"),
+         BignumT("2266415170774619075005438466298153336008448427255576113424887"
+                 "5129763057677780")}};
+// C constants for L = 4 columns
+const std::vector<std::vector<BignumT>>
+    anemoi_parameters<ppT>::C_constants_col_four = {
+        {BignumT("39"),
+         BignumT("1775651522782246060968440999711199549459044877525843799934444"
+                 "6424780281143353"),
+         BignumT("1018891612812359996477254614795190450086500961676464694818791"
+                 "5341627970346879"),
+         BignumT("3814237141406755457246679946340702245820791055503616462386588"
+                 "886553626328449")},
+        {BignumT("4136247828276806229718713244577531267536047388383486069528323"
+                 "5286481594490621"),
+         BignumT("3384073892082712848969991795331397937188893616190315628722966"
+                 "662742467187281"),
+         BignumT("3853646459699810802819790564525019664928744720837416933978464"
+                 "9587982292038621"),
+         BignumT("3759219767528975735847190819990641598248412433811237445343529"
+                 "2524131427342810")},
+        {BignumT("9548818195234740988996233204400874453525674173109474205108603"
+                 "996010297049928"),
+         BignumT("5131188082215848888109078161771014680005638630312265736567960"
+                 "8608648067582435"),
+         BignumT("2459696595055290529608826989988088254971535466083239137400923"
+                 "4980535928382152"),
+         BignumT("3403682625028780719465935912972258681807965244254717853103041"
+                 "0684351456041117")},
+        {BignumT("2536544056917782266758010518343541807399588823086818094200449"
+                 "7015015045856900"),
+         BignumT("2934760944191490233074151170227002684790917822807875256537272"
+                 "9158237774700914"),
+         BignumT("1435647866738596907930934954039494810941482992100104584559955"
+                 "3435706989367858"),
+         BignumT("9488013611624811735432450930006811652991761655550510302915118"
+                 "428283918068143")},
+        {BignumT("3402349839739340664411799416798672032717815468610526483309389"
+                 "1093045919619309"),
+         BignumT("2339620320400167830454536231899316133967303509954474267430948"
+                 "538955691907104"),
+         BignumT("1213674891966628629798915440442909922615468699202840156813305"
+                 "8190732008277996"),
+         BignumT("1944256982277265527026848283574248036549925680252051090584695"
+                 "3360427433130058")},
+        {BignumT("3881605131971976188604185811312920550675842147865618286873732"
+                 "6994635468402951"),
+         BignumT("2733804253031973811335424620842610883223965108002327664386722"
+                 "3794985578055610"),
+         BignumT("1558067417971364454039840952344181407381076844949394056213642"
+                 "2009899312699155"),
+         BignumT("4362660876979205605782410963041525734654031488177761934879852"
+                 "229226211686053")},
+        {BignumT("3516741808753182080412837709551266392217988727766950404706991"
+                 "3414630376083753"),
+         BignumT("4219298352851337286912851432744320491282455954517963059758957"
+                 "2656156258515752"),
+         BignumT("4738921241144157326637909239293159997041788472939715684121631"
+                 "8364858334633325"),
+         BignumT("4148765625963272739309827417873876393424966292428795624270459"
+                 "6746920012242443")},
+        {BignumT("2588586883975646972232565238753523247821982185060364082738544"
+                 "4642154834700231"),
+         BignumT("4272181898054851449032542443676303204692734776915339386361609"
+                 "5871384405840432"),
+         BignumT("5855288403637341107158034195599277569854359593529752399086836"
+                 "976954392351035"),
+         BignumT("1884585172212401932583442609483174306840855762168565871300274"
+                 "9358354699910772")},
+        {BignumT("8867588811641202981080659274007552529205713737251862066053445"
+                 "622305818871963"),
+         BignumT("2347349933243705648406600674604859186412998890919026752114412"
+                 "5882222313735740"),
+         BignumT("5696063807157149622355481994320806474692190935543821893362808"
+                 "351446578125354"),
+         BignumT("4855803159925507286210380968106056546455543739940382245890202"
+                 "4251997890071747")},
+        {BignumT("3643975601014013755611104775016254418571088140452237979204481"
+                 "8039722752946048"),
+         BignumT("1649736658360748060416141764404029229920449682963579552539341"
+                 "6854929276060989"),
+         BignumT("3147932349597011371381646760446049967588957991237003497484121"
+                 "2556442942086146"),
+         BignumT("5232706524245511758259018833389935270603181378215429313855349"
+                 "0341266149456684")},
+        {BignumT("7788624504122357216765350546787885309160020166693449889975992"
+                 "574536033007374"),
+         BignumT("1672739596735052264350077839348991539183435273721141685724072"
+                 "5807058479128000"),
+         BignumT("2330992872018014336240882738557332747985840911535801077073015"
+                 "1873313341134036"),
+         BignumT("5006722144318758766157409016714691420686239438032848856181914"
+                 "1296175188378275")},
+        {BignumT("3134147137704626983201116226440762775442116005053282329971088"
+                 "789984415999550"),
+         BignumT("4652550641868145619325559651610441674352303704698228044952942"
+                 "6136392814992763"),
+         BignumT("4917372673919383443116356365853730383619622786307127412244824"
+                 "3716476847774081"),
+         BignumT("2904698228930932183221963874409477310924064596431938774518994"
+                 "1342957948119206")},
+        {BignumT("5025228738074182481899573330436124901628204797822159190657316"
+                 "5442023106203143"),
+         BignumT("4603088696404532867065057946752204298175610946458490707743477"
+                 "2786649263902996"),
+         BignumT("4712571643096224675022534387832506137920111203953790806087833"
+                 "6544274638889887"),
+         BignumT("2565160334368547579709252575251152479523478078611094273882850"
+                 "7305471634791967")},
+        {BignumT("4843469897871227801240970620555957716357245274483313436119568"
+                 "7109159129985373"),
+         BignumT("1921653321323070949794722352629784806536533447236702265018339"
+                 "5435586190711770"),
+         BignumT("2897926863821744450704595717324317554216182338253096474269232"
+                 "4059406064069673"),
+         BignumT("3959522249278680358015509825411090545862059993160154730469919"
+                 "1792976275820627")}};
+// D constants for L = 4 columns
+const std::vector<std::vector<BignumT>>
+    anemoi_parameters<ppT>::D_constants_col_four = {
+        {BignumT("1498167862146462585127078300233884738219730071443646794931533"
+                 "1057125308909900"),
+         BignumT("4872095934371910432473933838888583980299871155063740277389639"
+                 "5605948383052052"),
+         BignumT("1170961042764195247622670495021805276356048907930130746422516"
+                 "4120801969364960"),
+         BignumT("3188799073106888901912065951229864304299742047220134499402570"
+                 "163601813730969")},
+        {BignumT("2825342020978542842023345600809163250925565234363452998440081"
+                 "6700490470131093"),
+         BignumT("6257781313532096835800460747082714697295034136932481743077166"
+                 "200794135826591"),
+         BignumT("1196642220206920081142760500749381736368080441627403119562414"
+                 "8724039857787313"),
+         BignumT("8876022912542631074912834764773050492660953075192093830253524"
+                 "158063181475941")},
+        {BignumT("5151193940708334400277820848767859013557766024707560088083591"
+                 "6725469990319313"),
+         BignumT("4386017178186728799761421274050927732938229436976005221436222"
+                 "062273391481632"),
+         BignumT("6632276653290444906058804748999332745749669823710727938548067"
+                 "32105730575244"),
+         BignumT("7956955597245727322388196907364651338722736293265717471854714"
+                 "933795446618648")},
+        {BignumT("4629112154443573812524865767509766474229627680718669692234033"
+                 "2893747842754587"),
+         BignumT("1382018073647864517274646907518130460472997636481212754834152"
+                 "4461074783412926"),
+         BignumT("2182117532069761119716127783198449565821339724541975439265730"
+                 "7036488476373765"),
+         BignumT("1480657789711823478649560642421937299757380050914907637095160"
+                 "4526939593458489")},
+        {BignumT("3650460179273129580093806058710273018999560093475503119057680"
+                 "216309578390988"),
+         BignumT("4038522277183809910966223402024383158969022347879484720123501"
+                 "4486200724862134"),
+         BignumT("2073860155472592637359608260326591863616482364802647024342242"
+                 "3735982938342408"),
+         BignumT("2589829009001407627908663823720231357129286498769843710211505"
+                 "1403552551578909")},
+        {BignumT("4580222337074626812305915980640015229986777106112734563124478"
+                 "6118574025749328"),
+         BignumT("5030698007577826221415569329113205255155996272343693623161130"
+                 "1042966928400825"),
+         BignumT("9105861908793877437599087016640061747418296780065295891365798"
+                 "855886560153752"),
+         BignumT("4817759141336740991564205616704875304173558384845661260769162"
+                 "0273026228709602")},
+        {BignumT("1179862127662496731572174899070930921635169609881316238205339"
+                 "6097866233042733"),
+         BignumT("3480695221203853724450603161207484713320733042726578575780967"
+                 "3463434908473570"),
+         BignumT("1055943127858844643815584008805554614508787229864100774292171"
+                 "8770142881700525"),
+         BignumT("2511742758961381498086249076485723904703122022711664665388729"
+                 "650078747694082")},
+        {BignumT("4237291895943219916267083464159933632643300696866941566248807"
+                 "0504036922966492"),
+         BignumT("2275575941953007131500701157207616698366094244763402770135168"
+                 "1157370705921018"),
+         BignumT("8881354201366797207686592249590682298565723459695719800911380"
+                 "560885170725516"),
+         BignumT("1972578515203525635957421135144616159290339301703148363580602"
+                 "5440159666669692")},
+        {BignumT("5218137124419318966955352195561461799071405672550164363657637"
+                 "7752669773323445"),
+         BignumT("3033417208429487055687527430890468841415874145785490809430001"
+                 "7436690480001547"),
+         BignumT("3554886191776286297101172047585517281669871267189379603060765"
+                 "8203859222685056"),
+         BignumT("2382882216691637666452353485703197976465487816440601629452194"
+                 "7902346141831375")},
+        {BignumT("2379198455482403167219524952465858060142837602950188915905900"
+                 "9332107176394097"),
+         BignumT("1983236062272339258402976480797132564113295351555780171764422"
+                 "6271356492507876"),
+         BignumT("5370567718707734490084045178883836972105253285449736908577321"
+                 "570876055642415"),
+         BignumT("2407217709737451929206899311094570379803095868441385259326833"
+                 "1853573451397392")},
+        {BignumT("3334252083162030376405954844283469906964010905840054881858696"
+                 "4467754352720368"),
+         BignumT("5828182614154296575131381170785760240834851189333374788484657"
+                 "124381010655319"),
+         BignumT("3540284072573181656988640108154744212083667675516530226606304"
+                 "1488580350955250"),
+         BignumT("7578125905794851322815150557558076805933581048787999755527104"
+                 "709377805399415")},
+        {BignumT("1679154825320774497457684551570546179413379910480899613461775"
+                 "4018912057476556"),
+         BignumT("2372979785349040156896773068661814685073512970715285325680905"
+                 "0789424668284094"),
+         BignumT("4937014353275067908272266874772930373538608971092718049381682"
+                 "6667453179359307"),
+         BignumT("2709726671504794741698997103590978680421397934135515163753725"
+                 "6791808468088871")},
+        {BignumT("1108734341986082531182813333776723811055641659668774917442288"
+                 "8171911517001265"),
+         BignumT("2284870849759634702726712489036302900224144014399356117052111"
+                 "3640580467699956"),
+         BignumT("4693566332326116438268886021984431719166421190663189571805363"
+                 "5696150320980742"),
+         BignumT("2331541786816617436276726929665379440348135218238478791698253"
+                 "8955221505267261")},
+        {BignumT("1193120777053847793780895503736324095679037485666623710640311"
+                 "1503668796872571"),
+         BignumT("5113168267461511776657835825572247462248477114567026004323109"
+                 "6654077231782319"),
+         BignumT("3145066828322356157207632231316010605356847674299189787722532"
+                 "4875903002249604"),
+         BignumT("3992048976997470157839669059665084976581072482124233796021092"
+                 "5107347402384997")}};
+
 } // namespace libsnark
 
 #endif // LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_PARAMETERS_TCC_
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/anemoi_outputs.cpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/anemoi_outputs.cpp
index 6366e24f7..404786f73 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/anemoi_outputs.cpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/anemoi_outputs.cpp
@@ -11,10 +11,13 @@
 namespace libsnark
 {
 
-std::vector<libff::Fr<libff::bls12_381_pp>> anemoi_expected_output_one_round(
+using ppT = libff::bls12_381_pp;
+using FieldT = libff::Fr<ppT>;
+
+std::vector<FieldT> anemoi_expected_output_one_round(
     const size_t &NumStateColumns_L)
 {
-    std::vector<libff::Fr<libff::bls12_381_pp>> Y_expect_one_round;
+    std::vector<FieldT> Y_expect_one_round;
 
     assert(
         ((NumStateColumns_L == 1) || (NumStateColumns_L == 2) ||
@@ -23,82 +26,65 @@ std::vector<libff::Fr<libff::bls12_381_pp>> anemoi_expected_output_one_round(
     // Expected output for 1 round, L=1: Y_left || Y_right
     if (NumStateColumns_L == 1) {
         Y_expect_one_round = {
-            libff::Fr<libff::bls12_381_pp>(
-                "16886130779841338454685815420547293349389636023659763220356242"
-                "191375349870484"),
-            libff::Fr<libff::bls12_381_pp>(
-                "25110401710643410245000460073920576016937556620262171420761605"
-                "822971640233467")};
+            FieldT("38051718563229095456356396838757622428877349000988080406936"
+                   "541035058348383373"),
+            FieldT("46541011259834287958249207092806566220478802569831738513953"
+                   "284817094880352697"),
+        };
     }
 
     // Expected output for 1 round, L=2: Y_left || Y_right
     if (NumStateColumns_L == 2) {
         Y_expect_one_round = {
-            libff::Fr<libff::bls12_381_pp>(
-                "1175380475393374013893416228835342241561414"
-                "1018732075580217124721246447701179"),
-            libff::Fr<libff::bls12_381_pp>(
-                "5134979568569792732148078272800590308409837"
-                "4830632868723399131618498422926132"),
-            libff::Fr<libff::bls12_381_pp>(
-                "3727673203363049293464225228142251472192664"
-                "376552350730266112321515955286600"),
-            libff::Fr<libff::bls12_381_pp>(
-                "1961381747459264641165654006524664686879236"
-                "9344942410316218713185877778202296")};
+            FieldT("15150541060175709103777475248496599766370694616692747879011"
+                   "019662924685442224"),
+            FieldT("29843552910061109491271060352447525363732495152033190876686"
+                   "584609246472017584"),
+            FieldT("26146505138638275289195845765973260067149980640992713539811"
+                   "89299166526395914"),
+            FieldT("49824839783019326099876978052724035902783619514814699665266"
+                   "556433444232424513"),
+        };
     }
 
     // Expected output for 1 round, L=3: Y_left || Y_right
     if (NumStateColumns_L == 3) {
         Y_expect_one_round = {
-            libff::Fr<libff::bls12_381_pp>(
-                "34028487665369117219732649464748473746959762451803899118620720"
-                "068928912690818"),
-            libff::Fr<libff::bls12_381_pp>(
-                "23656628590950976492304898550690305252497146294682073762427630"
-                "253215753757615"),
-            libff::Fr<libff::bls12_381_pp>(
-                "50489879152443944169393928755102146404491652050126328897483718"
-                "597599270365689"),
-            libff::Fr<libff::bls12_381_pp>(
-                "48428584324500458296574300843220437759994411990569443572079173"
-                "839484309978119"),
-            libff::Fr<libff::bls12_381_pp>(
-                "11634702739956834435596217222823133671340499123246628858964783"
-                "053003807419954"),
-            libff::Fr<libff::bls12_381_pp>(
-                "21780864109569366263860246478259162683407782976390816039852496"
-                "900891891832562")};
+            FieldT("10213223669833360114287009308428395240580814943870872556412"
+                   "118775684298316596"),
+            FieldT("21664318220192052598342324987452326886678438558734363929475"
+                   "644562220502833005"),
+            FieldT("12646567985368940694364168913172674258570854544904909064049"
+                   "69831326941799205"),
+            FieldT("27292794672043705408598844612721784937283668235394047343788"
+                   "755455342406044808"),
+            FieldT("38119908930143426720630804902252966609368611078523098634130"
+                   "250397080737556763"),
+            FieldT("33144463221517343347312859079453261424067069247167408451667"
+                   "76226968891742442"),
+        };
     }
 
     // Expected output for 1 round, L=4: Y_left || Y_right
     if (NumStateColumns_L == 4) {
-        //        Y_expect_one_round = {0, 0, 0, 0, 0, 0, 0, 0};
         Y_expect_one_round = {
-            libff::Fr<libff::bls12_381_pp>(
-                "17041780326162393669606616053498620031347218348431899833333341"
-                "812514930377576,"),
-            libff::Fr<libff::bls12_381_pp>(
-                "30554768545485035781675432957894191123666596590949762067679457"
-                "455353618615899,"),
-            libff::Fr<libff::bls12_381_pp>(
-                "42087151902926409355779626374174416555426768306907549437379349"
-                "373759646788220,"),
-            libff::Fr<libff::bls12_381_pp>(
-                "14414386843800103337001169291703636864672990050174868447277039"
-                "577479472767841"),
-            libff::Fr<libff::bls12_381_pp>(
-                "31520834268440017158677087966007788520972054097794068312302569"
-                "32773289540941,"),
-            libff::Fr<libff::bls12_381_pp>(
-                "38028057056256168614342506654290572930068443685959285901110523"
-                "458386878293466,"),
-            libff::Fr<libff::bls12_381_pp>(
-                "29773101755555543082186573665458252067898132238258590143518897"
-                "95128931607232,"),
-            libff::Fr<libff::bls12_381_pp>(
-                "51937274826670493627644353962426329420272866410811452792266413"
-                "243735248502826")};
+            FieldT("32728029339990442022355611963591129142873176406157617761037"
+                   "682452539219819088"),
+            FieldT("49311030695492657479127064149718592806428520311648889321916"
+                   "443844338668678323"),
+            FieldT("32674068623897120493809932137805441331335518262582687356675"
+                   "282427934524464097"),
+            FieldT("47598191392555380432433599763649181065734671583813678477762"
+                   "106446112059712955"),
+            FieldT("33816823933838499380471531208184598784697974497023773863342"
+                   "709156643799272839"),
+            FieldT("39287313504077148049871180527977732866247140639315642469731"
+                   "817272046249721803"),
+            FieldT("11801804404965184856947462551550819967745058632589947991520"
+                   "598952500171782048"),
+            FieldT("13464045906969562610953775876862024564309085018098935959036"
+                   "17609367350545744"),
+        };
     }
 
     return Y_expect_one_round;
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
index ec7388107..58a4378e1 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
@@ -234,8 +234,6 @@ void test_anemoi_permutation_round_prime_field_gadget()
 {
     using FieldT = libff::Fr<ppT>;
 
-    //        const size_t NumStateColumns_L = L;
-
     protoboard<FieldT> pb;
     std::vector<FieldT> C;
     std::vector<FieldT> D;
@@ -251,11 +249,23 @@ void test_anemoi_permutation_round_prime_field_gadget()
     Y_left.allocate(pb, NumStateColumns_L, "left outputs");
     Y_right.allocate(pb, NumStateColumns_L, "right outputs");
 
-    // WARNINIG! test with zero constants. TODO add the original
-    // constants of Anemoi
     for (size_t i = 0; i < NumStateColumns_L; i++) {
-        C.push_back(FieldT(0));
-        D.push_back(FieldT(0));
+        if (NumStateColumns_L == 1) {
+            C.push_back(parameters::C_constants_col_one[0][i]);
+            D.push_back(parameters::D_constants_col_one[0][i]);
+        }
+        if (NumStateColumns_L == 2) {
+            C.push_back(parameters::C_constants_col_two[0][i]);
+            D.push_back(parameters::D_constants_col_two[0][i]);
+        }
+        if (NumStateColumns_L == 3) {
+            C.push_back(parameters::C_constants_col_three[0][i]);
+            D.push_back(parameters::D_constants_col_three[0][i]);
+        }
+        if (NumStateColumns_L == 4) {
+            C.push_back(parameters::C_constants_col_four[0][i]);
+            D.push_back(parameters::D_constants_col_four[0][i]);
+        }
     }
 
     anemoi_permutation_round_prime_field_gadget<
@@ -308,10 +318,7 @@ template<typename ppT> void test_for_curve()
     test_anemoi_permutation_round_prime_field_gadget<ppT, 1, parameters>();
     test_anemoi_permutation_round_prime_field_gadget<ppT, 2, parameters>();
     test_anemoi_permutation_round_prime_field_gadget<ppT, 3, parameters>();
-    // TODO code for L=4 is still WIP. The test values match, but a
-    // bigint assertion error is generated in libff.
-    // test_anemoi_permutation_round_prime_field_gadget<ppT, 4,
-    // parameters>();
+    test_anemoi_permutation_round_prime_field_gadget<ppT, 4, parameters>();
 }
 
 TEST(TestAnemoiGadget, BLS12_381) { test_for_curve<libff::bls12_381_pp>(); }

From b8c82f683c847a8f309f852a5eefbccc88cac413 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Thu, 12 Jan 2023 10:24:51 +0000
Subject: [PATCH 093/112] anemoi: fixed the use of emplace_back to directly
 call the constructor of the added element in place
 (https://github.com/clearmatics/libsnark/pull/98#discussion_r1067515826)

---
 .../gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc   | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
index 17db8b0fb..e5fccc268 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
@@ -577,14 +577,13 @@ anemoi_permutation_round_prime_field_gadget<
 
     // apply layer of L Flystel S-boxes
     for (size_t i = 0; i < ncols; i++) {
-        flystel_prime_field_gadget<ppT, parameters> H(
+        Flystel.emplace_back(flystel_prime_field_gadget<ppT, parameters>(
             pb,
             Z_left[i],
             Z_right[i],
             Y_left[i],
             Y_right[i],
-            FMT(this->annotation_prefix, " Flystel[%zu]", i));
-        Flystel.emplace_back(H);
+            FMT(this->annotation_prefix, " Flystel[%zu]", i)));
     }
 }
 

From f744943e3ce43754f6fd0a59572f85944aa92cff Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Fri, 13 Jan 2023 16:18:43 +0000
Subject: [PATCH 094/112] anemoi: fixed improper use of types in
 anemoi_parameters class
 (https://github.com/clearmatics/libsnark/pull/101#discussion_r1069493909)

---
 .../hashes/anemoi/anemoi_parameters.tcc       | 1807 ++++++++++-------
 .../hashes/anemoi/tests/anemoi_outputs.cpp    |  107 +-
 2 files changed, 1144 insertions(+), 770 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.tcc
index a05a0cb60..777a8afb5 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.tcc
@@ -11,744 +11,1101 @@
 
 namespace libsnark
 {
-using ppT = libff::bls12_381_pp;
-using FieldT = libff::Fr<ppT>;
-using BignumT = libff::bigint<FieldT::num_limbs>;
-
-const BignumT anemoi_parameters<ppT>::alpha_inv =
-    BignumT("209743500700504761917790962032743863350762210002110551290414634799"
+const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>
+    anemoi_parameters<libff::bls12_381_pp>::alpha_inv =
+        libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "209743500700504761917790962032743863350762210002110551290414634799"
             "75432473805");
-const BignumT anemoi_parameters<ppT>::delta =
-    BignumT("14981678621464625851270783002338847382197300714436467949315"
-            "331057125308909861");
+
+const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>
+    anemoi_parameters<libff::bls12_381_pp>::delta =
+        libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "149816786214646258512707830023388473821973007144364679493153310571"
+            "25308909861");
 
 // Automatically generated with SAGE script
 // libsnark/scripts/anemoi-hash/parameters.sage
 
 // C constants for L = 1 columns
-const std::vector<std::vector<BignumT>>
-    anemoi_parameters<ppT>::C_constants_col_one = {
-        {BignumT("39")},
-        {BignumT("4136247828276806229718713244577531267536047388383486069528323"
-                 "5286481594490621")},
-        {BignumT("9548818195234740988996233204400874453525674173109474205108603"
-                 "996010297049928")},
-        {BignumT("2536544056917782266758010518343541807399588823086818094200449"
-                 "7015015045856900")},
-        {BignumT("3402349839739340664411799416798672032717815468610526483309389"
-                 "1093045919619309")},
-        {BignumT("3881605131971976188604185811312920550675842147865618286873732"
-                 "6994635468402951")},
-        {BignumT("3516741808753182080412837709551266392217988727766950404706991"
-                 "3414630376083753")},
-        {BignumT("2588586883975646972232565238753523247821982185060364082738544"
-                 "4642154834700231")},
-        {BignumT("8867588811641202981080659274007552529205713737251862066053445"
-                 "622305818871963")},
-        {BignumT("3643975601014013755611104775016254418571088140452237979204481"
-                 "8039722752946048")},
-        {BignumT("7788624504122357216765350546787885309160020166693449889975992"
-                 "574536033007374")},
-        {BignumT("3134147137704626983201116226440762775442116005053282329971088"
-                 "789984415999550")},
-        {BignumT("5025228738074182481899573330436124901628204797822159190657316"
-                 "5442023106203143")},
-        {BignumT("4843469897871227801240970620555957716357245274483313436119568"
-                 "7109159129985373")},
-        {BignumT("3296051061753018615951241363382138629795564259824166104417888"
-                 "9571655571939473")},
-        {BignumT("1285089785916676109442233567110628047038142757169574460526571"
-                 "3866647560628356")},
-        {BignumT("1457803687263429879838204858779420461358312857353555715694378"
-                 "3762854124345644")},
-        {BignumT("2158810984205890191669054871064952338804964374501369689670490"
-                 "3154857389904594")},
-        {BignumT("3573163868652051642475284665444297320318929588354107275939088"
-                 "2351699754104989")},
-        {BignumT("3414183000323318077215384522743323345660314330653092001157925"
-                 "9084215824391544")},
-        {BignumT("3027254367085063588211659622825600546081751717380872113913651"
-                 "5002908946750291")},
-        {BignumT("3768363593281961326941587782686189985071564454422848472941929"
-                 "5166414535174481")},
-        {BignumT("1777552726180288598698664564022278799535229596422979763053260"
-                 "0737667449540308")},
-        {BignumT("2242053268912895380223639524924488654049383393056681989283375"
-                 "4476317231258312")},
-        {BignumT("1781750799655131171855013870231705422861993743819467234562380"
-                 "8375428004673958")},
-        {BignumT("5907960848989041605787426770777938946362788429322103525767702"
-                 "134624204537201")},
-        {BignumT("4575754523223150487951206450300989993499364301619443762154491"
-                 "7886299650707409")},
-        {BignumT("3351575904326362029667391785894850052331758424449294788024166"
-                 "7732620512600816")},
-        {BignumT("3782107092146657371942244937487594436519655609351402452159268"
-                 "7983958120860990")},
-        {BignumT("7929930502054589212738745246913303052577853923752241654515807"
-                 "520533378749565")},
-        {BignumT("7293738197873102537561743233253745300908719293335917846485104"
-                 "247108708549476")},
-        {BignumT("1320851183292961399782794581181760945052577753132072039202869"
-                 "7949327330418879")},
-        {BignumT("4760106840554597709420686703443933029626857913397893274380442"
-                 "4355927206954636")},
-        {BignumT("4063384519496145387643566765262483674009891714999763813130147"
-                 "7678515012057005")},
-        {BignumT("3733195933994398794113838907482980087883672168816874177181593"
-                 "7326790200186032")}};
+const std::vector<
+    std::vector<libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>>>
+    anemoi_parameters<libff::bls12_381_pp>::C_constants_col_one = {
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>("39")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "4136247828276806229718713244577531267536047388383486069528323"
+            "5286481594490621")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "9548818195234740988996233204400874453525674173109474205108603"
+            "996010297049928")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "2536544056917782266758010518343541807399588823086818094200449"
+            "7015015045856900")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "3402349839739340664411799416798672032717815468610526483309389"
+            "1093045919619309")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "3881605131971976188604185811312920550675842147865618286873732"
+            "6994635468402951")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "3516741808753182080412837709551266392217988727766950404706991"
+            "3414630376083753")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "2588586883975646972232565238753523247821982185060364082738544"
+            "4642154834700231")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "8867588811641202981080659274007552529205713737251862066053445"
+            "622305818871963")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "3643975601014013755611104775016254418571088140452237979204481"
+            "8039722752946048")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "7788624504122357216765350546787885309160020166693449889975992"
+            "574536033007374")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "3134147137704626983201116226440762775442116005053282329971088"
+            "789984415999550")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "5025228738074182481899573330436124901628204797822159190657316"
+            "5442023106203143")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "4843469897871227801240970620555957716357245274483313436119568"
+            "7109159129985373")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "3296051061753018615951241363382138629795564259824166104417888"
+            "9571655571939473")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "1285089785916676109442233567110628047038142757169574460526571"
+            "3866647560628356")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "1457803687263429879838204858779420461358312857353555715694378"
+            "3762854124345644")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "2158810984205890191669054871064952338804964374501369689670490"
+            "3154857389904594")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "3573163868652051642475284665444297320318929588354107275939088"
+            "2351699754104989")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "3414183000323318077215384522743323345660314330653092001157925"
+            "9084215824391544")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "3027254367085063588211659622825600546081751717380872113913651"
+            "5002908946750291")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "3768363593281961326941587782686189985071564454422848472941929"
+            "5166414535174481")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "1777552726180288598698664564022278799535229596422979763053260"
+            "0737667449540308")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "2242053268912895380223639524924488654049383393056681989283375"
+            "4476317231258312")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "1781750799655131171855013870231705422861993743819467234562380"
+            "8375428004673958")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "5907960848989041605787426770777938946362788429322103525767702"
+            "134624204537201")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "4575754523223150487951206450300989993499364301619443762154491"
+            "7886299650707409")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "3351575904326362029667391785894850052331758424449294788024166"
+            "7732620512600816")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "3782107092146657371942244937487594436519655609351402452159268"
+            "7983958120860990")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "7929930502054589212738745246913303052577853923752241654515807"
+            "520533378749565")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "7293738197873102537561743233253745300908719293335917846485104"
+            "247108708549476")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "1320851183292961399782794581181760945052577753132072039202869"
+            "7949327330418879")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "4760106840554597709420686703443933029626857913397893274380442"
+            "4355927206954636")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "4063384519496145387643566765262483674009891714999763813130147"
+            "7678515012057005")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "3733195933994398794113838907482980087883672168816874177181593"
+            "7326790200186032")}};
 // D constants for L = 1 columns
-const std::vector<std::vector<BignumT>>
-    anemoi_parameters<ppT>::D_constants_col_one = {
-        {BignumT("1498167862146462585127078300233884738219730071443646794931533"
-                 "1057125308909900")},
-        {BignumT("2825342020978542842023345600809163250925565234363452998440081"
-                 "6700490470131093")},
-        {BignumT("5151193940708334400277820848767859013557766024707560088083591"
-                 "6725469990319313")},
-        {BignumT("4629112154443573812524865767509766474229627680718669692234033"
-                 "2893747842754587")},
-        {BignumT("3650460179273129580093806058710273018999560093475503119057680"
-                 "216309578390988")},
-        {BignumT("4580222337074626812305915980640015229986777106112734563124478"
-                 "6118574025749328")},
-        {BignumT("1179862127662496731572174899070930921635169609881316238205339"
-                 "6097866233042733")},
-        {BignumT("4237291895943219916267083464159933632643300696866941566248807"
-                 "0504036922966492")},
-        {BignumT("5218137124419318966955352195561461799071405672550164363657637"
-                 "7752669773323445")},
-        {BignumT("2379198455482403167219524952465858060142837602950188915905900"
-                 "9332107176394097")},
-        {BignumT("3334252083162030376405954844283469906964010905840054881858696"
-                 "4467754352720368")},
-        {BignumT("1679154825320774497457684551570546179413379910480899613461775"
-                 "4018912057476556")},
-        {BignumT("1108734341986082531182813333776723811055641659668774917442288"
-                 "8171911517001265")},
-        {BignumT("1193120777053847793780895503736324095679037485666623710640311"
-                 "1503668796872571")},
-        {BignumT("3296943608590459582451043049934874894049468383833500962645016"
-                 "062634514172805")},
-        {BignumT("7080580976521357573320018355401935489220216583936865937104131"
-                 "954142364033647")},
-        {BignumT("2599014496591147824448152788804636647448982050246061513652385"
-                 "9419965697796405")},
-        {BignumT("3390731338423572937556652991194046729509970598023460793457578"
-                 "6561097199483218")},
-        {BignumT("2599695026560846554135120728302496204437487368215288981439253"
-                 "3334239395044136")},
-        {BignumT("1787889232064146429219065509247533531704941660586517511805431"
-                 "4040434534086821")},
-        {BignumT("2544362260902875442286391098189093253939618199260893893262028"
-                 "4900889552530362")},
-        {BignumT("2213925974238578928263688442052149431935172884333002618383508"
-                 "5771185820492424")},
-        {BignumT("4544838207590267101246428934380594914930153428271013460123949"
-                 "3945748506785132")},
-        {BignumT("4190050824176865357917077217076789089889341280166982531075178"
-                 "2528515999085573")},
-        {BignumT("2206322440397895722401952365768916013572151261903362630668445"
-                 "2466460943730461")},
-        {BignumT("2832030289850176249602297270548525715536949612220966283998416"
-                 "8714501264885500")},
-        {BignumT("4287555565234207642344057394372869512671982537556559573935345"
-                 "2728374263558032")},
-        {BignumT("4922724176456376719735450248405681608821487385270058531091824"
-                 "814910623278042")},
-        {BignumT("3921370247689723006126782750599821295952035186979190166959759"
-                 "2300297466204227")},
-        {BignumT("3779261478156072582337106630839435214997069649894818322014932"
-                 "220444906128664")},
-        {BignumT("3488034420730584193447836292131642693573379607386189453869992"
-                 "2220093706975247")},
-        {BignumT("3690016605053253510014046709677869543525623192871866158270966"
-                 "5229160044742454")},
-        {BignumT("3319862684241695177099937357556292431646628819111577573885602"
-                 "1866337799605112")},
-        {BignumT("4872466117409980308783338654105694977257129368375335748862849"
-                 "4212068867653992")},
-        {BignumT("4267045410586742273231462605057328681056892682267662822301642"
-                 "4398663193502895")}};
+const std::vector<
+    std::vector<libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>>>
+    anemoi_parameters<libff::bls12_381_pp>::D_constants_col_one = {
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "1498167862146462585127078300233884738219730071443646794931533"
+            "1057125308909900")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "2825342020978542842023345600809163250925565234363452998440081"
+            "6700490470131093")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "5151193940708334400277820848767859013557766024707560088083591"
+            "6725469990319313")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "4629112154443573812524865767509766474229627680718669692234033"
+            "2893747842754587")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "3650460179273129580093806058710273018999560093475503119057680"
+            "216309578390988")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "4580222337074626812305915980640015229986777106112734563124478"
+            "6118574025749328")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "1179862127662496731572174899070930921635169609881316238205339"
+            "6097866233042733")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "4237291895943219916267083464159933632643300696866941566248807"
+            "0504036922966492")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "5218137124419318966955352195561461799071405672550164363657637"
+            "7752669773323445")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "2379198455482403167219524952465858060142837602950188915905900"
+            "9332107176394097")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "3334252083162030376405954844283469906964010905840054881858696"
+            "4467754352720368")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "1679154825320774497457684551570546179413379910480899613461775"
+            "4018912057476556")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "1108734341986082531182813333776723811055641659668774917442288"
+            "8171911517001265")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "1193120777053847793780895503736324095679037485666623710640311"
+            "1503668796872571")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "3296943608590459582451043049934874894049468383833500962645016"
+            "062634514172805")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "7080580976521357573320018355401935489220216583936865937104131"
+            "954142364033647")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "2599014496591147824448152788804636647448982050246061513652385"
+            "9419965697796405")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "3390731338423572937556652991194046729509970598023460793457578"
+            "6561097199483218")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "2599695026560846554135120728302496204437487368215288981439253"
+            "3334239395044136")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "1787889232064146429219065509247533531704941660586517511805431"
+            "4040434534086821")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "2544362260902875442286391098189093253939618199260893893262028"
+            "4900889552530362")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "2213925974238578928263688442052149431935172884333002618383508"
+            "5771185820492424")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "4544838207590267101246428934380594914930153428271013460123949"
+            "3945748506785132")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "4190050824176865357917077217076789089889341280166982531075178"
+            "2528515999085573")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "2206322440397895722401952365768916013572151261903362630668445"
+            "2466460943730461")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "2832030289850176249602297270548525715536949612220966283998416"
+            "8714501264885500")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "4287555565234207642344057394372869512671982537556559573935345"
+            "2728374263558032")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "4922724176456376719735450248405681608821487385270058531091824"
+            "814910623278042")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "3921370247689723006126782750599821295952035186979190166959759"
+            "2300297466204227")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "3779261478156072582337106630839435214997069649894818322014932"
+            "220444906128664")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "3488034420730584193447836292131642693573379607386189453869992"
+            "2220093706975247")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "3690016605053253510014046709677869543525623192871866158270966"
+            "5229160044742454")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "3319862684241695177099937357556292431646628819111577573885602"
+            "1866337799605112")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "4872466117409980308783338654105694977257129368375335748862849"
+            "4212068867653992")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+            "4267045410586742273231462605057328681056892682267662822301642"
+            "4398663193502895")}};
 // C constants for L = 2 columns
-const std::vector<std::vector<BignumT>>
-    anemoi_parameters<ppT>::C_constants_col_two = {
-        {BignumT("39"),
-         BignumT("1775651522782246060968440999711199549459044877525843799934444"
-                 "6424780281143353")},
-        {BignumT("4136247828276806229718713244577531267536047388383486069528323"
-                 "5286481594490621"),
-         BignumT("3384073892082712848969991795331397937188893616190315628722966"
-                 "662742467187281")},
-        {BignumT("9548818195234740988996233204400874453525674173109474205108603"
-                 "996010297049928"),
-         BignumT("5131188082215848888109078161771014680005638630312265736567960"
-                 "8608648067582435")},
-        {BignumT("2536544056917782266758010518343541807399588823086818094200449"
-                 "7015015045856900"),
-         BignumT("2934760944191490233074151170227002684790917822807875256537272"
-                 "9158237774700914")},
-        {BignumT("3402349839739340664411799416798672032717815468610526483309389"
-                 "1093045919619309"),
-         BignumT("2339620320400167830454536231899316133967303509954474267430948"
-                 "538955691907104")},
-        {BignumT("3881605131971976188604185811312920550675842147865618286873732"
-                 "6994635468402951"),
-         BignumT("2733804253031973811335424620842610883223965108002327664386722"
-                 "3794985578055610")},
-        {BignumT("3516741808753182080412837709551266392217988727766950404706991"
-                 "3414630376083753"),
-         BignumT("4219298352851337286912851432744320491282455954517963059758957"
-                 "2656156258515752")},
-        {BignumT("2588586883975646972232565238753523247821982185060364082738544"
-                 "4642154834700231"),
-         BignumT("4272181898054851449032542443676303204692734776915339386361609"
-                 "5871384405840432")},
-        {BignumT("8867588811641202981080659274007552529205713737251862066053445"
-                 "622305818871963"),
-         BignumT("2347349933243705648406600674604859186412998890919026752114412"
-                 "5882222313735740")},
-        {BignumT("3643975601014013755611104775016254418571088140452237979204481"
-                 "8039722752946048"),
-         BignumT("1649736658360748060416141764404029229920449682963579552539341"
-                 "6854929276060989")},
-        {BignumT("7788624504122357216765350546787885309160020166693449889975992"
-                 "574536033007374"),
-         BignumT("1672739596735052264350077839348991539183435273721141685724072"
-                 "5807058479128000")},
-        {BignumT("3134147137704626983201116226440762775442116005053282329971088"
-                 "789984415999550"),
-         BignumT("4652550641868145619325559651610441674352303704698228044952942"
-                 "6136392814992763")},
-        {BignumT("5025228738074182481899573330436124901628204797822159190657316"
-                 "5442023106203143"),
-         BignumT("4603088696404532867065057946752204298175610946458490707743477"
-                 "2786649263902996")},
-        {BignumT("4843469897871227801240970620555957716357245274483313436119568"
-                 "7109159129985373"),
-         BignumT("1921653321323070949794722352629784806536533447236702265018339"
-                 "5435586190711770")},
-        {BignumT("3296051061753018615951241363382138629795564259824166104417888"
-                 "9571655571939473"),
-         BignumT("7889715292813995933863223756089425964393897180189452806863798"
-                 "954507930091839")},
-        {BignumT("1285089785916676109442233567110628047038142757169574460526571"
-                 "3866647560628356"),
-         BignumT("3890404016518111182325567019593981593129264722711625526410797"
-                 "9988806956289548")},
-        {BignumT("1457803687263429879838204858779420461358312857353555715694378"
-                 "3762854124345644"),
-         BignumT("3988936054101455514428229911108117411824588491028947172774374"
-                 "7142236304617512")},
-        {BignumT("2158810984205890191669054871064952338804964374501369689670490"
-                 "3154857389904594"),
-         BignumT("2462163053982270832598746118263924383921823021657820771974288"
-                 "0580327336278872")},
-        {BignumT("3573163868652051642475284665444297320318929588354107275939088"
-                 "2351699754104989"),
-         BignumT("4644023405238010579088846965247421888502168493252196386650693"
-                 "2102071884869246")},
-        {BignumT("3414183000323318077215384522743323345660314330653092001157925"
-                 "9084215824391544"),
-         BignumT("2163981062666409906038409596484133154605534834560048607810788"
-                 "2966779265621748")}};
+const std::vector<
+    std::vector<libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>>>
+    anemoi_parameters<libff::bls12_381_pp>::C_constants_col_two = {
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>("39"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "1775651522782246060968440999711199549459044877525843799934444"
+             "6424780281143353")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "4136247828276806229718713244577531267536047388383486069528323"
+             "5286481594490621"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "3384073892082712848969991795331397937188893616190315628722966"
+             "662742467187281")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "9548818195234740988996233204400874453525674173109474205108603"
+             "996010297049928"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "5131188082215848888109078161771014680005638630312265736567960"
+             "8608648067582435")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2536544056917782266758010518343541807399588823086818094200449"
+             "7015015045856900"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2934760944191490233074151170227002684790917822807875256537272"
+             "9158237774700914")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "3402349839739340664411799416798672032717815468610526483309389"
+             "1093045919619309"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2339620320400167830454536231899316133967303509954474267430948"
+             "538955691907104")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "3881605131971976188604185811312920550675842147865618286873732"
+             "6994635468402951"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2733804253031973811335424620842610883223965108002327664386722"
+             "3794985578055610")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "3516741808753182080412837709551266392217988727766950404706991"
+             "3414630376083753"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "4219298352851337286912851432744320491282455954517963059758957"
+             "2656156258515752")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2588586883975646972232565238753523247821982185060364082738544"
+             "4642154834700231"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "4272181898054851449032542443676303204692734776915339386361609"
+             "5871384405840432")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "8867588811641202981080659274007552529205713737251862066053445"
+             "622305818871963"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2347349933243705648406600674604859186412998890919026752114412"
+             "5882222313735740")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "3643975601014013755611104775016254418571088140452237979204481"
+             "8039722752946048"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "1649736658360748060416141764404029229920449682963579552539341"
+             "6854929276060989")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "7788624504122357216765350546787885309160020166693449889975992"
+             "574536033007374"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "1672739596735052264350077839348991539183435273721141685724072"
+             "5807058479128000")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "3134147137704626983201116226440762775442116005053282329971088"
+             "789984415999550"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "4652550641868145619325559651610441674352303704698228044952942"
+             "6136392814992763")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "5025228738074182481899573330436124901628204797822159190657316"
+             "5442023106203143"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "4603088696404532867065057946752204298175610946458490707743477"
+             "2786649263902996")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "4843469897871227801240970620555957716357245274483313436119568"
+             "7109159129985373"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "1921653321323070949794722352629784806536533447236702265018339"
+             "5435586190711770")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "3296051061753018615951241363382138629795564259824166104417888"
+             "9571655571939473"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "7889715292813995933863223756089425964393897180189452806863798"
+             "954507930091839")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "1285089785916676109442233567110628047038142757169574460526571"
+             "3866647560628356"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "3890404016518111182325567019593981593129264722711625526410797"
+             "9988806956289548")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "1457803687263429879838204858779420461358312857353555715694378"
+             "3762854124345644"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "3988936054101455514428229911108117411824588491028947172774374"
+             "7142236304617512")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2158810984205890191669054871064952338804964374501369689670490"
+             "3154857389904594"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2462163053982270832598746118263924383921823021657820771974288"
+             "0580327336278872")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "3573163868652051642475284665444297320318929588354107275939088"
+             "2351699754104989"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "4644023405238010579088846965247421888502168493252196386650693"
+             "2102071884869246")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "3414183000323318077215384522743323345660314330653092001157925"
+             "9084215824391544"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2163981062666409906038409596484133154605534834560048607810788"
+             "2966779265621748")}};
 // D constants for L = 2 columns
-const std::vector<std::vector<BignumT>>
-    anemoi_parameters<ppT>::D_constants_col_two = {
-        {BignumT("1498167862146462585127078300233884738219730071443646794931533"
-                 "1057125308909900"),
-         BignumT("4872095934371910432473933838888583980299871155063740277389639"
-                 "5605948383052052")},
-        {BignumT("2825342020978542842023345600809163250925565234363452998440081"
-                 "6700490470131093"),
-         BignumT("6257781313532096835800460747082714697295034136932481743077166"
-                 "200794135826591")},
-        {BignumT("5151193940708334400277820848767859013557766024707560088083591"
-                 "6725469990319313"),
-         BignumT("4386017178186728799761421274050927732938229436976005221436222"
-                 "062273391481632")},
-        {BignumT("4629112154443573812524865767509766474229627680718669692234033"
-                 "2893747842754587"),
-         BignumT("1382018073647864517274646907518130460472997636481212754834152"
-                 "4461074783412926")},
-        {BignumT("3650460179273129580093806058710273018999560093475503119057680"
-                 "216309578390988"),
-         BignumT("4038522277183809910966223402024383158969022347879484720123501"
-                 "4486200724862134")},
-        {BignumT("4580222337074626812305915980640015229986777106112734563124478"
-                 "6118574025749328"),
-         BignumT("5030698007577826221415569329113205255155996272343693623161130"
-                 "1042966928400825")},
-        {BignumT("1179862127662496731572174899070930921635169609881316238205339"
-                 "6097866233042733"),
-         BignumT("3480695221203853724450603161207484713320733042726578575780967"
-                 "3463434908473570")},
-        {BignumT("4237291895943219916267083464159933632643300696866941566248807"
-                 "0504036922966492"),
-         BignumT("2275575941953007131500701157207616698366094244763402770135168"
-                 "1157370705921018")},
-        {BignumT("5218137124419318966955352195561461799071405672550164363657637"
-                 "7752669773323445"),
-         BignumT("3033417208429487055687527430890468841415874145785490809430001"
-                 "7436690480001547")},
-        {BignumT("2379198455482403167219524952465858060142837602950188915905900"
-                 "9332107176394097"),
-         BignumT("1983236062272339258402976480797132564113295351555780171764422"
-                 "6271356492507876")},
-        {BignumT("3334252083162030376405954844283469906964010905840054881858696"
-                 "4467754352720368"),
-         BignumT("5828182614154296575131381170785760240834851189333374788484657"
-                 "124381010655319")},
-        {BignumT("1679154825320774497457684551570546179413379910480899613461775"
-                 "4018912057476556"),
-         BignumT("2372979785349040156896773068661814685073512970715285325680905"
-                 "0789424668284094")},
-        {BignumT("1108734341986082531182813333776723811055641659668774917442288"
-                 "8171911517001265"),
-         BignumT("2284870849759634702726712489036302900224144014399356117052111"
-                 "3640580467699956")},
-        {BignumT("1193120777053847793780895503736324095679037485666623710640311"
-                 "1503668796872571"),
-         BignumT("5113168267461511776657835825572247462248477114567026004323109"
-                 "6654077231782319")},
-        {BignumT("3296943608590459582451043049934874894049468383833500962645016"
-                 "062634514172805"),
-         BignumT("4664478895343247770003373906982387732438923752725142737317020"
-                 "2269468246508522")},
-        {BignumT("7080580976521357573320018355401935489220216583936865937104131"
-                 "954142364033647"),
-         BignumT("4911648877696772616593749826967046787634239830029987342118301"
-                 "6200344552693677")},
-        {BignumT("2599014496591147824448152788804636647448982050246061513652385"
-                 "9419965697796405"),
-         BignumT("1484835895359756197471818329258236706767298639962938870995678"
-                 "2223452089882598")},
-        {BignumT("3390731338423572937556652991194046729509970598023460793457578"
-                 "6561097199483218"),
-         BignumT("4877244013053631691998472651792188347887020122139777602467234"
-                 "10671357671821")},
-        {BignumT("2599695026560846554135120728302496204437487368215288981439253"
-                 "3334239395044136"),
-         BignumT("2524359507738822918232351623052388147276722915486399241415425"
-                 "08715737622718")},
-        {BignumT("1787889232064146429219065509247533531704941660586517511805431"
-                 "4040434534086821"),
-         BignumT("2135963843850440044420505121931843033271258370587723800981955"
-                 "6047040768315863")}};
+const std::vector<
+    std::vector<libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>>>
+    anemoi_parameters<libff::bls12_381_pp>::D_constants_col_two = {
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "1498167862146462585127078300233884738219730071443646794931533"
+             "1057125308909900"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "4872095934371910432473933838888583980299871155063740277389639"
+             "5605948383052052")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2825342020978542842023345600809163250925565234363452998440081"
+             "6700490470131093"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "6257781313532096835800460747082714697295034136932481743077166"
+             "200794135826591")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "5151193940708334400277820848767859013557766024707560088083591"
+             "6725469990319313"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "4386017178186728799761421274050927732938229436976005221436222"
+             "062273391481632")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "4629112154443573812524865767509766474229627680718669692234033"
+             "2893747842754587"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "1382018073647864517274646907518130460472997636481212754834152"
+             "4461074783412926")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "3650460179273129580093806058710273018999560093475503119057680"
+             "216309578390988"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "4038522277183809910966223402024383158969022347879484720123501"
+             "4486200724862134")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "4580222337074626812305915980640015229986777106112734563124478"
+             "6118574025749328"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "5030698007577826221415569329113205255155996272343693623161130"
+             "1042966928400825")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "1179862127662496731572174899070930921635169609881316238205339"
+             "6097866233042733"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "3480695221203853724450603161207484713320733042726578575780967"
+             "3463434908473570")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "4237291895943219916267083464159933632643300696866941566248807"
+             "0504036922966492"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2275575941953007131500701157207616698366094244763402770135168"
+             "1157370705921018")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "5218137124419318966955352195561461799071405672550164363657637"
+             "7752669773323445"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "3033417208429487055687527430890468841415874145785490809430001"
+             "7436690480001547")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2379198455482403167219524952465858060142837602950188915905900"
+             "9332107176394097"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "1983236062272339258402976480797132564113295351555780171764422"
+             "6271356492507876")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "3334252083162030376405954844283469906964010905840054881858696"
+             "4467754352720368"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "5828182614154296575131381170785760240834851189333374788484657"
+             "124381010655319")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "1679154825320774497457684551570546179413379910480899613461775"
+             "4018912057476556"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2372979785349040156896773068661814685073512970715285325680905"
+             "0789424668284094")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "1108734341986082531182813333776723811055641659668774917442288"
+             "8171911517001265"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2284870849759634702726712489036302900224144014399356117052111"
+             "3640580467699956")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "1193120777053847793780895503736324095679037485666623710640311"
+             "1503668796872571"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "5113168267461511776657835825572247462248477114567026004323109"
+             "6654077231782319")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "3296943608590459582451043049934874894049468383833500962645016"
+             "062634514172805"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "4664478895343247770003373906982387732438923752725142737317020"
+             "2269468246508522")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "7080580976521357573320018355401935489220216583936865937104131"
+             "954142364033647"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "4911648877696772616593749826967046787634239830029987342118301"
+             "6200344552693677")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2599014496591147824448152788804636647448982050246061513652385"
+             "9419965697796405"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "1484835895359756197471818329258236706767298639962938870995678"
+             "2223452089882598")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "3390731338423572937556652991194046729509970598023460793457578"
+             "6561097199483218"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "4877244013053631691998472651792188347887020122139777602467234"
+             "10671357671821")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2599695026560846554135120728302496204437487368215288981439253"
+             "3334239395044136"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2524359507738822918232351623052388147276722915486399241415425"
+             "08715737622718")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "1787889232064146429219065509247533531704941660586517511805431"
+             "4040434534086821"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2135963843850440044420505121931843033271258370587723800981955"
+             "6047040768315863")}};
 // C constants for L = 3 columns
-const std::vector<std::vector<BignumT>>
-    anemoi_parameters<ppT>::C_constants_col_three = {
-        {BignumT("39"),
-         BignumT("1775651522782246060968440999711199549459044877525843799934444"
-                 "6424780281143353"),
-         BignumT("1018891612812359996477254614795190450086500961676464694818791"
-                 "5341627970346879")},
-        {BignumT("4136247828276806229718713244577531267536047388383486069528323"
-                 "5286481594490621"),
-         BignumT("3384073892082712848969991795331397937188893616190315628722966"
-                 "662742467187281"),
-         BignumT("3853646459699810802819790564525019664928744720837416933978464"
-                 "9587982292038621")},
-        {BignumT("9548818195234740988996233204400874453525674173109474205108603"
-                 "996010297049928"),
-         BignumT("5131188082215848888109078161771014680005638630312265736567960"
-                 "8608648067582435"),
-         BignumT("2459696595055290529608826989988088254971535466083239137400923"
-                 "4980535928382152")},
-        {BignumT("2536544056917782266758010518343541807399588823086818094200449"
-                 "7015015045856900"),
-         BignumT("2934760944191490233074151170227002684790917822807875256537272"
-                 "9158237774700914"),
-         BignumT("1435647866738596907930934954039494810941482992100104584559955"
-                 "3435706989367858")},
-        {BignumT("3402349839739340664411799416798672032717815468610526483309389"
-                 "1093045919619309"),
-         BignumT("2339620320400167830454536231899316133967303509954474267430948"
-                 "538955691907104"),
-         BignumT("1213674891966628629798915440442909922615468699202840156813305"
-                 "8190732008277996")},
-        {BignumT("3881605131971976188604185811312920550675842147865618286873732"
-                 "6994635468402951"),
-         BignumT("2733804253031973811335424620842610883223965108002327664386722"
-                 "3794985578055610"),
-         BignumT("1558067417971364454039840952344181407381076844949394056213642"
-                 "2009899312699155")},
-        {BignumT("3516741808753182080412837709551266392217988727766950404706991"
-                 "3414630376083753"),
-         BignumT("4219298352851337286912851432744320491282455954517963059758957"
-                 "2656156258515752"),
-         BignumT("4738921241144157326637909239293159997041788472939715684121631"
-                 "8364858334633325")},
-        {BignumT("2588586883975646972232565238753523247821982185060364082738544"
-                 "4642154834700231"),
-         BignumT("4272181898054851449032542443676303204692734776915339386361609"
-                 "5871384405840432"),
-         BignumT("5855288403637341107158034195599277569854359593529752399086836"
-                 "976954392351035")},
-        {BignumT("8867588811641202981080659274007552529205713737251862066053445"
-                 "622305818871963"),
-         BignumT("2347349933243705648406600674604859186412998890919026752114412"
-                 "5882222313735740"),
-         BignumT("5696063807157149622355481994320806474692190935543821893362808"
-                 "351446578125354")},
-        {BignumT("3643975601014013755611104775016254418571088140452237979204481"
-                 "8039722752946048"),
-         BignumT("1649736658360748060416141764404029229920449682963579552539341"
-                 "6854929276060989"),
-         BignumT("3147932349597011371381646760446049967588957991237003497484121"
-                 "2556442942086146")},
-        {BignumT("7788624504122357216765350546787885309160020166693449889975992"
-                 "574536033007374"),
-         BignumT("1672739596735052264350077839348991539183435273721141685724072"
-                 "5807058479128000"),
-         BignumT("2330992872018014336240882738557332747985840911535801077073015"
-                 "1873313341134036")},
-        {BignumT("3134147137704626983201116226440762775442116005053282329971088"
-                 "789984415999550"),
-         BignumT("4652550641868145619325559651610441674352303704698228044952942"
-                 "6136392814992763"),
-         BignumT("4917372673919383443116356365853730383619622786307127412244824"
-                 "3716476847774081")},
-        {BignumT("5025228738074182481899573330436124901628204797822159190657316"
-                 "5442023106203143"),
-         BignumT("4603088696404532867065057946752204298175610946458490707743477"
-                 "2786649263902996"),
-         BignumT("4712571643096224675022534387832506137920111203953790806087833"
-                 "6544274638889887")},
-        {BignumT("4843469897871227801240970620555957716357245274483313436119568"
-                 "7109159129985373"),
-         BignumT("1921653321323070949794722352629784806536533447236702265018339"
-                 "5435586190711770"),
-         BignumT("2897926863821744450704595717324317554216182338253096474269232"
-                 "4059406064069673")},
-        {BignumT("3296051061753018615951241363382138629795564259824166104417888"
-                 "9571655571939473"),
-         BignumT("7889715292813995933863223756089425964393897180189452806863798"
-                 "954507930091839"),
-         BignumT("1335282786350600018748463893875477804580192723833609082645717"
-                 "2216796844151715")}};
+const std::vector<
+    std::vector<libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>>>
+    anemoi_parameters<libff::bls12_381_pp>::C_constants_col_three = {
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>("39"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "1775651522782246060968440999711199549459044877525843799934444"
+             "6424780281143353"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "1018891612812359996477254614795190450086500961676464694818791"
+             "5341627970346879")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "4136247828276806229718713244577531267536047388383486069528323"
+             "5286481594490621"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "3384073892082712848969991795331397937188893616190315628722966"
+             "662742467187281"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "3853646459699810802819790564525019664928744720837416933978464"
+             "9587982292038621")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "9548818195234740988996233204400874453525674173109474205108603"
+             "996010297049928"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "5131188082215848888109078161771014680005638630312265736567960"
+             "8608648067582435"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2459696595055290529608826989988088254971535466083239137400923"
+             "4980535928382152")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2536544056917782266758010518343541807399588823086818094200449"
+             "7015015045856900"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2934760944191490233074151170227002684790917822807875256537272"
+             "9158237774700914"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "1435647866738596907930934954039494810941482992100104584559955"
+             "3435706989367858")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "3402349839739340664411799416798672032717815468610526483309389"
+             "1093045919619309"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2339620320400167830454536231899316133967303509954474267430948"
+             "538955691907104"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "1213674891966628629798915440442909922615468699202840156813305"
+             "8190732008277996")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "3881605131971976188604185811312920550675842147865618286873732"
+             "6994635468402951"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2733804253031973811335424620842610883223965108002327664386722"
+             "3794985578055610"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "1558067417971364454039840952344181407381076844949394056213642"
+             "2009899312699155")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "3516741808753182080412837709551266392217988727766950404706991"
+             "3414630376083753"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "4219298352851337286912851432744320491282455954517963059758957"
+             "2656156258515752"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "4738921241144157326637909239293159997041788472939715684121631"
+             "8364858334633325")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2588586883975646972232565238753523247821982185060364082738544"
+             "4642154834700231"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "4272181898054851449032542443676303204692734776915339386361609"
+             "5871384405840432"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "5855288403637341107158034195599277569854359593529752399086836"
+             "976954392351035")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "8867588811641202981080659274007552529205713737251862066053445"
+             "622305818871963"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2347349933243705648406600674604859186412998890919026752114412"
+             "5882222313735740"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "5696063807157149622355481994320806474692190935543821893362808"
+             "351446578125354")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "3643975601014013755611104775016254418571088140452237979204481"
+             "8039722752946048"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "1649736658360748060416141764404029229920449682963579552539341"
+             "6854929276060989"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "3147932349597011371381646760446049967588957991237003497484121"
+             "2556442942086146")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "7788624504122357216765350546787885309160020166693449889975992"
+             "574536033007374"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "1672739596735052264350077839348991539183435273721141685724072"
+             "5807058479128000"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2330992872018014336240882738557332747985840911535801077073015"
+             "1873313341134036")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "3134147137704626983201116226440762775442116005053282329971088"
+             "789984415999550"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "4652550641868145619325559651610441674352303704698228044952942"
+             "6136392814992763"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "4917372673919383443116356365853730383619622786307127412244824"
+             "3716476847774081")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "5025228738074182481899573330436124901628204797822159190657316"
+             "5442023106203143"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "4603088696404532867065057946752204298175610946458490707743477"
+             "2786649263902996"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "4712571643096224675022534387832506137920111203953790806087833"
+             "6544274638889887")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "4843469897871227801240970620555957716357245274483313436119568"
+             "7109159129985373"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "1921653321323070949794722352629784806536533447236702265018339"
+             "5435586190711770"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2897926863821744450704595717324317554216182338253096474269232"
+             "4059406064069673")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "3296051061753018615951241363382138629795564259824166104417888"
+             "9571655571939473"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "7889715292813995933863223756089425964393897180189452806863798"
+             "954507930091839"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "1335282786350600018748463893875477804580192723833609082645717"
+             "2216796844151715")}};
 // D constants for L = 3 columns
-const std::vector<std::vector<BignumT>>
-    anemoi_parameters<ppT>::D_constants_col_three = {
-        {BignumT("1498167862146462585127078300233884738219730071443646794931533"
-                 "1057125308909900"),
-         BignumT("4872095934371910432473933838888583980299871155063740277389639"
-                 "5605948383052052"),
-         BignumT("1170961042764195247622670495021805276356048907930130746422516"
-                 "4120801969364960")},
-        {BignumT("2825342020978542842023345600809163250925565234363452998440081"
-                 "6700490470131093"),
-         BignumT("6257781313532096835800460747082714697295034136932481743077166"
-                 "200794135826591"),
-         BignumT("1196642220206920081142760500749381736368080441627403119562414"
-                 "8724039857787313")},
-        {BignumT("5151193940708334400277820848767859013557766024707560088083591"
-                 "6725469990319313"),
-         BignumT("4386017178186728799761421274050927732938229436976005221436222"
-                 "062273391481632"),
-         BignumT("6632276653290444906058804748999332745749669823710727938548067"
-                 "32105730575244")},
-        {BignumT("4629112154443573812524865767509766474229627680718669692234033"
-                 "2893747842754587"),
-         BignumT("1382018073647864517274646907518130460472997636481212754834152"
-                 "4461074783412926"),
-         BignumT("2182117532069761119716127783198449565821339724541975439265730"
-                 "7036488476373765")},
-        {BignumT("3650460179273129580093806058710273018999560093475503119057680"
-                 "216309578390988"),
-         BignumT("4038522277183809910966223402024383158969022347879484720123501"
-                 "4486200724862134"),
-         BignumT("2073860155472592637359608260326591863616482364802647024342242"
-                 "3735982938342408")},
-        {BignumT("4580222337074626812305915980640015229986777106112734563124478"
-                 "6118574025749328"),
-         BignumT("5030698007577826221415569329113205255155996272343693623161130"
-                 "1042966928400825"),
-         BignumT("9105861908793877437599087016640061747418296780065295891365798"
-                 "855886560153752")},
-        {BignumT("1179862127662496731572174899070930921635169609881316238205339"
-                 "6097866233042733"),
-         BignumT("3480695221203853724450603161207484713320733042726578575780967"
-                 "3463434908473570"),
-         BignumT("1055943127858844643815584008805554614508787229864100774292171"
-                 "8770142881700525")},
-        {BignumT("4237291895943219916267083464159933632643300696866941566248807"
-                 "0504036922966492"),
-         BignumT("2275575941953007131500701157207616698366094244763402770135168"
-                 "1157370705921018"),
-         BignumT("8881354201366797207686592249590682298565723459695719800911380"
-                 "560885170725516")},
-        {BignumT("5218137124419318966955352195561461799071405672550164363657637"
-                 "7752669773323445"),
-         BignumT("3033417208429487055687527430890468841415874145785490809430001"
-                 "7436690480001547"),
-         BignumT("3554886191776286297101172047585517281669871267189379603060765"
-                 "8203859222685056")},
-        {BignumT("2379198455482403167219524952465858060142837602950188915905900"
-                 "9332107176394097"),
-         BignumT("1983236062272339258402976480797132564113295351555780171764422"
-                 "6271356492507876"),
-         BignumT("5370567718707734490084045178883836972105253285449736908577321"
-                 "570876055642415")},
-        {BignumT("3334252083162030376405954844283469906964010905840054881858696"
-                 "4467754352720368"),
-         BignumT("5828182614154296575131381170785760240834851189333374788484657"
-                 "124381010655319"),
-         BignumT("3540284072573181656988640108154744212083667675516530226606304"
-                 "1488580350955250")},
-        {BignumT("1679154825320774497457684551570546179413379910480899613461775"
-                 "4018912057476556"),
-         BignumT("2372979785349040156896773068661814685073512970715285325680905"
-                 "0789424668284094"),
-         BignumT("4937014353275067908272266874772930373538608971092718049381682"
-                 "6667453179359307")},
-        {BignumT("1108734341986082531182813333776723811055641659668774917442288"
-                 "8171911517001265"),
-         BignumT("2284870849759634702726712489036302900224144014399356117052111"
-                 "3640580467699956"),
-         BignumT("4693566332326116438268886021984431719166421190663189571805363"
-                 "5696150320980742")},
-        {BignumT("1193120777053847793780895503736324095679037485666623710640311"
-                 "1503668796872571"),
-         BignumT("5113168267461511776657835825572247462248477114567026004323109"
-                 "6654077231782319"),
-         BignumT("3145066828322356157207632231316010605356847674299189787722532"
-                 "4875903002249604")},
-        {BignumT("3296943608590459582451043049934874894049468383833500962645016"
-                 "062634514172805"),
-         BignumT("4664478895343247770003373906982387732438923752725142737317020"
-                 "2269468246508522"),
-         BignumT("2266415170774619075005438466298153336008448427255576113424887"
-                 "5129763057677780")}};
+const std::vector<
+    std::vector<libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>>>
+    anemoi_parameters<libff::bls12_381_pp>::D_constants_col_three = {
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "1498167862146462585127078300233884738219730071443646794931533"
+             "1057125308909900"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "4872095934371910432473933838888583980299871155063740277389639"
+             "5605948383052052"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "1170961042764195247622670495021805276356048907930130746422516"
+             "4120801969364960")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2825342020978542842023345600809163250925565234363452998440081"
+             "6700490470131093"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "6257781313532096835800460747082714697295034136932481743077166"
+             "200794135826591"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "1196642220206920081142760500749381736368080441627403119562414"
+             "8724039857787313")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "5151193940708334400277820848767859013557766024707560088083591"
+             "6725469990319313"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "4386017178186728799761421274050927732938229436976005221436222"
+             "062273391481632"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "6632276653290444906058804748999332745749669823710727938548067"
+             "32105730575244")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "4629112154443573812524865767509766474229627680718669692234033"
+             "2893747842754587"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "1382018073647864517274646907518130460472997636481212754834152"
+             "4461074783412926"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2182117532069761119716127783198449565821339724541975439265730"
+             "7036488476373765")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "3650460179273129580093806058710273018999560093475503119057680"
+             "216309578390988"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "4038522277183809910966223402024383158969022347879484720123501"
+             "4486200724862134"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2073860155472592637359608260326591863616482364802647024342242"
+             "3735982938342408")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "4580222337074626812305915980640015229986777106112734563124478"
+             "6118574025749328"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "5030698007577826221415569329113205255155996272343693623161130"
+             "1042966928400825"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "9105861908793877437599087016640061747418296780065295891365798"
+             "855886560153752")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "1179862127662496731572174899070930921635169609881316238205339"
+             "6097866233042733"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "3480695221203853724450603161207484713320733042726578575780967"
+             "3463434908473570"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "1055943127858844643815584008805554614508787229864100774292171"
+             "8770142881700525")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "4237291895943219916267083464159933632643300696866941566248807"
+             "0504036922966492"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2275575941953007131500701157207616698366094244763402770135168"
+             "1157370705921018"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "8881354201366797207686592249590682298565723459695719800911380"
+             "560885170725516")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "5218137124419318966955352195561461799071405672550164363657637"
+             "7752669773323445"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "3033417208429487055687527430890468841415874145785490809430001"
+             "7436690480001547"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "3554886191776286297101172047585517281669871267189379603060765"
+             "8203859222685056")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2379198455482403167219524952465858060142837602950188915905900"
+             "9332107176394097"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "1983236062272339258402976480797132564113295351555780171764422"
+             "6271356492507876"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "5370567718707734490084045178883836972105253285449736908577321"
+             "570876055642415")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "3334252083162030376405954844283469906964010905840054881858696"
+             "4467754352720368"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "5828182614154296575131381170785760240834851189333374788484657"
+             "124381010655319"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "3540284072573181656988640108154744212083667675516530226606304"
+             "1488580350955250")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "1679154825320774497457684551570546179413379910480899613461775"
+             "4018912057476556"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2372979785349040156896773068661814685073512970715285325680905"
+             "0789424668284094"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "4937014353275067908272266874772930373538608971092718049381682"
+             "6667453179359307")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "1108734341986082531182813333776723811055641659668774917442288"
+             "8171911517001265"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2284870849759634702726712489036302900224144014399356117052111"
+             "3640580467699956"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "4693566332326116438268886021984431719166421190663189571805363"
+             "5696150320980742")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "1193120777053847793780895503736324095679037485666623710640311"
+             "1503668796872571"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "5113168267461511776657835825572247462248477114567026004323109"
+             "6654077231782319"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "3145066828322356157207632231316010605356847674299189787722532"
+             "4875903002249604")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "3296943608590459582451043049934874894049468383833500962645016"
+             "062634514172805"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "4664478895343247770003373906982387732438923752725142737317020"
+             "2269468246508522"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2266415170774619075005438466298153336008448427255576113424887"
+             "5129763057677780")}};
 // C constants for L = 4 columns
-const std::vector<std::vector<BignumT>>
-    anemoi_parameters<ppT>::C_constants_col_four = {
-        {BignumT("39"),
-         BignumT("1775651522782246060968440999711199549459044877525843799934444"
-                 "6424780281143353"),
-         BignumT("1018891612812359996477254614795190450086500961676464694818791"
-                 "5341627970346879"),
-         BignumT("3814237141406755457246679946340702245820791055503616462386588"
-                 "886553626328449")},
-        {BignumT("4136247828276806229718713244577531267536047388383486069528323"
-                 "5286481594490621"),
-         BignumT("3384073892082712848969991795331397937188893616190315628722966"
-                 "662742467187281"),
-         BignumT("3853646459699810802819790564525019664928744720837416933978464"
-                 "9587982292038621"),
-         BignumT("3759219767528975735847190819990641598248412433811237445343529"
-                 "2524131427342810")},
-        {BignumT("9548818195234740988996233204400874453525674173109474205108603"
-                 "996010297049928"),
-         BignumT("5131188082215848888109078161771014680005638630312265736567960"
-                 "8608648067582435"),
-         BignumT("2459696595055290529608826989988088254971535466083239137400923"
-                 "4980535928382152"),
-         BignumT("3403682625028780719465935912972258681807965244254717853103041"
-                 "0684351456041117")},
-        {BignumT("2536544056917782266758010518343541807399588823086818094200449"
-                 "7015015045856900"),
-         BignumT("2934760944191490233074151170227002684790917822807875256537272"
-                 "9158237774700914"),
-         BignumT("1435647866738596907930934954039494810941482992100104584559955"
-                 "3435706989367858"),
-         BignumT("9488013611624811735432450930006811652991761655550510302915118"
-                 "428283918068143")},
-        {BignumT("3402349839739340664411799416798672032717815468610526483309389"
-                 "1093045919619309"),
-         BignumT("2339620320400167830454536231899316133967303509954474267430948"
-                 "538955691907104"),
-         BignumT("1213674891966628629798915440442909922615468699202840156813305"
-                 "8190732008277996"),
-         BignumT("1944256982277265527026848283574248036549925680252051090584695"
-                 "3360427433130058")},
-        {BignumT("3881605131971976188604185811312920550675842147865618286873732"
-                 "6994635468402951"),
-         BignumT("2733804253031973811335424620842610883223965108002327664386722"
-                 "3794985578055610"),
-         BignumT("1558067417971364454039840952344181407381076844949394056213642"
-                 "2009899312699155"),
-         BignumT("4362660876979205605782410963041525734654031488177761934879852"
-                 "229226211686053")},
-        {BignumT("3516741808753182080412837709551266392217988727766950404706991"
-                 "3414630376083753"),
-         BignumT("4219298352851337286912851432744320491282455954517963059758957"
-                 "2656156258515752"),
-         BignumT("4738921241144157326637909239293159997041788472939715684121631"
-                 "8364858334633325"),
-         BignumT("4148765625963272739309827417873876393424966292428795624270459"
-                 "6746920012242443")},
-        {BignumT("2588586883975646972232565238753523247821982185060364082738544"
-                 "4642154834700231"),
-         BignumT("4272181898054851449032542443676303204692734776915339386361609"
-                 "5871384405840432"),
-         BignumT("5855288403637341107158034195599277569854359593529752399086836"
-                 "976954392351035"),
-         BignumT("1884585172212401932583442609483174306840855762168565871300274"
-                 "9358354699910772")},
-        {BignumT("8867588811641202981080659274007552529205713737251862066053445"
-                 "622305818871963"),
-         BignumT("2347349933243705648406600674604859186412998890919026752114412"
-                 "5882222313735740"),
-         BignumT("5696063807157149622355481994320806474692190935543821893362808"
-                 "351446578125354"),
-         BignumT("4855803159925507286210380968106056546455543739940382245890202"
-                 "4251997890071747")},
-        {BignumT("3643975601014013755611104775016254418571088140452237979204481"
-                 "8039722752946048"),
-         BignumT("1649736658360748060416141764404029229920449682963579552539341"
-                 "6854929276060989"),
-         BignumT("3147932349597011371381646760446049967588957991237003497484121"
-                 "2556442942086146"),
-         BignumT("5232706524245511758259018833389935270603181378215429313855349"
-                 "0341266149456684")},
-        {BignumT("7788624504122357216765350546787885309160020166693449889975992"
-                 "574536033007374"),
-         BignumT("1672739596735052264350077839348991539183435273721141685724072"
-                 "5807058479128000"),
-         BignumT("2330992872018014336240882738557332747985840911535801077073015"
-                 "1873313341134036"),
-         BignumT("5006722144318758766157409016714691420686239438032848856181914"
-                 "1296175188378275")},
-        {BignumT("3134147137704626983201116226440762775442116005053282329971088"
-                 "789984415999550"),
-         BignumT("4652550641868145619325559651610441674352303704698228044952942"
-                 "6136392814992763"),
-         BignumT("4917372673919383443116356365853730383619622786307127412244824"
-                 "3716476847774081"),
-         BignumT("2904698228930932183221963874409477310924064596431938774518994"
-                 "1342957948119206")},
-        {BignumT("5025228738074182481899573330436124901628204797822159190657316"
-                 "5442023106203143"),
-         BignumT("4603088696404532867065057946752204298175610946458490707743477"
-                 "2786649263902996"),
-         BignumT("4712571643096224675022534387832506137920111203953790806087833"
-                 "6544274638889887"),
-         BignumT("2565160334368547579709252575251152479523478078611094273882850"
-                 "7305471634791967")},
-        {BignumT("4843469897871227801240970620555957716357245274483313436119568"
-                 "7109159129985373"),
-         BignumT("1921653321323070949794722352629784806536533447236702265018339"
-                 "5435586190711770"),
-         BignumT("2897926863821744450704595717324317554216182338253096474269232"
-                 "4059406064069673"),
-         BignumT("3959522249278680358015509825411090545862059993160154730469919"
-                 "1792976275820627")}};
+const std::vector<
+    std::vector<libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>>>
+    anemoi_parameters<libff::bls12_381_pp>::C_constants_col_four = {
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>("39"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "1775651522782246060968440999711199549459044877525843799934444"
+             "6424780281143353"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "1018891612812359996477254614795190450086500961676464694818791"
+             "5341627970346879"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "3814237141406755457246679946340702245820791055503616462386588"
+             "886553626328449")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "4136247828276806229718713244577531267536047388383486069528323"
+             "5286481594490621"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "3384073892082712848969991795331397937188893616190315628722966"
+             "662742467187281"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "3853646459699810802819790564525019664928744720837416933978464"
+             "9587982292038621"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "3759219767528975735847190819990641598248412433811237445343529"
+             "2524131427342810")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "9548818195234740988996233204400874453525674173109474205108603"
+             "996010297049928"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "5131188082215848888109078161771014680005638630312265736567960"
+             "8608648067582435"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2459696595055290529608826989988088254971535466083239137400923"
+             "4980535928382152"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "3403682625028780719465935912972258681807965244254717853103041"
+             "0684351456041117")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2536544056917782266758010518343541807399588823086818094200449"
+             "7015015045856900"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2934760944191490233074151170227002684790917822807875256537272"
+             "9158237774700914"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "1435647866738596907930934954039494810941482992100104584559955"
+             "3435706989367858"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "9488013611624811735432450930006811652991761655550510302915118"
+             "428283918068143")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "3402349839739340664411799416798672032717815468610526483309389"
+             "1093045919619309"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2339620320400167830454536231899316133967303509954474267430948"
+             "538955691907104"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "1213674891966628629798915440442909922615468699202840156813305"
+             "8190732008277996"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "1944256982277265527026848283574248036549925680252051090584695"
+             "3360427433130058")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "3881605131971976188604185811312920550675842147865618286873732"
+             "6994635468402951"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2733804253031973811335424620842610883223965108002327664386722"
+             "3794985578055610"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "1558067417971364454039840952344181407381076844949394056213642"
+             "2009899312699155"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "4362660876979205605782410963041525734654031488177761934879852"
+             "229226211686053")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "3516741808753182080412837709551266392217988727766950404706991"
+             "3414630376083753"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "4219298352851337286912851432744320491282455954517963059758957"
+             "2656156258515752"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "4738921241144157326637909239293159997041788472939715684121631"
+             "8364858334633325"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "4148765625963272739309827417873876393424966292428795624270459"
+             "6746920012242443")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2588586883975646972232565238753523247821982185060364082738544"
+             "4642154834700231"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "4272181898054851449032542443676303204692734776915339386361609"
+             "5871384405840432"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "5855288403637341107158034195599277569854359593529752399086836"
+             "976954392351035"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "1884585172212401932583442609483174306840855762168565871300274"
+             "9358354699910772")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "8867588811641202981080659274007552529205713737251862066053445"
+             "622305818871963"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2347349933243705648406600674604859186412998890919026752114412"
+             "5882222313735740"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "5696063807157149622355481994320806474692190935543821893362808"
+             "351446578125354"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "4855803159925507286210380968106056546455543739940382245890202"
+             "4251997890071747")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "3643975601014013755611104775016254418571088140452237979204481"
+             "8039722752946048"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "1649736658360748060416141764404029229920449682963579552539341"
+             "6854929276060989"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "3147932349597011371381646760446049967588957991237003497484121"
+             "2556442942086146"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "5232706524245511758259018833389935270603181378215429313855349"
+             "0341266149456684")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "7788624504122357216765350546787885309160020166693449889975992"
+             "574536033007374"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "1672739596735052264350077839348991539183435273721141685724072"
+             "5807058479128000"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2330992872018014336240882738557332747985840911535801077073015"
+             "1873313341134036"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "5006722144318758766157409016714691420686239438032848856181914"
+             "1296175188378275")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "3134147137704626983201116226440762775442116005053282329971088"
+             "789984415999550"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "4652550641868145619325559651610441674352303704698228044952942"
+             "6136392814992763"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "4917372673919383443116356365853730383619622786307127412244824"
+             "3716476847774081"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2904698228930932183221963874409477310924064596431938774518994"
+             "1342957948119206")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "5025228738074182481899573330436124901628204797822159190657316"
+             "5442023106203143"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "4603088696404532867065057946752204298175610946458490707743477"
+             "2786649263902996"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "4712571643096224675022534387832506137920111203953790806087833"
+             "6544274638889887"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2565160334368547579709252575251152479523478078611094273882850"
+             "7305471634791967")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "4843469897871227801240970620555957716357245274483313436119568"
+             "7109159129985373"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "1921653321323070949794722352629784806536533447236702265018339"
+             "5435586190711770"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2897926863821744450704595717324317554216182338253096474269232"
+             "4059406064069673"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "3959522249278680358015509825411090545862059993160154730469919"
+             "1792976275820627")}};
 // D constants for L = 4 columns
-const std::vector<std::vector<BignumT>>
-    anemoi_parameters<ppT>::D_constants_col_four = {
-        {BignumT("1498167862146462585127078300233884738219730071443646794931533"
-                 "1057125308909900"),
-         BignumT("4872095934371910432473933838888583980299871155063740277389639"
-                 "5605948383052052"),
-         BignumT("1170961042764195247622670495021805276356048907930130746422516"
-                 "4120801969364960"),
-         BignumT("3188799073106888901912065951229864304299742047220134499402570"
-                 "163601813730969")},
-        {BignumT("2825342020978542842023345600809163250925565234363452998440081"
-                 "6700490470131093"),
-         BignumT("6257781313532096835800460747082714697295034136932481743077166"
-                 "200794135826591"),
-         BignumT("1196642220206920081142760500749381736368080441627403119562414"
-                 "8724039857787313"),
-         BignumT("8876022912542631074912834764773050492660953075192093830253524"
-                 "158063181475941")},
-        {BignumT("5151193940708334400277820848767859013557766024707560088083591"
-                 "6725469990319313"),
-         BignumT("4386017178186728799761421274050927732938229436976005221436222"
-                 "062273391481632"),
-         BignumT("6632276653290444906058804748999332745749669823710727938548067"
-                 "32105730575244"),
-         BignumT("7956955597245727322388196907364651338722736293265717471854714"
-                 "933795446618648")},
-        {BignumT("4629112154443573812524865767509766474229627680718669692234033"
-                 "2893747842754587"),
-         BignumT("1382018073647864517274646907518130460472997636481212754834152"
-                 "4461074783412926"),
-         BignumT("2182117532069761119716127783198449565821339724541975439265730"
-                 "7036488476373765"),
-         BignumT("1480657789711823478649560642421937299757380050914907637095160"
-                 "4526939593458489")},
-        {BignumT("3650460179273129580093806058710273018999560093475503119057680"
-                 "216309578390988"),
-         BignumT("4038522277183809910966223402024383158969022347879484720123501"
-                 "4486200724862134"),
-         BignumT("2073860155472592637359608260326591863616482364802647024342242"
-                 "3735982938342408"),
-         BignumT("2589829009001407627908663823720231357129286498769843710211505"
-                 "1403552551578909")},
-        {BignumT("4580222337074626812305915980640015229986777106112734563124478"
-                 "6118574025749328"),
-         BignumT("5030698007577826221415569329113205255155996272343693623161130"
-                 "1042966928400825"),
-         BignumT("9105861908793877437599087016640061747418296780065295891365798"
-                 "855886560153752"),
-         BignumT("4817759141336740991564205616704875304173558384845661260769162"
-                 "0273026228709602")},
-        {BignumT("1179862127662496731572174899070930921635169609881316238205339"
-                 "6097866233042733"),
-         BignumT("3480695221203853724450603161207484713320733042726578575780967"
-                 "3463434908473570"),
-         BignumT("1055943127858844643815584008805554614508787229864100774292171"
-                 "8770142881700525"),
-         BignumT("2511742758961381498086249076485723904703122022711664665388729"
-                 "650078747694082")},
-        {BignumT("4237291895943219916267083464159933632643300696866941566248807"
-                 "0504036922966492"),
-         BignumT("2275575941953007131500701157207616698366094244763402770135168"
-                 "1157370705921018"),
-         BignumT("8881354201366797207686592249590682298565723459695719800911380"
-                 "560885170725516"),
-         BignumT("1972578515203525635957421135144616159290339301703148363580602"
-                 "5440159666669692")},
-        {BignumT("5218137124419318966955352195561461799071405672550164363657637"
-                 "7752669773323445"),
-         BignumT("3033417208429487055687527430890468841415874145785490809430001"
-                 "7436690480001547"),
-         BignumT("3554886191776286297101172047585517281669871267189379603060765"
-                 "8203859222685056"),
-         BignumT("2382882216691637666452353485703197976465487816440601629452194"
-                 "7902346141831375")},
-        {BignumT("2379198455482403167219524952465858060142837602950188915905900"
-                 "9332107176394097"),
-         BignumT("1983236062272339258402976480797132564113295351555780171764422"
-                 "6271356492507876"),
-         BignumT("5370567718707734490084045178883836972105253285449736908577321"
-                 "570876055642415"),
-         BignumT("2407217709737451929206899311094570379803095868441385259326833"
-                 "1853573451397392")},
-        {BignumT("3334252083162030376405954844283469906964010905840054881858696"
-                 "4467754352720368"),
-         BignumT("5828182614154296575131381170785760240834851189333374788484657"
-                 "124381010655319"),
-         BignumT("3540284072573181656988640108154744212083667675516530226606304"
-                 "1488580350955250"),
-         BignumT("7578125905794851322815150557558076805933581048787999755527104"
-                 "709377805399415")},
-        {BignumT("1679154825320774497457684551570546179413379910480899613461775"
-                 "4018912057476556"),
-         BignumT("2372979785349040156896773068661814685073512970715285325680905"
-                 "0789424668284094"),
-         BignumT("4937014353275067908272266874772930373538608971092718049381682"
-                 "6667453179359307"),
-         BignumT("2709726671504794741698997103590978680421397934135515163753725"
-                 "6791808468088871")},
-        {BignumT("1108734341986082531182813333776723811055641659668774917442288"
-                 "8171911517001265"),
-         BignumT("2284870849759634702726712489036302900224144014399356117052111"
-                 "3640580467699956"),
-         BignumT("4693566332326116438268886021984431719166421190663189571805363"
-                 "5696150320980742"),
-         BignumT("2331541786816617436276726929665379440348135218238478791698253"
-                 "8955221505267261")},
-        {BignumT("1193120777053847793780895503736324095679037485666623710640311"
-                 "1503668796872571"),
-         BignumT("5113168267461511776657835825572247462248477114567026004323109"
-                 "6654077231782319"),
-         BignumT("3145066828322356157207632231316010605356847674299189787722532"
-                 "4875903002249604"),
-         BignumT("3992048976997470157839669059665084976581072482124233796021092"
-                 "5107347402384997")}};
+const std::vector<
+    std::vector<libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>>>
+    anemoi_parameters<libff::bls12_381_pp>::D_constants_col_four = {
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "1498167862146462585127078300233884738219730071443646794931533"
+             "1057125308909900"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "4872095934371910432473933838888583980299871155063740277389639"
+             "5605948383052052"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "1170961042764195247622670495021805276356048907930130746422516"
+             "4120801969364960"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "3188799073106888901912065951229864304299742047220134499402570"
+             "163601813730969")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2825342020978542842023345600809163250925565234363452998440081"
+             "6700490470131093"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "6257781313532096835800460747082714697295034136932481743077166"
+             "200794135826591"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "1196642220206920081142760500749381736368080441627403119562414"
+             "8724039857787313"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "8876022912542631074912834764773050492660953075192093830253524"
+             "158063181475941")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "5151193940708334400277820848767859013557766024707560088083591"
+             "6725469990319313"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "4386017178186728799761421274050927732938229436976005221436222"
+             "062273391481632"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "6632276653290444906058804748999332745749669823710727938548067"
+             "32105730575244"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "7956955597245727322388196907364651338722736293265717471854714"
+             "933795446618648")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "4629112154443573812524865767509766474229627680718669692234033"
+             "2893747842754587"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "1382018073647864517274646907518130460472997636481212754834152"
+             "4461074783412926"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2182117532069761119716127783198449565821339724541975439265730"
+             "7036488476373765"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "1480657789711823478649560642421937299757380050914907637095160"
+             "4526939593458489")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "3650460179273129580093806058710273018999560093475503119057680"
+             "216309578390988"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "4038522277183809910966223402024383158969022347879484720123501"
+             "4486200724862134"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2073860155472592637359608260326591863616482364802647024342242"
+             "3735982938342408"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2589829009001407627908663823720231357129286498769843710211505"
+             "1403552551578909")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "4580222337074626812305915980640015229986777106112734563124478"
+             "6118574025749328"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "5030698007577826221415569329113205255155996272343693623161130"
+             "1042966928400825"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "9105861908793877437599087016640061747418296780065295891365798"
+             "855886560153752"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "4817759141336740991564205616704875304173558384845661260769162"
+             "0273026228709602")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "1179862127662496731572174899070930921635169609881316238205339"
+             "6097866233042733"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "3480695221203853724450603161207484713320733042726578575780967"
+             "3463434908473570"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "1055943127858844643815584008805554614508787229864100774292171"
+             "8770142881700525"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2511742758961381498086249076485723904703122022711664665388729"
+             "650078747694082")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "4237291895943219916267083464159933632643300696866941566248807"
+             "0504036922966492"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2275575941953007131500701157207616698366094244763402770135168"
+             "1157370705921018"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "8881354201366797207686592249590682298565723459695719800911380"
+             "560885170725516"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "1972578515203525635957421135144616159290339301703148363580602"
+             "5440159666669692")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "5218137124419318966955352195561461799071405672550164363657637"
+             "7752669773323445"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "3033417208429487055687527430890468841415874145785490809430001"
+             "7436690480001547"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "3554886191776286297101172047585517281669871267189379603060765"
+             "8203859222685056"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2382882216691637666452353485703197976465487816440601629452194"
+             "7902346141831375")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2379198455482403167219524952465858060142837602950188915905900"
+             "9332107176394097"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "1983236062272339258402976480797132564113295351555780171764422"
+             "6271356492507876"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "5370567718707734490084045178883836972105253285449736908577321"
+             "570876055642415"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2407217709737451929206899311094570379803095868441385259326833"
+             "1853573451397392")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "3334252083162030376405954844283469906964010905840054881858696"
+             "4467754352720368"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "5828182614154296575131381170785760240834851189333374788484657"
+             "124381010655319"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "3540284072573181656988640108154744212083667675516530226606304"
+             "1488580350955250"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "7578125905794851322815150557558076805933581048787999755527104"
+             "709377805399415")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "1679154825320774497457684551570546179413379910480899613461775"
+             "4018912057476556"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2372979785349040156896773068661814685073512970715285325680905"
+             "0789424668284094"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "4937014353275067908272266874772930373538608971092718049381682"
+             "6667453179359307"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2709726671504794741698997103590978680421397934135515163753725"
+             "6791808468088871")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "1108734341986082531182813333776723811055641659668774917442288"
+             "8171911517001265"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2284870849759634702726712489036302900224144014399356117052111"
+             "3640580467699956"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "4693566332326116438268886021984431719166421190663189571805363"
+             "5696150320980742"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "2331541786816617436276726929665379440348135218238478791698253"
+             "8955221505267261")},
+        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "1193120777053847793780895503736324095679037485666623710640311"
+             "1503668796872571"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "5113168267461511776657835825572247462248477114567026004323109"
+             "6654077231782319"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "3145066828322356157207632231316010605356847674299189787722532"
+             "4875903002249604"),
+         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+             "3992048976997470157839669059665084976581072482124233796021092"
+             "5107347402384997")}};
 
 } // namespace libsnark
 
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/anemoi_outputs.cpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/anemoi_outputs.cpp
index 404786f73..afcf49d06 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/anemoi_outputs.cpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/anemoi_outputs.cpp
@@ -11,13 +11,10 @@
 namespace libsnark
 {
 
-using ppT = libff::bls12_381_pp;
-using FieldT = libff::Fr<ppT>;
-
-std::vector<FieldT> anemoi_expected_output_one_round(
+std::vector<libff::Fr<libff::bls12_381_pp>> anemoi_expected_output_one_round(
     const size_t &NumStateColumns_L)
 {
-    std::vector<FieldT> Y_expect_one_round;
+    std::vector<libff::Fr<libff::bls12_381_pp>> Y_expect_one_round;
 
     assert(
         ((NumStateColumns_L == 1) || (NumStateColumns_L == 2) ||
@@ -26,64 +23,84 @@ std::vector<FieldT> anemoi_expected_output_one_round(
     // Expected output for 1 round, L=1: Y_left || Y_right
     if (NumStateColumns_L == 1) {
         Y_expect_one_round = {
-            FieldT("38051718563229095456356396838757622428877349000988080406936"
-                   "541035058348383373"),
-            FieldT("46541011259834287958249207092806566220478802569831738513953"
-                   "284817094880352697"),
+            libff::Fr<libff::bls12_381_pp>(
+                "38051718563229095456356396838757622428877349000988080406936"
+                "541035058348383373"),
+            libff::Fr<libff::bls12_381_pp>(
+                "46541011259834287958249207092806566220478802569831738513953"
+                "284817094880352697"),
         };
     }
 
     // Expected output for 1 round, L=2: Y_left || Y_right
     if (NumStateColumns_L == 2) {
         Y_expect_one_round = {
-            FieldT("15150541060175709103777475248496599766370694616692747879011"
-                   "019662924685442224"),
-            FieldT("29843552910061109491271060352447525363732495152033190876686"
-                   "584609246472017584"),
-            FieldT("26146505138638275289195845765973260067149980640992713539811"
-                   "89299166526395914"),
-            FieldT("49824839783019326099876978052724035902783619514814699665266"
-                   "556433444232424513"),
+            libff::Fr<libff::bls12_381_pp>(
+                "15150541060175709103777475248496599766370694616692747879011"
+                "019662924685442224"),
+            libff::Fr<libff::bls12_381_pp>(
+                "29843552910061109491271060352447525363732495152033190876686"
+                "584609246472017584"),
+            libff::Fr<libff::bls12_381_pp>(
+                "26146505138638275289195845765973260067149980640992713539811"
+                "89299166526395914"),
+            libff::Fr<libff::bls12_381_pp>(
+                "49824839783019326099876978052724035902783619514814699665266"
+                "556433444232424513"),
         };
     }
 
     // Expected output for 1 round, L=3: Y_left || Y_right
     if (NumStateColumns_L == 3) {
         Y_expect_one_round = {
-            FieldT("10213223669833360114287009308428395240580814943870872556412"
-                   "118775684298316596"),
-            FieldT("21664318220192052598342324987452326886678438558734363929475"
-                   "644562220502833005"),
-            FieldT("12646567985368940694364168913172674258570854544904909064049"
-                   "69831326941799205"),
-            FieldT("27292794672043705408598844612721784937283668235394047343788"
-                   "755455342406044808"),
-            FieldT("38119908930143426720630804902252966609368611078523098634130"
-                   "250397080737556763"),
-            FieldT("33144463221517343347312859079453261424067069247167408451667"
-                   "76226968891742442"),
+            libff::Fr<libff::bls12_381_pp>(
+                "10213223669833360114287009308428395240580814943870872556412"
+                "118775684298316596"),
+            libff::Fr<libff::bls12_381_pp>(
+                "21664318220192052598342324987452326886678438558734363929475"
+                "644562220502833005"),
+            libff::Fr<libff::bls12_381_pp>(
+                "12646567985368940694364168913172674258570854544904909064049"
+                "69831326941799205"),
+            libff::Fr<libff::bls12_381_pp>(
+                "27292794672043705408598844612721784937283668235394047343788"
+                "755455342406044808"),
+            libff::Fr<libff::bls12_381_pp>(
+                "38119908930143426720630804902252966609368611078523098634130"
+                "250397080737556763"),
+            libff::Fr<libff::bls12_381_pp>(
+                "33144463221517343347312859079453261424067069247167408451667"
+                "76226968891742442"),
         };
     }
 
     // Expected output for 1 round, L=4: Y_left || Y_right
     if (NumStateColumns_L == 4) {
         Y_expect_one_round = {
-            FieldT("32728029339990442022355611963591129142873176406157617761037"
-                   "682452539219819088"),
-            FieldT("49311030695492657479127064149718592806428520311648889321916"
-                   "443844338668678323"),
-            FieldT("32674068623897120493809932137805441331335518262582687356675"
-                   "282427934524464097"),
-            FieldT("47598191392555380432433599763649181065734671583813678477762"
-                   "106446112059712955"),
-            FieldT("33816823933838499380471531208184598784697974497023773863342"
-                   "709156643799272839"),
-            FieldT("39287313504077148049871180527977732866247140639315642469731"
-                   "817272046249721803"),
-            FieldT("11801804404965184856947462551550819967745058632589947991520"
-                   "598952500171782048"),
-            FieldT("13464045906969562610953775876862024564309085018098935959036"
-                   "17609367350545744"),
+            libff::Fr<libff::bls12_381_pp>(
+                "32728029339990442022355611963591129142873176406157617761037"
+                "682452539219819088"),
+            libff::Fr<libff::bls12_381_pp>(
+                "49311030695492657479127064149718592806428520311648889321916"
+                "443844338668678323"),
+            libff::Fr<libff::bls12_381_pp>(
+                "32674068623897120493809932137805441331335518262582687356675"
+                "282427934524464097"),
+            libff::Fr<libff::bls12_381_pp>(
+                "47598191392555380432433599763649181065734671583813678477762"
+                "106446112059712955"),
+            libff::Fr<libff::bls12_381_pp>(
+                "33816823933838499380471531208184598784697974497023773863342"
+                "709156643799272839"),
+            libff::Fr<libff::bls12_381_pp>(
+                "39287313504077148049871180527977732866247140639315642469731"
+                "817272046249721803"),
+            libff::Fr<libff::bls12_381_pp>(
+                "11801804404965184856947462551550819967745058632589947991520"
+                "598952500171782048"),
+            libff::Fr<libff::bls12_381_pp>(
+                "13464045906969562610953775876862024564309085018098935959036"
+                "17609367350545744"),
         };
     }
 

From ceb06f44d88af259462cd60c02101c619aafcae0 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Mon, 16 Jan 2023 14:39:21 +0000
Subject: [PATCH 095/112] anemoi: replaced
 libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs> with
 anemoi_parameters<libff::bls12_381_pp>::BignumT for improved readability
 (https://github.com/clearmatics/libsnark/pull/101#discussion_r1071221294)

---
 .../hashes/anemoi/anemoi_parameters.tcc       | 736 +++++++++---------
 1 file changed, 364 insertions(+), 372 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.tcc
index 777a8afb5..25e2a073e 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.tcc
@@ -11,15 +11,15 @@
 
 namespace libsnark
 {
-const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>
+const anemoi_parameters<libff::bls12_381_pp>::BignumT
     anemoi_parameters<libff::bls12_381_pp>::alpha_inv =
-        libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "209743500700504761917790962032743863350762210002110551290414634799"
             "75432473805");
 
-const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>
+const anemoi_parameters<libff::bls12_381_pp>::BignumT
     anemoi_parameters<libff::bls12_381_pp>::delta =
-        libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "149816786214646258512707830023388473821973007144364679493153310571"
             "25308909861");
 
@@ -27,1083 +27,1075 @@ const libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>
 // libsnark/scripts/anemoi-hash/parameters.sage
 
 // C constants for L = 1 columns
-const std::vector<
-    std::vector<libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>>>
+const std::vector<std::vector<anemoi_parameters<libff::bls12_381_pp>::BignumT>>
     anemoi_parameters<libff::bls12_381_pp>::C_constants_col_one = {
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>("39")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT("39")},
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "4136247828276806229718713244577531267536047388383486069528323"
             "5286481594490621")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "9548818195234740988996233204400874453525674173109474205108603"
             "996010297049928")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "2536544056917782266758010518343541807399588823086818094200449"
             "7015015045856900")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "3402349839739340664411799416798672032717815468610526483309389"
             "1093045919619309")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "3881605131971976188604185811312920550675842147865618286873732"
             "6994635468402951")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "3516741808753182080412837709551266392217988727766950404706991"
             "3414630376083753")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "2588586883975646972232565238753523247821982185060364082738544"
             "4642154834700231")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "8867588811641202981080659274007552529205713737251862066053445"
             "622305818871963")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "3643975601014013755611104775016254418571088140452237979204481"
             "8039722752946048")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "7788624504122357216765350546787885309160020166693449889975992"
             "574536033007374")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "3134147137704626983201116226440762775442116005053282329971088"
             "789984415999550")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "5025228738074182481899573330436124901628204797822159190657316"
             "5442023106203143")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "4843469897871227801240970620555957716357245274483313436119568"
             "7109159129985373")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "3296051061753018615951241363382138629795564259824166104417888"
             "9571655571939473")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "1285089785916676109442233567110628047038142757169574460526571"
             "3866647560628356")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "1457803687263429879838204858779420461358312857353555715694378"
             "3762854124345644")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "2158810984205890191669054871064952338804964374501369689670490"
             "3154857389904594")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "3573163868652051642475284665444297320318929588354107275939088"
             "2351699754104989")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "3414183000323318077215384522743323345660314330653092001157925"
             "9084215824391544")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "3027254367085063588211659622825600546081751717380872113913651"
             "5002908946750291")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "3768363593281961326941587782686189985071564454422848472941929"
             "5166414535174481")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "1777552726180288598698664564022278799535229596422979763053260"
             "0737667449540308")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "2242053268912895380223639524924488654049383393056681989283375"
             "4476317231258312")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "1781750799655131171855013870231705422861993743819467234562380"
             "8375428004673958")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "5907960848989041605787426770777938946362788429322103525767702"
             "134624204537201")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "4575754523223150487951206450300989993499364301619443762154491"
             "7886299650707409")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "3351575904326362029667391785894850052331758424449294788024166"
             "7732620512600816")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "3782107092146657371942244937487594436519655609351402452159268"
             "7983958120860990")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "7929930502054589212738745246913303052577853923752241654515807"
             "520533378749565")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "7293738197873102537561743233253745300908719293335917846485104"
             "247108708549476")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "1320851183292961399782794581181760945052577753132072039202869"
             "7949327330418879")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "4760106840554597709420686703443933029626857913397893274380442"
             "4355927206954636")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "4063384519496145387643566765262483674009891714999763813130147"
             "7678515012057005")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "3733195933994398794113838907482980087883672168816874177181593"
             "7326790200186032")}};
 // D constants for L = 1 columns
-const std::vector<
-    std::vector<libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>>>
+const std::vector<std::vector<anemoi_parameters<libff::bls12_381_pp>::BignumT>>
     anemoi_parameters<libff::bls12_381_pp>::D_constants_col_one = {
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "1498167862146462585127078300233884738219730071443646794931533"
             "1057125308909900")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "2825342020978542842023345600809163250925565234363452998440081"
             "6700490470131093")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "5151193940708334400277820848767859013557766024707560088083591"
             "6725469990319313")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "4629112154443573812524865767509766474229627680718669692234033"
             "2893747842754587")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "3650460179273129580093806058710273018999560093475503119057680"
             "216309578390988")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "4580222337074626812305915980640015229986777106112734563124478"
             "6118574025749328")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "1179862127662496731572174899070930921635169609881316238205339"
             "6097866233042733")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "4237291895943219916267083464159933632643300696866941566248807"
             "0504036922966492")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "5218137124419318966955352195561461799071405672550164363657637"
             "7752669773323445")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "2379198455482403167219524952465858060142837602950188915905900"
             "9332107176394097")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "3334252083162030376405954844283469906964010905840054881858696"
             "4467754352720368")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "1679154825320774497457684551570546179413379910480899613461775"
             "4018912057476556")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "1108734341986082531182813333776723811055641659668774917442288"
             "8171911517001265")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "1193120777053847793780895503736324095679037485666623710640311"
             "1503668796872571")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "3296943608590459582451043049934874894049468383833500962645016"
             "062634514172805")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "7080580976521357573320018355401935489220216583936865937104131"
             "954142364033647")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "2599014496591147824448152788804636647448982050246061513652385"
             "9419965697796405")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "3390731338423572937556652991194046729509970598023460793457578"
             "6561097199483218")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "2599695026560846554135120728302496204437487368215288981439253"
             "3334239395044136")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "1787889232064146429219065509247533531704941660586517511805431"
             "4040434534086821")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "2544362260902875442286391098189093253939618199260893893262028"
             "4900889552530362")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "2213925974238578928263688442052149431935172884333002618383508"
             "5771185820492424")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "4544838207590267101246428934380594914930153428271013460123949"
             "3945748506785132")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "4190050824176865357917077217076789089889341280166982531075178"
             "2528515999085573")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "2206322440397895722401952365768916013572151261903362630668445"
             "2466460943730461")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "2832030289850176249602297270548525715536949612220966283998416"
             "8714501264885500")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "4287555565234207642344057394372869512671982537556559573935345"
             "2728374263558032")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "4922724176456376719735450248405681608821487385270058531091824"
             "814910623278042")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "3921370247689723006126782750599821295952035186979190166959759"
             "2300297466204227")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "3779261478156072582337106630839435214997069649894818322014932"
             "220444906128664")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "3488034420730584193447836292131642693573379607386189453869992"
             "2220093706975247")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "3690016605053253510014046709677869543525623192871866158270966"
             "5229160044742454")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "3319862684241695177099937357556292431646628819111577573885602"
             "1866337799605112")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "4872466117409980308783338654105694977257129368375335748862849"
             "4212068867653992")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
             "4267045410586742273231462605057328681056892682267662822301642"
             "4398663193502895")}};
 // C constants for L = 2 columns
-const std::vector<
-    std::vector<libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>>>
+const std::vector<std::vector<anemoi_parameters<libff::bls12_381_pp>::BignumT>>
     anemoi_parameters<libff::bls12_381_pp>::C_constants_col_two = {
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>("39"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT("39"),
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "1775651522782246060968440999711199549459044877525843799934444"
              "6424780281143353")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "4136247828276806229718713244577531267536047388383486069528323"
              "5286481594490621"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "3384073892082712848969991795331397937188893616190315628722966"
              "662742467187281")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "9548818195234740988996233204400874453525674173109474205108603"
              "996010297049928"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "5131188082215848888109078161771014680005638630312265736567960"
              "8608648067582435")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2536544056917782266758010518343541807399588823086818094200449"
              "7015015045856900"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2934760944191490233074151170227002684790917822807875256537272"
              "9158237774700914")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "3402349839739340664411799416798672032717815468610526483309389"
              "1093045919619309"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2339620320400167830454536231899316133967303509954474267430948"
              "538955691907104")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "3881605131971976188604185811312920550675842147865618286873732"
              "6994635468402951"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2733804253031973811335424620842610883223965108002327664386722"
              "3794985578055610")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "3516741808753182080412837709551266392217988727766950404706991"
              "3414630376083753"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "4219298352851337286912851432744320491282455954517963059758957"
              "2656156258515752")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2588586883975646972232565238753523247821982185060364082738544"
              "4642154834700231"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "4272181898054851449032542443676303204692734776915339386361609"
              "5871384405840432")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "8867588811641202981080659274007552529205713737251862066053445"
              "622305818871963"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2347349933243705648406600674604859186412998890919026752114412"
              "5882222313735740")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "3643975601014013755611104775016254418571088140452237979204481"
              "8039722752946048"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "1649736658360748060416141764404029229920449682963579552539341"
              "6854929276060989")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "7788624504122357216765350546787885309160020166693449889975992"
              "574536033007374"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "1672739596735052264350077839348991539183435273721141685724072"
              "5807058479128000")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "3134147137704626983201116226440762775442116005053282329971088"
              "789984415999550"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "4652550641868145619325559651610441674352303704698228044952942"
              "6136392814992763")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "5025228738074182481899573330436124901628204797822159190657316"
              "5442023106203143"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "4603088696404532867065057946752204298175610946458490707743477"
              "2786649263902996")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "4843469897871227801240970620555957716357245274483313436119568"
              "7109159129985373"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "1921653321323070949794722352629784806536533447236702265018339"
              "5435586190711770")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "3296051061753018615951241363382138629795564259824166104417888"
              "9571655571939473"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "7889715292813995933863223756089425964393897180189452806863798"
              "954507930091839")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "1285089785916676109442233567110628047038142757169574460526571"
              "3866647560628356"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "3890404016518111182325567019593981593129264722711625526410797"
              "9988806956289548")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "1457803687263429879838204858779420461358312857353555715694378"
              "3762854124345644"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "3988936054101455514428229911108117411824588491028947172774374"
              "7142236304617512")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2158810984205890191669054871064952338804964374501369689670490"
              "3154857389904594"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2462163053982270832598746118263924383921823021657820771974288"
              "0580327336278872")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "3573163868652051642475284665444297320318929588354107275939088"
              "2351699754104989"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "4644023405238010579088846965247421888502168493252196386650693"
              "2102071884869246")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "3414183000323318077215384522743323345660314330653092001157925"
              "9084215824391544"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2163981062666409906038409596484133154605534834560048607810788"
              "2966779265621748")}};
 // D constants for L = 2 columns
-const std::vector<
-    std::vector<libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>>>
+const std::vector<std::vector<anemoi_parameters<libff::bls12_381_pp>::BignumT>>
     anemoi_parameters<libff::bls12_381_pp>::D_constants_col_two = {
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "1498167862146462585127078300233884738219730071443646794931533"
              "1057125308909900"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "4872095934371910432473933838888583980299871155063740277389639"
              "5605948383052052")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2825342020978542842023345600809163250925565234363452998440081"
              "6700490470131093"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "6257781313532096835800460747082714697295034136932481743077166"
              "200794135826591")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "5151193940708334400277820848767859013557766024707560088083591"
              "6725469990319313"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "4386017178186728799761421274050927732938229436976005221436222"
              "062273391481632")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "4629112154443573812524865767509766474229627680718669692234033"
              "2893747842754587"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "1382018073647864517274646907518130460472997636481212754834152"
              "4461074783412926")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "3650460179273129580093806058710273018999560093475503119057680"
              "216309578390988"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "4038522277183809910966223402024383158969022347879484720123501"
              "4486200724862134")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "4580222337074626812305915980640015229986777106112734563124478"
              "6118574025749328"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "5030698007577826221415569329113205255155996272343693623161130"
              "1042966928400825")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "1179862127662496731572174899070930921635169609881316238205339"
              "6097866233042733"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "3480695221203853724450603161207484713320733042726578575780967"
              "3463434908473570")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "4237291895943219916267083464159933632643300696866941566248807"
              "0504036922966492"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2275575941953007131500701157207616698366094244763402770135168"
              "1157370705921018")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "5218137124419318966955352195561461799071405672550164363657637"
              "7752669773323445"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "3033417208429487055687527430890468841415874145785490809430001"
              "7436690480001547")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2379198455482403167219524952465858060142837602950188915905900"
              "9332107176394097"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "1983236062272339258402976480797132564113295351555780171764422"
              "6271356492507876")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "3334252083162030376405954844283469906964010905840054881858696"
              "4467754352720368"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "5828182614154296575131381170785760240834851189333374788484657"
              "124381010655319")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "1679154825320774497457684551570546179413379910480899613461775"
              "4018912057476556"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2372979785349040156896773068661814685073512970715285325680905"
              "0789424668284094")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "1108734341986082531182813333776723811055641659668774917442288"
              "8171911517001265"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2284870849759634702726712489036302900224144014399356117052111"
              "3640580467699956")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "1193120777053847793780895503736324095679037485666623710640311"
              "1503668796872571"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "5113168267461511776657835825572247462248477114567026004323109"
              "6654077231782319")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "3296943608590459582451043049934874894049468383833500962645016"
              "062634514172805"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "4664478895343247770003373906982387732438923752725142737317020"
              "2269468246508522")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "7080580976521357573320018355401935489220216583936865937104131"
              "954142364033647"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "4911648877696772616593749826967046787634239830029987342118301"
              "6200344552693677")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2599014496591147824448152788804636647448982050246061513652385"
              "9419965697796405"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "1484835895359756197471818329258236706767298639962938870995678"
              "2223452089882598")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "3390731338423572937556652991194046729509970598023460793457578"
              "6561097199483218"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "4877244013053631691998472651792188347887020122139777602467234"
              "10671357671821")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2599695026560846554135120728302496204437487368215288981439253"
              "3334239395044136"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2524359507738822918232351623052388147276722915486399241415425"
              "08715737622718")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "1787889232064146429219065509247533531704941660586517511805431"
              "4040434534086821"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2135963843850440044420505121931843033271258370587723800981955"
              "6047040768315863")}};
 // C constants for L = 3 columns
-const std::vector<
-    std::vector<libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>>>
+const std::vector<std::vector<anemoi_parameters<libff::bls12_381_pp>::BignumT>>
     anemoi_parameters<libff::bls12_381_pp>::C_constants_col_three = {
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>("39"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT("39"),
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "1775651522782246060968440999711199549459044877525843799934444"
              "6424780281143353"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "1018891612812359996477254614795190450086500961676464694818791"
              "5341627970346879")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "4136247828276806229718713244577531267536047388383486069528323"
              "5286481594490621"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "3384073892082712848969991795331397937188893616190315628722966"
              "662742467187281"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "3853646459699810802819790564525019664928744720837416933978464"
              "9587982292038621")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "9548818195234740988996233204400874453525674173109474205108603"
              "996010297049928"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "5131188082215848888109078161771014680005638630312265736567960"
              "8608648067582435"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2459696595055290529608826989988088254971535466083239137400923"
              "4980535928382152")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2536544056917782266758010518343541807399588823086818094200449"
              "7015015045856900"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2934760944191490233074151170227002684790917822807875256537272"
              "9158237774700914"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "1435647866738596907930934954039494810941482992100104584559955"
              "3435706989367858")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "3402349839739340664411799416798672032717815468610526483309389"
              "1093045919619309"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2339620320400167830454536231899316133967303509954474267430948"
              "538955691907104"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "1213674891966628629798915440442909922615468699202840156813305"
              "8190732008277996")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "3881605131971976188604185811312920550675842147865618286873732"
              "6994635468402951"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2733804253031973811335424620842610883223965108002327664386722"
              "3794985578055610"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "1558067417971364454039840952344181407381076844949394056213642"
              "2009899312699155")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "3516741808753182080412837709551266392217988727766950404706991"
              "3414630376083753"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "4219298352851337286912851432744320491282455954517963059758957"
              "2656156258515752"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "4738921241144157326637909239293159997041788472939715684121631"
              "8364858334633325")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2588586883975646972232565238753523247821982185060364082738544"
              "4642154834700231"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "4272181898054851449032542443676303204692734776915339386361609"
              "5871384405840432"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "5855288403637341107158034195599277569854359593529752399086836"
              "976954392351035")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "8867588811641202981080659274007552529205713737251862066053445"
              "622305818871963"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2347349933243705648406600674604859186412998890919026752114412"
              "5882222313735740"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "5696063807157149622355481994320806474692190935543821893362808"
              "351446578125354")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "3643975601014013755611104775016254418571088140452237979204481"
              "8039722752946048"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "1649736658360748060416141764404029229920449682963579552539341"
              "6854929276060989"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "3147932349597011371381646760446049967588957991237003497484121"
              "2556442942086146")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "7788624504122357216765350546787885309160020166693449889975992"
              "574536033007374"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "1672739596735052264350077839348991539183435273721141685724072"
              "5807058479128000"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2330992872018014336240882738557332747985840911535801077073015"
              "1873313341134036")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "3134147137704626983201116226440762775442116005053282329971088"
              "789984415999550"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "4652550641868145619325559651610441674352303704698228044952942"
              "6136392814992763"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "4917372673919383443116356365853730383619622786307127412244824"
              "3716476847774081")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "5025228738074182481899573330436124901628204797822159190657316"
              "5442023106203143"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "4603088696404532867065057946752204298175610946458490707743477"
              "2786649263902996"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "4712571643096224675022534387832506137920111203953790806087833"
              "6544274638889887")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "4843469897871227801240970620555957716357245274483313436119568"
              "7109159129985373"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "1921653321323070949794722352629784806536533447236702265018339"
              "5435586190711770"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2897926863821744450704595717324317554216182338253096474269232"
              "4059406064069673")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "3296051061753018615951241363382138629795564259824166104417888"
              "9571655571939473"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "7889715292813995933863223756089425964393897180189452806863798"
              "954507930091839"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "1335282786350600018748463893875477804580192723833609082645717"
              "2216796844151715")}};
 // D constants for L = 3 columns
-const std::vector<
-    std::vector<libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>>>
+const std::vector<std::vector<anemoi_parameters<libff::bls12_381_pp>::BignumT>>
     anemoi_parameters<libff::bls12_381_pp>::D_constants_col_three = {
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "1498167862146462585127078300233884738219730071443646794931533"
              "1057125308909900"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "4872095934371910432473933838888583980299871155063740277389639"
              "5605948383052052"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "1170961042764195247622670495021805276356048907930130746422516"
              "4120801969364960")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2825342020978542842023345600809163250925565234363452998440081"
              "6700490470131093"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "6257781313532096835800460747082714697295034136932481743077166"
              "200794135826591"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "1196642220206920081142760500749381736368080441627403119562414"
              "8724039857787313")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "5151193940708334400277820848767859013557766024707560088083591"
              "6725469990319313"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "4386017178186728799761421274050927732938229436976005221436222"
              "062273391481632"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "6632276653290444906058804748999332745749669823710727938548067"
              "32105730575244")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "4629112154443573812524865767509766474229627680718669692234033"
              "2893747842754587"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "1382018073647864517274646907518130460472997636481212754834152"
              "4461074783412926"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2182117532069761119716127783198449565821339724541975439265730"
              "7036488476373765")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "3650460179273129580093806058710273018999560093475503119057680"
              "216309578390988"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "4038522277183809910966223402024383158969022347879484720123501"
              "4486200724862134"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2073860155472592637359608260326591863616482364802647024342242"
              "3735982938342408")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "4580222337074626812305915980640015229986777106112734563124478"
              "6118574025749328"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "5030698007577826221415569329113205255155996272343693623161130"
              "1042966928400825"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "9105861908793877437599087016640061747418296780065295891365798"
              "855886560153752")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "1179862127662496731572174899070930921635169609881316238205339"
              "6097866233042733"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "3480695221203853724450603161207484713320733042726578575780967"
              "3463434908473570"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "1055943127858844643815584008805554614508787229864100774292171"
              "8770142881700525")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "4237291895943219916267083464159933632643300696866941566248807"
              "0504036922966492"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2275575941953007131500701157207616698366094244763402770135168"
              "1157370705921018"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "8881354201366797207686592249590682298565723459695719800911380"
              "560885170725516")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "5218137124419318966955352195561461799071405672550164363657637"
              "7752669773323445"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "3033417208429487055687527430890468841415874145785490809430001"
              "7436690480001547"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "3554886191776286297101172047585517281669871267189379603060765"
              "8203859222685056")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2379198455482403167219524952465858060142837602950188915905900"
              "9332107176394097"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "1983236062272339258402976480797132564113295351555780171764422"
              "6271356492507876"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "5370567718707734490084045178883836972105253285449736908577321"
              "570876055642415")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "3334252083162030376405954844283469906964010905840054881858696"
              "4467754352720368"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "5828182614154296575131381170785760240834851189333374788484657"
              "124381010655319"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "3540284072573181656988640108154744212083667675516530226606304"
              "1488580350955250")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "1679154825320774497457684551570546179413379910480899613461775"
              "4018912057476556"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2372979785349040156896773068661814685073512970715285325680905"
              "0789424668284094"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "4937014353275067908272266874772930373538608971092718049381682"
              "6667453179359307")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "1108734341986082531182813333776723811055641659668774917442288"
              "8171911517001265"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2284870849759634702726712489036302900224144014399356117052111"
              "3640580467699956"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "4693566332326116438268886021984431719166421190663189571805363"
              "5696150320980742")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "1193120777053847793780895503736324095679037485666623710640311"
              "1503668796872571"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "5113168267461511776657835825572247462248477114567026004323109"
              "6654077231782319"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "3145066828322356157207632231316010605356847674299189787722532"
              "4875903002249604")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "3296943608590459582451043049934874894049468383833500962645016"
              "062634514172805"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "4664478895343247770003373906982387732438923752725142737317020"
              "2269468246508522"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2266415170774619075005438466298153336008448427255576113424887"
              "5129763057677780")}};
 // C constants for L = 4 columns
-const std::vector<
-    std::vector<libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>>>
+const std::vector<std::vector<anemoi_parameters<libff::bls12_381_pp>::BignumT>>
     anemoi_parameters<libff::bls12_381_pp>::C_constants_col_four = {
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>("39"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT("39"),
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "1775651522782246060968440999711199549459044877525843799934444"
              "6424780281143353"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "1018891612812359996477254614795190450086500961676464694818791"
              "5341627970346879"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "3814237141406755457246679946340702245820791055503616462386588"
              "886553626328449")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "4136247828276806229718713244577531267536047388383486069528323"
              "5286481594490621"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "3384073892082712848969991795331397937188893616190315628722966"
              "662742467187281"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "3853646459699810802819790564525019664928744720837416933978464"
              "9587982292038621"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "3759219767528975735847190819990641598248412433811237445343529"
              "2524131427342810")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "9548818195234740988996233204400874453525674173109474205108603"
              "996010297049928"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "5131188082215848888109078161771014680005638630312265736567960"
              "8608648067582435"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2459696595055290529608826989988088254971535466083239137400923"
              "4980535928382152"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "3403682625028780719465935912972258681807965244254717853103041"
              "0684351456041117")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2536544056917782266758010518343541807399588823086818094200449"
              "7015015045856900"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2934760944191490233074151170227002684790917822807875256537272"
              "9158237774700914"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "1435647866738596907930934954039494810941482992100104584559955"
              "3435706989367858"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "9488013611624811735432450930006811652991761655550510302915118"
              "428283918068143")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "3402349839739340664411799416798672032717815468610526483309389"
              "1093045919619309"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2339620320400167830454536231899316133967303509954474267430948"
              "538955691907104"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "1213674891966628629798915440442909922615468699202840156813305"
              "8190732008277996"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "1944256982277265527026848283574248036549925680252051090584695"
              "3360427433130058")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "3881605131971976188604185811312920550675842147865618286873732"
              "6994635468402951"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2733804253031973811335424620842610883223965108002327664386722"
              "3794985578055610"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "1558067417971364454039840952344181407381076844949394056213642"
              "2009899312699155"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "4362660876979205605782410963041525734654031488177761934879852"
              "229226211686053")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "3516741808753182080412837709551266392217988727766950404706991"
              "3414630376083753"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "4219298352851337286912851432744320491282455954517963059758957"
              "2656156258515752"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "4738921241144157326637909239293159997041788472939715684121631"
              "8364858334633325"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "4148765625963272739309827417873876393424966292428795624270459"
              "6746920012242443")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2588586883975646972232565238753523247821982185060364082738544"
              "4642154834700231"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "4272181898054851449032542443676303204692734776915339386361609"
              "5871384405840432"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "5855288403637341107158034195599277569854359593529752399086836"
              "976954392351035"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "1884585172212401932583442609483174306840855762168565871300274"
              "9358354699910772")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "8867588811641202981080659274007552529205713737251862066053445"
              "622305818871963"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2347349933243705648406600674604859186412998890919026752114412"
              "5882222313735740"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "5696063807157149622355481994320806474692190935543821893362808"
              "351446578125354"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "4855803159925507286210380968106056546455543739940382245890202"
              "4251997890071747")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "3643975601014013755611104775016254418571088140452237979204481"
              "8039722752946048"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "1649736658360748060416141764404029229920449682963579552539341"
              "6854929276060989"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "3147932349597011371381646760446049967588957991237003497484121"
              "2556442942086146"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "5232706524245511758259018833389935270603181378215429313855349"
              "0341266149456684")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "7788624504122357216765350546787885309160020166693449889975992"
              "574536033007374"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "1672739596735052264350077839348991539183435273721141685724072"
              "5807058479128000"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2330992872018014336240882738557332747985840911535801077073015"
              "1873313341134036"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "5006722144318758766157409016714691420686239438032848856181914"
              "1296175188378275")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "3134147137704626983201116226440762775442116005053282329971088"
              "789984415999550"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "4652550641868145619325559651610441674352303704698228044952942"
              "6136392814992763"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "4917372673919383443116356365853730383619622786307127412244824"
              "3716476847774081"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2904698228930932183221963874409477310924064596431938774518994"
              "1342957948119206")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "5025228738074182481899573330436124901628204797822159190657316"
              "5442023106203143"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "4603088696404532867065057946752204298175610946458490707743477"
              "2786649263902996"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "4712571643096224675022534387832506137920111203953790806087833"
              "6544274638889887"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2565160334368547579709252575251152479523478078611094273882850"
              "7305471634791967")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "4843469897871227801240970620555957716357245274483313436119568"
              "7109159129985373"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "1921653321323070949794722352629784806536533447236702265018339"
              "5435586190711770"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2897926863821744450704595717324317554216182338253096474269232"
              "4059406064069673"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "3959522249278680358015509825411090545862059993160154730469919"
              "1792976275820627")}};
 // D constants for L = 4 columns
-const std::vector<
-    std::vector<libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>>>
+const std::vector<std::vector<anemoi_parameters<libff::bls12_381_pp>::BignumT>>
     anemoi_parameters<libff::bls12_381_pp>::D_constants_col_four = {
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "1498167862146462585127078300233884738219730071443646794931533"
              "1057125308909900"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "4872095934371910432473933838888583980299871155063740277389639"
              "5605948383052052"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "1170961042764195247622670495021805276356048907930130746422516"
              "4120801969364960"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "3188799073106888901912065951229864304299742047220134499402570"
              "163601813730969")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2825342020978542842023345600809163250925565234363452998440081"
              "6700490470131093"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "6257781313532096835800460747082714697295034136932481743077166"
              "200794135826591"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "1196642220206920081142760500749381736368080441627403119562414"
              "8724039857787313"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "8876022912542631074912834764773050492660953075192093830253524"
              "158063181475941")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "5151193940708334400277820848767859013557766024707560088083591"
              "6725469990319313"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "4386017178186728799761421274050927732938229436976005221436222"
              "062273391481632"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "6632276653290444906058804748999332745749669823710727938548067"
              "32105730575244"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "7956955597245727322388196907364651338722736293265717471854714"
              "933795446618648")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "4629112154443573812524865767509766474229627680718669692234033"
              "2893747842754587"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "1382018073647864517274646907518130460472997636481212754834152"
              "4461074783412926"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2182117532069761119716127783198449565821339724541975439265730"
              "7036488476373765"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "1480657789711823478649560642421937299757380050914907637095160"
              "4526939593458489")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "3650460179273129580093806058710273018999560093475503119057680"
              "216309578390988"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "4038522277183809910966223402024383158969022347879484720123501"
              "4486200724862134"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2073860155472592637359608260326591863616482364802647024342242"
              "3735982938342408"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2589829009001407627908663823720231357129286498769843710211505"
              "1403552551578909")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "4580222337074626812305915980640015229986777106112734563124478"
              "6118574025749328"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "5030698007577826221415569329113205255155996272343693623161130"
              "1042966928400825"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "9105861908793877437599087016640061747418296780065295891365798"
              "855886560153752"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "4817759141336740991564205616704875304173558384845661260769162"
              "0273026228709602")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "1179862127662496731572174899070930921635169609881316238205339"
              "6097866233042733"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "3480695221203853724450603161207484713320733042726578575780967"
              "3463434908473570"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "1055943127858844643815584008805554614508787229864100774292171"
              "8770142881700525"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2511742758961381498086249076485723904703122022711664665388729"
              "650078747694082")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "4237291895943219916267083464159933632643300696866941566248807"
              "0504036922966492"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2275575941953007131500701157207616698366094244763402770135168"
              "1157370705921018"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "8881354201366797207686592249590682298565723459695719800911380"
              "560885170725516"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "1972578515203525635957421135144616159290339301703148363580602"
              "5440159666669692")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "5218137124419318966955352195561461799071405672550164363657637"
              "7752669773323445"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "3033417208429487055687527430890468841415874145785490809430001"
              "7436690480001547"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "3554886191776286297101172047585517281669871267189379603060765"
              "8203859222685056"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2382882216691637666452353485703197976465487816440601629452194"
              "7902346141831375")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2379198455482403167219524952465858060142837602950188915905900"
              "9332107176394097"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "1983236062272339258402976480797132564113295351555780171764422"
              "6271356492507876"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "5370567718707734490084045178883836972105253285449736908577321"
              "570876055642415"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2407217709737451929206899311094570379803095868441385259326833"
              "1853573451397392")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "3334252083162030376405954844283469906964010905840054881858696"
              "4467754352720368"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "5828182614154296575131381170785760240834851189333374788484657"
              "124381010655319"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "3540284072573181656988640108154744212083667675516530226606304"
              "1488580350955250"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "7578125905794851322815150557558076805933581048787999755527104"
              "709377805399415")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "1679154825320774497457684551570546179413379910480899613461775"
              "4018912057476556"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2372979785349040156896773068661814685073512970715285325680905"
              "0789424668284094"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "4937014353275067908272266874772930373538608971092718049381682"
              "6667453179359307"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2709726671504794741698997103590978680421397934135515163753725"
              "6791808468088871")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "1108734341986082531182813333776723811055641659668774917442288"
              "8171911517001265"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2284870849759634702726712489036302900224144014399356117052111"
              "3640580467699956"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "4693566332326116438268886021984431719166421190663189571805363"
              "5696150320980742"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "2331541786816617436276726929665379440348135218238478791698253"
              "8955221505267261")},
-        {libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+        {anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "1193120777053847793780895503736324095679037485666623710640311"
              "1503668796872571"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "5113168267461511776657835825572247462248477114567026004323109"
              "6654077231782319"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "3145066828322356157207632231316010605356847674299189787722532"
              "4875903002249604"),
-         libff::bigint<libff::Fr<libff::bls12_381_pp>::num_limbs>(
+         anemoi_parameters<libff::bls12_381_pp>::BignumT(
              "3992048976997470157839669059665084976581072482124233796021092"
              "5107347402384997")}};
 

From 5ac46aa6ca18340c010c3652ba000c3c647b85f0 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Thu, 12 Jan 2023 11:53:12 +0000
Subject: [PATCH 096/112] anemoi: removed duplicate gadgets for the flystel
 Q-functions for prime and binary fields
 (https://github.com/clearmatics/libsnark/issues/77,
 https://github.com/clearmatics/libsnark/pull/65#discussion_r992421012,
 https://github.com/clearmatics/libsnark/pull/65#discussion_r992423162) -
 resolved conflicts after rebase onto anemoi-hash-r1cs

---
 libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc | 1 -
 1 file changed, 1 deletion(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
index e5fccc268..bead5d78c 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
@@ -90,7 +90,6 @@ void flystel_Q_prime_field_gadget<ppT>::generate_r1cs_witness()
 //
 // where A0=(0, beta, 0, 0), B0=(0, 1, 0, 0), C0=(0, 0, 1, 0) and
 // A1=(0, 0, 1, 0), B1=(0, 1, 0, 0), C1=(-gamma, 0, 0, 1)
-
 template<typename ppT>
 flystel_Q_binary_field_gadget<ppT>::flystel_Q_binary_field_gadget(
     protoboard<libff::Fr<ppT>> &pb,

From 3592255d03e037167d88d90b81724522f70281ee Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Mon, 16 Jan 2023 11:29:56 +0000
Subject: [PATCH 097/112] anemoi: implemented function for generating the mds
 matrix for different number of columns using class specialization
 (https://github.com/clearmatics/libsnark/pull/102#discussion_r1069518363)

---
 .../hashes/anemoi/anemoi_components.hpp       | 29 ++++++--
 .../hashes/anemoi/anemoi_components.tcc       | 67 ++++++++++---------
 .../anemoi/tests/test_anemoi_gadget.cpp       | 38 +++++++++++
 3 files changed, 96 insertions(+), 38 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
index d5dc85779..101814fe0 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
@@ -183,11 +183,6 @@ class flystel_prime_field_gadget : public gadget<libff::Fr<ppT>>
     void generate_r1cs_witness();
 };
 
-// get the MDS matrix from the number of columns 2,3 or 4
-template<typename FieldT, size_t NumStateColumns_L>
-std::array<std::array<FieldT, NumStateColumns_L>, NumStateColumns_L>
-anemoi_permutation_mds(const FieldT g);
-
 /// One round of the Anemoi permutation mapping (Fr)^{2L} -> (Fr)^{2L}
 ///
 /// NumStateColumns_L : L parameter - number of columns in the
@@ -241,6 +236,30 @@ class anemoi_permutation_round_prime_field_gadget
     void generate_r1cs_witness();
 };
 
+// MDS matrix for each allowed dimension: 2,3 or 4
+template<typename ppT, size_t NumStateColumns_L> class anemoi_permutation_mds;
+
+template<typename ppT> class anemoi_permutation_mds<ppT, 2>
+{
+public:
+    static std::array<std::array<libff::Fr<ppT>, 2>, 2> permutation_mds(
+        const libff::Fr<ppT> g);
+};
+
+template<typename ppT> class anemoi_permutation_mds<ppT, 3>
+{
+public:
+    static std::array<std::array<libff::Fr<ppT>, 3>, 3> permutation_mds(
+        const libff::Fr<ppT> g);
+};
+
+template<typename ppT> class anemoi_permutation_mds<ppT, 4>
+{
+public:
+    static std::array<std::array<libff::Fr<ppT>, 4>, 4> permutation_mds(
+        const libff::Fr<ppT> g);
+};
+
 } // namespace libsnark
 
 #include "libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc"
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
index bead5d78c..028006bbe 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
@@ -320,37 +320,6 @@ void flystel_prime_field_gadget<ppT, parameters>::generate_r1cs_witness()
     this->pb.lc_val(output_y1) = input_x1_value - this->pb.val(a1);
 }
 
-template<typename ppT, size_t NumStateColumns_L>
-std::vector<std::vector<libff::Fr<ppT>>> anemoi_permutation_mds(
-    const libff::Fr<ppT> g)
-{
-    static_assert(
-        (NumStateColumns_L == 1) || (NumStateColumns_L == 2) ||
-            (NumStateColumns_L == 3) || (NumStateColumns_L == 4),
-        "NumStateColumns_L must be 2,3 or 4");
-
-    const libff::Fr<ppT> g2 = g * g;
-
-    // allocate matrix M of dimension LxL
-    std::vector<std::vector<libff::Fr<ppT>>> M;
-    M.resize(NumStateColumns_L, std::vector<libff::Fr<ppT>>(NumStateColumns_L));
-
-    if (NumStateColumns_L == 2) {
-        M = {{1, g}, {g, g2 + 1}};
-    }
-    if (NumStateColumns_L == 3) {
-        M = {{g + 1, 1, g + 1}, {1, 1, g}, {g, 1, 1}};
-    }
-    if (NumStateColumns_L == 4) {
-        M = {
-            {1, g + 1, g, g},
-            {g2, g + g2, g + 1, g + g + 1},
-            {g2, g2, 1, g + 1},
-            {g + 1, g + g + 1, g, g + 1}};
-    }
-    return M;
-}
-
 // Fast matrix-vector multiplication algorithm for Anemoi MDS layer with \ell =
 // 1,2 for inputs of type "linear combination of FieldT elements"
 template<typename ppT>
@@ -532,11 +501,11 @@ anemoi_permutation_round_prime_field_gadget<
     }
 
     if (ncols > 1) {
-        M_matrix = anemoi_permutation_mds<ppT, ncols>(g);
+        M_matrix = anemoi_permutation_mds<ppT, ncols>::permutation_mds(g);
     } else { // ncols == 1
         // the MDS matrix for a state with 1 column (L=1) is the same as
         // for a state with 2 columns (L=2)
-        M_matrix = anemoi_permutation_mds<ppT, 2>(g);
+        M_matrix = anemoi_permutation_mds<ppT, 2>::permutation_mds(g);
     }
 
     // multiply by matrix M
@@ -613,6 +582,38 @@ void anemoi_permutation_round_prime_field_gadget<
     }
 }
 
+template<typename ppT>
+std::array<std::array<libff::Fr<ppT>, 2>, 2> anemoi_permutation_mds<ppT, 2>::
+    permutation_mds(const libff::Fr<ppT> g)
+{
+    using FieldT = libff::Fr<ppT>;
+    const FieldT g2 = g * g;
+    anemoi_mds_matrix_t M = {{{1, g}, {g, g2 + 1}}};
+    return M;
+}
+
+template<typename ppT>
+std::array<std::array<libff::Fr<ppT>, 3>, 3> anemoi_permutation_mds<ppT, 3>::
+    permutation_mds(const libff::Fr<ppT> g)
+{
+    anemoi_mds_matrix_t M = {{{g + 1, 1, g + 1}, {1, 1, g}, {g, 1, 1}}};
+    return M;
+}
+
+template<typename ppT>
+std::array<std::array<libff::Fr<ppT>, 4>, 4> anemoi_permutation_mds<ppT, 4>::
+    permutation_mds(const libff::Fr<ppT> g)
+{
+    using FieldT = libff::Fr<ppT>;
+    const FieldT g2 = g * g;
+    anemoi_mds_matrix_t M = {
+        {{1, g + 1, g, g},
+         {g2, g + g2, g + 1, g + g + 1},
+         {g2, g2, 1, g + 1},
+         {g + 1, g + g + 1, g, g + 1}}};
+    return M;
+}
+
 } // namespace libsnark
 
 #endif // LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_COMPONENTS_TCC_
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
index 58a4378e1..40abb3331 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
@@ -301,6 +301,43 @@ void test_anemoi_permutation_round_prime_field_gadget()
         "anemoi_permutation_round_prime_field_gadget tests successful");
 }
 
+template<typename ppT, class parameters = anemoi_parameters<libff::Fr<ppT>>>
+void test_anemoi_permutation_mds()
+{
+    // anemoi_permutation_mds<ppT, NumStateColumnsL>::permutation_mds()
+    using FieldT = libff::Fr<ppT>;
+    const FieldT g = anemoi_parameters<ppT>::multiplicative_generator_g;
+    // NumStateColumnsL == 2
+    {
+        const size_t NumStateColumnsL = 2;
+        std::array<std::array<FieldT, NumStateColumnsL>, NumStateColumnsL>
+            M_expect = {{{1, 7}, {7, 50}}};
+        std::array<std::array<FieldT, NumStateColumnsL>, NumStateColumnsL> M =
+            anemoi_permutation_mds<ppT, NumStateColumnsL>::permutation_mds(g);
+        ASSERT_EQ(M, M_expect);
+    }
+    // NumStateColumnsL == 3
+    {
+        const size_t NumStateColumnsL = 3;
+        std::array<std::array<FieldT, NumStateColumnsL>, NumStateColumnsL>
+            M_expect = {{{8, 1, 8}, {1, 1, 7}, {7, 1, 1}}};
+        std::array<std::array<FieldT, NumStateColumnsL>, NumStateColumnsL> M =
+            anemoi_permutation_mds<ppT, NumStateColumnsL>::permutation_mds(g);
+        ASSERT_EQ(M, M_expect);
+    }
+    // NumStateColumnsL == 4
+    {
+        const size_t NumStateColumnsL = 4;
+        std::array<std::array<FieldT, NumStateColumnsL>, NumStateColumnsL>
+            M_expect = {
+                {{1, 8, 7, 7}, {49, 56, 8, 15}, {49, 49, 1, 8}, {8, 15, 7, 8}}};
+        std::array<std::array<FieldT, NumStateColumnsL>, NumStateColumnsL> M =
+            anemoi_permutation_mds<ppT, NumStateColumnsL>::permutation_mds(g);
+        ASSERT_EQ(M, M_expect);
+    }
+    libff::print_time("anemoi_permutation_mds tests successful");
+}
+
 template<typename ppT> void test_for_curve()
 {
     // Execute all tests for the given curve.
@@ -319,6 +356,7 @@ template<typename ppT> void test_for_curve()
     test_anemoi_permutation_round_prime_field_gadget<ppT, 2, parameters>();
     test_anemoi_permutation_round_prime_field_gadget<ppT, 3, parameters>();
     test_anemoi_permutation_round_prime_field_gadget<ppT, 4, parameters>();
+    test_anemoi_permutation_mds<ppT, parameters>();
 }
 
 TEST(TestAnemoiGadget, BLS12_381) { test_for_curve<libff::bls12_381_pp>(); }

From c84efa46ddb84535236cd1480b1bc6ecfae469e0 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Tue, 17 Jan 2023 09:20:09 +0000
Subject: [PATCH 098/112] anemoi: added a TODO note regarding the removal of
 the input g parameter from all anemoi_permutation_mds::permutation_mds
 functions
 (https://github.com/clearmatics/libsnark/pull/102#discussion_r1071444422)

---
 .../gadgets/hashes/anemoi/anemoi_components.tcc    | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
index 028006bbe..fe70f97a5 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
@@ -582,6 +582,20 @@ void anemoi_permutation_round_prime_field_gadget<
     }
 }
 
+// TODO: consdier applying the following changes to all
+// anemoi_permutation_mds::permutation_mds functions in order to
+// remove the input g parameter:
+//
+// - extract the ppT part from the anemoi_parameters class
+//
+// - use the ppT part from the anemoi_parameters class to implicitly
+//   get the value of g as
+//   anemoi_parameters<ppT>::multiplicative_generator_g;
+//
+// - remove the input parameter const libff::Fr<ppT> g from all
+//   permutation_mds functions and extract g as above
+//
+// see: https://github.com/clearmatics/libsnark/pull/102#discussion_r1071444422
 template<typename ppT>
 std::array<std::array<libff::Fr<ppT>, 2>, 2> anemoi_permutation_mds<ppT, 2>::
     permutation_mds(const libff::Fr<ppT> g)

From 85bb95334f5d39bfe4e760b1fe98ce3abb5f24b7 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Tue, 17 Jan 2023 12:57:16 +0000
Subject: [PATCH 099/112] anemoi: defined the types of the mds matrices
 (https://github.com/clearmatics/libsnark/pull/102#discussion_r1071214317)

---
 .../gadgets/hashes/anemoi/anemoi_components.hpp   | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
index 101814fe0..ce9bf36b1 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
@@ -241,23 +241,26 @@ template<typename ppT, size_t NumStateColumns_L> class anemoi_permutation_mds;
 
 template<typename ppT> class anemoi_permutation_mds<ppT, 2>
 {
+    using anemoi_mds_matrix_t = std::array<std::array<libff::Fr<ppT>, 2>, 2>;
+
 public:
-    static std::array<std::array<libff::Fr<ppT>, 2>, 2> permutation_mds(
-        const libff::Fr<ppT> g);
+    static anemoi_mds_matrix_t permutation_mds(const libff::Fr<ppT> g);
 };
 
 template<typename ppT> class anemoi_permutation_mds<ppT, 3>
 {
+    using anemoi_mds_matrix_t = std::array<std::array<libff::Fr<ppT>, 3>, 3>;
+
 public:
-    static std::array<std::array<libff::Fr<ppT>, 3>, 3> permutation_mds(
-        const libff::Fr<ppT> g);
+    static anemoi_mds_matrix_t permutation_mds(const libff::Fr<ppT> g);
 };
 
 template<typename ppT> class anemoi_permutation_mds<ppT, 4>
 {
+    using anemoi_mds_matrix_t = std::array<std::array<libff::Fr<ppT>, 4>, 4>;
+
 public:
-    static std::array<std::array<libff::Fr<ppT>, 4>, 4> permutation_mds(
-        const libff::Fr<ppT> g);
+    static anemoi_mds_matrix_t permutation_mds(const libff::Fr<ppT> g);
 };
 
 } // namespace libsnark

From 2c62e4d8732fb8b8dfc740f13789fd609a831826 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Tue, 17 Jan 2023 22:22:30 +0000
Subject: [PATCH 100/112] anemoi: fixed compilation errors related to method
 anemoi_permutation_mds::permutation_mds after rebase onto anemoi-hash-r1cs

---
 .../hashes/anemoi/anemoi_components.tcc       | 57 +++++++++++++++++--
 .../anemoi/tests/test_anemoi_gadget.cpp       |  1 +
 2 files changed, 52 insertions(+), 6 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
index fe70f97a5..a317134cf 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
@@ -500,12 +500,57 @@ anemoi_permutation_round_prime_field_gadget<
         Z_right.push_back(X_right[i] + D[i]);
     }
 
-    if (ncols > 1) {
-        M_matrix = anemoi_permutation_mds<ppT, ncols>::permutation_mds(g);
-    } else { // ncols == 1
-        // the MDS matrix for a state with 1 column (L=1) is the same as
-        // for a state with 2 columns (L=2)
-        M_matrix = anemoi_permutation_mds<ppT, 2>::permutation_mds(g);
+    // Note 1: the sequence of if-s over ncols \in {1,2,3,4} that
+    // follows is due to the fact that the specialized class
+    // anemoi_permutation_mds<ppT, n> only accepts const size_t n =
+    // <value>, but it would not accept const size_t =
+    // NumStateColumns_L. TODO: fix using a more efficient approach.
+
+    // Note 2: the for-loop within each if(ncols == <value>), copies
+    // the 2d array returned by anemoi_permutation_mds<ppT,
+    // n>::permutation_mds(g) into a 2d vector which is the type of
+    // the class member M_matrix. TODO: fix this by either using a
+    // more efficient approach or changing the type of M_matrix to be
+    // of type 2d array.
+
+    // Note 3: for matrix-vector multiplication we currently provide
+    // fast routines for dimensions NumStateColumns_L \in {2,3,4} that
+    // only accept g and a vector as input (the
+    // anemoi_fast_multiply_mds_* functions). Therefore the class
+    // member M_matrix is not used at the moment. It is included for
+    // future use for 2 foreseeable scenarios: 1) an instance of
+    // Anemoi with NumStateColumns_L > 4 for which we do not have a
+    // fast multiplication routine and 2) keep the possibility to
+    // still use normal matrix-vector multiplication if one wants to
+
+    // the MDS matrix for a state with 1 column (L=1) is the same as
+    // for a state with 2 columns (L=2)
+    if ((ncols == 1) || (ncols == 2)) {
+        const size_t n = 2;
+        std::array<std::array<FieldT, n>, n> M =
+            anemoi_permutation_mds<ppT, n>::permutation_mds(g);
+        for (size_t i = 0; i < n; ++i) {
+            std::vector<FieldT> v(std::begin(M[i]), std::end(M[i]));
+            M_matrix.push_back(v);
+        }
+    }
+    if (ncols == 3) {
+        const size_t n = 3;
+        std::array<std::array<FieldT, n>, n> M =
+            anemoi_permutation_mds<ppT, n>::permutation_mds(g);
+        for (size_t i = 0; i < n; ++i) {
+            std::vector<FieldT> v(std::begin(M[i]), std::end(M[i]));
+            M_matrix.push_back(v);
+        }
+    }
+    if (ncols == 4) {
+        const size_t n = 4;
+        std::array<std::array<FieldT, n>, n> M =
+            anemoi_permutation_mds<ppT, n>::permutation_mds(g);
+        for (size_t i = 0; i < n; ++i) {
+            std::vector<FieldT> v(std::begin(M[i]), std::end(M[i]));
+            M_matrix.push_back(v);
+        }
     }
 
     // multiply by matrix M
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
index 40abb3331..5bae89888 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
@@ -8,6 +8,7 @@
 
 #include "libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/anemoi_outputs.hpp"
 
+#include <array>
 #include <gtest/gtest.h>
 #include <libff/algebra/curves/bls12_381/bls12_381_init.hpp>
 #include <libff/algebra/curves/bls12_381/bls12_381_pp.hpp>

From 8a771389ecaf69e9c2c8128b18c2c9d11ecf93d9 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Thu, 19 Jan 2023 00:47:32 +0000
Subject: [PATCH 101/112] anemoi: added support for generating anemoi
 parameters for all curves of interest, namely Mnt4, Mnt6, BW6_761, BN128,
 ALT_BN128, BLS12_377, BLS12_381
 (https://github.com/clearmatics/libsnark/issues/82)

---
 .../hashes/anemoi/anemoi_parameters.hpp       |   32 +-
 .../anemoi/anemoi_parameters_alt_bn128.tcc    | 1129 +++++++++++++
 .../anemoi/anemoi_parameters_bls12_377.tcc    | 1087 +++++++++++++
 ...rs.tcc => anemoi_parameters_bls12_381.tcc} | 1430 +++++++++--------
 .../hashes/anemoi/anemoi_parameters_bn128.tcc | 1129 +++++++++++++
 .../anemoi/anemoi_parameters_bw6_761.tcc      | 1129 +++++++++++++
 .../hashes/anemoi/anemoi_parameters_mnt4.tcc  | 1129 +++++++++++++
 .../hashes/anemoi/anemoi_parameters_mnt6.tcc  | 1087 +++++++++++++
 .../anemoi/tests/test_anemoi_gadget.cpp       |   68 +
 scripts/anemoi-hash/parameters.sage           |  375 ++++-
 10 files changed, 7847 insertions(+), 748 deletions(-)
 create mode 100644 libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_alt_bn128.tcc
 create mode 100644 libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_bls12_377.tcc
 rename libsnark/gadgetlib1/gadgets/hashes/anemoi/{anemoi_parameters.tcc => anemoi_parameters_bls12_381.tcc} (71%)
 create mode 100644 libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_bn128.tcc
 create mode 100644 libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_bw6_761.tcc
 create mode 100644 libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_mnt4.tcc
 create mode 100644 libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_mnt6.tcc

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.hpp
index e2b20c2da..5df3dea50 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.hpp
@@ -41,32 +41,14 @@ namespace libsnark
 /// with the following Sage script scripts/anemoi-hash/parameters.sage .
 template<typename ppT> class anemoi_parameters;
 
-template<> class anemoi_parameters<libff::bls12_381_pp>
-{
-public:
-    using ppT = libff::bls12_381_pp;
-    using FieldT = libff::Fr<ppT>;
-    using BignumT = libff::bigint<FieldT::num_limbs>;
-    static const bool b_prime_field = false;
-    static constexpr size_t multiplicative_generator_g = 7;
-    static constexpr size_t alpha = 5;
-    static constexpr size_t beta = multiplicative_generator_g;
-    static constexpr size_t gamma = 0;
-    static constexpr size_t quad_exponent = 2;
-    static const BignumT alpha_inv;
-    static const BignumT delta;
-    static const std::vector<std::vector<BignumT>> C_constants_col_one;
-    static const std::vector<std::vector<BignumT>> D_constants_col_one;
-    static const std::vector<std::vector<BignumT>> C_constants_col_two;
-    static const std::vector<std::vector<BignumT>> D_constants_col_two;
-    static const std::vector<std::vector<BignumT>> C_constants_col_three;
-    static const std::vector<std::vector<BignumT>> D_constants_col_three;
-    static const std::vector<std::vector<BignumT>> C_constants_col_four;
-    static const std::vector<std::vector<BignumT>> D_constants_col_four;
-};
-
 } // namespace libsnark
 
-#include "libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.tcc"
+#include "libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_alt_bn128.tcc"
+#include "libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_bls12_377.tcc"
+#include "libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_bls12_381.tcc"
+#include "libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_bn128.tcc"
+#include "libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_bw6_761.tcc"
+#include "libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_mnt4.tcc"
+#include "libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_mnt6.tcc"
 
 #endif // LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_PARAMETERS_HPP_
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_alt_bn128.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_alt_bn128.tcc
new file mode 100644
index 000000000..8c0b2dd52
--- /dev/null
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_alt_bn128.tcc
@@ -0,0 +1,1129 @@
+/** @file
+ *****************************************************************************
+ * @author     This file is part of libsnark, developed by Clearmatics Ltd
+ *             (originally developed by SCIPR Lab) and contributors
+ *             (see AUTHORS).
+ * @copyright  MIT license (see LICENSE file)
+ *****************************************************************************/
+
+#ifndef LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_PARAMETERS_ALT_BN128_TCC_
+#define LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_PARAMETERS_ALT_BN128_TCC_
+
+namespace libsnark
+{
+// This file was automatically generated with SAGE script parameters.sage on
+// 19/1/2023 at 0:22:43
+
+// Anemoi parameters for curve alt_bn128_pp
+template<> class anemoi_parameters<libff::alt_bn128_pp>
+{
+public:
+    using ppT = libff::alt_bn128_pp;
+    using FieldT = libff::Fr<ppT>;
+    using BignumT = libff::bigint<FieldT::num_limbs>;
+    static const bool b_prime_field = false;
+    static constexpr size_t multiplicative_generator_g = 5;
+    static constexpr size_t alpha = 5;
+    static constexpr size_t beta = multiplicative_generator_g;
+    static constexpr size_t gamma = 0;
+    static constexpr size_t quad_exponent = 2;
+    static const BignumT alpha_inv;
+    static const BignumT delta;
+    static const std::vector<std::vector<BignumT>> C_constants_col_one;
+    static const std::vector<std::vector<BignumT>> D_constants_col_one;
+    static const std::vector<std::vector<BignumT>> C_constants_col_two;
+    static const std::vector<std::vector<BignumT>> D_constants_col_two;
+    static const std::vector<std::vector<BignumT>> C_constants_col_three;
+    static const std::vector<std::vector<BignumT>> D_constants_col_three;
+    static const std::vector<std::vector<BignumT>> C_constants_col_four;
+    static const std::vector<std::vector<BignumT>> D_constants_col_four;
+};
+
+const anemoi_parameters<libff::alt_bn128_pp>::BignumT
+    anemoi_parameters<libff::alt_bn128_pp>::alpha_inv =
+        anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "175105942974714201777971245962058200708386915203328274749585633492"
+            "60646796493");
+
+const anemoi_parameters<libff::alt_bn128_pp>::BignumT
+    anemoi_parameters<libff::alt_bn128_pp>::delta =
+        anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "875529714873571008889856229810291003541934576016641373747928167463"
+            "0323398247");
+
+// C constants for L = 1 columns
+const std::vector<std::vector<anemoi_parameters<libff::alt_bn128_pp>::BignumT>>
+    anemoi_parameters<libff::alt_bn128_pp>::C_constants_col_one = {
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT("37")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "133522471254331701186019745212342416866992521328386357935842525093"
+            "52796067497")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "895986651897880366608366379853515454374221757045511759979961656237"
+            "9347639707")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "322283189678829931597904723203390074386969291728885758006084580175"
+            "3443388885")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "114379153910856961265424993257916874187647998003753596971732127554"
+            "36799377493")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "147258460764021860852421742669119811678707848416374187170422902112"
+            "88365715997")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "362589673844055717974598052694999979950465286369365515664074535818"
+            "8128872126")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "463291105983501380924034618222275689104775247665779333141206049632"
+            "645736639")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "174438529516212469803635650409587816322444000217389037295285917096"
+            "55537559937")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "107612142054880343447062162138051557454823798584241370603726334230"
+            "69634639664")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "155505941252016887887089491437176277143146266576401012919291237249"
+            "0340449901")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "798525854991959266276978189644749044062135434756997170059843776615"
+            "6081995625")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "957097695082392916162693466057593968340171089790334279992177598089"
+            "3943353035")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "179623665059317086823215423836460327629317747961500429225627071705"
+            "94807376009")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "123861365525387195443231566505081086186278366591796192254683195068"
+            "57645902649")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "211846361785785751237991895484642934316306807048152477777681475993"
+            "66857217074")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "302152945078705096458504053712432320356333682175866669016023327581"
+            "7988779052")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "700537457097857607884348227054848555148600638599071392635438174320"
+            "0520456088")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "387083476132946621781289362283477084027891237152135159147698763910"
+            "9753753261")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "126597426867310393653584763793872657072862825193201669413765573945"
+            "42672080082")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "129665621019313702600508479243181023453311112057994223963645121904"
+            "66354328905")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "149159405495375560837384698473349345156588436651143394207286087995"
+            "29210477580")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "170520959503770700323915831289114676698661716364314271464633737309"
+            "41409691721")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "113169241498862684893517974644404715170367343948626941724978600457"
+            "70087481757")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "186714982080400533335520493329471087461082974662842557417071948890"
+            "59427441793")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "196886380157420429089555318556922110672187441539826135090236715133"
+            "41198883882")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "138570642664788382200941724381592363446736224591011077358684743676"
+            "87189371801")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "244039899322356340780694486276235776012434572092500994566440898339"
+            "6504134916")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "133241711971446399672094981211998814983174870230276316471504608643"
+            "79926444057")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "875864252988028777449176478135663368921918736024786615903999382919"
+            "2589908256")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "182409349755550600734721361687117909786310274855293710551238380367"
+            "13070397333")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "105851912399721376657025838504406536749970612074109441501014834140"
+            "55170476180")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "802468651684407190026757171703268740453708973504113513075594214549"
+            "7198995357")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "128994789321104169569546179272558852071615937881903273388202258703"
+            "02087292799")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "158564711524860967116352247512383202359875852641890966263988105439"
+            "20721764835")}};
+// D constants for L = 1 columns
+const std::vector<std::vector<anemoi_parameters<libff::alt_bn128_pp>::BignumT>>
+    anemoi_parameters<libff::alt_bn128_pp>::D_constants_col_one = {
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "875529714873571008889856229810291003541934576016641373747928167463"
+            "0323398284")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "524047450590431685877505180009922228827082786340987398670169420334"
+            "5984265770")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "901267992595871756578711188518846453819494783999734144380734802322"
+            "1726055342")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "218558340358352875402862385258001623420515917996293605931771524651"
+            "13152235615")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "112272294709416486056228220524811872049807486411428474643270169010"
+            "91886692935")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "827782380815399278680302926916265135541839222962450161247385482215"
+            "4276610437")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "209046078848891406943340690641990054517411684193088591365550438941"
+            "34683701950")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "190274814693606857486961639273620820539115897341607952405596530682"
+            "9204527070")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "144525708154611389296547435353239083505927514483722022774646970562"
+            "25242868484")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "105481346619124797050050156777851004367769828565239544280678307200"
+            "54853946467")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "170687293077959989804621588581642497189006567796720005516189405543"
+            "42475266265")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "161997180370053789691780704851669509287253655163991969265326305569"
+            "82133691321")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "191485643791976151652129575041079101102460524426868570597680878965"
+            "11716255278")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "549714176331186052041128386877234107713761238928548000860141494945"
+            "7218086902")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "183790462728210419304268539131146638087508655630819988679547324612"
+            "33335541378")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "769600173014187585312775924142246424177235590315568417813183393748"
+            "3164915734")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "963844642109550260189938374814031216012862679737123536423540607519"
+            "656220143")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "124124346904689114613106987665769208052704453998242727919855982109"
+            "55534611003")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "697131895545910791566227311216163590362404703435456720221025329839"
+            "8705502050")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "107701726355403629646010208637941828948876968229231780381568134146"
+            "55618516349")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "437902025452972340970960507122083562527421851828714532010159950819"
+            "0949972444")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "384228597622701165020580626860964177606813399795476843454691362084"
+            "5302570473")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "203619950819321989936970610260417916881204855283623629311904811983"
+            "16153572469")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "740007489949548642112338666559954444607059492602975469526407660594"
+            "4267520475")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "171133221769346278226220672855734590834453108041012525312378880088"
+            "79213111333")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "199159976071949257524933084949575526831209037913467615083660497601"
+            "97996606478")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "174765861639222269303123230776243258137356952225457736410771163313"
+            "94692894818")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "216919530103811180826605481831028240607329143318031237844090873985"
+            "48019667683")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "873786804802672608688120251516667286098726063681326906824500372162"
+            "8276805916")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "707753230128231865622505183326594062583054942337025579449312917876"
+            "6712247684")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "104171757604642051928646298566545917641864416943416434088186006263"
+            "71373955263")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "865433232373948617191815676030622196911225320434472836474372684131"
+            "896107758")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "179604646894621396759399851468692710862123078816143097284387335293"
+            "62319582744")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "688015415602559216327391983917909997655894177760388260287756081810"
+            "318785564")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+            "201363930802729253701594519857753626327396850645796004833168362451"
+            "45883663639")}};
+// C constants for L = 2 columns
+const std::vector<std::vector<anemoi_parameters<libff::alt_bn128_pp>::BignumT>>
+    anemoi_parameters<libff::alt_bn128_pp>::C_constants_col_two = {
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT("37"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "37518285248030554714282278816186251745569477559883478811911591537"
+             "64975591158")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "13352247125433170118601974521234241686699252132838635793584252509"
+             "352796067497"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "21001839722121566863419881512791069124083822968210421491151340238"
+             "400176843969")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "89598665189788036660836637985351545437422175704551175997996165623"
+             "79347639707"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "21722442537234642741320951134727484119993387379465291657407115605"
+             "240150584902")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "32228318967882993159790472320339007438696929172888575800608458017"
+             "53443388885"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "55741100547476100587296323559485686047935463920909761474358792668"
+             "33412620404")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "11437915391085696126542499325791687418764799800375359697173212755"
+             "436799377493"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "19347108854758320361854968987183753113398822331033233961719129079"
+             "198795045322")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "14725846076402186085242174266911981167870784841637418717042290211"
+             "288365715997"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "17733032409684964025894538244134113560864261458948810209753406163"
+             "729963104066")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "36258967384405571797459805269499997995046528636936551566407453581"
+             "88128872126"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "16641102106808059030810525726117803887885616319153331237086309361"
+             "060282564245")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "46329110598350138092403461822227568910477524766577933314120604963"
+             "2645736639"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "92459707448042222152593692709914144419257478977182267340857510337"
+             "03871913242")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "17443852951621246980363565040958781632244400021738903729528591709"
+             "655537559937"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "18243401795478654990110719981452738859015913555820749188627866268"
+             "359980949315")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "10761214205488034344706216213805155745482379858424137060372633423"
+             "069634639664"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "18200337361605220875540054729693479452916227111908726624753615870"
+             "884702413869")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "15550594125201688788708949143717627714314626657640101291929123724"
+             "90340449901"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "52390652750031458431603218076965317759648583605555665891970082366"
+             "87533209496")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "79852585499195926627697818964474904406213543475699717005984377661"
+             "56081995625"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "93763510728664853005782517348446717640891606116683902001945701802"
+             "25759013543")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "95709769508239291616269346605759396834017108979033427999217759808"
+             "93943353035"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "64078809006621800432401045101146132369164377230654141580060547471"
+             "77494383655")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "17962366505931708682321542383646032762931774796150042922562707170"
+             "594807376009"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "62451306213828429256239375346839903756696312778714689069410326225"
+             "63934866013")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "12386136552538719544323156650508108618627836659179619225468319506"
+             "857645902649"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "34447093045801721058814385937316481058932492045175741825398697243"
+             "29579267981")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "21184636178578575123799189548464293431630680704815247777768147599"
+             "366857217074"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "21120619463230056889505288945077100826699610952997402273573989950"
+             "929674092590")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "30215294507870509645850405371243232035633368217586666901602332758"
+             "17988779052"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "11193039961054525697727412435670262589230611536691708715912482991"
+             "111674331248")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "70053745709785760788434822705484855514860063859907139263543817432"
+             "00520456088"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "16607583715622103674012251574269638453147883373329438054398692693"
+             "09242713791")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "38708347613294662178128936228347708402789123715213515914769876391"
+             "09753753261"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "10155964651132034354127895553216460094449713958001060059747595735"
+             "692765540145")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "12659742686731039365358476379387265707286282519320166941376557394"
+             "542672080082"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "16663018611661415361803446980742180412796388473568627037572541756"
+             "32028778043")}};
+// D constants for L = 2 columns
+const std::vector<std::vector<anemoi_parameters<libff::alt_bn128_pp>::BignumT>>
+    anemoi_parameters<libff::alt_bn128_pp>::D_constants_col_two = {
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "87552971487357100888985622981029100354193457601664137374792816746"
+             "30323398284"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "16133435893292874812888083849160666046321318009323051176910097996"
+             "974633748758")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "52404745059043168587750518000992222882708278634098739867016942033"
+             "45984265770"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "16516377322346822856154252461095180562000423191949949242508439100"
+             "972699801595")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "90126799259587175657871118851884645381949478399973414438073480232"
+             "21726055342"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "35133232921293906713392871455626498622427777417597707159563000480"
+             "86055264273")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "21855834035835287540286238525800162342051591799629360593177152465"
+             "113152235615"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "59451795417094323133517115738966859507721053671837343750936389121"
+             "96647730870")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "11227229470941648605622822052481187204980748641142847464327016901"
+             "091886692935"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "87449028252910687125017963805510864741143126455297694341438620685"
+             "7408624500")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "82778238081539927868030292691626513554183922296245016124738548221"
+             "54276610437"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "14911320361190879980016686915823914584756893340104182663424627943"
+             "175208757859")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "20904607884889140694334069064199005451741168419308859136555043894"
+             "134683701950"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "15657880601171476575713502187548665287918791967520790431542060879"
+             "010363657805")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "19027481469360685748696163927362082053911589734160795240559653068"
+             "29204527070"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "14311738005510898661766244714944477794557156116636816483240167459"
+             "479765463026")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "14452570815461138929654743535323908350592751448372202277464697056"
+             "225242868484"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "18878429879072656191963192145256996413709289475622337294803628783"
+             "509021017215")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "10548134661912479705005015677785100436776982856523954428067830720"
+             "054853946467"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "21613568037783775488400147863112554980555854603176833550688470336"
+             "449256480025")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "17068729307795998980462158858164249718900656779672000551618940554"
+             "342475266265"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "24908025181938099750664736756708744712307125672158122261644894005"
+             "43194289596")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "16199718037005378969178070485166950928725365516399196926532630556"
+             "982133691321"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "21217120779706380859547833993003263088538196273665904984368420139"
+             "631145468592")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "19148564379197615165212957504107910110246052442686857059768087896"
+             "511716255278"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "19611778548789975299387421023085714500105803761017217976092023831"
+             "374602045251")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "54971417633118605204112838687723410771376123892854800086014149494"
+             "57218086902"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "19294458970356379238521378434506704614768857764591229894917601756"
+             "581488831876")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "18379046272821041930426853913114663808750865563081998867954732461"
+             "233335541378"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "13063929244616603744546429525777334132361302601588243383265939847"
+             "284603666063")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "76960017301418758531277592414224642417723559031556841781318339374"
+             "83164915734"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "11258295234547466871395152307474402473186310644506128232177333457"
+             "625316550603")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "96384464210955026018993837481403121601286267973712353642354060751"
+             "9656220143"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "12761665372131134245893603942799101438025161887838455120415447491"
+             "392676531692")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "12412434690468911461310698766576920805270445399824272791985598210"
+             "955534611003"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "10694128710806655002429735322894529935444251844334792229310742905"
+             "643591628059")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "69713189554591079156622731121616359036240470343545672022102532983"
+             "98705502050"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "16882759065015785304538568711982455994139873114002565228720518563"
+             "561052048287")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "10770172635540362964601020863794182894887696822923178038156813414"
+             "655618516349"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "34030420297295743879841828519202660652260776441281633587771673643"
+             "24309973663")}};
+// C constants for L = 3 columns
+const std::vector<std::vector<anemoi_parameters<libff::alt_bn128_pp>::BignumT>>
+    anemoi_parameters<libff::alt_bn128_pp>::C_constants_col_three = {
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT("37"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "37518285248030554714282278816186251745569477559883478811911591537"
+             "64975591158"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "19495998695106454826151886603680333330563984042114142842576632199"
+             "72027283546")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "13352247125433170118601974521234241686699252132838635793584252509"
+             "352796067497"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "21001839722121566863419881512791069124083822968210421491151340238"
+             "400176843969"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "77779734333489937598234754212729869660776147889451933842847521571"
+             "97566919783")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "89598665189788036660836637985351545437422175704551175997996165623"
+             "79347639707"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "21722442537234642741320951134727484119993387379465291657407115605"
+             "240150584902"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "14978255763535453150583514941371658296885530039770722142017236155"
+             "522063862875")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "32228318967882993159790472320339007438696929172888575800608458017"
+             "53443388885"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "55741100547476100587296323559485686047935463920909761474358792668"
+             "33412620404"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "69236521807716355469318911364795945630546159647174659589287398018"
+             "40041650090")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "11437915391085696126542499325791687418764799800375359697173212755"
+             "436799377493"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "19347108854758320361854968987183753113398822331033233961719129079"
+             "198795045322"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "11678722465295853606385043319120728107430471738554216518209749383"
+             "951610070884")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "14725846076402186085242174266911981167870784841637418717042290211"
+             "288365715997"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "17733032409684964025894538244134113560864261458948810209753406163"
+             "729963104066"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "13922241985592995290253950498211017441065915694679478649621852463"
+             "687790678098")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "36258967384405571797459805269499997995046528636936551566407453581"
+             "88128872126"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "16641102106808059030810525726117803887885616319153331237086309361"
+             "060282564245"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "40177023745067223738992564293601922318456678245261754014738871183"
+             "2717193317")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "46329110598350138092403461822227568910477524766577933314120604963"
+             "2645736639"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "92459707448042222152593692709914144419257478977182267340857510337"
+             "03871913242"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "51792691377412519636576510829863370712877016324689985523548297236"
+             "75107591959")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "17443852951621246980363565040958781632244400021738903729528591709"
+             "655537559937"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "18243401795478654990110719981452738859015913555820749188627866268"
+             "359980949315"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "10684192457422730891811923419937385412089832793504426819231331969"
+             "125627448716")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "10761214205488034344706216213805155745482379858424137060372633423"
+             "069634639664"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "18200337361605220875540054729693479452916227111908726624753615870"
+             "884702413869"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "13591751711030312278826555518140666328583891165068799640705167493"
+             "071392966003")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "15550594125201688788708949143717627714314626657640101291929123724"
+             "90340449901"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "52390652750031458431603218076965317759648583605555665891970082366"
+             "87533209496"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "21610672344992293115659566645269250818983992757424125432658476791"
+             "677893331401")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "79852585499195926627697818964474904406213543475699717005984377661"
+             "56081995625"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "93763510728664853005782517348446717640891606116683902001945701802"
+             "25759013543"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "83948269278190741743373843857868413578242516048721514936133005859"
+             "71253069332")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "95709769508239291616269346605759396834017108979033427999217759808"
+             "93943353035"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "64078809006621800432401045101146132369164377230654141580060547471"
+             "77494383655"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "14812198405440551949199155207723029908881410859672612031838414683"
+             "706971532245")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "17962366505931708682321542383646032762931774796150042922562707170"
+             "594807376009"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "62451306213828429256239375346839903756696312778714689069410326225"
+             "63934866013"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "18547203735216812291438330766359279874108437679117792035816944333"
+             "520794809079")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "12386136552538719544323156650508108618627836659179619225468319506"
+             "857645902649"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "34447093045801721058814385937316481058932492045175741825398697243"
+             "29579267981"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "12383129949518321593533180451426644423702561315013334141724247691"
+             "584047659329")}};
+// D constants for L = 3 columns
+const std::vector<std::vector<anemoi_parameters<libff::alt_bn128_pp>::BignumT>>
+    anemoi_parameters<libff::alt_bn128_pp>::D_constants_col_three = {
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "87552971487357100888985622981029100354193457601664137374792816746"
+             "30323398284"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "16133435893292874812888083849160666046321318009323051176910097996"
+             "974633748758"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "11515618990709373787379985173053774331925623019658433031330089380"
+             "733125663964")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "52404745059043168587750518000992222882708278634098739867016942033"
+             "45984265770"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "16516377322346822856154252461095180562000423191949949242508439100"
+             "972699801595"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "47692278628315871586278691472079853109906937479703658699533833732"
+             "1530100227")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "90126799259587175657871118851884645381949478399973414438073480232"
+             "21726055342"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "35133232921293906713392871455626498622427777417597707159563000480"
+             "86055264273"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "15841791142978385266153197242607799254788139164593550995618112102"
+             "495217260681")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "21855834035835287540286238525800162342051591799629360593177152465"
+             "113152235615"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "59451795417094323133517115738966859507721053671837343750936389121"
+             "96647730870"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "44791334204423667648589108995714120361380293019225396379399867647"
+             "54716983374")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "11227229470941648605622822052481187204980748641142847464327016901"
+             "091886692935"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "87449028252910687125017963805510864741143126455297694341438620685"
+             "7408624500"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "12278758517614824301331600260393058857096299434602309294956698015"
+             "737472368497")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "82778238081539927868030292691626513554183922296245016124738548221"
+             "54276610437"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "14911320361190879980016686915823914584756893340104182663424627943"
+             "175208757859"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "82849416898078202076810397150445185920634019379471665546465615606"
+             "84476554709")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "20904607884889140694334069064199005451741168419308859136555043894"
+             "134683701950"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "15657880601171476575713502187548665287918791967520790431542060879"
+             "010363657805"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "18491203356362273967844248394767855838870961193348426529654831733"
+             "910047005312")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "19027481469360685748696163927362082053911589734160795240559653068"
+             "29204527070"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "14311738005510898661766244714944477794557156116636816483240167459"
+             "479765463026"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "74294481511568373734694670720831005510239642134999037528627334670"
+             "02441364561")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "14452570815461138929654743535323908350592751448372202277464697056"
+             "225242868484"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "18878429879072656191963192145256996413709289475622337294803628783"
+             "509021017215"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "85036322937256410569693361288853430938880630754183303767605818018"
+             "26107739434")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "10548134661912479705005015677785100436776982856523954428067830720"
+             "054853946467"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "21613568037783775488400147863112554980555854603176833550688470336"
+             "449256480025"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "14189394139917775854991589196703441983328373018449222017993509276"
+             "187387254977")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "17068729307795998980462158858164249718900656779672000551618940554"
+             "342475266265"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "24908025181938099750664736756708744712307125672158122261644894005"
+             "43194289596"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "16046821340891866210870659058387293641354701326196686520979445273"
+             "084994634319")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "16199718037005378969178070485166950928725365516399196926532630556"
+             "982133691321"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "21217120779706380859547833993003263088538196273665904984368420139"
+             "631145468592"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "17420008387367878696611907189089132809378141628981981729140637862"
+             "928079747199")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "19148564379197615165212957504107910110246052442686857059768087896"
+             "511716255278"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "19611778548789975299387421023085714500105803761017217976092023831"
+             "374602045251"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "33122649344379809464050065205805562106272668593206969575796668988"
+             "79710921042")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "54971417633118605204112838687723410771376123892854800086014149494"
+             "57218086902"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "19294458970356379238521378434506704614768857764591229894917601756"
+             "581488831876"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "68927009650599823453943064660684191517641541275338341314487965985"
+             "13980502143")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "18379046272821041930426853913114663808750865563081998867954732461"
+             "233335541378"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "13063929244616603744546429525777334132361302601588243383265939847"
+             "284603666063"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "19186761642263662195503111928616030577275469074196318793803805132"
+             "090512280229")}};
+// C constants for L = 4 columns
+const std::vector<std::vector<anemoi_parameters<libff::alt_bn128_pp>::BignumT>>
+    anemoi_parameters<libff::alt_bn128_pp>::C_constants_col_four = {
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT("37"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "37518285248030554714282278816186251745569477559883478811911591537"
+             "64975591158"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "19495998695106454826151886603680333330563984042114142842576632199"
+             "72027283546"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "15418714136223760726336850467094720601517297152372747941595383567"
+             "153544466510")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "13352247125433170118601974521234241686699252132838635793584252509"
+             "352796067497"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "21001839722121566863419881512791069124083822968210421491151340238"
+             "400176843969"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "77779734333489937598234754212729869660776147889451933842847521571"
+             "97566919783"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "75108683031252723543834821290549899654377000016965690613783872867"
+             "87540912966")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "89598665189788036660836637985351545437422175704551175997996165623"
+             "79347639707"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "21722442537234642741320951134727484119993387379465291657407115605"
+             "240150584902"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "14978255763535453150583514941371658296885530039770722142017236155"
+             "522063862875"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "24862719481092635783269415757750166228524464176767778626287196100"
+             "12816205134")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "32228318967882993159790472320339007438696929172888575800608458017"
+             "53443388885"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "55741100547476100587296323559485686047935463920909761474358792668"
+             "33412620404"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "69236521807716355469318911364795945630546159647174659589287398018"
+             "40041650090"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "17165098443539374195961763629412427208317340468839803881902169270"
+             "575466592477")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "11437915391085696126542499325791687418764799800375359697173212755"
+             "436799377493"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "19347108854758320361854968987183753113398822331033233961719129079"
+             "198795045322"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "11678722465295853606385043319120728107430471738554216518209749383"
+             "951610070884"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "29863429295377497379683320363806468836825521434169988248931657823"
+             "0867010994")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "14725846076402186085242174266911981167870784841637418717042290211"
+             "288365715997"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "17733032409684964025894538244134113560864261458948810209753406163"
+             "729963104066"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "13922241985592995290253950498211017441065915694679478649621852463"
+             "687790678098"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "27153326074286912809853844081581258343647323383190727441281159351"
+             "92202839051")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "36258967384405571797459805269499997995046528636936551566407453581"
+             "88128872126"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "16641102106808059030810525726117803887885616319153331237086309361"
+             "060282564245"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "40177023745067223738992564293601922318456678245261754014738871183"
+             "2717193317"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "37452837974203056462921385964149831060067379240126633032035707827"
+             "5802016761")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "46329110598350138092403461822227568910477524766577933314120604963"
+             "2645736639"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "92459707448042222152593692709914144419257478977182267340857510337"
+             "03871913242"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "51792691377412519636576510829863370712877016324689985523548297236"
+             "75107591959"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "19095727768515297673050373763484467089496400227788592149888060564"
+             "100975126966")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "17443852951621246980363565040958781632244400021738903729528591709"
+             "655537559937"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "18243401795478654990110719981452738859015913555820749188627866268"
+             "359980949315"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "10684192457422730891811923419937385412089832793504426819231331969"
+             "125627448716"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "17470332954208716118252250751112311282399887258695813542803649629"
+             "307353902995")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "10761214205488034344706216213805155745482379858424137060372633423"
+             "069634639664"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "18200337361605220875540054729693479452916227111908726624753615870"
+             "884702413869"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "13591751711030312278826555518140666328583891165068799640705167493"
+             "071392966003"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "39246321217301098238253561609170491980291942777037550803377931146"
+             "38247487729")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "15550594125201688788708949143717627714314626657640101291929123724"
+             "90340449901"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "52390652750031458431603218076965317759648583605555665891970082366"
+             "87533209496"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "21610672344992293115659566645269250818983992757424125432658476791"
+             "677893331401"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "52045107776223873111727115423561646741857972851267698477008738512"
+             "79200448102")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "79852585499195926627697818964474904406213543475699717005984377661"
+             "56081995625"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "93763510728664853005782517348446717640891606116683902001945701802"
+             "25759013543"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "83948269278190741743373843857868413578242516048721514936133005859"
+             "71253069332"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "91728983447926150865441306506207750785005574975092552991841256687"
+             "63225281568")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "95709769508239291616269346605759396834017108979033427999217759808"
+             "93943353035"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "64078809006621800432401045101146132369164377230654141580060547471"
+             "77494383655"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "14812198405440551949199155207723029908881410859672612031838414683"
+             "706971532245"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "66274625599283103528310413754870292083397080230960342298213531167"
+             "39549556320")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "17962366505931708682321542383646032762931774796150042922562707170"
+             "594807376009"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "62451306213828429256239375346839903756696312778714689069410326225"
+             "63934866013"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "18547203735216812291438330766359279874108437679117792035816944333"
+             "520794809079"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "15322049991821601511703767216352735781370782841721856365749224541"
+             "728577048832")}};
+// D constants for L = 4 columns
+const std::vector<std::vector<anemoi_parameters<libff::alt_bn128_pp>::BignumT>>
+    anemoi_parameters<libff::alt_bn128_pp>::D_constants_col_four = {
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "87552971487357100888985622981029100354193457601664137374792816746"
+             "30323398284"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "16133435893292874812888083849160666046321318009323051176910097996"
+             "974633748758"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "11515618990709373787379985173053774331925623019658433031330089380"
+             "733125663964"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "31406354132811219280316211894277337255205008437642288339014718221"
+             "05691965090")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "52404745059043168587750518000992222882708278634098739867016942033"
+             "45984265770"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "16516377322346822856154252461095180562000423191949949242508439100"
+             "972699801595"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "47692278628315871586278691472079853109906937479703658699533833732"
+             "1530100227"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "25396268375734542959917357740734874414149806390890875302083974767"
+             "8361707189")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "90126799259587175657871118851884645381949478399973414438073480232"
+             "21726055342"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "35133232921293906713392871455626498622427777417597707159563000480"
+             "86055264273"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "15841791142978385266153197242607799254788139164593550995618112102"
+             "495217260681"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "33939523552501038130730038319157047944373990188601032051614618377"
+             "52827216719")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "21855834035835287540286238525800162342051591799629360593177152465"
+             "113152235615"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "59451795417094323133517115738966859507721053671837343750936389121"
+             "96647730870"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "44791334204423667648589108995714120361380293019225396379399867647"
+             "54716983374"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "14764724710908013533065163347408791895083097282405374049845282514"
+             "256999539540")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "11227229470941648605622822052481187204980748641142847464327016901"
+             "091886692935"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "87449028252910687125017963805510864741143126455297694341438620685"
+             "7408624500"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "12278758517614824301331600260393058857096299434602309294956698015"
+             "737472368497"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "94281537297065378791977009981494265171642638675028914816813149078"
+             "3586922386")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "82778238081539927868030292691626513554183922296245016124738548221"
+             "54276610437"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "14911320361190879980016686915823914584756893340104182663424627943"
+             "175208757859"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "82849416898078202076810397150445185920634019379471665546465615606"
+             "84476554709"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "19010420211180699539835259325153449287592926458363291481782895499"
+             "531554825058")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "20904607884889140694334069064199005451741168419308859136555043894"
+             "134683701950"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "15657880601171476575713502187548665287918791967520790431542060879"
+             "010363657805"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "18491203356362273967844248394767855838870961193348426529654831733"
+             "910047005312"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "18508106526351540414259916566377882139969411679657571808759666381"
+             "119989442535")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "19027481469360685748696163927362082053911589734160795240559653068"
+             "29204527070"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "14311738005510898661766244714944477794557156116636816483240167459"
+             "479765463026"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "74294481511568373734694670720831005510239642134999037528627334670"
+             "02441364561"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "21390051809628791202038569707485777782915006285179993839327830588"
+             "195166513347")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "14452570815461138929654743535323908350592751448372202277464697056"
+             "225242868484"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "18878429879072656191963192145256996413709289475622337294803628783"
+             "509021017215"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "85036322937256410569693361288853430938880630754183303767605818018"
+             "26107739434"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "15333917818209534402586043414964816177880461016970213589264765742"
+             "774691807492")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "10548134661912479705005015677785100436776982856523954428067830720"
+             "054853946467"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "21613568037783775488400147863112554980555854603176833550688470336"
+             "449256480025"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "14189394139917775854991589196703441983328373018449222017993509276"
+             "187387254977"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "45664195783154815191667697943843720664560196074446739465580011785"
+             "21099390482")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "17068729307795998980462158858164249718900656779672000551618940554"
+             "342475266265"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "24908025181938099750664736756708744712307125672158122261644894005"
+             "43194289596"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "16046821340891866210870659058387293641354701326196686520979445273"
+             "084994634319"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "21573047673059143747806589655636029798787213730675861768651912800"
+             "028967860416")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "16199718037005378969178070485166950928725365516399196926532630556"
+             "982133691321"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "21217120779706380859547833993003263088538196273665904984368420139"
+             "631145468592"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "17420008387367878696611907189089132809378141628981981729140637862"
+             "928079747199"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "18242224832039327727995033408827613743736790997979582023643329226"
+             "486909573214")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "19148564379197615165212957504107910110246052442686857059768087896"
+             "511716255278"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "19611778548789975299387421023085714500105803761017217976092023831"
+             "374602045251"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "33122649344379809464050065205805562106272668593206969575796668988"
+             "79710921042"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "17059916988462922691459678388506377812316271899520649988192675799"
+             "254955054513")},
+        {anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "54971417633118605204112838687723410771376123892854800086014149494"
+             "57218086902"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "19294458970356379238521378434506704614768857764591229894917601756"
+             "581488831876"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "68927009650599823453943064660684191517641541275338341314487965985"
+             "13980502143"),
+         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
+             "37116922493626796848361228709664222727088427664983949503129430874"
+             "88620355675")}};
+
+} // namespace libsnark
+
+#endif // LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_PARAMETERS_ALT_BN128_TCC_
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_bls12_377.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_bls12_377.tcc
new file mode 100644
index 000000000..31517433e
--- /dev/null
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_bls12_377.tcc
@@ -0,0 +1,1087 @@
+/** @file
+ *****************************************************************************
+ * @author     This file is part of libsnark, developed by Clearmatics Ltd
+ *             (originally developed by SCIPR Lab) and contributors
+ *             (see AUTHORS).
+ * @copyright  MIT license (see LICENSE file)
+ *****************************************************************************/
+
+#ifndef LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_PARAMETERS_BLS12_377_TCC_
+#define LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_PARAMETERS_BLS12_377_TCC_
+
+namespace libsnark
+{
+// This file was automatically generated with SAGE script parameters.sage on
+// 19/1/2023 at 0:0:31
+
+// Anemoi parameters for curve bls12_377_pp
+template<> class anemoi_parameters<libff::bls12_377_pp>
+{
+public:
+    using ppT = libff::bls12_377_pp;
+    using FieldT = libff::Fr<ppT>;
+    using BignumT = libff::bigint<FieldT::num_limbs>;
+    static const bool b_prime_field = false;
+    static constexpr size_t multiplicative_generator_g = 22;
+    static constexpr size_t alpha = 11;
+    static constexpr size_t beta = multiplicative_generator_g;
+    static constexpr size_t gamma = 0;
+    static constexpr size_t quad_exponent = 2;
+    static const BignumT alpha_inv;
+    static const BignumT delta;
+    static const std::vector<std::vector<BignumT>> C_constants_col_one;
+    static const std::vector<std::vector<BignumT>> D_constants_col_one;
+    static const std::vector<std::vector<BignumT>> C_constants_col_two;
+    static const std::vector<std::vector<BignumT>> D_constants_col_two;
+    static const std::vector<std::vector<BignumT>> C_constants_col_three;
+    static const std::vector<std::vector<BignumT>> D_constants_col_three;
+    static const std::vector<std::vector<BignumT>> C_constants_col_four;
+    static const std::vector<std::vector<BignumT>> D_constants_col_four;
+};
+
+const anemoi_parameters<libff::bls12_377_pp>::BignumT
+    anemoi_parameters<libff::bls12_377_pp>::alpha_inv =
+        anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "690910506771412125620358404082126534385300854694423404103791828211"
+            "4243922851");
+
+const anemoi_parameters<libff::bls12_377_pp>::BignumT
+    anemoi_parameters<libff::bls12_377_pp>::delta =
+        anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "115151751128568687603393067347021089064216809115737234017298638035"
+            "2373987142");
+
+// C constants for L = 1 columns
+const std::vector<std::vector<anemoi_parameters<libff::bls12_377_pp>::BignumT>>
+    anemoi_parameters<libff::bls12_377_pp>::C_constants_col_one = {
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT("2070")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "597969653372949171584613497704051958888364124666915524002260027363"
+            "5977461488")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "495513847329877925653068137864262536848696586186157780263769757231"
+            "090358152")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "718665968842229050988422384532319116070775873089050953287751132238"
+            "7936946287")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "763813988821108105329101640071379430447939695635674659360951586792"
+            "6942792019")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "391238606299770697349707638676770413277642137380206184348915770733"
+            "4482631282")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "840364025787641266872471011203601739592912570853717076694672626184"
+            "9158045401")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "714431125614403929384551049388985589402561761240241390234929962113"
+            "3042227503")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "718251421591324969816431646958176440966874754783643062488058820171"
+            "5113987729")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "206464776591326180900354907219495953130650846293930235071018775950"
+            "6947310764")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "111183025332265528227764465005592178084971703574957302280846328821"
+            "5659079865")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "624906270490530570123511649912590003021731705567433201623948724288"
+            "933968767")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "398256319811591460607320272179628033668245802465746868039165173476"
+            "9311832159")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "349691025571765651247840237198899415638051142278869356440794597628"
+            "890048482")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "389413716770564847610251819107208682756755789543409286664833279540"
+            "4757566648")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "710462075479364124961195622345742310679670190650745856694089254146"
+            "4609582842")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "754519231906283168674854672694814938437811805357110357874640604377"
+            "8552460811")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "596840233592129986885502689599153177781902225321209477765442491217"
+            "9517385284")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "358725663679043063854453993937541723991844408775782343175203159661"
+            "6888049584")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "677604678916891596104301383344405325812474258684990180494540247152"
+            "8428168585")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "439413185582072164500528921854978146091960921053094534159261305430"
+            "6133887755")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "481898495054700060981371015307999115113705889495903109931868950815"
+            "422598520")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "422633707023085339968950330198442153558337373141577163121147935240"
+            "740593486")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "264951786190148639829447905036478820421031178887948846969614433003"
+            "0516166592")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "170118719370046536928550202211083152079825483534260747236810362744"
+            "9235447359")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "231219898490992750297292346982654735596281105757142642734866424006"
+            "153284161")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "103164748625343189127165327936366185619855904204291594508623056365"
+            "805108477")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "732976375960727762493641656143024817576185122234820943763165591407"
+            "4871154542")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "856461745755419273295397959796295512662788864153149025460687598432"
+            "761251891")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "679704565294212913414705524993658601374205445188499895369823407920"
+            "6803520887")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "379340428529400116641541832316455494306197523695335111963325882070"
+            "4951361797")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "703397881248177940295723260662467040971950708378593439400485806056"
+            "9604111534")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "633838112796269701826518138795071812993694082161194687654965900499"
+            "7856310804")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "788727512959453000007439164502872510818716517071143131683077745058"
+            "120927912")}};
+// D constants for L = 1 columns
+const std::vector<std::vector<anemoi_parameters<libff::bls12_377_pp>::BignumT>>
+    anemoi_parameters<libff::bls12_377_pp>::D_constants_col_one = {
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "115151751128568687603393067347021089064216809115737234017298638035"
+            "2373989212")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "589475411868585603095964012052402920040264370382742406279401736723"
+            "7226537944")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "205137281738069451862795601170246678149627303378140352724850479411"
+            "874715355")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "321100752606192613989655746716529148727226343855520796630805141382"
+            "6597186499")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "205276183057475951961859962238052795878743909479094728198649305574"
+            "8567910940")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "778018052167577074591656347752400523375495805290012636100648783095"
+            "3262607603")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "688552532264547279228022485700715886206591826189237423490678681118"
+            "6864058859")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "667918990130720143933072778636380235175657057171759121662668203966"
+            "0892306985")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "737412467968536755922270572169634747940548185064973555158177427891"
+            "6389181543")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "888565831499378002236996715015152417877077701214338379094561542164"
+            "224914641")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "376417838224406224236641083604357831428055874276900109260239155410"
+            "304474867")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "108561487579740778688511069193363776434125059002278018210230185977"
+            "6553957245")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "590402324586481679135080560600438472257122875880940372234684967311"
+            "7100551222")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "303256797372087153106331534480985085804887731697239383357599255585"
+            "0417265933")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "541944090307372691229475273881433971851612633069122680383530475834"
+            "2179379174")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "546149521914071058870502687280469666261923432913983595416624422388"
+            "1817939946")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "622428922534020268636134262304726454860185758967754405300955227279"
+            "9104547472")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "315988573692878014049569724811194838369408020620639466339359968629"
+            "6956790946")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "733738736331646966137748450578865023956347487812105217315820873413"
+            "106313909")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "718968712617342285675733520382965835492909764720758218468139030776"
+            "9693997342")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "585697125850392431246781390889849836469570046239069229952264859497"
+            "1954379780")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "387117101145139795032666389825549133503764550689862809813735826080"
+            "8827667094")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "644725094278459709278529900503030407246135891969522053472545302994"
+            "8289787868")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "509991313502189392696966534605115228145045737027256193032258594543"
+            "2778367917")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "832970013260716058428513106095133436279239337305359494078574626222"
+            "7249833125")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "393762551855294709614378471373779510395691375970413383478851958971"
+            "5544157861")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "210617108382267149955180078134060905816397133966672211852836496018"
+            "0083914445")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "751747329758281345790139451904864533361524650398731753835944646214"
+            "1489524435")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "235174377800376544684913554397651223860314237190179022071208519528"
+            "9495586831")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "300488607587885589277385762429188909447230878198017724816581466687"
+            "5519552565")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "394856930496092513057998355921246500894797739302221029752370944748"
+            "5871125465")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "782918665678504483642376016357897631137193095269965650976607534937"
+            "5474576801")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "100212616065940187439544719848757583761592373322233206677651322975"
+            "1636222470")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+            "735845662724096127839342962585881244314287875511844698687346431759"
+            "6911677295")}};
+// C constants for L = 2 columns
+const std::vector<std::vector<anemoi_parameters<libff::bls12_377_pp>::BignumT>>
+    anemoi_parameters<libff::bls12_377_pp>::C_constants_col_two = {
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT("2070"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "66125294878928725569516029280464773242926330161114895950031770945"
+             "93756717991")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "59796965337294917158461349770405195888836412466691552400226002736"
+             "35977461488"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "57613109120372373241868294222868042838793381271628020149873900288"
+             "54161914237")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "49551384732987792565306813786426253684869658618615778026376975723"
+             "1090358152"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "60214030476925155108254381480534989424934585647973224205089269940"
+             "79461811249")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "71866596884222905098842238453231911607077587308905095328775113223"
+             "87936946287"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "45830805754714341131576111996180493850474605018287615626706612543"
+             "01947376186")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "76381398882110810532910164007137943044793969563567465936095158679"
+             "26942792019"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "24652035383299122364216707972854987659437470534902322859119974525"
+             "96551025952")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "39123860629977069734970763867677041327764213738020618434891577073"
+             "34482631282"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "95006325851350432133435760835366560635389749718866303104945204441"
+             "7633771297")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "84036402578764126687247101120360173959291257085371707669467262618"
+             "49158045401"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "77129460768299750718384083454784624671895996542720512015815642018"
+             "23258275759")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "71443112561440392938455104938898558940256176124024139023492996211"
+             "33042227503"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "77545587088529782708125324555261524270887761205343865983798317415"
+             "4717589901")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "71825142159132496981643164695817644096687475478364306248805882017"
+             "15113987729"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "80477377704923123482582594317596800221241547705000567431201061917"
+             "45794885874")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "20646477659132618090035490721949595313065084629393023507101877595"
+             "06947310764"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "57246621944702767319874141159748900865349029222940763464768952468"
+             "087134856")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "11118302533226552822776446500559217808497170357495730228084632882"
+             "15659079865"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "26529998020060437524486924789924644036135234348020305707807329624"
+             "10963917664")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "62490627049053057012351164991259000302173170556743320162394872428"
+             "8933968767"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "62249463154377812075451732069811959906624314609428055354547304231"
+             "69875938872")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "39825631981159146060732027217962803366824580246574686803916517347"
+             "69311832159"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "46585796413145418187077684573867606640544704698952019823760461794"
+             "10528230397")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "34969102557176565124784023719889941563805114227886935644079459762"
+             "8890048482"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "79171599416347882280342911421587892683142747355629477267861486775"
+             "26719652274")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "38941371677056484761025181910720868275675578954340928666483327954"
+             "04757566648"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "61228041319458448800403583058268455573160672813373438468884673798"
+             "6313980608")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "71046207547936412496119562234574231067967019065074585669408925414"
+             "64609582842"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "22879757032298766815368613595401249894019744398131396869208768464"
+             "42932166804")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "75451923190628316867485467269481493843781180535711035787464060437"
+             "78552460811"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "35187410170739652292321180143959364184162009963763793920074820906"
+             "82571997435")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "59684023359212998688550268959915317778190222532120947776544249121"
+             "79517385284"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "53788959098576595684849731704098443261283576210094618352644433657"
+             "71087370788")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "35872566367904306385445399393754172399184440877578234317520315966"
+             "16888049584"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "23898228537615808359061556467614760744868213172795890113664770891"
+             "76095497830")}};
+// D constants for L = 2 columns
+const std::vector<std::vector<anemoi_parameters<libff::bls12_377_pp>::BignumT>>
+    anemoi_parameters<libff::bls12_377_pp>::D_constants_col_two = {
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "11515175112856868760339306734702108906421680911573723401729863803"
+             "52373989212"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "83134078435887616363413970042006861930815827283586615970849049953"
+             "07720127958")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "58947541186858560309596401205240292004026437038274240627940173672"
+             "37226537944"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "62257293414038038426561979684543118735451222054108704996675486428"
+             "17000413518")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "20513728173806945186279560117024667814962730337814035272485047941"
+             "1874715355"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "62803873265109092403910290140434810619411709030791046548787492366"
+             "21835591277")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "32110075260619261398965574671652914872722634385552079663080514138"
+             "26597186499"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "11567892575212719465258082241441476897587468305832596580099428661"
+             "02197039223")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "20527618305747595196185996223805279587874390947909472819864930557"
+             "48567910940"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "58736480745321633303539423604177769297744701481682964641329496166"
+             "97174806739")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "77801805216757707459165634775240052337549580529001263610064878309"
+             "53262607603"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "53672185616017702971097081017939646854792157973765272104755236883"
+             "98003170443")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "68855253226454727922802248570071588620659182618923742349067868111"
+             "86864058859"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "67441919860092373987497864931336019114731738287170543314503662715"
+             "22553712042")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "66791899013072014393307277863638023517565705717175912166266820396"
+             "60892306985"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "85969536045866217592233394071055967858661219245841563602410711304"
+             "4157092208")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "73741246796853675592227057216963474794054818506497355515817742789"
+             "16389181543"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "34424732924626198842368714777671453863177135924909750379480033339"
+             "1250263472")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "88856583149937800223699671501515241787707770121433837909456154216"
+             "4224914641"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "78749872813693915881580101254454862969585992237418402816931177114"
+             "04363400599")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "37641783822440622423664108360435783142805587427690010926023915541"
+             "0304474867"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "24669482313179968977635523152248984323386438944191573191412503499"
+             "67198735491")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "10856148757974077868851106919336377643412505900227801821023018597"
+             "76553957245"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "72350157651548606276626356516862417301287319664879521778418250790"
+             "19085350175")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "59040232458648167913508056060043847225712287588094037223468496731"
+             "17100551222"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "71294005334736462073412347442788630280900228251369366862399856381"
+             "19906372285")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "30325679737208715310633153448098508580488773169723938335759925558"
+             "50417265933"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "27049359847657258869568047136721921574959831961922080378948547001"
+             "92427053509")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "54194409030737269122947527388143397185161263306912268038353047583"
+             "42179379174"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "26869449929728651275521337810089354248269567844806679837845602212"
+             "85325215959")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "54614952191407105887050268728046966626192343291398359541662442238"
+             "81817939946"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "11942110119871482239857954115713965233712884835353167360549700492"
+             "21729946733")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "62242892253402026863613426230472645486018575896775440530095522727"
+             "99104547472"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "27471987677615384322007773131790495607867221535726195281793698400"
+             "64713506921")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "31598857369287801404956972481119483836940802062063946633935996862"
+             "96956790946"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "31197401552753420434815069252142589101501971950935613829123596602"
+             "50116199275")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "73373873633164696613774845057886502395634748781210521731582087341"
+             "3106313909"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "85665797712999366855227560648921836671506338423670458839007886333"
+             "903184980")}};
+// C constants for L = 3 columns
+const std::vector<std::vector<anemoi_parameters<libff::bls12_377_pp>::BignumT>>
+    anemoi_parameters<libff::bls12_377_pp>::C_constants_col_three = {
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT("2070"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "66125294878928725569516029280464773242926330161114895950031770945"
+             "93756717991"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "29776014611928397416787927326379753087424550128686952511572204756"
+             "93136622749")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "59796965337294917158461349770405195888836412466691552400226002736"
+             "35977461488"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "57613109120372373241868294222868042838793381271628020149873900288"
+             "54161914237"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "39826068801429556425269963160110696082551013841407563955028975179"
+             "93377575372")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "49551384732987792565306813786426253684869658618615778026376975723"
+             "1090358152"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "60214030476925155108254381480534989424934585647973224205089269940"
+             "79461811249"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "70957002022630175260039033855943875187671417637411791579311578809"
+             "25579369764")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "71866596884222905098842238453231911607077587308905095328775113223"
+             "87936946287"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "45830805754714341131576111996180493850474605018287615626706612543"
+             "01947376186"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "78108110771252842449895175235092006268461545168866422552562718184"
+             "4321157723")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "76381398882110810532910164007137943044793969563567465936095158679"
+             "26942792019"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "24652035383299122364216707972854987659437470534902322859119974525"
+             "96551025952"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "78893454980477716624645321763005811097859403824167955641595698213"
+             "94954385461")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "39123860629977069734970763867677041327764213738020618434891577073"
+             "34482631282"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "95006325851350432133435760835366560635389749718866303104945204441"
+             "7633771297"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "61618164358819051049608699391144699976507477170183412318710626669"
+             "64736098215")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "84036402578764126687247101120360173959291257085371707669467262618"
+             "49158045401"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "77129460768299750718384083454784624671895996542720512015815642018"
+             "23258275759"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "57206918526558979172266258539405437308004250319496393498852427857"
+             "85978120226")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "71443112561440392938455104938898558940256176124024139023492996211"
+             "33042227503"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "77545587088529782708125324555261524270887761205343865983798317415"
+             "4717589901"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "70426618587176860661171889631224272731264443156782286064449361822"
+             "85670714470")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "71825142159132496981643164695817644096687475478364306248805882017"
+             "15113987729"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "80477377704923123482582594317596800221241547705000567431201061917"
+             "45794885874"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "58684663427995653795919314239495653207112098377179184260175898698"
+             "48437184927")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "20646477659132618090035490721949595313065084629393023507101877595"
+             "06947310764"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "57246621944702767319874141159748900865349029222940763464768952468"
+             "087134856"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "81803755136579499071512331644696732750069349816714502170008400347"
+             "53970480900")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "11118302533226552822776446500559217808497170357495730228084632882"
+             "15659079865"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "26529998020060437524486924789924644036135234348020305707807329624"
+             "10963917664"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "18106245393887786373750369027684418288673223697011413955788669713"
+             "71145781807")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "62490627049053057012351164991259000302173170556743320162394872428"
+             "8933968767"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "62249463154377812075451732069811959906624314609428055354547304231"
+             "69875938872"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "11776944427404922785080709333131649507153393238952792796229105241"
+             "84123237274")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "39825631981159146060732027217962803366824580246574686803916517347"
+             "69311832159"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "46585796413145418187077684573867606640544704698952019823760461794"
+             "10528230397"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "41432696978226914567681642328313843153174741149409769883943941832"
+             "56349812840")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "34969102557176565124784023719889941563805114227886935644079459762"
+             "8890048482"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "79171599416347882280342911421587892683142747355629477267861486775"
+             "26719652274"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "62120093132517240278735034514815703733511723353933736670683342643"
+             "39218551618")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "38941371677056484761025181910720868275675578954340928666483327954"
+             "04757566648"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "61228041319458448800403583058268455573160672813373438468884673798"
+             "6313980608"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "31624845516653916076832322711666216425876919308100283717171261119"
+             "64528397983")}};
+// D constants for L = 3 columns
+const std::vector<std::vector<anemoi_parameters<libff::bls12_377_pp>::BignumT>>
+    anemoi_parameters<libff::bls12_377_pp>::D_constants_col_three = {
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "11515175112856868760339306734702108906421680911573723401729863803"
+             "52373989212"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "83134078435887616363413970042006861930815827283586615970849049953"
+             "07720127958"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "44235068322158569843462278588429563962322915053115793597456180361"
+             "26839452884")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "58947541186858560309596401205240292004026437038274240627940173672"
+             "37226537944"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "62257293414038038426561979684543118735451222054108704996675486428"
+             "17000413518"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "41920523248366503242740059122293494166217722425845369866897257916"
+             "75955494821")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "20513728173806945186279560117024667814962730337814035272485047941"
+             "1874715355"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "62803873265109092403910290140434810619411709030791046548787492366"
+             "21835591277"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "70997114964085394188471353016351418569157408822186734988076497831"
+             "87692569960")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "32110075260619261398965574671652914872722634385552079663080514138"
+             "26597186499"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "11567892575212719465258082241441476897587468305832596580099428661"
+             "02197039223"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "55442785545178648453936147657093371174726878957929382553068119092"
+             "81719479969")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "20527618305747595196185996223805279587874390947909472819864930557"
+             "48567910940"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "58736480745321633303539423604177769297744701481682964641329496166"
+             "97174806739"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "25983553001487804954256198507020849609416509221365080209519581892"
+             "97908347375")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "77801805216757707459165634775240052337549580529001263610064878309"
+             "53262607603"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "53672185616017702971097081017939646854792157973765272104755236883"
+             "98003170443"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "18795370048689288197650365438239947641010534622478536898685705147"
+             "47435678488")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "68855253226454727922802248570071588620659182618923742349067868111"
+             "86864058859"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "67441919860092373987497864931336019114731738287170543314503662715"
+             "22553712042"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "44969647771622884074156450516464553937848859865903545862607145152"
+             "05012976677")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "66791899013072014393307277863638023517565705717175912166266820396"
+             "60892306985"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "85969536045866217592233394071055967858661219245841563602410711304"
+             "4157092208"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "68719283636181785782359107083311439277050656762789176891377297808"
+             "94849636945")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "73741246796853675592227057216963474794054818506497355515817742789"
+             "16389181543"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "34424732924626198842368714777671453863177135924909750379480033339"
+             "1250263472"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "63544646663090136072838251287989185872956125418167351211341871271"
+             "31041221734")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "88856583149937800223699671501515241787707770121433837909456154216"
+             "4224914641"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "78749872813693915881580101254454862969585992237418402816931177114"
+             "04363400599"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "72986814389813964670181852600246363584251726212319980138006249974"
+             "92576927770")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "37641783822440622423664108360435783142805587427690010926023915541"
+             "0304474867"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "24669482313179968977635523152248984323386438944191573191412503499"
+             "67198735491"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "13695999840278599459675377890516480762933296095139802504460540186"
+             "47120019802")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "10856148757974077868851106919336377643412505900227801821023018597"
+             "76553957245"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "72350157651548606276626356516862417301287319664879521778418250790"
+             "19085350175"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "19327909077846998619031744280689829088825266096361380285166748397"
+             "53072068745")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "59040232458648167913508056060043847225712287588094037223468496731"
+             "17100551222"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "71294005334736462073412347442788630280900228251369366862399856381"
+             "19906372285"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "63591176053089240086792715697742588980539132503784237987650033016"
+             "85467374896")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "30325679737208715310633153448098508580488773169723938335759925558"
+             "50417265933"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "27049359847657258869568047136721921574959831961922080378948547001"
+             "92427053509"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "74481237170978985007365807304574548123376757621834608468370994672"
+             "4665373021")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "54194409030737269122947527388143397185161263306912268038353047583"
+             "42179379174"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "26869449929728651275521337810089354248269567844806679837845602212"
+             "85325215959"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "49821761467708004105089712716436447303839287673526740773195092549"
+             "83279053502")}};
+// C constants for L = 4 columns
+const std::vector<std::vector<anemoi_parameters<libff::bls12_377_pp>::BignumT>>
+    anemoi_parameters<libff::bls12_377_pp>::C_constants_col_four = {
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT("2070"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "66125294878928725569516029280464773242926330161114895950031770945"
+             "93756717991"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "29776014611928397416787927326379753087424550128686952511572204756"
+             "93136622749"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "65558665437851220632320267028776803091591559325223076881320529842"
+             "49769995408")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "59796965337294917158461349770405195888836412466691552400226002736"
+             "35977461488"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "57613109120372373241868294222868042838793381271628020149873900288"
+             "54161914237"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "39826068801429556425269963160110696082551013841407563955028975179"
+             "93377575372"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "22477332645415896976403137530634812999586829650209139140491183390"
+             "18689924465")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "49551384732987792565306813786426253684869658618615778026376975723"
+             "1090358152"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "60214030476925155108254381480534989424934585647973224205089269940"
+             "79461811249"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "70957002022630175260039033855943875187671417637411791579311578809"
+             "25579369764"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "55855401641606039338267269658734229020906421342386709455714697916"
+             "95731996384")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "71866596884222905098842238453231911607077587308905095328775113223"
+             "87936946287"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "45830805754714341131576111996180493850474605018287615626706612543"
+             "01947376186"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "78108110771252842449895175235092006268461545168866422552562718184"
+             "4321157723"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "83588570907351614368901128453406081771479095999129380368985339665"
+             "54391208251")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "76381398882110810532910164007137943044793969563567465936095158679"
+             "26942792019"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "24652035383299122364216707972854987659437470534902322859119974525"
+             "96551025952"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "78893454980477716624645321763005811097859403824167955641595698213"
+             "94954385461"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "49218811685105112923876553268455637301174451644874282027873816975"
+             "46559498077")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "39123860629977069734970763867677041327764213738020618434891577073"
+             "34482631282"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "95006325851350432133435760835366560635389749718866303104945204441"
+             "7633771297"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "61618164358819051049608699391144699976507477170183412318710626669"
+             "64736098215"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "58332820508534617502005263627877224488871189515404481988883942869"
+             "07184857390")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "84036402578764126687247101120360173959291257085371707669467262618"
+             "49158045401"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "77129460768299750718384083454784624671895996542720512015815642018"
+             "23258275759"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "57206918526558979172266258539405437308004250319496393498852427857"
+             "85978120226"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "41693206240333495602319715742812450362543051849202558411890204408"
+             "35414008426")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "71443112561440392938455104938898558940256176124024139023492996211"
+             "33042227503"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "77545587088529782708125324555261524270887761205343865983798317415"
+             "4717589901"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "70426618587176860661171889631224272731264443156782286064449361822"
+             "85670714470"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "82431275583540140630373903513788963529402019449387430510900445858"
+             "75881353555")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "71825142159132496981643164695817644096687475478364306248805882017"
+             "15113987729"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "80477377704923123482582594317596800221241547705000567431201061917"
+             "45794885874"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "58684663427995653795919314239495653207112098377179184260175898698"
+             "48437184927"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "25337466572307994981692719039141908685197412677074534243766959755"
+             "72125696257")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "20646477659132618090035490721949595313065084629393023507101877595"
+             "06947310764"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "57246621944702767319874141159748900865349029222940763464768952468"
+             "087134856"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "81803755136579499071512331644696732750069349816714502170008400347"
+             "53970480900"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "22853759305475541389093707896529059602282665027422486843006452866"
+             "78220498163")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "11118302533226552822776446500559217808497170357495730228084632882"
+             "15659079865"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "26529998020060437524486924789924644036135234348020305707807329624"
+             "10963917664"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "18106245393887786373750369027684418288673223697011413955788669713"
+             "71145781807"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "48363058619621527455665777775944382767157453200870986245803692310"
+             "37170330277")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "62490627049053057012351164991259000302173170556743320162394872428"
+             "8933968767"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "62249463154377812075451732069811959906624314609428055354547304231"
+             "69875938872"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "11776944427404922785080709333131649507153393238952792796229105241"
+             "84123237274"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "58749155201791892023831501980554481049165441943977417550855477051"
+             "41835861206")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "39825631981159146060732027217962803366824580246574686803916517347"
+             "69311832159"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "46585796413145418187077684573867606640544704698952019823760461794"
+             "10528230397"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "41432696978226914567681642328313843153174741149409769883943941832"
+             "56349812840"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "25388682624012085482613964909656893532016936164491578523084565863"
+             "35798642569")}};
+// D constants for L = 4 columns
+const std::vector<std::vector<anemoi_parameters<libff::bls12_377_pp>::BignumT>>
+    anemoi_parameters<libff::bls12_377_pp>::D_constants_col_four = {
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "11515175112856868760339306734702108906421680911573723401729863803"
+             "52373989212"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "83134078435887616363413970042006861930815827283586615970849049953"
+             "07720127958"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "44235068322158569843462278588429563962322915053115793597456180361"
+             "26839452884"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "53856858721144067642828180299794076220083775657607132242215719543"
+             "6412617156")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "58947541186858560309596401205240292004026437038274240627940173672"
+             "37226537944"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "62257293414038038426561979684543118735451222054108704996675486428"
+             "17000413518"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "41920523248366503242740059122293494166217722425845369866897257916"
+             "75955494821"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "34384371310669561741649682619785870052530984902296378588728867193"
+             "71616874568")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "20513728173806945186279560117024667814962730337814035272485047941"
+             "1874715355"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "62803873265109092403910290140434810619411709030791046548787492366"
+             "21835591277"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "70997114964085394188471353016351418569157408822186734988076497831"
+             "87692569960"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "65708098801377976214476037946110031371669859194811086400849018006"
+             "28194227234")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "32110075260619261398965574671652914872722634385552079663080514138"
+             "26597186499"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "11567892575212719465258082241441476897587468305832596580099428661"
+             "02197039223"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "55442785545178648453936147657093371174726878957929382553068119092"
+             "81719479969"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "56588512099437992283135958326143045974878273756280915923814253447"
+             "44729322110")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "20527618305747595196185996223805279587874390947909472819864930557"
+             "48567910940"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "58736480745321633303539423604177769297744701481682964641329496166"
+             "97174806739"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "25983553001487804954256198507020849609416509221365080209519581892"
+             "97908347375"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "61214939244319192012638791394389347820090037097208401321671017211"
+             "9862490645")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "77801805216757707459165634775240052337549580529001263610064878309"
+             "53262607603"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "53672185616017702971097081017939646854792157973765272104755236883"
+             "98003170443"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "18795370048689288197650365438239947641010534622478536898685705147"
+             "47435678488"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "25322610416721572597823378801940731122651693635349040105228422413"
+             "60233468317")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "68855253226454727922802248570071588620659182618923742349067868111"
+             "86864058859"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "67441919860092373987497864931336019114731738287170543314503662715"
+             "22553712042"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "44969647771622884074156450516464553937848859865903545862607145152"
+             "05012976677"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "39268519703714118451986356846839825961665108063259144312014322769"
+             "24797895531")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "66791899013072014393307277863638023517565705717175912166266820396"
+             "60892306985"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "85969536045866217592233394071055967858661219245841563602410711304"
+             "4157092208"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "68719283636181785782359107083311439277050656762789176891377297808"
+             "94849636945"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "60919073565780794568493207050289237307066863715031165948454483523"
+             "8000067643")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "73741246796853675592227057216963474794054818506497355515817742789"
+             "16389181543"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "34424732924626198842368714777671453863177135924909750379480033339"
+             "1250263472"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "63544646663090136072838251287989185872956125418167351211341871271"
+             "31041221734"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "40010034025719195206388105214603700320318886385712134731302333395"
+             "25078763718")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "88856583149937800223699671501515241787707770121433837909456154216"
+             "4224914641"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "78749872813693915881580101254454862969585992237418402816931177114"
+             "04363400599"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "72986814389813964670181852600246363584251726212319980138006249974"
+             "92576927770"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "23849402777026724935539677979046949405742488090677398347373703560"
+             "87175975687")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "37641783822440622423664108360435783142805587427690010926023915541"
+             "0304474867"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "24669482313179968977635523152248984323386438944191573191412503499"
+             "67198735491"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "13695999840278599459675377890516480762933296095139802504460540186"
+             "47120019802"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "53765397284329058489367235765744704210694972266648808330844963849"
+             "83493598926")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "10856148757974077868851106919336377643412505900227801821023018597"
+             "76553957245"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "72350157651548606276626356516862417301287319664879521778418250790"
+             "19085350175"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "19327909077846998619031744280689829088825266096361380285166748397"
+             "53072068745"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "76112704070550685805558986055080919600114761469035438576162521273"
+             "81133723331")},
+        {anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "59040232458648167913508056060043847225712287588094037223468496731"
+             "17100551222"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "71294005334736462073412347442788630280900228251369366862399856381"
+             "19906372285"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "63591176053089240086792715697742588980539132503784237987650033016"
+             "85467374896"),
+         anemoi_parameters<libff::bls12_377_pp>::BignumT(
+             "57359745917191128949501487406053898328658774186515480163160058114"
+             "35265235279")}};
+
+} // namespace libsnark
+
+#endif // LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_PARAMETERS_BLS12_377_TCC_
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_bls12_381.tcc
similarity index 71%
rename from libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.tcc
rename to libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_bls12_381.tcc
index 25e2a073e..44030fab7 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_bls12_381.tcc
@@ -6,11 +6,40 @@
  * @copyright  MIT license (see LICENSE file)
  *****************************************************************************/
 
-#ifndef LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_PARAMETERS_TCC_
-#define LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_PARAMETERS_TCC_
+#ifndef LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_PARAMETERS_BLS12_381_TCC_
+#define LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_PARAMETERS_BLS12_381_TCC_
 
 namespace libsnark
 {
+
+// This file was automatically generated with SAGE script parameters.sage on
+// 18/1/2023 at 23:25:58
+
+// Anemoi parameters for curve bls12_381_pp
+template<> class anemoi_parameters<libff::bls12_381_pp>
+{
+public:
+    using ppT = libff::bls12_381_pp;
+    using FieldT = libff::Fr<ppT>;
+    using BignumT = libff::bigint<FieldT::num_limbs>;
+    static const bool b_prime_field = false;
+    static constexpr size_t multiplicative_generator_g = 7;
+    static constexpr size_t alpha = 5;
+    static constexpr size_t beta = multiplicative_generator_g;
+    static constexpr size_t gamma = 0;
+    static constexpr size_t quad_exponent = 2;
+    static const BignumT alpha_inv;
+    static const BignumT delta;
+    static const std::vector<std::vector<BignumT>> C_constants_col_one;
+    static const std::vector<std::vector<BignumT>> D_constants_col_one;
+    static const std::vector<std::vector<BignumT>> C_constants_col_two;
+    static const std::vector<std::vector<BignumT>> D_constants_col_two;
+    static const std::vector<std::vector<BignumT>> C_constants_col_three;
+    static const std::vector<std::vector<BignumT>> D_constants_col_three;
+    static const std::vector<std::vector<BignumT>> C_constants_col_four;
+    static const std::vector<std::vector<BignumT>> D_constants_col_four;
+};
+
 const anemoi_parameters<libff::bls12_381_pp>::BignumT
     anemoi_parameters<libff::bls12_381_pp>::alpha_inv =
         anemoi_parameters<libff::bls12_381_pp>::BignumT(
@@ -23,1082 +52,1079 @@ const anemoi_parameters<libff::bls12_381_pp>::BignumT
             "149816786214646258512707830023388473821973007144364679493153310571"
             "25308909861");
 
-// Automatically generated with SAGE script
-// libsnark/scripts/anemoi-hash/parameters.sage
-
 // C constants for L = 1 columns
 const std::vector<std::vector<anemoi_parameters<libff::bls12_381_pp>::BignumT>>
     anemoi_parameters<libff::bls12_381_pp>::C_constants_col_one = {
         {anemoi_parameters<libff::bls12_381_pp>::BignumT("39")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "4136247828276806229718713244577531267536047388383486069528323"
-            "5286481594490621")},
+            "413624782827680622971871324457753126753604738838348606952832352864"
+            "81594490621")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "9548818195234740988996233204400874453525674173109474205108603"
-            "996010297049928")},
+            "954881819523474098899623320440087445352567417310947420510860399601"
+            "0297049928")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "2536544056917782266758010518343541807399588823086818094200449"
-            "7015015045856900")},
+            "253654405691778226675801051834354180739958882308681809420044970150"
+            "15045856900")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "3402349839739340664411799416798672032717815468610526483309389"
-            "1093045919619309")},
+            "340234983973934066441179941679867203271781546861052648330938910930"
+            "45919619309")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "3881605131971976188604185811312920550675842147865618286873732"
-            "6994635468402951")},
+            "388160513197197618860418581131292055067584214786561828687373269946"
+            "35468402951")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "3516741808753182080412837709551266392217988727766950404706991"
-            "3414630376083753")},
+            "351674180875318208041283770955126639221798872776695040470699134146"
+            "30376083753")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "2588586883975646972232565238753523247821982185060364082738544"
-            "4642154834700231")},
+            "258858688397564697223256523875352324782198218506036408273854446421"
+            "54834700231")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "8867588811641202981080659274007552529205713737251862066053445"
-            "622305818871963")},
+            "886758881164120298108065927400755252920571373725186206605344562230"
+            "5818871963")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "3643975601014013755611104775016254418571088140452237979204481"
-            "8039722752946048")},
+            "364397560101401375561110477501625441857108814045223797920448180397"
+            "22752946048")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "7788624504122357216765350546787885309160020166693449889975992"
-            "574536033007374")},
+            "778862450412235721676535054678788530916002016669344988997599257453"
+            "6033007374")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "3134147137704626983201116226440762775442116005053282329971088"
-            "789984415999550")},
+            "313414713770462698320111622644076277544211600505328232997108878998"
+            "4415999550")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "5025228738074182481899573330436124901628204797822159190657316"
-            "5442023106203143")},
+            "502522873807418248189957333043612490162820479782215919065731654420"
+            "23106203143")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "4843469897871227801240970620555957716357245274483313436119568"
-            "7109159129985373")},
+            "484346989787122780124097062055595771635724527448331343611956871091"
+            "59129985373")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "3296051061753018615951241363382138629795564259824166104417888"
-            "9571655571939473")},
+            "329605106175301861595124136338213862979556425982416610441788895716"
+            "55571939473")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "1285089785916676109442233567110628047038142757169574460526571"
-            "3866647560628356")},
+            "128508978591667610944223356711062804703814275716957446052657138666"
+            "47560628356")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "1457803687263429879838204858779420461358312857353555715694378"
-            "3762854124345644")},
+            "145780368726342987983820485877942046135831285735355571569437837628"
+            "54124345644")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "2158810984205890191669054871064952338804964374501369689670490"
-            "3154857389904594")},
+            "215881098420589019166905487106495233880496437450136968967049031548"
+            "57389904594")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "3573163868652051642475284665444297320318929588354107275939088"
-            "2351699754104989")},
+            "357316386865205164247528466544429732031892958835410727593908823516"
+            "99754104989")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "3414183000323318077215384522743323345660314330653092001157925"
-            "9084215824391544")},
+            "341418300032331807721538452274332334566031433065309200115792590842"
+            "15824391544")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "3027254367085063588211659622825600546081751717380872113913651"
-            "5002908946750291")},
+            "302725436708506358821165962282560054608175171738087211391365150029"
+            "08946750291")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "3768363593281961326941587782686189985071564454422848472941929"
-            "5166414535174481")},
+            "376836359328196132694158778268618998507156445442284847294192951664"
+            "14535174481")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "1777552726180288598698664564022278799535229596422979763053260"
-            "0737667449540308")},
+            "177755272618028859869866456402227879953522959642297976305326007376"
+            "67449540308")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "2242053268912895380223639524924488654049383393056681989283375"
-            "4476317231258312")},
+            "224205326891289538022363952492448865404938339305668198928337544763"
+            "17231258312")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "1781750799655131171855013870231705422861993743819467234562380"
-            "8375428004673958")},
+            "178175079965513117185501387023170542286199374381946723456238083754"
+            "28004673958")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "5907960848989041605787426770777938946362788429322103525767702"
-            "134624204537201")},
+            "590796084898904160578742677077793894636278842932210352576770213462"
+            "4204537201")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "4575754523223150487951206450300989993499364301619443762154491"
-            "7886299650707409")},
+            "457575452322315048795120645030098999349936430161944376215449178862"
+            "99650707409")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "3351575904326362029667391785894850052331758424449294788024166"
-            "7732620512600816")},
+            "335157590432636202966739178589485005233175842444929478802416677326"
+            "20512600816")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "3782107092146657371942244937487594436519655609351402452159268"
-            "7983958120860990")},
+            "378210709214665737194224493748759443651965560935140245215926879839"
+            "58120860990")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "7929930502054589212738745246913303052577853923752241654515807"
-            "520533378749565")},
+            "792993050205458921273874524691330305257785392375224165451580752053"
+            "3378749565")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "7293738197873102537561743233253745300908719293335917846485104"
-            "247108708549476")},
+            "729373819787310253756174323325374530090871929333591784648510424710"
+            "8708549476")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "1320851183292961399782794581181760945052577753132072039202869"
-            "7949327330418879")},
+            "132085118329296139978279458118176094505257775313207203920286979493"
+            "27330418879")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "4760106840554597709420686703443933029626857913397893274380442"
-            "4355927206954636")},
+            "476010684055459770942068670344393302962685791339789327438044243559"
+            "27206954636")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "4063384519496145387643566765262483674009891714999763813130147"
-            "7678515012057005")},
+            "406338451949614538764356676526248367400989171499976381313014776785"
+            "15012057005")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "3733195933994398794113838907482980087883672168816874177181593"
-            "7326790200186032")}};
+            "373319593399439879411383890748298008788367216881687417718159373267"
+            "90200186032")}};
 // D constants for L = 1 columns
 const std::vector<std::vector<anemoi_parameters<libff::bls12_381_pp>::BignumT>>
     anemoi_parameters<libff::bls12_381_pp>::D_constants_col_one = {
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "1498167862146462585127078300233884738219730071443646794931533"
-            "1057125308909900")},
+            "149816786214646258512707830023388473821973007144364679493153310571"
+            "25308909900")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "2825342020978542842023345600809163250925565234363452998440081"
-            "6700490470131093")},
+            "282534202097854284202334560080916325092556523436345299844008167004"
+            "90470131093")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "5151193940708334400277820848767859013557766024707560088083591"
-            "6725469990319313")},
+            "515119394070833440027782084876785901355776602470756008808359167254"
+            "69990319313")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "4629112154443573812524865767509766474229627680718669692234033"
-            "2893747842754587")},
+            "462911215444357381252486576750976647422962768071866969223403328937"
+            "47842754587")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "3650460179273129580093806058710273018999560093475503119057680"
-            "216309578390988")},
+            "365046017927312958009380605871027301899956009347550311905768021630"
+            "9578390988")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "4580222337074626812305915980640015229986777106112734563124478"
-            "6118574025749328")},
+            "458022233707462681230591598064001522998677710611273456312447861185"
+            "74025749328")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "1179862127662496731572174899070930921635169609881316238205339"
-            "6097866233042733")},
+            "117986212766249673157217489907093092163516960988131623820533960978"
+            "66233042733")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "4237291895943219916267083464159933632643300696866941566248807"
-            "0504036922966492")},
+            "423729189594321991626708346415993363264330069686694156624880705040"
+            "36922966492")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "5218137124419318966955352195561461799071405672550164363657637"
-            "7752669773323445")},
+            "521813712441931896695535219556146179907140567255016436365763777526"
+            "69773323445")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "2379198455482403167219524952465858060142837602950188915905900"
-            "9332107176394097")},
+            "237919845548240316721952495246585806014283760295018891590590093321"
+            "07176394097")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "3334252083162030376405954844283469906964010905840054881858696"
-            "4467754352720368")},
+            "333425208316203037640595484428346990696401090584005488185869644677"
+            "54352720368")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "1679154825320774497457684551570546179413379910480899613461775"
-            "4018912057476556")},
+            "167915482532077449745768455157054617941337991048089961346177540189"
+            "12057476556")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "1108734341986082531182813333776723811055641659668774917442288"
-            "8171911517001265")},
+            "110873434198608253118281333377672381105564165966877491744228881719"
+            "11517001265")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "1193120777053847793780895503736324095679037485666623710640311"
-            "1503668796872571")},
+            "119312077705384779378089550373632409567903748566662371064031115036"
+            "68796872571")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "3296943608590459582451043049934874894049468383833500962645016"
-            "062634514172805")},
+            "329694360859045958245104304993487489404946838383350096264501606263"
+            "4514172805")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "7080580976521357573320018355401935489220216583936865937104131"
-            "954142364033647")},
+            "708058097652135757332001835540193548922021658393686593710413195414"
+            "2364033647")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "2599014496591147824448152788804636647448982050246061513652385"
-            "9419965697796405")},
+            "259901449659114782444815278880463664744898205024606151365238594199"
+            "65697796405")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "3390731338423572937556652991194046729509970598023460793457578"
-            "6561097199483218")},
+            "339073133842357293755665299119404672950997059802346079345757865610"
+            "97199483218")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "2599695026560846554135120728302496204437487368215288981439253"
-            "3334239395044136")},
+            "259969502656084655413512072830249620443748736821528898143925333342"
+            "39395044136")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "1787889232064146429219065509247533531704941660586517511805431"
-            "4040434534086821")},
+            "178788923206414642921906550924753353170494166058651751180543140404"
+            "34534086821")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "2544362260902875442286391098189093253939618199260893893262028"
-            "4900889552530362")},
+            "254436226090287544228639109818909325393961819926089389326202849008"
+            "89552530362")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "2213925974238578928263688442052149431935172884333002618383508"
-            "5771185820492424")},
+            "221392597423857892826368844205214943193517288433300261838350857711"
+            "85820492424")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "4544838207590267101246428934380594914930153428271013460123949"
-            "3945748506785132")},
+            "454483820759026710124642893438059491493015342827101346012394939457"
+            "48506785132")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "4190050824176865357917077217076789089889341280166982531075178"
-            "2528515999085573")},
+            "419005082417686535791707721707678908988934128016698253107517825285"
+            "15999085573")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "2206322440397895722401952365768916013572151261903362630668445"
-            "2466460943730461")},
+            "220632244039789572240195236576891601357215126190336263066844524664"
+            "60943730461")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "2832030289850176249602297270548525715536949612220966283998416"
-            "8714501264885500")},
+            "283203028985017624960229727054852571553694961222096628399841687145"
+            "01264885500")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "4287555565234207642344057394372869512671982537556559573935345"
-            "2728374263558032")},
+            "428755556523420764234405739437286951267198253755655957393534527283"
+            "74263558032")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "4922724176456376719735450248405681608821487385270058531091824"
-            "814910623278042")},
+            "492272417645637671973545024840568160882148738527005853109182481491"
+            "0623278042")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "3921370247689723006126782750599821295952035186979190166959759"
-            "2300297466204227")},
+            "392137024768972300612678275059982129595203518697919016695975923002"
+            "97466204227")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "3779261478156072582337106630839435214997069649894818322014932"
-            "220444906128664")},
+            "377926147815607258233710663083943521499706964989481832201493222044"
+            "4906128664")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "3488034420730584193447836292131642693573379607386189453869992"
-            "2220093706975247")},
+            "348803442073058419344783629213164269357337960738618945386999222200"
+            "93706975247")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "3690016605053253510014046709677869543525623192871866158270966"
-            "5229160044742454")},
+            "369001660505325351001404670967786954352562319287186615827096652291"
+            "60044742454")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "3319862684241695177099937357556292431646628819111577573885602"
-            "1866337799605112")},
+            "331986268424169517709993735755629243164662881911157757388560218663"
+            "37799605112")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "4872466117409980308783338654105694977257129368375335748862849"
-            "4212068867653992")},
+            "487246611740998030878333865410569497725712936837533574886284942120"
+            "68867653992")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-            "4267045410586742273231462605057328681056892682267662822301642"
-            "4398663193502895")}};
+            "426704541058674227323146260505732868105689268226766282230164243986"
+            "63193502895")}};
 // C constants for L = 2 columns
 const std::vector<std::vector<anemoi_parameters<libff::bls12_381_pp>::BignumT>>
     anemoi_parameters<libff::bls12_381_pp>::C_constants_col_two = {
         {anemoi_parameters<libff::bls12_381_pp>::BignumT("39"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "1775651522782246060968440999711199549459044877525843799934444"
-             "6424780281143353")},
+             "17756515227822460609684409997111995494590448775258437999344446424"
+             "780281143353")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "4136247828276806229718713244577531267536047388383486069528323"
-             "5286481594490621"),
+             "41362478282768062297187132445775312675360473883834860695283235286"
+             "481594490621"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "3384073892082712848969991795331397937188893616190315628722966"
-             "662742467187281")},
+             "33840738920827128489699917953313979371888936161903156287229666627"
+             "42467187281")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "9548818195234740988996233204400874453525674173109474205108603"
-             "996010297049928"),
+             "95488181952347409889962332044008744535256741731094742051086039960"
+             "10297049928"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "5131188082215848888109078161771014680005638630312265736567960"
-             "8608648067582435")},
+             "51311880822158488881090781617710146800056386303122657365679608608"
+             "648067582435")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2536544056917782266758010518343541807399588823086818094200449"
-             "7015015045856900"),
+             "25365440569177822667580105183435418073995888230868180942004497015"
+             "015045856900"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2934760944191490233074151170227002684790917822807875256537272"
-             "9158237774700914")},
+             "29347609441914902330741511702270026847909178228078752565372729158"
+             "237774700914")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "3402349839739340664411799416798672032717815468610526483309389"
-             "1093045919619309"),
+             "34023498397393406644117994167986720327178154686105264833093891093"
+             "045919619309"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2339620320400167830454536231899316133967303509954474267430948"
-             "538955691907104")},
+             "23396203204001678304545362318993161339673035099544742674309485389"
+             "55691907104")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "3881605131971976188604185811312920550675842147865618286873732"
-             "6994635468402951"),
+             "38816051319719761886041858113129205506758421478656182868737326994"
+             "635468402951"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2733804253031973811335424620842610883223965108002327664386722"
-             "3794985578055610")},
+             "27338042530319738113354246208426108832239651080023276643867223794"
+             "985578055610")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "3516741808753182080412837709551266392217988727766950404706991"
-             "3414630376083753"),
+             "35167418087531820804128377095512663922179887277669504047069913414"
+             "630376083753"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "4219298352851337286912851432744320491282455954517963059758957"
-             "2656156258515752")},
+             "42192983528513372869128514327443204912824559545179630597589572656"
+             "156258515752")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2588586883975646972232565238753523247821982185060364082738544"
-             "4642154834700231"),
+             "25885868839756469722325652387535232478219821850603640827385444642"
+             "154834700231"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "4272181898054851449032542443676303204692734776915339386361609"
-             "5871384405840432")},
+             "42721818980548514490325424436763032046927347769153393863616095871"
+             "384405840432")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "8867588811641202981080659274007552529205713737251862066053445"
-             "622305818871963"),
+             "88675888116412029810806592740075525292057137372518620660534456223"
+             "05818871963"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2347349933243705648406600674604859186412998890919026752114412"
-             "5882222313735740")},
+             "23473499332437056484066006746048591864129988909190267521144125882"
+             "222313735740")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "3643975601014013755611104775016254418571088140452237979204481"
-             "8039722752946048"),
+             "36439756010140137556111047750162544185710881404522379792044818039"
+             "722752946048"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "1649736658360748060416141764404029229920449682963579552539341"
-             "6854929276060989")},
+             "16497366583607480604161417644040292299204496829635795525393416854"
+             "929276060989")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "7788624504122357216765350546787885309160020166693449889975992"
-             "574536033007374"),
+             "77886245041223572167653505467878853091600201666934498899759925745"
+             "36033007374"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "1672739596735052264350077839348991539183435273721141685724072"
-             "5807058479128000")},
+             "16727395967350522643500778393489915391834352737211416857240725807"
+             "058479128000")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "3134147137704626983201116226440762775442116005053282329971088"
-             "789984415999550"),
+             "31341471377046269832011162264407627754421160050532823299710887899"
+             "84415999550"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "4652550641868145619325559651610441674352303704698228044952942"
-             "6136392814992763")},
+             "46525506418681456193255596516104416743523037046982280449529426136"
+             "392814992763")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "5025228738074182481899573330436124901628204797822159190657316"
-             "5442023106203143"),
+             "50252287380741824818995733304361249016282047978221591906573165442"
+             "023106203143"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "4603088696404532867065057946752204298175610946458490707743477"
-             "2786649263902996")},
+             "46030886964045328670650579467522042981756109464584907077434772786"
+             "649263902996")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "4843469897871227801240970620555957716357245274483313436119568"
-             "7109159129985373"),
+             "48434698978712278012409706205559577163572452744833134361195687109"
+             "159129985373"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "1921653321323070949794722352629784806536533447236702265018339"
-             "5435586190711770")},
+             "19216533213230709497947223526297848065365334472367022650183395435"
+             "586190711770")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "3296051061753018615951241363382138629795564259824166104417888"
-             "9571655571939473"),
+             "32960510617530186159512413633821386297955642598241661044178889571"
+             "655571939473"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "7889715292813995933863223756089425964393897180189452806863798"
-             "954507930091839")},
+             "78897152928139959338632237560894259643938971801894528068637989545"
+             "07930091839")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "1285089785916676109442233567110628047038142757169574460526571"
-             "3866647560628356"),
+             "12850897859166761094422335671106280470381427571695744605265713866"
+             "647560628356"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "3890404016518111182325567019593981593129264722711625526410797"
-             "9988806956289548")},
+             "38904040165181111823255670195939815931292647227116255264107979988"
+             "806956289548")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "1457803687263429879838204858779420461358312857353555715694378"
-             "3762854124345644"),
+             "14578036872634298798382048587794204613583128573535557156943783762"
+             "854124345644"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "3988936054101455514428229911108117411824588491028947172774374"
-             "7142236304617512")},
+             "39889360541014555144282299111081174118245884910289471727743747142"
+             "236304617512")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2158810984205890191669054871064952338804964374501369689670490"
-             "3154857389904594"),
+             "21588109842058901916690548710649523388049643745013696896704903154"
+             "857389904594"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2462163053982270832598746118263924383921823021657820771974288"
-             "0580327336278872")},
+             "24621630539822708325987461182639243839218230216578207719742880580"
+             "327336278872")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "3573163868652051642475284665444297320318929588354107275939088"
-             "2351699754104989"),
+             "35731638686520516424752846654442973203189295883541072759390882351"
+             "699754104989"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "4644023405238010579088846965247421888502168493252196386650693"
-             "2102071884869246")},
+             "46440234052380105790888469652474218885021684932521963866506932102"
+             "071884869246")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "3414183000323318077215384522743323345660314330653092001157925"
-             "9084215824391544"),
+             "34141830003233180772153845227433233456603143306530920011579259084"
+             "215824391544"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2163981062666409906038409596484133154605534834560048607810788"
-             "2966779265621748")}};
+             "21639810626664099060384095964841331546055348345600486078107882966"
+             "779265621748")}};
 // D constants for L = 2 columns
 const std::vector<std::vector<anemoi_parameters<libff::bls12_381_pp>::BignumT>>
     anemoi_parameters<libff::bls12_381_pp>::D_constants_col_two = {
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "1498167862146462585127078300233884738219730071443646794931533"
-             "1057125308909900"),
+             "14981678621464625851270783002338847382197300714436467949315331057"
+             "125308909900"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "4872095934371910432473933838888583980299871155063740277389639"
-             "5605948383052052")},
+             "48720959343719104324739338388885839802998711550637402773896395605"
+             "948383052052")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2825342020978542842023345600809163250925565234363452998440081"
-             "6700490470131093"),
+             "28253420209785428420233456008091632509255652343634529984400816700"
+             "490470131093"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "6257781313532096835800460747082714697295034136932481743077166"
-             "200794135826591")},
+             "62577813135320968358004607470827146972950341369324817430771662007"
+             "94135826591")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "5151193940708334400277820848767859013557766024707560088083591"
-             "6725469990319313"),
+             "51511939407083344002778208487678590135577660247075600880835916725"
+             "469990319313"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "4386017178186728799761421274050927732938229436976005221436222"
-             "062273391481632")},
+             "43860171781867287997614212740509277329382294369760052214362220622"
+             "73391481632")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "4629112154443573812524865767509766474229627680718669692234033"
-             "2893747842754587"),
+             "46291121544435738125248657675097664742296276807186696922340332893"
+             "747842754587"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "1382018073647864517274646907518130460472997636481212754834152"
-             "4461074783412926")},
+             "13820180736478645172746469075181304604729976364812127548341524461"
+             "074783412926")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "3650460179273129580093806058710273018999560093475503119057680"
-             "216309578390988"),
+             "36504601792731295800938060587102730189995600934755031190576802163"
+             "09578390988"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "4038522277183809910966223402024383158969022347879484720123501"
-             "4486200724862134")},
+             "40385222771838099109662234020243831589690223478794847201235014486"
+             "200724862134")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "4580222337074626812305915980640015229986777106112734563124478"
-             "6118574025749328"),
+             "45802223370746268123059159806400152299867771061127345631244786118"
+             "574025749328"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "5030698007577826221415569329113205255155996272343693623161130"
-             "1042966928400825")},
+             "50306980075778262214155693291132052551559962723436936231611301042"
+             "966928400825")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "1179862127662496731572174899070930921635169609881316238205339"
-             "6097866233042733"),
+             "11798621276624967315721748990709309216351696098813162382053396097"
+             "866233042733"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "3480695221203853724450603161207484713320733042726578575780967"
-             "3463434908473570")},
+             "34806952212038537244506031612074847133207330427265785757809673463"
+             "434908473570")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "4237291895943219916267083464159933632643300696866941566248807"
-             "0504036922966492"),
+             "42372918959432199162670834641599336326433006968669415662488070504"
+             "036922966492"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2275575941953007131500701157207616698366094244763402770135168"
-             "1157370705921018")},
+             "22755759419530071315007011572076166983660942447634027701351681157"
+             "370705921018")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "5218137124419318966955352195561461799071405672550164363657637"
-             "7752669773323445"),
+             "52181371244193189669553521955614617990714056725501643636576377752"
+             "669773323445"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "3033417208429487055687527430890468841415874145785490809430001"
-             "7436690480001547")},
+             "30334172084294870556875274308904688414158741457854908094300017436"
+             "690480001547")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2379198455482403167219524952465858060142837602950188915905900"
-             "9332107176394097"),
+             "23791984554824031672195249524658580601428376029501889159059009332"
+             "107176394097"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "1983236062272339258402976480797132564113295351555780171764422"
-             "6271356492507876")},
+             "19832360622723392584029764807971325641132953515557801717644226271"
+             "356492507876")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "3334252083162030376405954844283469906964010905840054881858696"
-             "4467754352720368"),
+             "33342520831620303764059548442834699069640109058400548818586964467"
+             "754352720368"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "5828182614154296575131381170785760240834851189333374788484657"
-             "124381010655319")},
+             "58281826141542965751313811707857602408348511893333747884846571243"
+             "81010655319")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "1679154825320774497457684551570546179413379910480899613461775"
-             "4018912057476556"),
+             "16791548253207744974576845515705461794133799104808996134617754018"
+             "912057476556"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2372979785349040156896773068661814685073512970715285325680905"
-             "0789424668284094")},
+             "23729797853490401568967730686618146850735129707152853256809050789"
+             "424668284094")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "1108734341986082531182813333776723811055641659668774917442288"
-             "8171911517001265"),
+             "11087343419860825311828133337767238110556416596687749174422888171"
+             "911517001265"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2284870849759634702726712489036302900224144014399356117052111"
-             "3640580467699956")},
+             "22848708497596347027267124890363029002241440143993561170521113640"
+             "580467699956")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "1193120777053847793780895503736324095679037485666623710640311"
-             "1503668796872571"),
+             "11931207770538477937808955037363240956790374856666237106403111503"
+             "668796872571"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "5113168267461511776657835825572247462248477114567026004323109"
-             "6654077231782319")},
+             "51131682674615117766578358255722474622484771145670260043231096654"
+             "077231782319")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "3296943608590459582451043049934874894049468383833500962645016"
-             "062634514172805"),
+             "32969436085904595824510430499348748940494683838335009626450160626"
+             "34514172805"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "4664478895343247770003373906982387732438923752725142737317020"
-             "2269468246508522")},
+             "46644788953432477700033739069823877324389237527251427373170202269"
+             "468246508522")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "7080580976521357573320018355401935489220216583936865937104131"
-             "954142364033647"),
+             "70805809765213575733200183554019354892202165839368659371041319541"
+             "42364033647"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "4911648877696772616593749826967046787634239830029987342118301"
-             "6200344552693677")},
+             "49116488776967726165937498269670467876342398300299873421183016200"
+             "344552693677")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2599014496591147824448152788804636647448982050246061513652385"
-             "9419965697796405"),
+             "25990144965911478244481527888046366474489820502460615136523859419"
+             "965697796405"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "1484835895359756197471818329258236706767298639962938870995678"
-             "2223452089882598")},
+             "14848358953597561974718183292582367067672986399629388709956782223"
+             "452089882598")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "3390731338423572937556652991194046729509970598023460793457578"
-             "6561097199483218"),
+             "33907313384235729375566529911940467295099705980234607934575786561"
+             "097199483218"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "4877244013053631691998472651792188347887020122139777602467234"
-             "10671357671821")},
+             "48772440130536316919984726517921883478870201221397776024672341067"
+             "1357671821")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2599695026560846554135120728302496204437487368215288981439253"
-             "3334239395044136"),
+             "25996950265608465541351207283024962044374873682152889814392533334"
+             "239395044136"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2524359507738822918232351623052388147276722915486399241415425"
-             "08715737622718")},
+             "25243595077388229182323516230523881472767229154863992414154250871"
+             "5737622718")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "1787889232064146429219065509247533531704941660586517511805431"
-             "4040434534086821"),
+             "17878892320641464292190655092475335317049416605865175118054314040"
+             "434534086821"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2135963843850440044420505121931843033271258370587723800981955"
-             "6047040768315863")}};
+             "21359638438504400444205051219318430332712583705877238009819556047"
+             "040768315863")}};
 // C constants for L = 3 columns
 const std::vector<std::vector<anemoi_parameters<libff::bls12_381_pp>::BignumT>>
     anemoi_parameters<libff::bls12_381_pp>::C_constants_col_three = {
         {anemoi_parameters<libff::bls12_381_pp>::BignumT("39"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "1775651522782246060968440999711199549459044877525843799934444"
-             "6424780281143353"),
+             "17756515227822460609684409997111995494590448775258437999344446424"
+             "780281143353"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "1018891612812359996477254614795190450086500961676464694818791"
-             "5341627970346879")},
+             "10188916128123599964772546147951904500865009616764646948187915341"
+             "627970346879")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "4136247828276806229718713244577531267536047388383486069528323"
-             "5286481594490621"),
+             "41362478282768062297187132445775312675360473883834860695283235286"
+             "481594490621"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "3384073892082712848969991795331397937188893616190315628722966"
-             "662742467187281"),
+             "33840738920827128489699917953313979371888936161903156287229666627"
+             "42467187281"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "3853646459699810802819790564525019664928744720837416933978464"
-             "9587982292038621")},
+             "38536464596998108028197905645250196649287447208374169339784649587"
+             "982292038621")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "9548818195234740988996233204400874453525674173109474205108603"
-             "996010297049928"),
+             "95488181952347409889962332044008744535256741731094742051086039960"
+             "10297049928"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "5131188082215848888109078161771014680005638630312265736567960"
-             "8608648067582435"),
+             "51311880822158488881090781617710146800056386303122657365679608608"
+             "648067582435"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2459696595055290529608826989988088254971535466083239137400923"
-             "4980535928382152")},
+             "24596965950552905296088269899880882549715354660832391374009234980"
+             "535928382152")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2536544056917782266758010518343541807399588823086818094200449"
-             "7015015045856900"),
+             "25365440569177822667580105183435418073995888230868180942004497015"
+             "015045856900"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2934760944191490233074151170227002684790917822807875256537272"
-             "9158237774700914"),
+             "29347609441914902330741511702270026847909178228078752565372729158"
+             "237774700914"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "1435647866738596907930934954039494810941482992100104584559955"
-             "3435706989367858")},
+             "14356478667385969079309349540394948109414829921001045845599553435"
+             "706989367858")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "3402349839739340664411799416798672032717815468610526483309389"
-             "1093045919619309"),
+             "34023498397393406644117994167986720327178154686105264833093891093"
+             "045919619309"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2339620320400167830454536231899316133967303509954474267430948"
-             "538955691907104"),
+             "23396203204001678304545362318993161339673035099544742674309485389"
+             "55691907104"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "1213674891966628629798915440442909922615468699202840156813305"
-             "8190732008277996")},
+             "12136748919666286297989154404429099226154686992028401568133058190"
+             "732008277996")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "3881605131971976188604185811312920550675842147865618286873732"
-             "6994635468402951"),
+             "38816051319719761886041858113129205506758421478656182868737326994"
+             "635468402951"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2733804253031973811335424620842610883223965108002327664386722"
-             "3794985578055610"),
+             "27338042530319738113354246208426108832239651080023276643867223794"
+             "985578055610"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "1558067417971364454039840952344181407381076844949394056213642"
-             "2009899312699155")},
+             "15580674179713644540398409523441814073810768449493940562136422009"
+             "899312699155")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "3516741808753182080412837709551266392217988727766950404706991"
-             "3414630376083753"),
+             "35167418087531820804128377095512663922179887277669504047069913414"
+             "630376083753"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "4219298352851337286912851432744320491282455954517963059758957"
-             "2656156258515752"),
+             "42192983528513372869128514327443204912824559545179630597589572656"
+             "156258515752"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "4738921241144157326637909239293159997041788472939715684121631"
-             "8364858334633325")},
+             "47389212411441573266379092392931599970417884729397156841216318364"
+             "858334633325")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2588586883975646972232565238753523247821982185060364082738544"
-             "4642154834700231"),
+             "25885868839756469722325652387535232478219821850603640827385444642"
+             "154834700231"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "4272181898054851449032542443676303204692734776915339386361609"
-             "5871384405840432"),
+             "42721818980548514490325424436763032046927347769153393863616095871"
+             "384405840432"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "5855288403637341107158034195599277569854359593529752399086836"
-             "976954392351035")},
+             "58552884036373411071580341955992775698543595935297523990868369769"
+             "54392351035")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "8867588811641202981080659274007552529205713737251862066053445"
-             "622305818871963"),
+             "88675888116412029810806592740075525292057137372518620660534456223"
+             "05818871963"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2347349933243705648406600674604859186412998890919026752114412"
-             "5882222313735740"),
+             "23473499332437056484066006746048591864129988909190267521144125882"
+             "222313735740"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "5696063807157149622355481994320806474692190935543821893362808"
-             "351446578125354")},
+             "56960638071571496223554819943208064746921909355438218933628083514"
+             "46578125354")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "3643975601014013755611104775016254418571088140452237979204481"
-             "8039722752946048"),
+             "36439756010140137556111047750162544185710881404522379792044818039"
+             "722752946048"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "1649736658360748060416141764404029229920449682963579552539341"
-             "6854929276060989"),
+             "16497366583607480604161417644040292299204496829635795525393416854"
+             "929276060989"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "3147932349597011371381646760446049967588957991237003497484121"
-             "2556442942086146")},
+             "31479323495970113713816467604460499675889579912370034974841212556"
+             "442942086146")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "7788624504122357216765350546787885309160020166693449889975992"
-             "574536033007374"),
+             "77886245041223572167653505467878853091600201666934498899759925745"
+             "36033007374"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "1672739596735052264350077839348991539183435273721141685724072"
-             "5807058479128000"),
+             "16727395967350522643500778393489915391834352737211416857240725807"
+             "058479128000"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2330992872018014336240882738557332747985840911535801077073015"
-             "1873313341134036")},
+             "23309928720180143362408827385573327479858409115358010770730151873"
+             "313341134036")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "3134147137704626983201116226440762775442116005053282329971088"
-             "789984415999550"),
+             "31341471377046269832011162264407627754421160050532823299710887899"
+             "84415999550"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "4652550641868145619325559651610441674352303704698228044952942"
-             "6136392814992763"),
+             "46525506418681456193255596516104416743523037046982280449529426136"
+             "392814992763"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "4917372673919383443116356365853730383619622786307127412244824"
-             "3716476847774081")},
+             "49173726739193834431163563658537303836196227863071274122448243716"
+             "476847774081")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "5025228738074182481899573330436124901628204797822159190657316"
-             "5442023106203143"),
+             "50252287380741824818995733304361249016282047978221591906573165442"
+             "023106203143"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "4603088696404532867065057946752204298175610946458490707743477"
-             "2786649263902996"),
+             "46030886964045328670650579467522042981756109464584907077434772786"
+             "649263902996"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "4712571643096224675022534387832506137920111203953790806087833"
-             "6544274638889887")},
+             "47125716430962246750225343878325061379201112039537908060878336544"
+             "274638889887")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "4843469897871227801240970620555957716357245274483313436119568"
-             "7109159129985373"),
+             "48434698978712278012409706205559577163572452744833134361195687109"
+             "159129985373"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "1921653321323070949794722352629784806536533447236702265018339"
-             "5435586190711770"),
+             "19216533213230709497947223526297848065365334472367022650183395435"
+             "586190711770"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2897926863821744450704595717324317554216182338253096474269232"
-             "4059406064069673")},
+             "28979268638217444507045957173243175542161823382530964742692324059"
+             "406064069673")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "3296051061753018615951241363382138629795564259824166104417888"
-             "9571655571939473"),
+             "32960510617530186159512413633821386297955642598241661044178889571"
+             "655571939473"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "7889715292813995933863223756089425964393897180189452806863798"
-             "954507930091839"),
+             "78897152928139959338632237560894259643938971801894528068637989545"
+             "07930091839"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "1335282786350600018748463893875477804580192723833609082645717"
-             "2216796844151715")}};
+             "13352827863506000187484638938754778045801927238336090826457172216"
+             "796844151715")}};
 // D constants for L = 3 columns
 const std::vector<std::vector<anemoi_parameters<libff::bls12_381_pp>::BignumT>>
     anemoi_parameters<libff::bls12_381_pp>::D_constants_col_three = {
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "1498167862146462585127078300233884738219730071443646794931533"
-             "1057125308909900"),
+             "14981678621464625851270783002338847382197300714436467949315331057"
+             "125308909900"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "4872095934371910432473933838888583980299871155063740277389639"
-             "5605948383052052"),
+             "48720959343719104324739338388885839802998711550637402773896395605"
+             "948383052052"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "1170961042764195247622670495021805276356048907930130746422516"
-             "4120801969364960")},
+             "11709610427641952476226704950218052763560489079301307464225164120"
+             "801969364960")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2825342020978542842023345600809163250925565234363452998440081"
-             "6700490470131093"),
+             "28253420209785428420233456008091632509255652343634529984400816700"
+             "490470131093"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "6257781313532096835800460747082714697295034136932481743077166"
-             "200794135826591"),
+             "62577813135320968358004607470827146972950341369324817430771662007"
+             "94135826591"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "1196642220206920081142760500749381736368080441627403119562414"
-             "8724039857787313")},
+             "11966422202069200811427605007493817363680804416274031195624148724"
+             "039857787313")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "5151193940708334400277820848767859013557766024707560088083591"
-             "6725469990319313"),
+             "51511939407083344002778208487678590135577660247075600880835916725"
+             "469990319313"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "4386017178186728799761421274050927732938229436976005221436222"
-             "062273391481632"),
+             "43860171781867287997614212740509277329382294369760052214362220622"
+             "73391481632"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "6632276653290444906058804748999332745749669823710727938548067"
-             "32105730575244")},
+             "66322766532904449060588047489993327457496698237107279385480673210"
+             "5730575244")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "4629112154443573812524865767509766474229627680718669692234033"
-             "2893747842754587"),
+             "46291121544435738125248657675097664742296276807186696922340332893"
+             "747842754587"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "1382018073647864517274646907518130460472997636481212754834152"
-             "4461074783412926"),
+             "13820180736478645172746469075181304604729976364812127548341524461"
+             "074783412926"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2182117532069761119716127783198449565821339724541975439265730"
-             "7036488476373765")},
+             "21821175320697611197161277831984495658213397245419754392657307036"
+             "488476373765")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "3650460179273129580093806058710273018999560093475503119057680"
-             "216309578390988"),
+             "36504601792731295800938060587102730189995600934755031190576802163"
+             "09578390988"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "4038522277183809910966223402024383158969022347879484720123501"
-             "4486200724862134"),
+             "40385222771838099109662234020243831589690223478794847201235014486"
+             "200724862134"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2073860155472592637359608260326591863616482364802647024342242"
-             "3735982938342408")},
+             "20738601554725926373596082603265918636164823648026470243422423735"
+             "982938342408")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "4580222337074626812305915980640015229986777106112734563124478"
-             "6118574025749328"),
+             "45802223370746268123059159806400152299867771061127345631244786118"
+             "574025749328"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "5030698007577826221415569329113205255155996272343693623161130"
-             "1042966928400825"),
+             "50306980075778262214155693291132052551559962723436936231611301042"
+             "966928400825"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "9105861908793877437599087016640061747418296780065295891365798"
-             "855886560153752")},
+             "91058619087938774375990870166400617474182967800652958913657988558"
+             "86560153752")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "1179862127662496731572174899070930921635169609881316238205339"
-             "6097866233042733"),
+             "11798621276624967315721748990709309216351696098813162382053396097"
+             "866233042733"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "3480695221203853724450603161207484713320733042726578575780967"
-             "3463434908473570"),
+             "34806952212038537244506031612074847133207330427265785757809673463"
+             "434908473570"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "1055943127858844643815584008805554614508787229864100774292171"
-             "8770142881700525")},
+             "10559431278588446438155840088055546145087872298641007742921718770"
+             "142881700525")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "4237291895943219916267083464159933632643300696866941566248807"
-             "0504036922966492"),
+             "42372918959432199162670834641599336326433006968669415662488070504"
+             "036922966492"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2275575941953007131500701157207616698366094244763402770135168"
-             "1157370705921018"),
+             "22755759419530071315007011572076166983660942447634027701351681157"
+             "370705921018"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "8881354201366797207686592249590682298565723459695719800911380"
-             "560885170725516")},
+             "88813542013667972076865922495906822985657234596957198009113805608"
+             "85170725516")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "5218137124419318966955352195561461799071405672550164363657637"
-             "7752669773323445"),
+             "52181371244193189669553521955614617990714056725501643636576377752"
+             "669773323445"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "3033417208429487055687527430890468841415874145785490809430001"
-             "7436690480001547"),
+             "30334172084294870556875274308904688414158741457854908094300017436"
+             "690480001547"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "3554886191776286297101172047585517281669871267189379603060765"
-             "8203859222685056")},
+             "35548861917762862971011720475855172816698712671893796030607658203"
+             "859222685056")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2379198455482403167219524952465858060142837602950188915905900"
-             "9332107176394097"),
+             "23791984554824031672195249524658580601428376029501889159059009332"
+             "107176394097"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "1983236062272339258402976480797132564113295351555780171764422"
-             "6271356492507876"),
+             "19832360622723392584029764807971325641132953515557801717644226271"
+             "356492507876"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "5370567718707734490084045178883836972105253285449736908577321"
-             "570876055642415")},
+             "53705677187077344900840451788838369721052532854497369085773215708"
+             "76055642415")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "3334252083162030376405954844283469906964010905840054881858696"
-             "4467754352720368"),
+             "33342520831620303764059548442834699069640109058400548818586964467"
+             "754352720368"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "5828182614154296575131381170785760240834851189333374788484657"
-             "124381010655319"),
+             "58281826141542965751313811707857602408348511893333747884846571243"
+             "81010655319"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "3540284072573181656988640108154744212083667675516530226606304"
-             "1488580350955250")},
+             "35402840725731816569886401081547442120836676755165302266063041488"
+             "580350955250")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "1679154825320774497457684551570546179413379910480899613461775"
-             "4018912057476556"),
+             "16791548253207744974576845515705461794133799104808996134617754018"
+             "912057476556"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2372979785349040156896773068661814685073512970715285325680905"
-             "0789424668284094"),
+             "23729797853490401568967730686618146850735129707152853256809050789"
+             "424668284094"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "4937014353275067908272266874772930373538608971092718049381682"
-             "6667453179359307")},
+             "49370143532750679082722668747729303735386089710927180493816826667"
+             "453179359307")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "1108734341986082531182813333776723811055641659668774917442288"
-             "8171911517001265"),
+             "11087343419860825311828133337767238110556416596687749174422888171"
+             "911517001265"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2284870849759634702726712489036302900224144014399356117052111"
-             "3640580467699956"),
+             "22848708497596347027267124890363029002241440143993561170521113640"
+             "580467699956"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "4693566332326116438268886021984431719166421190663189571805363"
-             "5696150320980742")},
+             "46935663323261164382688860219844317191664211906631895718053635696"
+             "150320980742")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "1193120777053847793780895503736324095679037485666623710640311"
-             "1503668796872571"),
+             "11931207770538477937808955037363240956790374856666237106403111503"
+             "668796872571"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "5113168267461511776657835825572247462248477114567026004323109"
-             "6654077231782319"),
+             "51131682674615117766578358255722474622484771145670260043231096654"
+             "077231782319"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "3145066828322356157207632231316010605356847674299189787722532"
-             "4875903002249604")},
+             "31450668283223561572076322313160106053568476742991897877225324875"
+             "903002249604")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "3296943608590459582451043049934874894049468383833500962645016"
-             "062634514172805"),
+             "32969436085904595824510430499348748940494683838335009626450160626"
+             "34514172805"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "4664478895343247770003373906982387732438923752725142737317020"
-             "2269468246508522"),
+             "46644788953432477700033739069823877324389237527251427373170202269"
+             "468246508522"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2266415170774619075005438466298153336008448427255576113424887"
-             "5129763057677780")}};
+             "22664151707746190750054384662981533360084484272555761134248875129"
+             "763057677780")}};
 // C constants for L = 4 columns
 const std::vector<std::vector<anemoi_parameters<libff::bls12_381_pp>::BignumT>>
     anemoi_parameters<libff::bls12_381_pp>::C_constants_col_four = {
         {anemoi_parameters<libff::bls12_381_pp>::BignumT("39"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "1775651522782246060968440999711199549459044877525843799934444"
-             "6424780281143353"),
+             "17756515227822460609684409997111995494590448775258437999344446424"
+             "780281143353"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "1018891612812359996477254614795190450086500961676464694818791"
-             "5341627970346879"),
+             "10188916128123599964772546147951904500865009616764646948187915341"
+             "627970346879"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "3814237141406755457246679946340702245820791055503616462386588"
-             "886553626328449")},
+             "38142371414067554572466799463407022458207910555036164623865888865"
+             "53626328449")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "4136247828276806229718713244577531267536047388383486069528323"
-             "5286481594490621"),
+             "41362478282768062297187132445775312675360473883834860695283235286"
+             "481594490621"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "3384073892082712848969991795331397937188893616190315628722966"
-             "662742467187281"),
+             "33840738920827128489699917953313979371888936161903156287229666627"
+             "42467187281"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "3853646459699810802819790564525019664928744720837416933978464"
-             "9587982292038621"),
+             "38536464596998108028197905645250196649287447208374169339784649587"
+             "982292038621"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "3759219767528975735847190819990641598248412433811237445343529"
-             "2524131427342810")},
+             "37592197675289757358471908199906415982484124338112374453435292524"
+             "131427342810")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "9548818195234740988996233204400874453525674173109474205108603"
-             "996010297049928"),
+             "95488181952347409889962332044008744535256741731094742051086039960"
+             "10297049928"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "5131188082215848888109078161771014680005638630312265736567960"
-             "8608648067582435"),
+             "51311880822158488881090781617710146800056386303122657365679608608"
+             "648067582435"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2459696595055290529608826989988088254971535466083239137400923"
-             "4980535928382152"),
+             "24596965950552905296088269899880882549715354660832391374009234980"
+             "535928382152"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "3403682625028780719465935912972258681807965244254717853103041"
-             "0684351456041117")},
+             "34036826250287807194659359129722586818079652442547178531030410684"
+             "351456041117")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2536544056917782266758010518343541807399588823086818094200449"
-             "7015015045856900"),
+             "25365440569177822667580105183435418073995888230868180942004497015"
+             "015045856900"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2934760944191490233074151170227002684790917822807875256537272"
-             "9158237774700914"),
+             "29347609441914902330741511702270026847909178228078752565372729158"
+             "237774700914"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "1435647866738596907930934954039494810941482992100104584559955"
-             "3435706989367858"),
+             "14356478667385969079309349540394948109414829921001045845599553435"
+             "706989367858"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "9488013611624811735432450930006811652991761655550510302915118"
-             "428283918068143")},
+             "94880136116248117354324509300068116529917616555505103029151184282"
+             "83918068143")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "3402349839739340664411799416798672032717815468610526483309389"
-             "1093045919619309"),
+             "34023498397393406644117994167986720327178154686105264833093891093"
+             "045919619309"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2339620320400167830454536231899316133967303509954474267430948"
-             "538955691907104"),
+             "23396203204001678304545362318993161339673035099544742674309485389"
+             "55691907104"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "1213674891966628629798915440442909922615468699202840156813305"
-             "8190732008277996"),
+             "12136748919666286297989154404429099226154686992028401568133058190"
+             "732008277996"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "1944256982277265527026848283574248036549925680252051090584695"
-             "3360427433130058")},
+             "19442569822772655270268482835742480365499256802520510905846953360"
+             "427433130058")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "3881605131971976188604185811312920550675842147865618286873732"
-             "6994635468402951"),
+             "38816051319719761886041858113129205506758421478656182868737326994"
+             "635468402951"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2733804253031973811335424620842610883223965108002327664386722"
-             "3794985578055610"),
+             "27338042530319738113354246208426108832239651080023276643867223794"
+             "985578055610"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "1558067417971364454039840952344181407381076844949394056213642"
-             "2009899312699155"),
+             "15580674179713644540398409523441814073810768449493940562136422009"
+             "899312699155"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "4362660876979205605782410963041525734654031488177761934879852"
-             "229226211686053")},
+             "43626608769792056057824109630415257346540314881777619348798522292"
+             "26211686053")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "3516741808753182080412837709551266392217988727766950404706991"
-             "3414630376083753"),
+             "35167418087531820804128377095512663922179887277669504047069913414"
+             "630376083753"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "4219298352851337286912851432744320491282455954517963059758957"
-             "2656156258515752"),
+             "42192983528513372869128514327443204912824559545179630597589572656"
+             "156258515752"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "4738921241144157326637909239293159997041788472939715684121631"
-             "8364858334633325"),
+             "47389212411441573266379092392931599970417884729397156841216318364"
+             "858334633325"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "4148765625963272739309827417873876393424966292428795624270459"
-             "6746920012242443")},
+             "41487656259632727393098274178738763934249662924287956242704596746"
+             "920012242443")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2588586883975646972232565238753523247821982185060364082738544"
-             "4642154834700231"),
+             "25885868839756469722325652387535232478219821850603640827385444642"
+             "154834700231"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "4272181898054851449032542443676303204692734776915339386361609"
-             "5871384405840432"),
+             "42721818980548514490325424436763032046927347769153393863616095871"
+             "384405840432"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "5855288403637341107158034195599277569854359593529752399086836"
-             "976954392351035"),
+             "58552884036373411071580341955992775698543595935297523990868369769"
+             "54392351035"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "1884585172212401932583442609483174306840855762168565871300274"
-             "9358354699910772")},
+             "18845851722124019325834426094831743068408557621685658713002749358"
+             "354699910772")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "8867588811641202981080659274007552529205713737251862066053445"
-             "622305818871963"),
+             "88675888116412029810806592740075525292057137372518620660534456223"
+             "05818871963"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2347349933243705648406600674604859186412998890919026752114412"
-             "5882222313735740"),
+             "23473499332437056484066006746048591864129988909190267521144125882"
+             "222313735740"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "5696063807157149622355481994320806474692190935543821893362808"
-             "351446578125354"),
+             "56960638071571496223554819943208064746921909355438218933628083514"
+             "46578125354"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "4855803159925507286210380968106056546455543739940382245890202"
-             "4251997890071747")},
+             "48558031599255072862103809681060565464555437399403822458902024251"
+             "997890071747")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "3643975601014013755611104775016254418571088140452237979204481"
-             "8039722752946048"),
+             "36439756010140137556111047750162544185710881404522379792044818039"
+             "722752946048"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "1649736658360748060416141764404029229920449682963579552539341"
-             "6854929276060989"),
+             "16497366583607480604161417644040292299204496829635795525393416854"
+             "929276060989"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "3147932349597011371381646760446049967588957991237003497484121"
-             "2556442942086146"),
+             "31479323495970113713816467604460499675889579912370034974841212556"
+             "442942086146"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "5232706524245511758259018833389935270603181378215429313855349"
-             "0341266149456684")},
+             "52327065242455117582590188333899352706031813782154293138553490341"
+             "266149456684")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "7788624504122357216765350546787885309160020166693449889975992"
-             "574536033007374"),
+             "77886245041223572167653505467878853091600201666934498899759925745"
+             "36033007374"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "1672739596735052264350077839348991539183435273721141685724072"
-             "5807058479128000"),
+             "16727395967350522643500778393489915391834352737211416857240725807"
+             "058479128000"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2330992872018014336240882738557332747985840911535801077073015"
-             "1873313341134036"),
+             "23309928720180143362408827385573327479858409115358010770730151873"
+             "313341134036"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "5006722144318758766157409016714691420686239438032848856181914"
-             "1296175188378275")},
+             "50067221443187587661574090167146914206862394380328488561819141296"
+             "175188378275")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "3134147137704626983201116226440762775442116005053282329971088"
-             "789984415999550"),
+             "31341471377046269832011162264407627754421160050532823299710887899"
+             "84415999550"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "4652550641868145619325559651610441674352303704698228044952942"
-             "6136392814992763"),
+             "46525506418681456193255596516104416743523037046982280449529426136"
+             "392814992763"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "4917372673919383443116356365853730383619622786307127412244824"
-             "3716476847774081"),
+             "49173726739193834431163563658537303836196227863071274122448243716"
+             "476847774081"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2904698228930932183221963874409477310924064596431938774518994"
-             "1342957948119206")},
+             "29046982289309321832219638744094773109240645964319387745189941342"
+             "957948119206")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "5025228738074182481899573330436124901628204797822159190657316"
-             "5442023106203143"),
+             "50252287380741824818995733304361249016282047978221591906573165442"
+             "023106203143"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "4603088696404532867065057946752204298175610946458490707743477"
-             "2786649263902996"),
+             "46030886964045328670650579467522042981756109464584907077434772786"
+             "649263902996"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "4712571643096224675022534387832506137920111203953790806087833"
-             "6544274638889887"),
+             "47125716430962246750225343878325061379201112039537908060878336544"
+             "274638889887"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2565160334368547579709252575251152479523478078611094273882850"
-             "7305471634791967")},
+             "25651603343685475797092525752511524795234780786110942738828507305"
+             "471634791967")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "4843469897871227801240970620555957716357245274483313436119568"
-             "7109159129985373"),
+             "48434698978712278012409706205559577163572452744833134361195687109"
+             "159129985373"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "1921653321323070949794722352629784806536533447236702265018339"
-             "5435586190711770"),
+             "19216533213230709497947223526297848065365334472367022650183395435"
+             "586190711770"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2897926863821744450704595717324317554216182338253096474269232"
-             "4059406064069673"),
+             "28979268638217444507045957173243175542161823382530964742692324059"
+             "406064069673"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "3959522249278680358015509825411090545862059993160154730469919"
-             "1792976275820627")}};
+             "39595222492786803580155098254110905458620599931601547304699191792"
+             "976275820627")}};
 // D constants for L = 4 columns
 const std::vector<std::vector<anemoi_parameters<libff::bls12_381_pp>::BignumT>>
     anemoi_parameters<libff::bls12_381_pp>::D_constants_col_four = {
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "1498167862146462585127078300233884738219730071443646794931533"
-             "1057125308909900"),
+             "14981678621464625851270783002338847382197300714436467949315331057"
+             "125308909900"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "4872095934371910432473933838888583980299871155063740277389639"
-             "5605948383052052"),
+             "48720959343719104324739338388885839802998711550637402773896395605"
+             "948383052052"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "1170961042764195247622670495021805276356048907930130746422516"
-             "4120801969364960"),
+             "11709610427641952476226704950218052763560489079301307464225164120"
+             "801969364960"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "3188799073106888901912065951229864304299742047220134499402570"
-             "163601813730969")},
+             "31887990731068889019120659512298643042997420472201344994025701636"
+             "01813730969")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2825342020978542842023345600809163250925565234363452998440081"
-             "6700490470131093"),
+             "28253420209785428420233456008091632509255652343634529984400816700"
+             "490470131093"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "6257781313532096835800460747082714697295034136932481743077166"
-             "200794135826591"),
+             "62577813135320968358004607470827146972950341369324817430771662007"
+             "94135826591"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "1196642220206920081142760500749381736368080441627403119562414"
-             "8724039857787313"),
+             "11966422202069200811427605007493817363680804416274031195624148724"
+             "039857787313"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "8876022912542631074912834764773050492660953075192093830253524"
-             "158063181475941")},
+             "88760229125426310749128347647730504926609530751920938302535241580"
+             "63181475941")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "5151193940708334400277820848767859013557766024707560088083591"
-             "6725469990319313"),
+             "51511939407083344002778208487678590135577660247075600880835916725"
+             "469990319313"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "4386017178186728799761421274050927732938229436976005221436222"
-             "062273391481632"),
+             "43860171781867287997614212740509277329382294369760052214362220622"
+             "73391481632"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "6632276653290444906058804748999332745749669823710727938548067"
-             "32105730575244"),
+             "66322766532904449060588047489993327457496698237107279385480673210"
+             "5730575244"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "7956955597245727322388196907364651338722736293265717471854714"
-             "933795446618648")},
+             "79569555972457273223881969073646513387227362932657174718547149337"
+             "95446618648")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "4629112154443573812524865767509766474229627680718669692234033"
-             "2893747842754587"),
+             "46291121544435738125248657675097664742296276807186696922340332893"
+             "747842754587"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "1382018073647864517274646907518130460472997636481212754834152"
-             "4461074783412926"),
+             "13820180736478645172746469075181304604729976364812127548341524461"
+             "074783412926"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2182117532069761119716127783198449565821339724541975439265730"
-             "7036488476373765"),
+             "21821175320697611197161277831984495658213397245419754392657307036"
+             "488476373765"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "1480657789711823478649560642421937299757380050914907637095160"
-             "4526939593458489")},
+             "14806577897118234786495606424219372997573800509149076370951604526"
+             "939593458489")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "3650460179273129580093806058710273018999560093475503119057680"
-             "216309578390988"),
+             "36504601792731295800938060587102730189995600934755031190576802163"
+             "09578390988"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "4038522277183809910966223402024383158969022347879484720123501"
-             "4486200724862134"),
+             "40385222771838099109662234020243831589690223478794847201235014486"
+             "200724862134"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2073860155472592637359608260326591863616482364802647024342242"
-             "3735982938342408"),
+             "20738601554725926373596082603265918636164823648026470243422423735"
+             "982938342408"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2589829009001407627908663823720231357129286498769843710211505"
-             "1403552551578909")},
+             "25898290090014076279086638237202313571292864987698437102115051403"
+             "552551578909")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "4580222337074626812305915980640015229986777106112734563124478"
-             "6118574025749328"),
+             "45802223370746268123059159806400152299867771061127345631244786118"
+             "574025749328"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "5030698007577826221415569329113205255155996272343693623161130"
-             "1042966928400825"),
+             "50306980075778262214155693291132052551559962723436936231611301042"
+             "966928400825"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "9105861908793877437599087016640061747418296780065295891365798"
-             "855886560153752"),
+             "91058619087938774375990870166400617474182967800652958913657988558"
+             "86560153752"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "4817759141336740991564205616704875304173558384845661260769162"
-             "0273026228709602")},
+             "48177591413367409915642056167048753041735583848456612607691620273"
+             "026228709602")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "1179862127662496731572174899070930921635169609881316238205339"
-             "6097866233042733"),
+             "11798621276624967315721748990709309216351696098813162382053396097"
+             "866233042733"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "3480695221203853724450603161207484713320733042726578575780967"
-             "3463434908473570"),
+             "34806952212038537244506031612074847133207330427265785757809673463"
+             "434908473570"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "1055943127858844643815584008805554614508787229864100774292171"
-             "8770142881700525"),
+             "10559431278588446438155840088055546145087872298641007742921718770"
+             "142881700525"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2511742758961381498086249076485723904703122022711664665388729"
-             "650078747694082")},
+             "25117427589613814980862490764857239047031220227116646653887296500"
+             "78747694082")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "4237291895943219916267083464159933632643300696866941566248807"
-             "0504036922966492"),
+             "42372918959432199162670834641599336326433006968669415662488070504"
+             "036922966492"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2275575941953007131500701157207616698366094244763402770135168"
-             "1157370705921018"),
+             "22755759419530071315007011572076166983660942447634027701351681157"
+             "370705921018"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "8881354201366797207686592249590682298565723459695719800911380"
-             "560885170725516"),
+             "88813542013667972076865922495906822985657234596957198009113805608"
+             "85170725516"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "1972578515203525635957421135144616159290339301703148363580602"
-             "5440159666669692")},
+             "19725785152035256359574211351446161592903393017031483635806025440"
+             "159666669692")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "5218137124419318966955352195561461799071405672550164363657637"
-             "7752669773323445"),
+             "52181371244193189669553521955614617990714056725501643636576377752"
+             "669773323445"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "3033417208429487055687527430890468841415874145785490809430001"
-             "7436690480001547"),
+             "30334172084294870556875274308904688414158741457854908094300017436"
+             "690480001547"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "3554886191776286297101172047585517281669871267189379603060765"
-             "8203859222685056"),
+             "35548861917762862971011720475855172816698712671893796030607658203"
+             "859222685056"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2382882216691637666452353485703197976465487816440601629452194"
-             "7902346141831375")},
+             "23828822166916376664523534857031979764654878164406016294521947902"
+             "346141831375")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2379198455482403167219524952465858060142837602950188915905900"
-             "9332107176394097"),
+             "23791984554824031672195249524658580601428376029501889159059009332"
+             "107176394097"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "1983236062272339258402976480797132564113295351555780171764422"
-             "6271356492507876"),
+             "19832360622723392584029764807971325641132953515557801717644226271"
+             "356492507876"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "5370567718707734490084045178883836972105253285449736908577321"
-             "570876055642415"),
+             "53705677187077344900840451788838369721052532854497369085773215708"
+             "76055642415"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2407217709737451929206899311094570379803095868441385259326833"
-             "1853573451397392")},
+             "24072177097374519292068993110945703798030958684413852593268331853"
+             "573451397392")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "3334252083162030376405954844283469906964010905840054881858696"
-             "4467754352720368"),
+             "33342520831620303764059548442834699069640109058400548818586964467"
+             "754352720368"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "5828182614154296575131381170785760240834851189333374788484657"
-             "124381010655319"),
+             "58281826141542965751313811707857602408348511893333747884846571243"
+             "81010655319"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "3540284072573181656988640108154744212083667675516530226606304"
-             "1488580350955250"),
+             "35402840725731816569886401081547442120836676755165302266063041488"
+             "580350955250"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "7578125905794851322815150557558076805933581048787999755527104"
-             "709377805399415")},
+             "75781259057948513228151505575580768059335810487879997555271047093"
+             "77805399415")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "1679154825320774497457684551570546179413379910480899613461775"
-             "4018912057476556"),
+             "16791548253207744974576845515705461794133799104808996134617754018"
+             "912057476556"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2372979785349040156896773068661814685073512970715285325680905"
-             "0789424668284094"),
+             "23729797853490401568967730686618146850735129707152853256809050789"
+             "424668284094"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "4937014353275067908272266874772930373538608971092718049381682"
-             "6667453179359307"),
+             "49370143532750679082722668747729303735386089710927180493816826667"
+             "453179359307"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2709726671504794741698997103590978680421397934135515163753725"
-             "6791808468088871")},
+             "27097266715047947416989971035909786804213979341355151637537256791"
+             "808468088871")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "1108734341986082531182813333776723811055641659668774917442288"
-             "8171911517001265"),
+             "11087343419860825311828133337767238110556416596687749174422888171"
+             "911517001265"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2284870849759634702726712489036302900224144014399356117052111"
-             "3640580467699956"),
+             "22848708497596347027267124890363029002241440143993561170521113640"
+             "580467699956"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "4693566332326116438268886021984431719166421190663189571805363"
-             "5696150320980742"),
+             "46935663323261164382688860219844317191664211906631895718053635696"
+             "150320980742"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "2331541786816617436276726929665379440348135218238478791698253"
-             "8955221505267261")},
+             "23315417868166174362767269296653794403481352182384787916982538955"
+             "221505267261")},
         {anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "1193120777053847793780895503736324095679037485666623710640311"
-             "1503668796872571"),
+             "11931207770538477937808955037363240956790374856666237106403111503"
+             "668796872571"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "5113168267461511776657835825572247462248477114567026004323109"
-             "6654077231782319"),
+             "51131682674615117766578358255722474622484771145670260043231096654"
+             "077231782319"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "3145066828322356157207632231316010605356847674299189787722532"
-             "4875903002249604"),
+             "31450668283223561572076322313160106053568476742991897877225324875"
+             "903002249604"),
          anemoi_parameters<libff::bls12_381_pp>::BignumT(
-             "3992048976997470157839669059665084976581072482124233796021092"
-             "5107347402384997")}};
+             "39920489769974701578396690596650849765810724821242337960210925107"
+             "347402384997")}};
 
 } // namespace libsnark
 
-#endif // LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_PARAMETERS_TCC_
+#endif // LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_PARAMETERS_BLS12_381_TCC_
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_bn128.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_bn128.tcc
new file mode 100644
index 000000000..cd5ed523a
--- /dev/null
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_bn128.tcc
@@ -0,0 +1,1129 @@
+/** @file
+ *****************************************************************************
+ * @author     This file is part of libsnark, developed by Clearmatics Ltd
+ *             (originally developed by SCIPR Lab) and contributors
+ *             (see AUTHORS).
+ * @copyright  MIT license (see LICENSE file)
+ *****************************************************************************/
+
+#ifndef LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_PARAMETERS_BN128_TCC_
+#define LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_PARAMETERS_BN128_TCC_
+
+namespace libsnark
+{
+// This file was automatically generated with SAGE script parameters.sage on
+// 19/1/2023 at 0:22:43
+
+// Anemoi parameters for curve bn128_pp
+template<> class anemoi_parameters<libff::bn128_pp>
+{
+public:
+    using ppT = libff::bn128_pp;
+    using FieldT = libff::Fr<ppT>;
+    using BignumT = libff::bigint<FieldT::num_limbs>;
+    static const bool b_prime_field = false;
+    static constexpr size_t multiplicative_generator_g = 5;
+    static constexpr size_t alpha = 5;
+    static constexpr size_t beta = multiplicative_generator_g;
+    static constexpr size_t gamma = 0;
+    static constexpr size_t quad_exponent = 2;
+    static const BignumT alpha_inv;
+    static const BignumT delta;
+    static const std::vector<std::vector<BignumT>> C_constants_col_one;
+    static const std::vector<std::vector<BignumT>> D_constants_col_one;
+    static const std::vector<std::vector<BignumT>> C_constants_col_two;
+    static const std::vector<std::vector<BignumT>> D_constants_col_two;
+    static const std::vector<std::vector<BignumT>> C_constants_col_three;
+    static const std::vector<std::vector<BignumT>> D_constants_col_three;
+    static const std::vector<std::vector<BignumT>> C_constants_col_four;
+    static const std::vector<std::vector<BignumT>> D_constants_col_four;
+};
+
+const anemoi_parameters<libff::bn128_pp>::BignumT
+    anemoi_parameters<libff::bn128_pp>::alpha_inv =
+        anemoi_parameters<libff::bn128_pp>::BignumT(
+            "175105942974714201777971245962058200708386915203328274749585633492"
+            "60646796493");
+
+const anemoi_parameters<libff::bn128_pp>::BignumT
+    anemoi_parameters<libff::bn128_pp>::delta =
+        anemoi_parameters<libff::bn128_pp>::BignumT(
+            "875529714873571008889856229810291003541934576016641373747928167463"
+            "0323398247");
+
+// C constants for L = 1 columns
+const std::vector<std::vector<anemoi_parameters<libff::bn128_pp>::BignumT>>
+    anemoi_parameters<libff::bn128_pp>::C_constants_col_one = {
+        {anemoi_parameters<libff::bn128_pp>::BignumT("37")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "133522471254331701186019745212342416866992521328386357935842525093"
+            "52796067497")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "895986651897880366608366379853515454374221757045511759979961656237"
+            "9347639707")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "322283189678829931597904723203390074386969291728885758006084580175"
+            "3443388885")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "114379153910856961265424993257916874187647998003753596971732127554"
+            "36799377493")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "147258460764021860852421742669119811678707848416374187170422902112"
+            "88365715997")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "362589673844055717974598052694999979950465286369365515664074535818"
+            "8128872126")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "463291105983501380924034618222275689104775247665779333141206049632"
+            "645736639")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "174438529516212469803635650409587816322444000217389037295285917096"
+            "55537559937")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "107612142054880343447062162138051557454823798584241370603726334230"
+            "69634639664")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "155505941252016887887089491437176277143146266576401012919291237249"
+            "0340449901")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "798525854991959266276978189644749044062135434756997170059843776615"
+            "6081995625")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "957097695082392916162693466057593968340171089790334279992177598089"
+            "3943353035")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "179623665059317086823215423836460327629317747961500429225627071705"
+            "94807376009")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "123861365525387195443231566505081086186278366591796192254683195068"
+            "57645902649")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "211846361785785751237991895484642934316306807048152477777681475993"
+            "66857217074")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "302152945078705096458504053712432320356333682175866669016023327581"
+            "7988779052")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "700537457097857607884348227054848555148600638599071392635438174320"
+            "0520456088")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "387083476132946621781289362283477084027891237152135159147698763910"
+            "9753753261")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "126597426867310393653584763793872657072862825193201669413765573945"
+            "42672080082")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "129665621019313702600508479243181023453311112057994223963645121904"
+            "66354328905")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "149159405495375560837384698473349345156588436651143394207286087995"
+            "29210477580")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "170520959503770700323915831289114676698661716364314271464633737309"
+            "41409691721")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "113169241498862684893517974644404715170367343948626941724978600457"
+            "70087481757")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "186714982080400533335520493329471087461082974662842557417071948890"
+            "59427441793")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "196886380157420429089555318556922110672187441539826135090236715133"
+            "41198883882")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "138570642664788382200941724381592363446736224591011077358684743676"
+            "87189371801")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "244039899322356340780694486276235776012434572092500994566440898339"
+            "6504134916")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "133241711971446399672094981211998814983174870230276316471504608643"
+            "79926444057")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "875864252988028777449176478135663368921918736024786615903999382919"
+            "2589908256")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "182409349755550600734721361687117909786310274855293710551238380367"
+            "13070397333")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "105851912399721376657025838504406536749970612074109441501014834140"
+            "55170476180")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "802468651684407190026757171703268740453708973504113513075594214549"
+            "7198995357")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "128994789321104169569546179272558852071615937881903273388202258703"
+            "02087292799")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "158564711524860967116352247512383202359875852641890966263988105439"
+            "20721764835")}};
+// D constants for L = 1 columns
+const std::vector<std::vector<anemoi_parameters<libff::bn128_pp>::BignumT>>
+    anemoi_parameters<libff::bn128_pp>::D_constants_col_one = {
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "875529714873571008889856229810291003541934576016641373747928167463"
+            "0323398284")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "524047450590431685877505180009922228827082786340987398670169420334"
+            "5984265770")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "901267992595871756578711188518846453819494783999734144380734802322"
+            "1726055342")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "218558340358352875402862385258001623420515917996293605931771524651"
+            "13152235615")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "112272294709416486056228220524811872049807486411428474643270169010"
+            "91886692935")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "827782380815399278680302926916265135541839222962450161247385482215"
+            "4276610437")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "209046078848891406943340690641990054517411684193088591365550438941"
+            "34683701950")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "190274814693606857486961639273620820539115897341607952405596530682"
+            "9204527070")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "144525708154611389296547435353239083505927514483722022774646970562"
+            "25242868484")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "105481346619124797050050156777851004367769828565239544280678307200"
+            "54853946467")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "170687293077959989804621588581642497189006567796720005516189405543"
+            "42475266265")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "161997180370053789691780704851669509287253655163991969265326305569"
+            "82133691321")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "191485643791976151652129575041079101102460524426868570597680878965"
+            "11716255278")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "549714176331186052041128386877234107713761238928548000860141494945"
+            "7218086902")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "183790462728210419304268539131146638087508655630819988679547324612"
+            "33335541378")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "769600173014187585312775924142246424177235590315568417813183393748"
+            "3164915734")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "963844642109550260189938374814031216012862679737123536423540607519"
+            "656220143")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "124124346904689114613106987665769208052704453998242727919855982109"
+            "55534611003")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "697131895545910791566227311216163590362404703435456720221025329839"
+            "8705502050")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "107701726355403629646010208637941828948876968229231780381568134146"
+            "55618516349")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "437902025452972340970960507122083562527421851828714532010159950819"
+            "0949972444")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "384228597622701165020580626860964177606813399795476843454691362084"
+            "5302570473")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "203619950819321989936970610260417916881204855283623629311904811983"
+            "16153572469")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "740007489949548642112338666559954444607059492602975469526407660594"
+            "4267520475")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "171133221769346278226220672855734590834453108041012525312378880088"
+            "79213111333")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "199159976071949257524933084949575526831209037913467615083660497601"
+            "97996606478")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "174765861639222269303123230776243258137356952225457736410771163313"
+            "94692894818")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "216919530103811180826605481831028240607329143318031237844090873985"
+            "48019667683")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "873786804802672608688120251516667286098726063681326906824500372162"
+            "8276805916")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "707753230128231865622505183326594062583054942337025579449312917876"
+            "6712247684")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "104171757604642051928646298566545917641864416943416434088186006263"
+            "71373955263")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "865433232373948617191815676030622196911225320434472836474372684131"
+            "896107758")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "179604646894621396759399851468692710862123078816143097284387335293"
+            "62319582744")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "688015415602559216327391983917909997655894177760388260287756081810"
+            "318785564")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+            "201363930802729253701594519857753626327396850645796004833168362451"
+            "45883663639")}};
+// C constants for L = 2 columns
+const std::vector<std::vector<anemoi_parameters<libff::bn128_pp>::BignumT>>
+    anemoi_parameters<libff::bn128_pp>::C_constants_col_two = {
+        {anemoi_parameters<libff::bn128_pp>::BignumT("37"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "37518285248030554714282278816186251745569477559883478811911591537"
+             "64975591158")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "13352247125433170118601974521234241686699252132838635793584252509"
+             "352796067497"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "21001839722121566863419881512791069124083822968210421491151340238"
+             "400176843969")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "89598665189788036660836637985351545437422175704551175997996165623"
+             "79347639707"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "21722442537234642741320951134727484119993387379465291657407115605"
+             "240150584902")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "32228318967882993159790472320339007438696929172888575800608458017"
+             "53443388885"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "55741100547476100587296323559485686047935463920909761474358792668"
+             "33412620404")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "11437915391085696126542499325791687418764799800375359697173212755"
+             "436799377493"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "19347108854758320361854968987183753113398822331033233961719129079"
+             "198795045322")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "14725846076402186085242174266911981167870784841637418717042290211"
+             "288365715997"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "17733032409684964025894538244134113560864261458948810209753406163"
+             "729963104066")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "36258967384405571797459805269499997995046528636936551566407453581"
+             "88128872126"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "16641102106808059030810525726117803887885616319153331237086309361"
+             "060282564245")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "46329110598350138092403461822227568910477524766577933314120604963"
+             "2645736639"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "92459707448042222152593692709914144419257478977182267340857510337"
+             "03871913242")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "17443852951621246980363565040958781632244400021738903729528591709"
+             "655537559937"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "18243401795478654990110719981452738859015913555820749188627866268"
+             "359980949315")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "10761214205488034344706216213805155745482379858424137060372633423"
+             "069634639664"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "18200337361605220875540054729693479452916227111908726624753615870"
+             "884702413869")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "15550594125201688788708949143717627714314626657640101291929123724"
+             "90340449901"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "52390652750031458431603218076965317759648583605555665891970082366"
+             "87533209496")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "79852585499195926627697818964474904406213543475699717005984377661"
+             "56081995625"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "93763510728664853005782517348446717640891606116683902001945701802"
+             "25759013543")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "95709769508239291616269346605759396834017108979033427999217759808"
+             "93943353035"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "64078809006621800432401045101146132369164377230654141580060547471"
+             "77494383655")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "17962366505931708682321542383646032762931774796150042922562707170"
+             "594807376009"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "62451306213828429256239375346839903756696312778714689069410326225"
+             "63934866013")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "12386136552538719544323156650508108618627836659179619225468319506"
+             "857645902649"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "34447093045801721058814385937316481058932492045175741825398697243"
+             "29579267981")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "21184636178578575123799189548464293431630680704815247777768147599"
+             "366857217074"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "21120619463230056889505288945077100826699610952997402273573989950"
+             "929674092590")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "30215294507870509645850405371243232035633368217586666901602332758"
+             "17988779052"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "11193039961054525697727412435670262589230611536691708715912482991"
+             "111674331248")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "70053745709785760788434822705484855514860063859907139263543817432"
+             "00520456088"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "16607583715622103674012251574269638453147883373329438054398692693"
+             "09242713791")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "38708347613294662178128936228347708402789123715213515914769876391"
+             "09753753261"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "10155964651132034354127895553216460094449713958001060059747595735"
+             "692765540145")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "12659742686731039365358476379387265707286282519320166941376557394"
+             "542672080082"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "16663018611661415361803446980742180412796388473568627037572541756"
+             "32028778043")}};
+// D constants for L = 2 columns
+const std::vector<std::vector<anemoi_parameters<libff::bn128_pp>::BignumT>>
+    anemoi_parameters<libff::bn128_pp>::D_constants_col_two = {
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "87552971487357100888985622981029100354193457601664137374792816746"
+             "30323398284"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "16133435893292874812888083849160666046321318009323051176910097996"
+             "974633748758")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "52404745059043168587750518000992222882708278634098739867016942033"
+             "45984265770"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "16516377322346822856154252461095180562000423191949949242508439100"
+             "972699801595")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "90126799259587175657871118851884645381949478399973414438073480232"
+             "21726055342"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "35133232921293906713392871455626498622427777417597707159563000480"
+             "86055264273")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "21855834035835287540286238525800162342051591799629360593177152465"
+             "113152235615"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "59451795417094323133517115738966859507721053671837343750936389121"
+             "96647730870")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "11227229470941648605622822052481187204980748641142847464327016901"
+             "091886692935"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "87449028252910687125017963805510864741143126455297694341438620685"
+             "7408624500")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "82778238081539927868030292691626513554183922296245016124738548221"
+             "54276610437"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "14911320361190879980016686915823914584756893340104182663424627943"
+             "175208757859")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "20904607884889140694334069064199005451741168419308859136555043894"
+             "134683701950"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "15657880601171476575713502187548665287918791967520790431542060879"
+             "010363657805")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "19027481469360685748696163927362082053911589734160795240559653068"
+             "29204527070"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "14311738005510898661766244714944477794557156116636816483240167459"
+             "479765463026")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "14452570815461138929654743535323908350592751448372202277464697056"
+             "225242868484"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "18878429879072656191963192145256996413709289475622337294803628783"
+             "509021017215")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "10548134661912479705005015677785100436776982856523954428067830720"
+             "054853946467"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "21613568037783775488400147863112554980555854603176833550688470336"
+             "449256480025")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "17068729307795998980462158858164249718900656779672000551618940554"
+             "342475266265"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "24908025181938099750664736756708744712307125672158122261644894005"
+             "43194289596")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "16199718037005378969178070485166950928725365516399196926532630556"
+             "982133691321"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "21217120779706380859547833993003263088538196273665904984368420139"
+             "631145468592")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "19148564379197615165212957504107910110246052442686857059768087896"
+             "511716255278"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "19611778548789975299387421023085714500105803761017217976092023831"
+             "374602045251")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "54971417633118605204112838687723410771376123892854800086014149494"
+             "57218086902"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "19294458970356379238521378434506704614768857764591229894917601756"
+             "581488831876")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "18379046272821041930426853913114663808750865563081998867954732461"
+             "233335541378"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "13063929244616603744546429525777334132361302601588243383265939847"
+             "284603666063")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "76960017301418758531277592414224642417723559031556841781318339374"
+             "83164915734"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "11258295234547466871395152307474402473186310644506128232177333457"
+             "625316550603")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "96384464210955026018993837481403121601286267973712353642354060751"
+             "9656220143"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "12761665372131134245893603942799101438025161887838455120415447491"
+             "392676531692")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "12412434690468911461310698766576920805270445399824272791985598210"
+             "955534611003"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "10694128710806655002429735322894529935444251844334792229310742905"
+             "643591628059")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "69713189554591079156622731121616359036240470343545672022102532983"
+             "98705502050"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "16882759065015785304538568711982455994139873114002565228720518563"
+             "561052048287")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "10770172635540362964601020863794182894887696822923178038156813414"
+             "655618516349"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "34030420297295743879841828519202660652260776441281633587771673643"
+             "24309973663")}};
+// C constants for L = 3 columns
+const std::vector<std::vector<anemoi_parameters<libff::bn128_pp>::BignumT>>
+    anemoi_parameters<libff::bn128_pp>::C_constants_col_three = {
+        {anemoi_parameters<libff::bn128_pp>::BignumT("37"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "37518285248030554714282278816186251745569477559883478811911591537"
+             "64975591158"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "19495998695106454826151886603680333330563984042114142842576632199"
+             "72027283546")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "13352247125433170118601974521234241686699252132838635793584252509"
+             "352796067497"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "21001839722121566863419881512791069124083822968210421491151340238"
+             "400176843969"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "77779734333489937598234754212729869660776147889451933842847521571"
+             "97566919783")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "89598665189788036660836637985351545437422175704551175997996165623"
+             "79347639707"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "21722442537234642741320951134727484119993387379465291657407115605"
+             "240150584902"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "14978255763535453150583514941371658296885530039770722142017236155"
+             "522063862875")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "32228318967882993159790472320339007438696929172888575800608458017"
+             "53443388885"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "55741100547476100587296323559485686047935463920909761474358792668"
+             "33412620404"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "69236521807716355469318911364795945630546159647174659589287398018"
+             "40041650090")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "11437915391085696126542499325791687418764799800375359697173212755"
+             "436799377493"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "19347108854758320361854968987183753113398822331033233961719129079"
+             "198795045322"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "11678722465295853606385043319120728107430471738554216518209749383"
+             "951610070884")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "14725846076402186085242174266911981167870784841637418717042290211"
+             "288365715997"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "17733032409684964025894538244134113560864261458948810209753406163"
+             "729963104066"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "13922241985592995290253950498211017441065915694679478649621852463"
+             "687790678098")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "36258967384405571797459805269499997995046528636936551566407453581"
+             "88128872126"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "16641102106808059030810525726117803887885616319153331237086309361"
+             "060282564245"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "40177023745067223738992564293601922318456678245261754014738871183"
+             "2717193317")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "46329110598350138092403461822227568910477524766577933314120604963"
+             "2645736639"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "92459707448042222152593692709914144419257478977182267340857510337"
+             "03871913242"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "51792691377412519636576510829863370712877016324689985523548297236"
+             "75107591959")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "17443852951621246980363565040958781632244400021738903729528591709"
+             "655537559937"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "18243401795478654990110719981452738859015913555820749188627866268"
+             "359980949315"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "10684192457422730891811923419937385412089832793504426819231331969"
+             "125627448716")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "10761214205488034344706216213805155745482379858424137060372633423"
+             "069634639664"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "18200337361605220875540054729693479452916227111908726624753615870"
+             "884702413869"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "13591751711030312278826555518140666328583891165068799640705167493"
+             "071392966003")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "15550594125201688788708949143717627714314626657640101291929123724"
+             "90340449901"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "52390652750031458431603218076965317759648583605555665891970082366"
+             "87533209496"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "21610672344992293115659566645269250818983992757424125432658476791"
+             "677893331401")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "79852585499195926627697818964474904406213543475699717005984377661"
+             "56081995625"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "93763510728664853005782517348446717640891606116683902001945701802"
+             "25759013543"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "83948269278190741743373843857868413578242516048721514936133005859"
+             "71253069332")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "95709769508239291616269346605759396834017108979033427999217759808"
+             "93943353035"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "64078809006621800432401045101146132369164377230654141580060547471"
+             "77494383655"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "14812198405440551949199155207723029908881410859672612031838414683"
+             "706971532245")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "17962366505931708682321542383646032762931774796150042922562707170"
+             "594807376009"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "62451306213828429256239375346839903756696312778714689069410326225"
+             "63934866013"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "18547203735216812291438330766359279874108437679117792035816944333"
+             "520794809079")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "12386136552538719544323156650508108618627836659179619225468319506"
+             "857645902649"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "34447093045801721058814385937316481058932492045175741825398697243"
+             "29579267981"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "12383129949518321593533180451426644423702561315013334141724247691"
+             "584047659329")}};
+// D constants for L = 3 columns
+const std::vector<std::vector<anemoi_parameters<libff::bn128_pp>::BignumT>>
+    anemoi_parameters<libff::bn128_pp>::D_constants_col_three = {
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "87552971487357100888985622981029100354193457601664137374792816746"
+             "30323398284"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "16133435893292874812888083849160666046321318009323051176910097996"
+             "974633748758"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "11515618990709373787379985173053774331925623019658433031330089380"
+             "733125663964")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "52404745059043168587750518000992222882708278634098739867016942033"
+             "45984265770"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "16516377322346822856154252461095180562000423191949949242508439100"
+             "972699801595"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "47692278628315871586278691472079853109906937479703658699533833732"
+             "1530100227")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "90126799259587175657871118851884645381949478399973414438073480232"
+             "21726055342"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "35133232921293906713392871455626498622427777417597707159563000480"
+             "86055264273"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "15841791142978385266153197242607799254788139164593550995618112102"
+             "495217260681")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "21855834035835287540286238525800162342051591799629360593177152465"
+             "113152235615"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "59451795417094323133517115738966859507721053671837343750936389121"
+             "96647730870"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "44791334204423667648589108995714120361380293019225396379399867647"
+             "54716983374")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "11227229470941648605622822052481187204980748641142847464327016901"
+             "091886692935"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "87449028252910687125017963805510864741143126455297694341438620685"
+             "7408624500"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "12278758517614824301331600260393058857096299434602309294956698015"
+             "737472368497")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "82778238081539927868030292691626513554183922296245016124738548221"
+             "54276610437"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "14911320361190879980016686915823914584756893340104182663424627943"
+             "175208757859"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "82849416898078202076810397150445185920634019379471665546465615606"
+             "84476554709")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "20904607884889140694334069064199005451741168419308859136555043894"
+             "134683701950"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "15657880601171476575713502187548665287918791967520790431542060879"
+             "010363657805"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "18491203356362273967844248394767855838870961193348426529654831733"
+             "910047005312")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "19027481469360685748696163927362082053911589734160795240559653068"
+             "29204527070"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "14311738005510898661766244714944477794557156116636816483240167459"
+             "479765463026"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "74294481511568373734694670720831005510239642134999037528627334670"
+             "02441364561")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "14452570815461138929654743535323908350592751448372202277464697056"
+             "225242868484"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "18878429879072656191963192145256996413709289475622337294803628783"
+             "509021017215"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "85036322937256410569693361288853430938880630754183303767605818018"
+             "26107739434")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "10548134661912479705005015677785100436776982856523954428067830720"
+             "054853946467"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "21613568037783775488400147863112554980555854603176833550688470336"
+             "449256480025"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "14189394139917775854991589196703441983328373018449222017993509276"
+             "187387254977")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "17068729307795998980462158858164249718900656779672000551618940554"
+             "342475266265"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "24908025181938099750664736756708744712307125672158122261644894005"
+             "43194289596"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "16046821340891866210870659058387293641354701326196686520979445273"
+             "084994634319")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "16199718037005378969178070485166950928725365516399196926532630556"
+             "982133691321"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "21217120779706380859547833993003263088538196273665904984368420139"
+             "631145468592"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "17420008387367878696611907189089132809378141628981981729140637862"
+             "928079747199")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "19148564379197615165212957504107910110246052442686857059768087896"
+             "511716255278"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "19611778548789975299387421023085714500105803761017217976092023831"
+             "374602045251"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "33122649344379809464050065205805562106272668593206969575796668988"
+             "79710921042")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "54971417633118605204112838687723410771376123892854800086014149494"
+             "57218086902"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "19294458970356379238521378434506704614768857764591229894917601756"
+             "581488831876"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "68927009650599823453943064660684191517641541275338341314487965985"
+             "13980502143")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "18379046272821041930426853913114663808750865563081998867954732461"
+             "233335541378"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "13063929244616603744546429525777334132361302601588243383265939847"
+             "284603666063"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "19186761642263662195503111928616030577275469074196318793803805132"
+             "090512280229")}};
+// C constants for L = 4 columns
+const std::vector<std::vector<anemoi_parameters<libff::bn128_pp>::BignumT>>
+    anemoi_parameters<libff::bn128_pp>::C_constants_col_four = {
+        {anemoi_parameters<libff::bn128_pp>::BignumT("37"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "37518285248030554714282278816186251745569477559883478811911591537"
+             "64975591158"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "19495998695106454826151886603680333330563984042114142842576632199"
+             "72027283546"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "15418714136223760726336850467094720601517297152372747941595383567"
+             "153544466510")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "13352247125433170118601974521234241686699252132838635793584252509"
+             "352796067497"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "21001839722121566863419881512791069124083822968210421491151340238"
+             "400176843969"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "77779734333489937598234754212729869660776147889451933842847521571"
+             "97566919783"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "75108683031252723543834821290549899654377000016965690613783872867"
+             "87540912966")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "89598665189788036660836637985351545437422175704551175997996165623"
+             "79347639707"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "21722442537234642741320951134727484119993387379465291657407115605"
+             "240150584902"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "14978255763535453150583514941371658296885530039770722142017236155"
+             "522063862875"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "24862719481092635783269415757750166228524464176767778626287196100"
+             "12816205134")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "32228318967882993159790472320339007438696929172888575800608458017"
+             "53443388885"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "55741100547476100587296323559485686047935463920909761474358792668"
+             "33412620404"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "69236521807716355469318911364795945630546159647174659589287398018"
+             "40041650090"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "17165098443539374195961763629412427208317340468839803881902169270"
+             "575466592477")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "11437915391085696126542499325791687418764799800375359697173212755"
+             "436799377493"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "19347108854758320361854968987183753113398822331033233961719129079"
+             "198795045322"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "11678722465295853606385043319120728107430471738554216518209749383"
+             "951610070884"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "29863429295377497379683320363806468836825521434169988248931657823"
+             "0867010994")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "14725846076402186085242174266911981167870784841637418717042290211"
+             "288365715997"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "17733032409684964025894538244134113560864261458948810209753406163"
+             "729963104066"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "13922241985592995290253950498211017441065915694679478649621852463"
+             "687790678098"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "27153326074286912809853844081581258343647323383190727441281159351"
+             "92202839051")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "36258967384405571797459805269499997995046528636936551566407453581"
+             "88128872126"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "16641102106808059030810525726117803887885616319153331237086309361"
+             "060282564245"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "40177023745067223738992564293601922318456678245261754014738871183"
+             "2717193317"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "37452837974203056462921385964149831060067379240126633032035707827"
+             "5802016761")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "46329110598350138092403461822227568910477524766577933314120604963"
+             "2645736639"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "92459707448042222152593692709914144419257478977182267340857510337"
+             "03871913242"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "51792691377412519636576510829863370712877016324689985523548297236"
+             "75107591959"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "19095727768515297673050373763484467089496400227788592149888060564"
+             "100975126966")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "17443852951621246980363565040958781632244400021738903729528591709"
+             "655537559937"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "18243401795478654990110719981452738859015913555820749188627866268"
+             "359980949315"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "10684192457422730891811923419937385412089832793504426819231331969"
+             "125627448716"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "17470332954208716118252250751112311282399887258695813542803649629"
+             "307353902995")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "10761214205488034344706216213805155745482379858424137060372633423"
+             "069634639664"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "18200337361605220875540054729693479452916227111908726624753615870"
+             "884702413869"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "13591751711030312278826555518140666328583891165068799640705167493"
+             "071392966003"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "39246321217301098238253561609170491980291942777037550803377931146"
+             "38247487729")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "15550594125201688788708949143717627714314626657640101291929123724"
+             "90340449901"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "52390652750031458431603218076965317759648583605555665891970082366"
+             "87533209496"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "21610672344992293115659566645269250818983992757424125432658476791"
+             "677893331401"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "52045107776223873111727115423561646741857972851267698477008738512"
+             "79200448102")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "79852585499195926627697818964474904406213543475699717005984377661"
+             "56081995625"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "93763510728664853005782517348446717640891606116683902001945701802"
+             "25759013543"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "83948269278190741743373843857868413578242516048721514936133005859"
+             "71253069332"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "91728983447926150865441306506207750785005574975092552991841256687"
+             "63225281568")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "95709769508239291616269346605759396834017108979033427999217759808"
+             "93943353035"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "64078809006621800432401045101146132369164377230654141580060547471"
+             "77494383655"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "14812198405440551949199155207723029908881410859672612031838414683"
+             "706971532245"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "66274625599283103528310413754870292083397080230960342298213531167"
+             "39549556320")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "17962366505931708682321542383646032762931774796150042922562707170"
+             "594807376009"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "62451306213828429256239375346839903756696312778714689069410326225"
+             "63934866013"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "18547203735216812291438330766359279874108437679117792035816944333"
+             "520794809079"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "15322049991821601511703767216352735781370782841721856365749224541"
+             "728577048832")}};
+// D constants for L = 4 columns
+const std::vector<std::vector<anemoi_parameters<libff::bn128_pp>::BignumT>>
+    anemoi_parameters<libff::bn128_pp>::D_constants_col_four = {
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "87552971487357100888985622981029100354193457601664137374792816746"
+             "30323398284"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "16133435893292874812888083849160666046321318009323051176910097996"
+             "974633748758"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "11515618990709373787379985173053774331925623019658433031330089380"
+             "733125663964"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "31406354132811219280316211894277337255205008437642288339014718221"
+             "05691965090")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "52404745059043168587750518000992222882708278634098739867016942033"
+             "45984265770"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "16516377322346822856154252461095180562000423191949949242508439100"
+             "972699801595"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "47692278628315871586278691472079853109906937479703658699533833732"
+             "1530100227"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "25396268375734542959917357740734874414149806390890875302083974767"
+             "8361707189")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "90126799259587175657871118851884645381949478399973414438073480232"
+             "21726055342"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "35133232921293906713392871455626498622427777417597707159563000480"
+             "86055264273"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "15841791142978385266153197242607799254788139164593550995618112102"
+             "495217260681"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "33939523552501038130730038319157047944373990188601032051614618377"
+             "52827216719")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "21855834035835287540286238525800162342051591799629360593177152465"
+             "113152235615"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "59451795417094323133517115738966859507721053671837343750936389121"
+             "96647730870"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "44791334204423667648589108995714120361380293019225396379399867647"
+             "54716983374"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "14764724710908013533065163347408791895083097282405374049845282514"
+             "256999539540")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "11227229470941648605622822052481187204980748641142847464327016901"
+             "091886692935"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "87449028252910687125017963805510864741143126455297694341438620685"
+             "7408624500"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "12278758517614824301331600260393058857096299434602309294956698015"
+             "737472368497"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "94281537297065378791977009981494265171642638675028914816813149078"
+             "3586922386")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "82778238081539927868030292691626513554183922296245016124738548221"
+             "54276610437"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "14911320361190879980016686915823914584756893340104182663424627943"
+             "175208757859"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "82849416898078202076810397150445185920634019379471665546465615606"
+             "84476554709"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "19010420211180699539835259325153449287592926458363291481782895499"
+             "531554825058")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "20904607884889140694334069064199005451741168419308859136555043894"
+             "134683701950"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "15657880601171476575713502187548665287918791967520790431542060879"
+             "010363657805"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "18491203356362273967844248394767855838870961193348426529654831733"
+             "910047005312"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "18508106526351540414259916566377882139969411679657571808759666381"
+             "119989442535")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "19027481469360685748696163927362082053911589734160795240559653068"
+             "29204527070"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "14311738005510898661766244714944477794557156116636816483240167459"
+             "479765463026"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "74294481511568373734694670720831005510239642134999037528627334670"
+             "02441364561"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "21390051809628791202038569707485777782915006285179993839327830588"
+             "195166513347")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "14452570815461138929654743535323908350592751448372202277464697056"
+             "225242868484"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "18878429879072656191963192145256996413709289475622337294803628783"
+             "509021017215"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "85036322937256410569693361288853430938880630754183303767605818018"
+             "26107739434"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "15333917818209534402586043414964816177880461016970213589264765742"
+             "774691807492")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "10548134661912479705005015677785100436776982856523954428067830720"
+             "054853946467"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "21613568037783775488400147863112554980555854603176833550688470336"
+             "449256480025"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "14189394139917775854991589196703441983328373018449222017993509276"
+             "187387254977"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "45664195783154815191667697943843720664560196074446739465580011785"
+             "21099390482")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "17068729307795998980462158858164249718900656779672000551618940554"
+             "342475266265"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "24908025181938099750664736756708744712307125672158122261644894005"
+             "43194289596"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "16046821340891866210870659058387293641354701326196686520979445273"
+             "084994634319"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "21573047673059143747806589655636029798787213730675861768651912800"
+             "028967860416")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "16199718037005378969178070485166950928725365516399196926532630556"
+             "982133691321"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "21217120779706380859547833993003263088538196273665904984368420139"
+             "631145468592"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "17420008387367878696611907189089132809378141628981981729140637862"
+             "928079747199"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "18242224832039327727995033408827613743736790997979582023643329226"
+             "486909573214")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "19148564379197615165212957504107910110246052442686857059768087896"
+             "511716255278"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "19611778548789975299387421023085714500105803761017217976092023831"
+             "374602045251"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "33122649344379809464050065205805562106272668593206969575796668988"
+             "79710921042"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "17059916988462922691459678388506377812316271899520649988192675799"
+             "254955054513")},
+        {anemoi_parameters<libff::bn128_pp>::BignumT(
+             "54971417633118605204112838687723410771376123892854800086014149494"
+             "57218086902"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "19294458970356379238521378434506704614768857764591229894917601756"
+             "581488831876"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "68927009650599823453943064660684191517641541275338341314487965985"
+             "13980502143"),
+         anemoi_parameters<libff::bn128_pp>::BignumT(
+             "37116922493626796848361228709664222727088427664983949503129430874"
+             "88620355675")}};
+
+} // namespace libsnark
+
+#endif // LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_PARAMETERS_BN128_TCC_
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_bw6_761.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_bw6_761.tcc
new file mode 100644
index 000000000..604cd333f
--- /dev/null
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_bw6_761.tcc
@@ -0,0 +1,1129 @@
+/** @file
+ *****************************************************************************
+ * @author     This file is part of libsnark, developed by Clearmatics Ltd
+ *             (originally developed by SCIPR Lab) and contributors
+ *             (see AUTHORS).
+ * @copyright  MIT license (see LICENSE file)
+ *****************************************************************************/
+
+#ifndef LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_PARAMETERS_BW6_761_TCC_
+#define LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_PARAMETERS_BW6_761_TCC_
+
+namespace libsnark
+{
+// This file was automatically generated with SAGE script parameters.sage on
+// 19/1/2023 at 0:15:38
+
+// Anemoi parameters for curve bw6_761_pp
+template<> class anemoi_parameters<libff::bw6_761_pp>
+{
+public:
+    using ppT = libff::bw6_761_pp;
+    using FieldT = libff::Fr<ppT>;
+    using BignumT = libff::bigint<FieldT::num_limbs>;
+    static const bool b_prime_field = false;
+    static constexpr size_t multiplicative_generator_g = 15;
+    static constexpr size_t alpha = 5;
+    static constexpr size_t beta = multiplicative_generator_g;
+    static constexpr size_t gamma = 0;
+    static constexpr size_t quad_exponent = 2;
+    static const BignumT alpha_inv;
+    static const BignumT delta;
+    static const std::vector<std::vector<BignumT>> C_constants_col_one;
+    static const std::vector<std::vector<BignumT>> D_constants_col_one;
+    static const std::vector<std::vector<BignumT>> C_constants_col_two;
+    static const std::vector<std::vector<BignumT>> D_constants_col_two;
+    static const std::vector<std::vector<BignumT>> C_constants_col_three;
+    static const std::vector<std::vector<BignumT>> D_constants_col_three;
+    static const std::vector<std::vector<BignumT>> C_constants_col_four;
+    static const std::vector<std::vector<BignumT>> D_constants_col_four;
+};
+
+const anemoi_parameters<libff::bw6_761_pp>::BignumT
+    anemoi_parameters<libff::bw6_761_pp>::alpha_inv =
+        anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "206931540810375275208522186955914826829114810203931728431907410133"
+            "376374678672658219975110511658688099552257166541");
+
+const anemoi_parameters<libff::bw6_761_pp>::BignumT
+    anemoi_parameters<libff::bw6_761_pp>::delta =
+        anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "344885901350625458680870311593191378048524683673219547386512350222"
+            "29395779778776369995851751943114683258709527757");
+
+// C constants for L = 1 columns
+const std::vector<std::vector<anemoi_parameters<libff::bw6_761_pp>::BignumT>>
+    anemoi_parameters<libff::bw6_761_pp>::C_constants_col_one = {
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT("47")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "236518926960176350513119325731424984143727511838361608538129292490"
+            "73212051004004868225625270519161718897739063636")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "108408258685061606189190548723359824672284631663840600361290557059"
+            "934237530248648468547776202467131425426693074558")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "115749210796626156355961226217033697648277624267646303812115651330"
+            "611822636154890997899312710171050197066310511132")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "329380290090097077508536392168798965219144804821743439267560278174"
+            "70420463936977428079379763376648137928269263125")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "405755749726921546933711488533101786237064347298554254677279921859"
+            "29212015207456735505186051322972223631650259106")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "181370236551256971820074603382020385729591238290079082087028050467"
+            "599960619119153377372739336731389135391455621185")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "430194843121391196777323002399725055653704807969247348413981196585"
+            "32010090928100522923025131851788434306002926824")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "913854974512903642865422591140992335284671327647232835168635004031"
+            "46833995007020614131524882440134900979898531653")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "630047756627796433181021736550730171702927270754587676038813700990"
+            "79850547916436871825900459279413632435318780398")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "140920458640164007835215254871999670108377445538836910604183711238"
+            "527893171467991103178253057721420949480774852003")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "975490541280251937007692875088626701175586143230041143149765514602"
+            "88759340041245540004643782590643846886640773979")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "962783479166198957151951120132452121248303760586901661983885265422"
+            "20472759579154278221591926318561118086042871593")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "108612183029105569994399836305634265412031526543127414597379785132"
+            "151175890324977808793488834990099767147672869617")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "225362489072979162213512539818406889007424296425244165443169317881"
+            "510191359314512459646859899596059150368736166327")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "562093063029268629507782494011731996541740319952426037712564005000"
+            "58375887590028538029647242328896119454967681297")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "231031955458715195381799174777044485601854525156631207622376198634"
+            "130074791526940437745138207899731693002688840585")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "130396334416753573520063640008051074182383505586500796395072267471"
+            "485481914049687837400714069836204000678499479921")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "437444617318500637934954266364786156874511836649414747828442278270"
+            "58566027345188184873627510317433406629405991252")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "391128525659655052576636784302056149993941220128962497270159102781"
+            "64921677729393032506014175555885650268011231397")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "181760141745270263450952302597582583356286460441009662908027003371"
+            "308544134649207847611026835102418500428590764103")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "111908673746731971751606962205309412474279052380266331398256570974"
+            "919656606835828136724430092485113208032237430085")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "237041599623951883593783523583824742197721766200049590809308990141"
+            "718146940268401430929066642244126742806123729965")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "197539013785585621427030742077515228452561374860559113979464005789"
+            "863362414262621113203276050590417406882365431010")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "661411482409384456999707333602115955136034307300175299556667454069"
+            "34387352915744991174539499565531911549875692622")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "149958502880492541412084698899569689791070410856594046498909900851"
+            "591827851286610161409146849511237161596272280527")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "374473558599573936178115890005905162861834092990669631429171510810"
+            "33166824285056572569217044924511183754639709386")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "244803704379329802571393180259750712944632883564399128182820307875"
+            "292528744272817514038150791315658177857794677644")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "127240534402835509857842153363552412898241070231878502449298787748"
+            "308912462930239527137689392886453726090572015948")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "237255239511555763223940489098143339630442088028837264444047103421"
+            "650801068487781374029752465253880188570524816301")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "114098932563655668152845880048116665439336813907585026164076684335"
+            "207377030412011490616717269967901866512791922030")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "150314947349421248210116825024101991195944778374894464619572626239"
+            "607322496127788920330782215970399921310481541114")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "229712970587087060608457350737672600684739480461207418921591996223"
+            "119772346569722714125854513271484842228717940517")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "632059840919725242581214585990099793293566668441714716823267491586"
+            "58644649788699947429775595624088760100339015346")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "267977917613697697721803478956819395558458484991326870824415539281"
+            "52251536135163572782343112811744460491988452832")}};
+// D constants for L = 1 columns
+const std::vector<std::vector<anemoi_parameters<libff::bw6_761_pp>::BignumT>>
+    anemoi_parameters<libff::bw6_761_pp>::D_constants_col_one = {
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "344885901350625458680870311593191378048524683673219547386512350222"
+            "29395779778776369995851751943114683258709527804")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "241056784058908456452437505264885375297275388471500963605224278691"
+            "364375440315115522423436875172949018721227198476")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "166414254837295205511720997500605979238818860309869111951877231185"
+            "566572210928295104013484999516940244744633018384")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "221224995998311503252989065004206696395905618499919174700053480874"
+            "899859345247260744923409963597237673800845378610")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "152402361393020229919247102101672041744062391352023957876534291035"
+            "44034631065342920402223744391016882010463439208")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "118785556802603352692131797332067842755552045060955813879117222418"
+            "041789917960717487175187168878442544474134007696")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "104678731306568576136377732468893611714303235867680727477565315402"
+            "472822000312733630333084472763052420664227524357")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "196625090404219936187893290906369594741850568511266236693303888960"
+            "666720777928908165608653841931424377254229338613")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "188750928750600174144513535094165329036134202474701590924813486127"
+            "699699987918351422800035214637052491016215647916")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "242933836124461948529393805077322632596005977806939075809454208126"
+            "944045612569562988649639253056690675718585768430")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "113841350571939967348181008290644158554092272791791861021003548247"
+            "206010634092278993637761827105330062261586699353")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "170001160071451331422034331416602227446581778206602988556438500174"
+            "473697079904244920369981806390005712988657694743")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "277753881678823238139511566951817182662323534390352646007409329587"
+            "68825889022655440985800444714253826679741700014")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "179437288481093162618660782517684990625690266727262366620146489301"
+            "080077140367492528934898103191572286096218101754")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "973256105382234063045483465780503569878541523307150478213362091712"
+            "5114109010619832003972175650955950782689127574")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "148585933547442830635512341734141092095404261497505529872602584387"
+            "568079843280432730904633280934381649392242992819")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "147173767594257257409532591263085268343561395136659103006358938576"
+            "260893867594902641437636052538886024389532195926")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "199525512371551687574699220172529766523075953759625402489198071873"
+            "36905465548457927691489154629151739841128740409")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "327122923833169834760725257784392663160735664069605718341875284553"
+            "25725561866244719543625572312015877260546818665")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "247303631248225985472220262355686125402130701285465944084215834425"
+            "258860935862897438145166166788816041825982522567")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "190784248916126871346568000276690652521377405168440564845893945593"
+            "212766139530982430891334129029628699201933051638")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "139611251829902218511965436467501031893373157143372164766461775250"
+            "226550132422553322026660885517167648495282909087")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "100349099839762524401588526663475203638861972563697354452817932186"
+            "999608538424855346971643043689795255862860651277")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "511276178165433032464878255689721796142051165829617503057764665457"
+            "51391409610429319577309868977874861333531479108")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "189762157490589030777321807016120966079294612241828576204566858062"
+            "391965706379849669038175918331930258623210405429")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "232989883812357309725756488037602842830734084806264134933293730267"
+            "694002230108154643399850592874013254514715589299")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "966036282180135453447908552813097586022714150734795757727985389957"
+            "97560755425704726332913376408692465221562991863")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "197044820471889325129435339139629112992984296930407394782502835405"
+            "320387958271543605224639226167031702299670310863")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "175394593059384878525184748411062334511720923773516621754304708632"
+            "189425794498773427806018520303752140845433162221")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "195204169561844159342701714757855890752121577064860253904938153146"
+            "09425982106942922326985348117184972257056284428")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "339960451154098380194103751319319452620509712637579386175857039093"
+            "76590813576131842394700633730789071156124853873")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "788375644508998655580339660128960173890152610253626481241955743057"
+            "46273650551359911979630863959921847750501062663")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "112357134462388091562827944994541797332058701799620816422374972578"
+            "280006870920136799063776255291063828419929280790")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "435826482179950718673881036342093786555556669027074554524604425353"
+            "01697944054989572903282498179140747521772639009")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+            "313203799369833820327988738235333363382540105733380353209418260618"
+            "21976936268876376281155907399873747506738241028")}};
+// C constants for L = 2 columns
+const std::vector<std::vector<anemoi_parameters<libff::bw6_761_pp>::BignumT>>
+    anemoi_parameters<libff::bw6_761_pp>::C_constants_col_two = {
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT("47"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "81869270595392143148066212854527904551796738802305371771440426756"
+             "145868072405074927930195580540243858886743387121")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "23651892696017635051311932573142498414372751183836160853812929249"
+             "073212051004004868225625270519161718897739063636"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "71266779364374193827666471004883607655137358860055866465777646864"
+             "136670770797640601948964144390030618646417069860")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "10840825868506160618919054872335982467228463166384060036129055705"
+             "9934237530248648468547776202467131425426693074558"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "77774201565282309043316733424812573114318869494826820012294696120"
+             "497026755779789285629584913883061477221990405285")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "11574921079662615635596122621703369764827762426764630381211565133"
+             "0611822636154890997899312710171050197066310511132"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "12276930138500021733969528289783463430290593974803224527039156813"
+             "5236725936099679943807062992297957879160919823018")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "32938029009009707750853639216879896521914480482174343926756027817"
+             "470420463936977428079379763376648137928269263125"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "27840594961500345091641939174048459811036398886735498896307685871"
+             "244428648342720251372111670828636820168273583144")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "40575574972692154693371148853310178623706434729855425467727992185"
+             "929212015207456735505186051322972223631650259106"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "24701297111443188482970127351870728637710246406473361061106638882"
+             "8965644964084892343431583485636799511837824614781")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "18137023655125697182007460338202038572959123829007908208702805046"
+             "7599960619119153377372739336731389135391455621185"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "94262318062137313899317320978960310449320067398351774621972793301"
+             "903124697009482815214653408698842876791886987097")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "43019484312139119677732300239972505565370480796924734841398119658"
+             "532010090928100522923025131851788434306002926824"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "18662540873286849572091186031772888832477410610169083646534943891"
+             "5354131201932304277862071692177170731134485038276")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "91385497451290364286542259114099233528467132764723283516863500403"
+             "146833995007020614131524882440134900979898531653"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "12734014850045058164707010963007834758076591843613538196222314792"
+             "1514899711164699847915534227122738002914713081298")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "63004775662779643318102173655073017170292727075458767603881370099"
+             "079850547916436871825900459279413632435318780398"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "21075059154271603246113006671833480648222850243556442938581996464"
+             "7042356551815447852558050430220613632506049453086")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "14092045864016400783521525487199967010837744553883691060418371123"
+             "8527893171467991103178253057721420949480774852003"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "18139577410092912046710127853712460162054350263279019192210689257"
+             "8715519421841141445914799796876346048595140020959")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "97549054128025193700769287508862670117558614323004114314976551460"
+             "288759340041245540004643782590643846886640773979"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "24428421860097198920403237296982792615738480591482537890355812257"
+             "0040147911244970067701830277315789494728522965393")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "96278347916619895715195112013245212124830376058690166198388526542"
+             "220472759579154278221591926318561118086042871593"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "52865168868271019274263528383520867537674322940264665592325434575"
+             "676291171945721095583659700238878000665872468507")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "10861218302910556999439983630563426541203152654312741459737978513"
+             "2151175890324977808793488834990099767147672869617"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "63811078364360378295859115954106503239473173224544492711035165457"
+             "762506361456510436472015088570855051311050939695")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "22536248907297916221351253981840688900742429642524416544316931788"
+             "1510191359314512459646859899596059150368736166327"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "69911787568458137039136600061536235617499329715120375245493345110"
+             "733582109719859124927025908263151580982199701232")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "56209306302926862950778249401173199654174031995242603771256400500"
+             "058375887590028538029647242328896119454967681297"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "18643276637608655558320006661517309673241612975224667063531160814"
+             "1881928231760080482463775216605156468457662435315")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "23103195545871519538179917477704448560185452515663120762237619863"
+             "4130074791526940437745138207899731693002688840585"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "25650137173635954063051110798893925977512024000628893932868804611"
+             "9391043677562987672974039387792691472608702975269")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "13039633441675357352006364000805107418238350558650079639507226747"
+             "1485481914049687837400714069836204000678499479921"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "15222731619625422544628785351875694397780109655407811053296264359"
+             "5685949428705662551161775145135262334486486379065")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "43744461731850063793495426636478615687451183664941474782844227827"
+             "058566027345188184873627510317433406629405991252"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "85795875965594998519042487071666476846102686209159738761971822641"
+             "038384609267133280665123360266846867639752431847")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "39112852565965505257663678430205614999394122012896249727015910278"
+             "164921677729393032506014175555885650268011231397"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "22005446494530257066350311136860825577849217308115448347359658568"
+             "894597956099565116389553525467040932069504675565")}};
+// D constants for L = 2 columns
+const std::vector<std::vector<anemoi_parameters<libff::bw6_761_pp>::BignumT>>
+    anemoi_parameters<libff::bw6_761_pp>::D_constants_col_two = {
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "34488590135062545868087031159319137804852468367321954738651235022"
+             "229395779778776369995851751943114683258709527804"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "10084044875066015895577818583690898963721689610140090893768690941"
+             "7517466461755493523396059953907186467541472071934")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "24105678405890845645243750526488537529727538847150096360522427869"
+             "1364375440315115522423436875172949018721227198476"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "14489832734501391157764251824794898282214172324579591104899981278"
+             "849568421339570706647900230894285719425602903579")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "16641425483729520551172099750060597923881886030986911195187723118"
+             "5566572210928295104013484999516940244744633018384"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "12026278573772137830547212402512067496142078707262891403047661788"
+             "5271564046031078146565306332356698221935949506167")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "22122499599831150325298906500420669639590561849991917470005348087"
+             "4899859345247260744923409963597237673800845378610"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "21272767460689103417634806350806958033110162291207869858592464531"
+             "8666965254763691916301172867147973281291473847552")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "15240236139302022991924710210167204174406239135202395787653429103"
+             "544034631065342920402223744391016882010463439208"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "25328981612496722428299068568529124828048935922645179372468459746"
+             "3180713773383550744133856412840193614086808374460")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "11878555680260335269213179733206784275555204506095581387911722241"
+             "8041789917960717487175187168878442544474134007696"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "51041114951579458757434130125633364253122250572692920910166604033"
+             "499957128068972545602709085042737633636006062250")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "10467873130656857613637773246889361171430323586768072747756531540"
+             "2472822000312733630333084472763052420664227524357"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "20534008376543881552453918888954837145997539077270024401053058759"
+             "18188687774705293645011166154334087460678047325")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "19662509040421993618789329090636959474185056851126623669330388896"
+             "0666720777928908165608653841931424377254229338613"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "66049176832185688160045059112294391245428369992891260204966193189"
+             "910576150163931371048824884107274475038409148944")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "18875092875060017414451353509416532903613420247470159092481348612"
+             "7699699987918351422800035214637052491016215647916"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "20918816781996586144466632743320639036900067707788727179776838128"
+             "5209968313647672882054057180743483518347049354617")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "24293383612446194852939380507732263259600597780693907580945420812"
+             "6944045612569562988649639253056690675718585768430"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "11649781401163471360139390626875283565211592934390365947910378764"
+             "7328285877699393419882913705848358476745014139997")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "11384135057193996734818100829064415855409227279179186102100354824"
+             "7206010634092278993637761827105330062261586699353"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "13879925405291054991969197377883103734682601881751872476652197722"
+             "6535839494037071561844321187684083086771971025365")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "17000116007145133142203433141660222744658177820660298855643850017"
+             "4473697079904244920369981806390005712988657694743"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "42554486551634502854269625005735897230582145975283175032731056256"
+             "646819912338788898568292782965619161786237585036")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "27775388167882323813951156695181718266232353439035264600740932958"
+             "768825889022655440985800444714253826679741700014"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "22750922315270801132329724858341285449603750200729800696215735129"
+             "8087315259301687258786768979631758759095911912161")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "17943728848109316261866078251768499062569026672726236662014648930"
+             "1080077140367492528934898103191572286096218101754"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "11911877183655344085974500398921917573369960234045302716139711726"
+             "5833610221070667382083436978196155495655615328888")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "97325610538223406304548346578050356987854152330715047821336209171"
+             "25114109010619832003972175650955950782689127574"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "97428873582475879406356570418889863125821650209635957551937158452"
+             "211175817328431497723038945315236431232493277712")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "14858593354744283063551234173414109209540426149750552987260258438"
+             "7568079843280432730904633280934381649392242992819"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "46275556278388991969063670763094029178205354313685186243687770018"
+             "13366448681304125839885737061109799350635445716")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "14717376759425725740953259126308526834356139513665910300635893857"
+             "6260893867594902641437636052538886024389532195926"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "15712577189210707259786946629804198979739479891809041714026603370"
+             "0664065363202592102136549853855673729391565487666")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "19952551237155168757469922017252976652307595375962540248919807187"
+             "336905465548457927691489154629151739841128740409"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "26266121036861290623319077351020793728292875275313436814405430950"
+             "679575589776074866922562851352037999045134796609")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "32712292383316983476072525778439266316073566406960571834187528455"
+             "325725561866244719543625572312015877260546818665"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "59246294637267388141244528036689074755292757882952418240910370908"
+             "447746753359832040805134043685257263666912416316")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "24730363124822598547222026235568612540213070128546594408421583442"
+             "5258860935862897438145166166788816041825982522567"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "21467881319699620722053183688540328326115348551245872513215483035"
+             "5130739823804711747498718138123799249023495123791")}};
+// C constants for L = 3 columns
+const std::vector<std::vector<anemoi_parameters<libff::bw6_761_pp>::BignumT>>
+    anemoi_parameters<libff::bw6_761_pp>::C_constants_col_three = {
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT("47"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "81869270595392143148066212854527904551796738802305371771440426756"
+             "145868072405074927930195580540243858886743387121"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "49049240770343858517087194242389182428940380850892043830788951175"
+             "882176936829516325138272778229311576496928153553")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "23651892696017635051311932573142498414372751183836160853812929249"
+             "073212051004004868225625270519161718897739063636"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "71266779364374193827666471004883607655137358860055866465777646864"
+             "136670770797640601948964144390030618646417069860"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "63603232154268483131003547568566802217757047306129925458097986540"
+             "439567247005624436210058843421762216414885398799")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "10840825868506160618919054872335982467228463166384060036129055705"
+             "9934237530248648468547776202467131425426693074558"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "77774201565282309043316733424812573114318869494826820012294696120"
+             "497026755779789285629584913883061477221990405285"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "11989823265500369937505495752760677193370680726257755796807498492"
+             "3379923038604424203372538859622911024398918021776")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "11574921079662615635596122621703369764827762426764630381211565133"
+             "0611822636154890997899312710171050197066310511132"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "12276930138500021733969528289783463430290593974803224527039156813"
+             "5236725936099679943807062992297957879160919823018"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "61104292796288048628067425493974461369530989093247987311393351536"
+             "298399173491669982259330921621761267618990791269")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "32938029009009707750853639216879896521914480482174343926756027817"
+             "470420463936977428079379763376648137928269263125"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "27840594961500345091641939174048459811036398886735498896307685871"
+             "244428648342720251372111670828636820168273583144"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "43347212012853345625097058063412687901683358021613508393108321266"
+             "325477671538910920730983736637049598045182270021")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "40575574972692154693371148853310178623706434729855425467727992185"
+             "929212015207456735505186051322972223631650259106"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "24701297111443188482970127351870728637710246406473361061106638882"
+             "8965644964084892343431583485636799511837824614781"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "60264060032604190797776590615604726948084868212871848387639176849"
+             "237450623692424648957022623828278555716970434636")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "18137023655125697182007460338202038572959123829007908208702805046"
+             "7599960619119153377372739336731389135391455621185"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "94262318062137313899317320978960310449320067398351774621972793301"
+             "903124697009482815214653408698842876791886987097"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "71830311734862909552160482888298812131313082659177652353993268131"
+             "629449918689963434725989845864073240542479390876")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "43019484312139119677732300239972505565370480796924734841398119658"
+             "532010090928100522923025131851788434306002926824"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "18662540873286849572091186031772888832477410610169083646534943891"
+             "5354131201932304277862071692177170731134485038276"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "98301703667460436878681730935027189379133709858539872217454893249"
+             "402086308112360412843587211266696793609578539921")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "91385497451290364286542259114099233528467132764723283516863500403"
+             "146833995007020614131524882440134900979898531653"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "12734014850045058164707010963007834758076591843613538196222314792"
+             "1514899711164699847915534227122738002914713081298"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "16525820531832166066812881543490802816006839756319279341070516182"
+             "3243061790082371337443499981496417079581504806529")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "63004775662779643318102173655073017170292727075458767603881370099"
+             "079850547916436871825900459279413632435318780398"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "21075059154271603246113006671833480648222850243556442938581996464"
+             "7042356551815447852558050430220613632506049453086"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "13080873195415700713053727178092480909459552852747524965545274308"
+             "2047013083962154470585866280795680203348774428318")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "14092045864016400783521525487199967010837744553883691060418371123"
+             "8527893171467991103178253057721420949480774852003"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "18139577410092912046710127853712460162054350263279019192210689257"
+             "8715519421841141445914799796876346048595140020959"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "17007424020405648527393808830226098866720053577918128958856396301"
+             "5117072360324718455017874021426361814276396804019")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "97549054128025193700769287508862670117558614323004114314976551460"
+             "288759340041245540004643782590643846886640773979"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "24428421860097198920403237296982792615738480591482537890355812257"
+             "0040147911244970067701830277315789494728522965393"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "85554406341436962699594942548607864493441904532270086393195500045"
+             "994027714882016007959319619649841622333756259626")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "96278347916619895715195112013245212124830376058690166198388526542"
+             "220472759579154278221591926318561118086042871593"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "52865168868271019274263528383520867537674322940264665592325434575"
+             "676291171945721095583659700238878000665872468507"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "21454741209463738534847924831119131314305172110836696639601962455"
+             "9514877760208423018210214505528368467213977273120")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "10861218302910556999439983630563426541203152654312741459737978513"
+             "2151175890324977808793488834990099767147672869617"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "63811078364360378295859115954106503239473173224544492711035165457"
+             "762506361456510436472015088570855051311050939695"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "23405672580243916309899995036684683697768969073151548044461925938"
+             "2130236076851031203665668733863419842818251990688")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "22536248907297916221351253981840688900742429642524416544316931788"
+             "1510191359314512459646859899596059150368736166327"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "69911787568458137039136600061536235617499329715120375245493345110"
+             "733582109719859124927025908263151580982199701232"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "22432469780774740584555517973422790309892546283838933979620512017"
+             "6532044919304455013361126814057730878341808813890")}};
+// D constants for L = 3 columns
+const std::vector<std::vector<anemoi_parameters<libff::bw6_761_pp>::BignumT>>
+    anemoi_parameters<libff::bw6_761_pp>::D_constants_col_three = {
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "34488590135062545868087031159319137804852468367321954738651235022"
+             "229395779778776369995851751943114683258709527804"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "10084044875066015895577818583690898963721689610140090893768690941"
+             "7517466461755493523396059953907186467541472071934"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "23276524321077282442504339479075591402647092627918117975509783229"
+             "9771316582131708908007063120897135614096117413625")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "24105678405890845645243750526488537529727538847150096360522427869"
+             "1364375440315115522423436875172949018721227198476"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "14489832734501391157764251824794898282214172324579591104899981278"
+             "849568421339570706647900230894285719425602903579"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "17157110980955663056134555595446373935694424889984724885528271941"
+             "7670006153499328528311920899226898746138531807777")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "16641425483729520551172099750060597923881886030986911195187723118"
+             "5566572210928295104013484999516940244744633018384"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "12026278573772137830547212402512067496142078707262891403047661788"
+             "5271564046031078146565306332356698221935949506167"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "68467215099634624726801841999006986756525600214658590204435042483"
+             "951533236466664276742298107824069073617016239740")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "22122499599831150325298906500420669639590561849991917470005348087"
+             "4899859345247260744923409963597237673800845378610"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "21272767460689103417634806350806958033110162291207869858592464531"
+             "8666965254763691916301172867147973281291473847552"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "57143064290370721554311699975301520373443547631573378845104564515"
+             "525711399766633167187478626199297974253683932885")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "15240236139302022991924710210167204174406239135202395787653429103"
+             "544034631065342920402223744391016882010463439208"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "25328981612496722428299068568529124828048935922645179372468459746"
+             "3180713773383550744133856412840193614086808374460"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "17487683144851208090603729844574758934685319373560874143966336865"
+             "4058835704190692625926766308376127696467856178419")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "11878555680260335269213179733206784275555204506095581387911722241"
+             "8041789917960717487175187168878442544474134007696"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "51041114951579458757434130125633364253122250572692920910166604033"
+             "499957128068972545602709085042737633636006062250"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "29037028154912714825753674788516451336215042850024757444801790516"
+             "289304043628278838531074192535098106459612457364")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "10467873130656857613637773246889361171430323586768072747756531540"
+             "2472822000312733630333084472763052420664227524357"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "20534008376543881552453918888954837145997539077270024401053058759"
+             "18188687774705293645011166154334087460678047325"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "14436621879554093390833278136421963190870315729774647893018817916"
+             "8162055165406959900559273572620445880155731026363")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "19662509040421993618789329090636959474185056851126623669330388896"
+             "0666720777928908165608653841931424377254229338613"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "66049176832185688160045059112294391245428369992891260204966193189"
+             "910576150163931371048824884107274475038409148944"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "14247029605193857941805915729557833881189836187893389471513404598"
+             "6476072512295761493433266372497681966457963225848")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "18875092875060017414451353509416532903613420247470159092481348612"
+             "7699699987918351422800035214637052491016215647916"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "20918816781996586144466632743320639036900067707788727179776838128"
+             "5209968313647672882054057180743483518347049354617"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "15318662291002879655531652710912818392402003157922362146442853098"
+             "2735203300176295584016060764844683899517980196930")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "24293383612446194852939380507732263259600597780693907580945420812"
+             "6944045612569562988649639253056690675718585768430"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "11649781401163471360139390626875283565211592934390365947910378764"
+             "7328285877699393419882913705848358476745014139997"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "20130077870823663837104533889732848477659334356500807850679896454"
+             "4850483665797874025313655525724306476532199690488")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "11384135057193996734818100829064415855409227279179186102100354824"
+             "7206010634092278993637761827105330062261586699353"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "13879925405291054991969197377883103734682601881751872476652197722"
+             "6535839494037071561844321187684083086771971025365"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "33558118428229770816120277415059537369199927338188760651157183458"
+             "734465340131599783381433241961620156957366925507")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "17000116007145133142203433141660222744658177820660298855643850017"
+             "4473697079904244920369981806390005712988657694743"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "42554486551634502854269625005735897230582145975283175032731056256"
+             "646819912338788898568292782965619161786237585036"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "48569498577260426450076422150501482078749632721921481280430832195"
+             "118240971927608826228708094600552718335931454528")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "27775388167882323813951156695181718266232353439035264600740932958"
+             "768825889022655440985800444714253826679741700014"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "22750922315270801132329724858341285449603750200729800696215735129"
+             "8087315259301687258786768979631758759095911912161"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "36607438638297139476451728687281879540738262794764585444145414411"
+             "002506406834517618878473475075410405707834375679")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "17943728848109316261866078251768499062569026672726236662014648930"
+             "1080077140367492528934898103191572286096218101754"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "11911877183655344085974500398921917573369960234045302716139711726"
+             "5833610221070667382083436978196155495655615328888"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "19544481754682408175247733227305162244763299522170295311315934698"
+             "5998412844076139361711128453216241591666955496963")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "97325610538223406304548346578050356987854152330715047821336209171"
+             "25114109010619832003972175650955950782689127574"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "97428873582475879406356570418889863125821650209635957551937158452"
+             "211175817328431497723038945315236431232493277712"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "15792218209395700430236664396267364358296465870718386032082706931"
+             "3806711534523978598591177680837337033096241507452")}};
+// C constants for L = 4 columns
+const std::vector<std::vector<anemoi_parameters<libff::bw6_761_pp>::BignumT>>
+    anemoi_parameters<libff::bw6_761_pp>::C_constants_col_four = {
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT("47"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "81869270595392143148066212854527904551796738802305371771440426756"
+             "145868072405074927930195580540243858886743387121"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "49049240770343858517087194242389182428940380850892043830788951175"
+             "882176936829516325138272778229311576496928153553"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "25503685806761205705877013204538585196935589441318571604437664265"
+             "4348714735279820643713465980939322161368391477370")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "23651892696017635051311932573142498414372751183836160853812929249"
+             "073212051004004868225625270519161718897739063636"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "71266779364374193827666471004883607655137358860055866465777646864"
+             "136670770797640601948964144390030618646417069860"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "63603232154268483131003547568566802217757047306129925458097986540"
+             "439567247005624436210058843421762216414885398799"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "56360007445651640176065331142160553899054710019353720571131815154"
+             "206398721472662593684939403001542974403899363653")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "10840825868506160618919054872335982467228463166384060036129055705"
+             "9934237530248648468547776202467131425426693074558"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "77774201565282309043316733424812573114318869494826820012294696120"
+             "497026755779789285629584913883061477221990405285"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "11989823265500369937505495752760677193370680726257755796807498492"
+             "3379923038604424203372538859622911024398918021776"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "58830077216032738605556872329424269430062719918990984543248393558"
+             "383809590182436110158893868921734857918832479909")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "11574921079662615635596122621703369764827762426764630381211565133"
+             "0611822636154890997899312710171050197066310511132"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "12276930138500021733969528289783463430290593974803224527039156813"
+             "5236725936099679943807062992297957879160919823018"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "61104292796288048628067425493974461369530989093247987311393351536"
+             "298399173491669982259330921621761267618990791269"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "11273607730518823025343777140177199837044413949661713037629301765"
+             "6713335541450855237756542655334713360156576680849")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "32938029009009707750853639216879896521914480482174343926756027817"
+             "470420463936977428079379763376648137928269263125"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "27840594961500345091641939174048459811036398886735498896307685871"
+             "244428648342720251372111670828636820168273583144"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "43347212012853345625097058063412687901683358021613508393108321266"
+             "325477671538910920730983736637049598045182270021"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "17933172756251076923929224660140142437264937866381040812105812235"
+             "9028369552091491415605901665455552746206943338414")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "40575574972692154693371148853310178623706434729855425467727992185"
+             "929212015207456735505186051322972223631650259106"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "24701297111443188482970127351870728637710246406473361061106638882"
+             "8965644964084892343431583485636799511837824614781"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "60264060032604190797776590615604726948084868212871848387639176849"
+             "237450623692424648957022623828278555716970434636"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "11456728113303344063356989327223485303892579727967582309911252254"
+             "5635400197186256607659893494708051352711435187449")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "18137023655125697182007460338202038572959123829007908208702805046"
+             "7599960619119153377372739336731389135391455621185"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "94262318062137313899317320978960310449320067398351774621972793301"
+             "903124697009482815214653408698842876791886987097"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "71830311734862909552160482888298812131313082659177652353993268131"
+             "629449918689963434725989845864073240542479390876"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "19759721074785415765925050712190123098111005540369236634720308521"
+             "722481586151143683356231390164204233178374212003")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "43019484312139119677732300239972505565370480796924734841398119658"
+             "532010090928100522923025131851788434306002926824"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "18662540873286849572091186031772888832477410610169083646534943891"
+             "5354131201932304277862071692177170731134485038276"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "98301703667460436878681730935027189379133709858539872217454893249"
+             "402086308112360412843587211266696793609578539921"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "78236741433959278450989963527874887264487642535596218758413935200"
+             "151587534530168122808903932848456851142583999413")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "91385497451290364286542259114099233528467132764723283516863500403"
+             "146833995007020614131524882440134900979898531653"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "12734014850045058164707010963007834758076591843613538196222314792"
+             "1514899711164699847915534227122738002914713081298"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "16525820531832166066812881543490802816006839756319279341070516182"
+             "3243061790082371337443499981496417079581504806529"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "34157500630619146855746137309379319770576249887027409587320723800"
+             "33016741740673132394685608999035693906336462407")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "63004775662779643318102173655073017170292727075458767603881370099"
+             "079850547916436871825900459279413632435318780398"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "21075059154271603246113006671833480648222850243556442938581996464"
+             "7042356551815447852558050430220613632506049453086"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "13080873195415700713053727178092480909459552852747524965545274308"
+             "2047013083962154470585866280795680203348774428318"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "17325680516769025611525059356556901096621402922077827880820908449"
+             "3103704764108556714308232890900786004446714494634")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "14092045864016400783521525487199967010837744553883691060418371123"
+             "8527893171467991103178253057721420949480774852003"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "18139577410092912046710127853712460162054350263279019192210689257"
+             "8715519421841141445914799796876346048595140020959"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "17007424020405648527393808830226098866720053577918128958856396301"
+             "5117072360324718455017874021426361814276396804019"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "29750373152975410502344250334184401540226606887588744878075102657"
+             "566103870509362010211553237029333521375169631889")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "97549054128025193700769287508862670117558614323004114314976551460"
+             "288759340041245540004643782590643846886640773979"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "24428421860097198920403237296982792615738480591482537890355812257"
+             "0040147911244970067701830277315789494728522965393"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "85554406341436962699594942548607864493441904532270086393195500045"
+             "994027714882016007959319619649841622333756259626"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "86983587526665660229064384115043113681133369814723053404168206816"
+             "605186451378072615464252593450115780359307308975")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "96278347916619895715195112013245212124830376058690166198388526542"
+             "220472759579154278221591926318561118086042871593"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "52865168868271019274263528383520867537674322940264665592325434575"
+             "676291171945721095583659700238878000665872468507"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "21454741209463738534847924831119131314305172110836696639601962455"
+             "9514877760208423018210214505528368467213977273120"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "74540844244615072136936159747292292571393407636550811314604643502"
+             "694473691080237357611085931762838845526220646160")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "10861218302910556999439983630563426541203152654312741459737978513"
+             "2151175890324977808793488834990099767147672869617"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "63811078364360378295859115954106503239473173224544492711035165457"
+             "762506361456510436472015088570855051311050939695"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "23405672580243916309899995036684683697768969073151548044461925938"
+             "2130236076851031203665668733863419842818251990688"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "75092971799015723097331342072673468480478639589054536491653110597"
+             "090373812821345872172362423338488615229486089655")}};
+// D constants for L = 4 columns
+const std::vector<std::vector<anemoi_parameters<libff::bw6_761_pp>::BignumT>>
+    anemoi_parameters<libff::bw6_761_pp>::D_constants_col_four = {
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "34488590135062545868087031159319137804852468367321954738651235022"
+             "229395779778776369995851751943114683258709527804"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "10084044875066015895577818583690898963721689610140090893768690941"
+             "7517466461755493523396059953907186467541472071934"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "23276524321077282442504339479075591402647092627918117975509783229"
+             "9771316582131708908007063120897135614096117413625"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "20439817892747891030974383032042315733363424618584515552482725623"
+             "4336919958554746956117653550620631862498335892746")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "24105678405890845645243750526488537529727538847150096360522427869"
+             "1364375440315115522423436875172949018721227198476"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "14489832734501391157764251824794898282214172324579591104899981278"
+             "849568421339570706647900230894285719425602903579"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "17157110980955663056134555595446373935694424889984724885528271941"
+             "7670006153499328528311920899226898746138531807777"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "18863762953334676896007757094962159834138323071235600806434254315"
+             "4256371554279923190291086825393525292098622386112")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "16641425483729520551172099750060597923881886030986911195187723118"
+             "5566572210928295104013484999516940244744633018384"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "12026278573772137830547212402512067496142078707262891403047661788"
+             "5271564046031078146565306332356698221935949506167"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "68467215099634624726801841999006986756525600214658590204435042483"
+             "951533236466664276742298107824069073617016239740"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "31708804093070645310973988222388591556022831970356980875634446241"
+             "774953714358232688032938483709738695108007311354")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "22122499599831150325298906500420669639590561849991917470005348087"
+             "4899859345247260744923409963597237673800845378610"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "21272767460689103417634806350806958033110162291207869858592464531"
+             "8666965254763691916301172867147973281291473847552"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "57143064290370721554311699975301520373443547631573378845104564515"
+             "525711399766633167187478626199297974253683932885"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "13308459323167788453335227730466316467749801713422748600603022575"
+             "8760181694039374927188975726499095854762346435946")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "15240236139302022991924710210167204174406239135202395787653429103"
+             "544034631065342920402223744391016882010463439208"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "25328981612496722428299068568529124828048935922645179372468459746"
+             "3180713773383550744133856412840193614086808374460"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "17487683144851208090603729844574758934685319373560874143966336865"
+             "4058835704190692625926766308376127696467856178419"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "76506665417607391863249984710406899584567020722175944723754902202"
+             "860793162716006850337081464208116508160372402116")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "11878555680260335269213179733206784275555204506095581387911722241"
+             "8041789917960717487175187168878442544474134007696"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "51041114951579458757434130125633364253122250572692920910166604033"
+             "499957128068972545602709085042737633636006062250"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "29037028154912714825753674788516451336215042850024757444801790516"
+             "289304043628278838531074192535098106459612457364"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "10764999368774894601521720886671068473019729101611369625230113133"
+             "5506787543435667301738230430001716691425153823658")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "10467873130656857613637773246889361171430323586768072747756531540"
+             "2472822000312733630333084472763052420664227524357"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "20534008376543881552453918888954837145997539077270024401053058759"
+             "18188687774705293645011166154334087460678047325"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "14436621879554093390833278136421963190870315729774647893018817916"
+             "8162055165406959900559273572620445880155731026363"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "11660537256787042147576758060967505017864239927822302730694121468"
+             "1074620759181696653693800483507422660762702460971")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "19662509040421993618789329090636959474185056851126623669330388896"
+             "0666720777928908165608653841931424377254229338613"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "66049176832185688160045059112294391245428369992891260204966193189"
+             "910576150163931371048824884107274475038409148944"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "14247029605193857941805915729557833881189836187893389471513404598"
+             "6476072512295761493433266372497681966457963225848"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "14671507825084440234403762130999014400039361365527520535211908306"
+             "0045107665027125707902868460666287811962045298821")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "18875092875060017414451353509416532903613420247470159092481348612"
+             "7699699987918351422800035214637052491016215647916"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "20918816781996586144466632743320639036900067707788727179776838128"
+             "5209968313647672882054057180743483518347049354617"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "15318662291002879655531652710912818392402003157922362146442853098"
+             "2735203300176295584016060764844683899517980196930"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "15653912087176031926432556826722195044150578104018533108481436662"
+             "344692178148153883471531758934148301813888466289")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "24293383612446194852939380507732263259600597780693907580945420812"
+             "6944045612569562988649639253056690675718585768430"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "11649781401163471360139390626875283565211592934390365947910378764"
+             "7328285877699393419882913705848358476745014139997"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "20130077870823663837104533889732848477659334356500807850679896454"
+             "4850483665797874025313655525724306476532199690488"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "93941703412077746987761584086432604149596506026814112156970384120"
+             "06240923917009998571419362842897941160894912108")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "11384135057193996734818100829064415855409227279179186102100354824"
+             "7206010634092278993637761827105330062261586699353"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "13879925405291054991969197377883103734682601881751872476652197722"
+             "6535839494037071561844321187684083086771971025365"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "33558118428229770816120277415059537369199927338188760651157183458"
+             "734465340131599783381433241961620156957366925507"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "17620842182252477140884940456344059108176083030079584057657858089"
+             "0723499124970622618048285963724797776467537825035")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "17000116007145133142203433141660222744658177820660298855643850017"
+             "4473697079904244920369981806390005712988657694743"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "42554486551634502854269625005735897230582145975283175032731056256"
+             "646819912338788898568292782965619161786237585036"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "48569498577260426450076422150501482078749632721921481280430832195"
+             "118240971927608826228708094600552718335931454528"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "74308424194896105333216095138500838569582417103659412387429534088"
+             "548933634737221938237926434987672664332559117358")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "27775388167882323813951156695181718266232353439035264600740932958"
+             "768825889022655440985800444714253826679741700014"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "22750922315270801132329724858341285449603750200729800696215735129"
+             "8087315259301687258786768979631758759095911912161"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "36607438638297139476451728687281879540738262794764585444145414411"
+             "002506406834517618878473475075410405707834375679"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "17957504123365090162923160523984049980861478117714805499864069114"
+             "3722104612360711237752518407470086696431475820377")},
+        {anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "17943728848109316261866078251768499062569026672726236662014648930"
+             "1080077140367492528934898103191572286096218101754"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "11911877183655344085974500398921917573369960234045302716139711726"
+             "5833610221070667382083436978196155495655615328888"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "19544481754682408175247733227305162244763299522170295311315934698"
+             "5998412844076139361711128453216241591666955496963"),
+         anemoi_parameters<libff::bw6_761_pp>::BignumT(
+             "60790807975807623104478955400442361253563263178526973256219193323"
+             "778084506360010534722107509278156152049266209411")}};
+
+} // namespace libsnark
+
+#endif // LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_PARAMETERS_BW6_761_TCC_
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_mnt4.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_mnt4.tcc
new file mode 100644
index 000000000..1f0176acb
--- /dev/null
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_mnt4.tcc
@@ -0,0 +1,1129 @@
+/** @file
+ *****************************************************************************
+ * @author     This file is part of libsnark, developed by Clearmatics Ltd
+ *             (originally developed by SCIPR Lab) and contributors
+ *             (see AUTHORS).
+ * @copyright  MIT license (see LICENSE file)
+ *****************************************************************************/
+
+#ifndef LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_PARAMETERS_MNT4_TCC_
+#define LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_PARAMETERS_MNT4_TCC_
+
+namespace libsnark
+{
+// This file was automatically generated with SAGE script parameters.sage on
+// 19/1/2023 at 0:8:3
+
+// Anemoi parameters for curve mnt4_pp
+template<> class anemoi_parameters<libff::mnt4_pp>
+{
+public:
+    using ppT = libff::mnt4_pp;
+    using FieldT = libff::Fr<ppT>;
+    using BignumT = libff::bigint<FieldT::num_limbs>;
+    static const bool b_prime_field = false;
+    static constexpr size_t multiplicative_generator_g = 10;
+    static constexpr size_t alpha = 5;
+    static constexpr size_t beta = multiplicative_generator_g;
+    static constexpr size_t gamma = 0;
+    static constexpr size_t quad_exponent = 2;
+    static const BignumT alpha_inv;
+    static const BignumT delta;
+    static const std::vector<std::vector<BignumT>> C_constants_col_one;
+    static const std::vector<std::vector<BignumT>> D_constants_col_one;
+    static const std::vector<std::vector<BignumT>> C_constants_col_two;
+    static const std::vector<std::vector<BignumT>> D_constants_col_two;
+    static const std::vector<std::vector<BignumT>> C_constants_col_three;
+    static const std::vector<std::vector<BignumT>> D_constants_col_three;
+    static const std::vector<std::vector<BignumT>> C_constants_col_four;
+    static const std::vector<std::vector<BignumT>> D_constants_col_four;
+};
+
+const anemoi_parameters<libff::mnt4_pp>::BignumT
+    anemoi_parameters<libff::mnt4_pp>::alpha_inv =
+        anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "380737828935409060602679399722438761236099902842258812442614188591"
+            "331717845926792447970509");
+
+const anemoi_parameters<libff::mnt4_pp>::BignumT
+    anemoi_parameters<libff::mnt4_pp>::delta =
+        anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "333145600318482928027344474757133916081587414986976460887287415017"
+            "415253115185943391974196");
+
+// C constants for L = 1 columns
+const std::vector<std::vector<anemoi_parameters<libff::mnt4_pp>::BignumT>>
+    anemoi_parameters<libff::mnt4_pp>::C_constants_col_one = {
+        {anemoi_parameters<libff::mnt4_pp>::BignumT("42")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "371382217967916072158832864931148033950890052372289880674619231498"
+            "348807924962852836828693")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "327139698930778637537759228335152642313313202804424980564881867365"
+            "031906986744955895509362")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "205283150826953124871457695180397577617429497396288422413489941406"
+            "337896736480119037175699")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "202040566909289518652935175377529811731403310225457980746608742681"
+            "324720915473062370084355")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "924207585875397003789496613545874075928653794866962372664954703790"
+            "98064846826886468793978")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "462600343969830878711497503518003581145396242673069293613424239258"
+            "288569752820064006692536")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "338738324920658388764061452865892302579802618108210057496286059666"
+            "746962163225841218505183")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "701194672050617337345525520144233060544895281368226109615264482486"
+            "13848944314305228502372")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "270260188802366252931135772087952826196420768311266312916644122093"
+            "626555064935340548304233")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "361411289104803468816025990503270676055760714105153887312336987768"
+            "38995409690689698702406")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "419117651931832270058995362795169980963010270368389592791665616840"
+            "310551788691438032534214")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "141211474488315271267919650006303390493737549593432281273683606183"
+            "837813104014334636548287")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "294207005959707245931224698200547255847535463522230403286042207318"
+            "981486273245849887042851")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "472726728858335678652172137440821432861891799325760656808810062761"
+            "411939977363317823084398")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "109384377478200446742338229700621534900061485500234381475736218710"
+            "402370982578567176825097")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "152914517957692624040589233442210240512096790454002052717701828248"
+            "09426232971490233221542")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "334182591407284676658395551638142823119886456260548575675011131937"
+            "374507721727044218551095")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "472746574330668821546470433460997022585680517238250890318579564501"
+            "616529603851842847039492")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "437975689695424337227620209275859842450035108955724944009207507685"
+            "381278434776831440031031")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "216967542922791971180536007643101482839829266325875480143814185583"
+            "930074846221613959317962")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "295645604715783795654565385995237120045091253705751572075701992784"
+            "023917994321363272109252")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "228460054946994323857638011760204595744820810302721538827663821784"
+            "00275133945377557934325")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "127712939676097923824072013137267314181786269686179568987979510197"
+            "665214464729708693167101")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "345208590737889433946877574299695328838920516522136117546553563318"
+            "521749354703775792754861")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "206663810848392703442970740844147944382050227825370187876538384081"
+            "362448332724940591790699")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "380786016751273662793304506618922167194358009959853275945649675721"
+            "912541271978792483934078")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "240455764442125808386310906591023708494350010698324350445809418718"
+            "397216315913450672625156")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "176456555689368045101420485625213969914962403869467363324434857100"
+            "458284101695137372940888")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "292375606445750657963492529373037009333367883631422956753728020595"
+            "507434759965345899210891")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "308515889501570367397297489257720417162868627983813244455473685639"
+            "703443898990297845595344")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "342879242190099947443583813646869253197585148142274879430406489172"
+            "237033991976361775510719")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "701642626149944528924904928701292504612590275242622893263087276024"
+            "14918467012910980340492")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "417894782668174750459785501141619835149890477835800340098876788787"
+            "678742840291572927127551")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "327610950589360214128565431806701048104530904769350623891473284195"
+            "999894253175023192090343")}};
+// D constants for L = 1 columns
+const std::vector<std::vector<anemoi_parameters<libff::mnt4_pp>::BignumT>>
+    anemoi_parameters<libff::mnt4_pp>::D_constants_col_one = {
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "333145600318482928027344474757133916081587414986976460887287415017"
+            "415253115185943391974238")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "807171542108979533059747653800830054463143321274452229738163284885"
+            "93140670428484342650360")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "289592019458741281894767474825046808776132585558491841403485208874"
+            "946400446363102791501210")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "876704865505696961736684715943310844546223593619965003249710473857"
+            "44855282908003999160889")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "231224824363216569947128244304913704181836029726625733275436817274"
+            "063557753621780078543050")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "388653633318272990659754311941382183183719495409389422477960463838"
+            "918945519849737294584308")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "327430524702023112497430054482627147768442459223784529011914030031"
+            "451156649834160476254968")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "449018918556186624879113852365960195988287920960071017281381769787"
+            "537626612484552868308877")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "161491349241862731087245258968331301823153643149241660448830325195"
+            "249390664749597267482108")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "268250646818432086088309763695998691621918293197731612472270312056"
+            "172468981484734626358683")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "275539949419570493347951413578383894611970975438445632621241402329"
+            "348199658988967530066747")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "295236084099670984557425684589711846714583202168061884561064698966"
+            "947261865170336471765802")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "368723672814179028938058727176868576374876029106581296266800524694"
+            "669766774079804991697588")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "920096563669254884784404864147102009568630425415617752457778818029"
+            "06634693784896121196196")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "718275612751970086438157559408446642650518191005341985531819721098"
+            "15715922769470439739260")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "370132103892776564269313714247538446945754579247392315946072082300"
+            "849724918363676544224447")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "433356712259692162412554538033129234064268437197867120011605320899"
+            "217908732038254876376263")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "298963987375167776734824600752859884373131078254595093718009511325"
+            "321873779556370184768946")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "412914823227580620967718970462060376537930218110393327487541394122"
+            "450280530692350674475336")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "410523148948389118339500638983568810356595452358405259601430194563"
+            "716539454779550136743869")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "173023263976408842140556128533408373506145216036110573141022631086"
+            "744933026545416816597970")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "336171974499651805096502826202060213774466107663785607006798686653"
+            "830009958034828792510526")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "389797617932918395615891779040046362477720236466747137125722384931"
+            "972891369003554236227903")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "381156377556783278649945645103188058721678807292503870104246096665"
+            "200186854513530155715334")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "273098494484302512880124965130803477370041287403239660714479132174"
+            "784566476380396304825284")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "881026198594611154137207254370693203494453964631904278634281528675"
+            "15080273806898359445715")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "269057800441916476405934433485036933826736873567021394970320819468"
+            "144645649028297827527208")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "652507444717525670552627211585570259700752359755152415518443050393"
+            "12057346431187164240836")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "244232129390393314612711543863944533085279125820682024831310994375"
+            "120471486491713000455479")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "329405412709794775671887540050283442053528096702765318872837674223"
+            "513176859341621630282158")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "121398156411571477561072838775612207751978039315556452648033460159"
+            "954141670132749066283455")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "220247248678400229246426498321789682971505544480941902089910593179"
+            "209128240415998066080176")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "299176754572536135262543571495300669264301612982067612836784543612"
+            "583657194399938566494497")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "410956336132953422251900807040580580912088512596635991954019825338"
+            "258336550582211952078853")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+            "223473489335414501308092831122261274200663858383659862691024310958"
+            "88617445909351441187379")}};
+// C constants for L = 2 columns
+const std::vector<std::vector<anemoi_parameters<libff::mnt4_pp>::BignumT>>
+    anemoi_parameters<libff::mnt4_pp>::C_constants_col_two = {
+        {anemoi_parameters<libff::mnt4_pp>::BignumT("42"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "27699103142538283523103520234142443779517334579372170086486097213"
+             "6198447727456430651734959")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "37138221796791607215883286493114803395089005237228988067461923149"
+             "8348807924962852836828693"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "36667299389837988373346384588747447237728675475503798257827052250"
+             "2001892309137230224697061")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "32713969893077863753775922833515264231331320280442498056488186736"
+             "5031906986744955895509362"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "14113172324159744958599884925366235941057420626821823086763679555"
+             "2350513438336070532217341")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "20528315082695312487145769518039757761742949739628842241348994140"
+             "6337896736480119037175699"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "43506382350572138128712458864768231033763215107727439349373927236"
+             "1953995742689120425345917")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "20204056690928951865293517537752981173140331022545798074660874268"
+             "1324720915473062370084355"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "41996453379173123867013955119457355615824829665878793025508314244"
+             "054149070840976416549850")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "92420758587539700378949661354587407592865379486696237266495470379"
+             "098064846826886468793978"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "16938575355022191508854890673033569696760871045356910323962798710"
+             "3752422832029113074839932")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "46260034396983087871149750351800358114539624267306929361342423925"
+             "8288569752820064006692536"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "33092510798417857422137945592297457833180979964217040683042874883"
+             "2707085694226354180948525")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "33873832492065838876406145286589230257980261810821005749628605966"
+             "6746962163225841218505183"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "20505159930620537980616777611608004425815954813313533472051918702"
+             "6635403277836672457656125")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "70119467205061733734552552014423306054489528136822610961526448248"
+             "613848944314305228502372"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "31937850763718829281892960029648682790476677892088846695468716464"
+             "798727111442181655778059")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "27026018880236625293113577208795282619642076831126631291664412209"
+             "3626555064935340548304233"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "24646256853378245346262188756566778718253590734711836591903318550"
+             "9289381635013867180800383")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "36141128910480346881602599050327067605576071410515388731233698776"
+             "838995409690689698702406"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "26241144236536911566785934797643888328816232318258917665954490888"
+             "6623843799290034821537184")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "41911765193183227005899536279516998096301027036838959279166561684"
+             "0310551788691438032534214"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "38757487026000078727588024103527974928776181013523564813959188246"
+             "1955559588212775794846900")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "14121147448831527126791965000630339049373754959343228127368360618"
+             "3837813104014334636548287"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "33795055097810006837830447019456847970544580741916796350960879414"
+             "0431601387553400716942286")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "29420700595970724593122469820054725584753546352223040328604220731"
+             "8981486273245849887042851"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "68302228465400468043542865850680495060359284305281801542746940186"
+             "542688582374179129143054")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "47272672885833567865217213744082143286189179932576065680881006276"
+             "1411939977363317823084398"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "39961505517469394340720196674374056038659649179940787503811476103"
+             "9880355814735814609387502")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "10938437747820044674233822970062153490006148550023438147573621871"
+             "0402370982578567176825097"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "46807603160485807808226664392446748580696924784031236844850201114"
+             "8729284776400746496331823")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "15291451795769262404058923344221024051209679045400205271770182824"
+             "809426232971490233221542"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "30466769742384513741172505233106234495822375564786494275894981642"
+             "1396726528405176537708936")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "33418259140728467665839555163814282311988645626054857567501113193"
+             "7374507721727044218551095"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "24982392407690713365898901157784000535792034896400372887892347953"
+             "1761985576526960702752696")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "47274657433066882154647043346099702258568051723825089031857956450"
+             "1616529603851842847039492"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "21577942557485269748691845642262184083848925301917691333704328518"
+             "5234907354615625940817211")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "43797568969542433722762020927585984245003510895572494400920750768"
+             "5381278434776831440031031"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "13630313176960046811385900701509614328118146582090389382260726040"
+             "5063139771218024121868333")}};
+// D constants for L = 2 columns
+const std::vector<std::vector<anemoi_parameters<libff::mnt4_pp>::BignumT>>
+    anemoi_parameters<libff::mnt4_pp>::D_constants_col_two = {
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "33314560031848292802734447475713391608158741498697646088728741501"
+             "7415253115185943391974238"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "41603163282088332143943756447065171957984385539507079221548845027"
+             "0771561388879613504205624")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "80717154210897953305974765380083005446314332127445222973816328488"
+             "593140670428484342650360"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "35782521738764064881501288336155126112091900767738947089407541834"
+             "8568732908248591750978334")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "28959201945874128189476747482504680877613258555849184140348520887"
+             "4946400446363102791501210"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "38540133101583897787741423276869834312160156218948123772284793591"
+             "8587514751599947448668795")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "87670486550569696173668471594331084454622359361996500324971047385"
+             "744855282908003999160889"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "12334616030635551077039325243370918287790810765735510186856044145"
+             "8518814835354244847827576")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "23122482436321656994712824430491370418183602972662573327543681727"
+             "4063557753621780078543050"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "35299799807937905909561416107198306531446552233424269157094418769"
+             "3115493762635424145468151")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "38865363331827299065975431194138218318371949540938942247796046383"
+             "8918945519849737294584308"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "27151362935797276355041144468922383826154592099063491891443304368"
+             "0731164051289203361126731")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "32743052470202311249743005448262714776844245922378452901191403003"
+             "1451156649834160476254968"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "16502897933883661883698942596915106579391108072582726922586027230"
+             "27533137477690111007426")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "44901891855618662487911385236596019598828792096007101728138176978"
+             "7537626612484552868308877"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "12122719401875117410227806298824130336972794559936892496895496026"
+             "4583928273332623567956288")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "16149134924186273108724525896833130182315364314924166044883032519"
+             "5249390664749597267482108"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "40512702004679871056899280400869849580734876607170404219938039226"
+             "7756776685523203715217401")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "26825064681843208608830976369599869162191829319773161247227031205"
+             "6172468981484734626358683"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "50348027626865844800853766545807018311116526847956295937999438588"
+             "993156097800500719351302")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "27553994941957049334795141357838389461197097543844563262124140232"
+             "9348199658988967530066747"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "30770526395147682031526604987658907599764032182489205101289267555"
+             "6290908594825552113397994")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "29523608409967098455742568458971184671458320216806188456106469896"
+             "6947261865170336471765802"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "69588303504857059955368450201914980742417836549280570372331027705"
+             "750130210928913694574957")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "36872367281417902893805872717686857637487602910658129626680052469"
+             "4669766774079804991697588"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "37135775038098138422950143473722703128966738154668960896606577576"
+             "8421415603856110532588056")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "92009656366925488478440486414710200956863042541561775245777881802"
+             "906634693784896121196196"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "14792216611889759452516579108998525741789483649180931951909041352"
+             "6790344856558955383756005")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "71827561275197008643815755940844664265051819100534198553181972109"
+             "815715922769470439739260"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "28053317483783415733325272226890560903796448474137756279909446924"
+             "4606639613787697246501970")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "37013210389277656426931371424753844694575457924739231594607208230"
+             "0849724918363676544224447"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "58796472927190428036950766190429312010620557649019417828910202117"
+             "169851951014604764264505")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "43335671225969216241255453803312923406426843719786712001160532089"
+             "9217908732038254876376263"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "52705672795524269847929304739015469129240729861880972408857281873"
+             "798422266300690081396989")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "29896398737516777673482460075285988437313107825459509371800951132"
+             "5321873779556370184768946"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "20500321121807791916475948064650432314248065572422877385261922036"
+             "867212180593526129467016")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "41291482322758062096771897046206037653793021811039332748754139412"
+             "2450280530692350674475336"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "43776496171804338084257413044882701203894692705851549652261291366"
+             "2391166135101863788712661")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "41052314894838911833950063898356881035659545235840525960143019456"
+             "3716539454779550136743869"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "39066787826884413316014657374794692843594978239078035543143774613"
+             "9720908644866472839040777")}};
+// C constants for L = 3 columns
+const std::vector<std::vector<anemoi_parameters<libff::mnt4_pp>::BignumT>>
+    anemoi_parameters<libff::mnt4_pp>::C_constants_col_three = {
+        {anemoi_parameters<libff::mnt4_pp>::BignumT("42"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "27699103142538283523103520234142443779517334579372170086486097213"
+             "6198447727456430651734959"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "31975950292772180905834610314867860102600618829245879157104817689"
+             "6249548628151880033637641")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "37138221796791607215883286493114803395089005237228988067461923149"
+             "8348807924962852836828693"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "36667299389837988373346384588747447237728675475503798257827052250"
+             "2001892309137230224697061"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "10192245399736701013159836786664295359914921020662994936365999364"
+             "7767799976877345101053289")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "32713969893077863753775922833515264231331320280442498056488186736"
+             "5031906986744955895509362"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "14113172324159744958599884925366235941057420626821823086763679555"
+             "2350513438336070532217341"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "11428745566843356981716304910563058141719291986608936439979625922"
+             "4496493540613159011597193")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "20528315082695312487145769518039757761742949739628842241348994140"
+             "6337896736480119037175699"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "43506382350572138128712458864768231033763215107727439349373927236"
+             "1953995742689120425345917"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "41945709538330493888399103021849665724792410165757058568946587286"
+             "6111597312902642874807400")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "20204056690928951865293517537752981173140331022545798074660874268"
+             "1324720915473062370084355"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "41996453379173123867013955119457355615824829665878793025508314244"
+             "054149070840976416549850"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "25293889706916966110492848379151927433951932997783042896564116825"
+             "5845083850344390056955830")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "92420758587539700378949661354587407592865379486696237266495470379"
+             "098064846826886468793978"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "16938575355022191508854890673033569696760871045356910323962798710"
+             "3752422832029113074839932"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "46754596447037538931134152013527703186267365338405052720835112174"
+             "8861084329537370351886064")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "46260034396983087871149750351800358114539624267306929361342423925"
+             "8288569752820064006692536"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "33092510798417857422137945592297457833180979964217040683042874883"
+             "2707085694226354180948525"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "38437737707500038973620796404107859796736462374938285410724423987"
+             "0486650470991266020158397")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "33873832492065838876406145286589230257980261810821005749628605966"
+             "6746962163225841218505183"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "20505159930620537980616777611608004425815954813313533472051918702"
+             "6635403277836672457656125"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "14945856650264943188600060938854556015286383413046635163809909460"
+             "4059079806477181651552784")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "70119467205061733734552552014423306054489528136822610961526448248"
+             "613848944314305228502372"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "31937850763718829281892960029648682790476677892088846695468716464"
+             "798727111442181655778059"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "37882645417388379123466117293785885534516814352115319990023488937"
+             "7206337959019200205496569")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "27026018880236625293113577208795282619642076831126631291664412209"
+             "3626555064935340548304233"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "24646256853378245346262188756566778718253590734711836591903318550"
+             "9289381635013867180800383"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "93439762994324036721787306173790506855513561241500343411094022678"
+             "670008104990748433767857")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "36141128910480346881602599050327067605576071410515388731233698776"
+             "838995409690689698702406"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "26241144236536911566785934797643888328816232318258917665954490888"
+             "6623843799290034821537184"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "28152226700324559264258977403449858548611308214092726365213036474"
+             "4759444463654845301005891")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "41911765193183227005899536279516998096301027036838959279166561684"
+             "0310551788691438032534214"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "38757487026000078727588024103527974928776181013523564813959188246"
+             "1955559588212775794846900"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "37380460615628303037264489629865651331791372563505065401722654906"
+             "2025064751097715522362441")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "14121147448831527126791965000630339049373754959343228127368360618"
+             "3837813104014334636548287"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "33795055097810006837830447019456847970544580741916796350960879414"
+             "0431601387553400716942286"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "14721765593496516101948244871432057789330986114798709426974151968"
+             "6280428700109017329690728")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "29420700595970724593122469820054725584753546352223040328604220731"
+             "8981486273245849887042851"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "68302228465400468043542865850680495060359284305281801542746940186"
+             "542688582374179129143054"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "30421163786071299462483253644257178596021199853403849276352935691"
+             "2224702022403940121679233")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "47272672885833567865217213744082143286189179932576065680881006276"
+             "1411939977363317823084398"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "39961505517469394340720196674374056038659649179940787503811476103"
+             "9880355814735814609387502"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "29267948528715190857910264946035108723614050766682296370555597590"
+             "1490714495150837482130440")}};
+// D constants for L = 3 columns
+const std::vector<std::vector<anemoi_parameters<libff::mnt4_pp>::BignumT>>
+    anemoi_parameters<libff::mnt4_pp>::D_constants_col_three = {
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "33314560031848292802734447475713391608158741498697646088728741501"
+             "7415253115185943391974238"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "41603163282088332143943756447065171957984385539507079221548845027"
+             "0771561388879613504205624"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "32221341513202720401187609170907099702386689015079090555449900068"
+             "326550283133909600501308")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "80717154210897953305974765380083005446314332127445222973816328488"
+             "593140670428484342650360"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "35782521738764064881501288336155126112091900767738947089407541834"
+             "8568732908248591750978334"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "14241820084586952610093579888676941077961633280307616086650687027"
+             "1003175876956043901690701")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "28959201945874128189476747482504680877613258555849184140348520887"
+             "4946400446363102791501210"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "38540133101583897787741423276869834312160156218948123772284793591"
+             "8587514751599947448668795"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "40790058680191684899636682616671623356505514546144709444204938036"
+             "7402030154844373202404786")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "87670486550569696173668471594331084454622359361996500324971047385"
+             "744855282908003999160889"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "12334616030635551077039325243370918287790810765735510186856044145"
+             "8518814835354244847827576"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "15708295554318081925504808755057319822503492791174601725132902273"
+             "9344951706535104571645198")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "23122482436321656994712824430491370418183602972662573327543681727"
+             "4063557753621780078543050"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "35299799807937905909561416107198306531446552233424269157094418769"
+             "3115493762635424145468151"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "13736167895935602146796783363704620092987001376746553514485128674"
+             "2410316535697684500267133")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "38865363331827299065975431194138218318371949540938942247796046383"
+             "8918945519849737294584308"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "27151362935797276355041144468922383826154592099063491891443304368"
+             "0731164051289203361126731"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "14309507746810666290764320198716639004832085504238755051693042336"
+             "3343713542356307352565865")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "32743052470202311249743005448262714776844245922378452901191403003"
+             "1451156649834160476254968"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "16502897933883661883698942596915106579391108072582726922586027230"
+             "27533137477690111007426"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "10444608224345193259098679592384519873032880458856544315611607453"
+             "7475633215209939224573437")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "44901891855618662487911385236596019598828792096007101728138176978"
+             "7537626612484552868308877"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "12122719401875117410227806298824130336972794559936892496895496026"
+             "4583928273332623567956288"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "11497768457443697706989928980675648770126710127079466507357684861"
+             "8676140102940470036209086")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "16149134924186273108724525896833130182315364314924166044883032519"
+             "5249390664749597267482108"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "40512702004679871056899280400869849580734876607170404219938039226"
+             "7756776685523203715217401"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "32543686064694409765620016080990988525375022282203960303792081021"
+             "7668275526659068979328913")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "26825064681843208608830976369599869162191829319773161247227031205"
+             "6172468981484734626358683"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "50348027626865844800853766545807018311116526847956295937999438588"
+             "993156097800500719351302"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "42259103161591050470115682835302785796605392896925651217036999227"
+             "4206965176153209806638052")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "27553994941957049334795141357838389461197097543844563262124140232"
+             "9348199658988967530066747"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "30770526395147682031526604987658907599764032182489205101289267555"
+             "6290908594825552113397994"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "37615961194859504817778486948069844663242595045732486119252011219"
+             "1095044560157699867222840")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "29523608409967098455742568458971184671458320216806188456106469896"
+             "6947261865170336471765802"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "69588303504857059955368450201914980742417836549280570372331027705"
+             "750130210928913694574957"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "10516156276038105393992149901134141320940462172319029943700767508"
+             "2488170674781190696446637")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "36872367281417902893805872717686857637487602910658129626680052469"
+             "4669766774079804991697588"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "37135775038098138422950143473722703128966738154668960896606577576"
+             "8421415603856110532588056"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "22996837869708822775846780680302879791436630494960346291324048209"
+             "0938778217379064419692637")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "92009656366925488478440486414710200956863042541561775245777881802"
+             "906634693784896121196196"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "14792216611889759452516579108998525741789483649180931951909041352"
+             "6790344856558955383756005"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "43317509887345187199424385522792621675458242039466073392691481102"
+             "9140893597556053650648323")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "71827561275197008643815755940844664265051819100534198553181972109"
+             "815715922769470439739260"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "28053317483783415733325272226890560903796448474137756279909446924"
+             "4606639613787697246501970"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "22294112830953387339294179853156580432434337028288737465357766488"
+             "2885533595170057393601047")}};
+// C constants for L = 4 columns
+const std::vector<std::vector<anemoi_parameters<libff::mnt4_pp>::BignumT>>
+    anemoi_parameters<libff::mnt4_pp>::C_constants_col_four = {
+        {anemoi_parameters<libff::mnt4_pp>::BignumT("42"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "27699103142538283523103520234142443779517334579372170086486097213"
+             "6198447727456430651734959"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "31975950292772180905834610314867860102600618829245879157104817689"
+             "6249548628151880033637641"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "27468682853914788892447470752514943828846946886091697217490532478"
+             "7499023507209024215089417")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "37138221796791607215883286493114803395089005237228988067461923149"
+             "8348807924962852836828693"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "36667299389837988373346384588747447237728675475503798257827052250"
+             "2001892309137230224697061"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "10192245399736701013159836786664295359914921020662994936365999364"
+             "7767799976877345101053289"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "33676471004661532159459228690797276373632900179665771519220960085"
+             "0901244371329311407275186")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "32713969893077863753775922833515264231331320280442498056488186736"
+             "5031906986744955895509362"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "14113172324159744958599884925366235941057420626821823086763679555"
+             "2350513438336070532217341"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "11428745566843356981716304910563058141719291986608936439979625922"
+             "4496493540613159011597193"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "33665206862050477246107134125560201557008506282743295944773557254"
+             "5915174623508559325462216")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "20528315082695312487145769518039757761742949739628842241348994140"
+             "6337896736480119037175699"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "43506382350572138128712458864768231033763215107727439349373927236"
+             "1953995742689120425345917"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "41945709538330493888399103021849665724792410165757058568946587286"
+             "6111597312902642874807400"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "28161305636899279595073057919175715527279680595955048623345848803"
+             "2010107897790362706217663")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "20204056690928951865293517537752981173140331022545798074660874268"
+             "1324720915473062370084355"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "41996453379173123867013955119457355615824829665878793025508314244"
+             "054149070840976416549850"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "25293889706916966110492848379151927433951932997783042896564116825"
+             "5845083850344390056955830"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "44038622294444731580926182269500042608460635933384330297148328722"
+             "6014732274659332957379164")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "92420758587539700378949661354587407592865379486696237266495470379"
+             "098064846826886468793978"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "16938575355022191508854890673033569696760871045356910323962798710"
+             "3752422832029113074839932"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "46754596447037538931134152013527703186267365338405052720835112174"
+             "8861084329537370351886064"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "23749583517348406432570203753429977721035078165409165254374264877"
+             "2855471523713721978254570")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "46260034396983087871149750351800358114539624267306929361342423925"
+             "8288569752820064006692536"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "33092510798417857422137945592297457833180979964217040683042874883"
+             "2707085694226354180948525"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "38437737707500038973620796404107859796736462374938285410724423987"
+             "0486650470991266020158397"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "17380059346383668907187365219238514148792709215300817288856766414"
+             "1819684061219382337517478")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "33873832492065838876406145286589230257980261810821005749628605966"
+             "6746962163225841218505183"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "20505159930620537980616777611608004425815954813313533472051918702"
+             "6635403277836672457656125"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "14945856650264943188600060938854556015286383413046635163809909460"
+             "4059079806477181651552784"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "32450169072686000992841699013638480613825086678325262457122858086"
+             "3148239736108408437656953")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "70119467205061733734552552014423306054489528136822610961526448248"
+             "613848944314305228502372"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "31937850763718829281892960029648682790476677892088846695468716464"
+             "798727111442181655778059"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "37882645417388379123466117293785885534516814352115319990023488937"
+             "7206337959019200205496569"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "36242676289835001527700929352204722475749942031773063780501194811"
+             "377774302018377882400955")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "27026018880236625293113577208795282619642076831126631291664412209"
+             "3626555064935340548304233"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "24646256853378245346262188756566778718253590734711836591903318550"
+             "9289381635013867180800383"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "93439762994324036721787306173790506855513561241500343411094022678"
+             "670008104990748433767857"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "14139567377581185774328527862725891419998838718716237078505006489"
+             "3522393553112176128417447")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "36141128910480346881602599050327067605576071410515388731233698776"
+             "838995409690689698702406"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "26241144236536911566785934797643888328816232318258917665954490888"
+             "6623843799290034821537184"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "28152226700324559264258977403449858548611308214092726365213036474"
+             "4759444463654845301005891"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "30853163041501408683739120756787046838927138151962571983228897232"
+             "7556601457862925027582767")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "41911765193183227005899536279516998096301027036838959279166561684"
+             "0310551788691438032534214"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "38757487026000078727588024103527974928776181013523564813959188246"
+             "1955559588212775794846900"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "37380460615628303037264489629865651331791372563505065401722654906"
+             "2025064751097715522362441"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "34814763807213781542671482852103896542697489735059683183321765548"
+             "445947339180629266142337")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "14121147448831527126791965000630339049373754959343228127368360618"
+             "3837813104014334636548287"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "33795055097810006837830447019456847970544580741916796350960879414"
+             "0431601387553400716942286"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "14721765593496516101948244871432057789330986114798709426974151968"
+             "6280428700109017329690728"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "19857424605294730006056293943363498709311356515890637898627100555"
+             "5783027661350088237985949")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "29420700595970724593122469820054725584753546352223040328604220731"
+             "8981486273245849887042851"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "68302228465400468043542865850680495060359284305281801542746940186"
+             "542688582374179129143054"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "30421163786071299462483253644257178596021199853403849276352935691"
+             "2224702022403940121679233"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "19806817449070050352236351090058231312050230878002438124390709849"
+             "2832884449669134738656591")}};
+// D constants for L = 4 columns
+const std::vector<std::vector<anemoi_parameters<libff::mnt4_pp>::BignumT>>
+    anemoi_parameters<libff::mnt4_pp>::D_constants_col_four = {
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "33314560031848292802734447475713391608158741498697646088728741501"
+             "7415253115185943391974238"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "41603163282088332143943756447065171957984385539507079221548845027"
+             "0771561388879613504205624"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "32221341513202720401187609170907099702386689015079090555449900068"
+             "326550283133909600501308"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "37307664674051407400543329592959399721761675746196057510294547307"
+             "4808435925336635832359326")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "80717154210897953305974765380083005446314332127445222973816328488"
+             "593140670428484342650360"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "35782521738764064881501288336155126112091900767738947089407541834"
+             "8568732908248591750978334"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "14241820084586952610093579888676941077961633280307616086650687027"
+             "1003175876956043901690701"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "28726615034174178554869755065726682962443803371870371508542716685"
+             "0204383727145101698355703")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "28959201945874128189476747482504680877613258555849184140348520887"
+             "4946400446363102791501210"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "38540133101583897787741423276869834312160156218948123772284793591"
+             "8587514751599947448668795"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "40790058680191684899636682616671623356505514546144709444204938036"
+             "7402030154844373202404786"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "64348607031350673871693701392806824880464319195566962327091647325"
+             "723827386068374446749777")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "87670486550569696173668471594331084454622359361996500324971047385"
+             "744855282908003999160889"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "12334616030635551077039325243370918287790810765735510186856044145"
+             "8518814835354244847827576"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "15708295554318081925504808755057319822503492791174601725132902273"
+             "9344951706535104571645198"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "40516689614475395005990471890604975650267442009214922173896006302"
+             "0475873054568406453461703")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "23122482436321656994712824430491370418183602972662573327543681727"
+             "4063557753621780078543050"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "35299799807937905909561416107198306531446552233424269157094418769"
+             "3115493762635424145468151"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "13736167895935602146796783363704620092987001376746553514485128674"
+             "2410316535697684500267133"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "23481469828125762415706900526969496138259895244907819754106409508"
+             "8647728415749718891133572")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "38865363331827299065975431194138218318371949540938942247796046383"
+             "8918945519849737294584308"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "27151362935797276355041144468922383826154592099063491891443304368"
+             "0731164051289203361126731"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "14309507746810666290764320198716639004832085504238755051693042336"
+             "3343713542356307352565865"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "29897292778710061166012080176840519564876477119085197979596037550"
+             "2570511499678241029340613")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "32743052470202311249743005448262714776844245922378452901191403003"
+             "1451156649834160476254968"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "16502897933883661883698942596915106579391108072582726922586027230"
+             "27533137477690111007426"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "10444608224345193259098679592384519873032880458856544315611607453"
+             "7475633215209939224573437"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "27979727824817350566476956645736780250365806087061406588107792392"
+             "4041077568583637592338760")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "44901891855618662487911385236596019598828792096007101728138176978"
+             "7537626612484552868308877"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "12122719401875117410227806298824130336972794559936892496895496026"
+             "4583928273332623567956288"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "11497768457443697706989928980675648770126710127079466507357684861"
+             "8676140102940470036209086"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "20002650224527150309708350328376334239429604324918072639707702425"
+             "3833063488308788312756360")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "16149134924186273108724525896833130182315364314924166044883032519"
+             "5249390664749597267482108"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "40512702004679871056899280400869849580734876607170404219938039226"
+             "7756776685523203715217401"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "32543686064694409765620016080990988525375022282203960303792081021"
+             "7668275526659068979328913"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "36878106237878058168735699960647181263709880921108277086182554076"
+             "7072122632803828706639541")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "26825064681843208608830976369599869162191829319773161247227031205"
+             "6172468981484734626358683"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "50348027626865844800853766545807018311116526847956295937999438588"
+             "993156097800500719351302"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "42259103161591050470115682835302785796605392896925651217036999227"
+             "4206965176153209806638052"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "38055263584402227370742263353566387401817066424051832793469672386"
+             "5127114080011728991730747")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "27553994941957049334795141357838389461197097543844563262124140232"
+             "9348199658988967530066747"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "30770526395147682031526604987658907599764032182489205101289267555"
+             "6290908594825552113397994"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "37615961194859504817778486948069844663242595045732486119252011219"
+             "1095044560157699867222840"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "31317466880698749035735413574323793824322615916162310576304940914"
+             "9959965010102871084242821")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "29523608409967098455742568458971184671458320216806188456106469896"
+             "6947261865170336471765802"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "69588303504857059955368450201914980742417836549280570372331027705"
+             "750130210928913694574957"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "10516156276038105393992149901134141320940462172319029943700767508"
+             "2488170674781190696446637"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "15209970002719707884806516794700485668695517370162263254674131668"
+             "4141464026009686490632775")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "36872367281417902893805872717686857637487602910658129626680052469"
+             "4669766774079804991697588"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "37135775038098138422950143473722703128966738154668960896606577576"
+             "8421415603856110532588056"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "22996837869708822775846780680302879791436630494960346291324048209"
+             "0938778217379064419692637"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "19133066226169431478431613025151081582181191828612253602014065733"
+             "6509140634357226818430963")},
+        {anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "92009656366925488478440486414710200956863042541561775245777881802"
+             "906634693784896121196196"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "14792216611889759452516579108998525741789483649180931951909041352"
+             "6790344856558955383756005"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "43317509887345187199424385522792621675458242039466073392691481102"
+             "9140893597556053650648323"),
+         anemoi_parameters<libff::mnt4_pp>::BignumT(
+             "23703732895006332887654266241510435262251463996624641079766324198"
+             "5816839480558339758068786")}};
+
+} // namespace libsnark
+
+#endif // LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_PARAMETERS_MNT4_TCC_
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_mnt6.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_mnt6.tcc
new file mode 100644
index 000000000..09a2a00a2
--- /dev/null
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_mnt6.tcc
@@ -0,0 +1,1087 @@
+/** @file
+ *****************************************************************************
+ * @author     This file is part of libsnark, developed by Clearmatics Ltd
+ *             (originally developed by SCIPR Lab) and contributors
+ *             (see AUTHORS).
+ * @copyright  MIT license (see LICENSE file)
+ *****************************************************************************/
+
+#ifndef LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_PARAMETERS_MNT6_TCC_
+#define LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_PARAMETERS_MNT6_TCC_
+
+namespace libsnark
+{
+// This file was automatically generated with SAGE script parameters.sage on
+// 19/1/2023 at 0:18:39
+
+// Anemoi parameters for curve mnt6_pp
+template<> class anemoi_parameters<libff::mnt6_pp>
+{
+public:
+    using ppT = libff::mnt6_pp;
+    using FieldT = libff::Fr<ppT>;
+    using BignumT = libff::bigint<FieldT::num_limbs>;
+    static const bool b_prime_field = false;
+    static constexpr size_t multiplicative_generator_g = 17;
+    static constexpr size_t alpha = 11;
+    static constexpr size_t beta = multiplicative_generator_g;
+    static constexpr size_t gamma = 0;
+    static constexpr size_t quad_exponent = 2;
+    static const BignumT alpha_inv;
+    static const BignumT delta;
+    static const std::vector<std::vector<BignumT>> C_constants_col_one;
+    static const std::vector<std::vector<BignumT>> D_constants_col_one;
+    static const std::vector<std::vector<BignumT>> C_constants_col_two;
+    static const std::vector<std::vector<BignumT>> D_constants_col_two;
+    static const std::vector<std::vector<BignumT>> C_constants_col_three;
+    static const std::vector<std::vector<BignumT>> D_constants_col_three;
+    static const std::vector<std::vector<BignumT>> C_constants_col_four;
+    static const std::vector<std::vector<BignumT>> D_constants_col_four;
+};
+
+const anemoi_parameters<libff::mnt6_pp>::BignumT
+    anemoi_parameters<libff::mnt6_pp>::alpha_inv =
+        anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "216328311895118784433340568024112932520511308746679420634343240261"
+            "913755826343545674435491");
+
+const anemoi_parameters<libff::mnt6_pp>::BignumT
+    anemoi_parameters<libff::mnt6_pp>::delta =
+        anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "335945143178302112296481823284504789325970502994843335573333031936"
+            "148420812674682694417469");
+
+// C constants for L = 1 columns
+const std::vector<std::vector<anemoi_parameters<libff::mnt6_pp>::BignumT>>
+    anemoi_parameters<libff::mnt6_pp>::C_constants_col_one = {
+        {anemoi_parameters<libff::mnt6_pp>::BignumT("2065")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "596952681789312522508767384811956909441109108730274896020462911366"
+            "40154717480990313187079")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "152170884571693383483295347038982005377961178575667424508583090094"
+            "286972164970903413321783")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "177248854789405435006297108904198944174649385138912590790997454015"
+            "011485148993855228349187")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "432207652265241709144366463406963888246685214905694204260338812560"
+            "534857342069237250273609")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "420118278656080223982135973720360537071529702081181750671658940806"
+            "34295525082735544880753")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "331372603700180793181133718972716735121364296385383217325947264812"
+            "117168509919702603902192")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "757619589541632418515804904322321647038276207848573594868881115052"
+            "7557209868296322753488")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "277576777647516265491321030631275754069475403240273514117150762253"
+            "837373317526415388798328")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "188951224136040902612771117353249180774684381383807433223795738238"
+            "112621909618547579921585")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "332608347686311920460941500925387936804557623192407170444638996138"
+            "403013992690855245357440")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "368110204408497857197004711916922002728795444472311713942828486714"
+            "116155906814501640909498")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "601166116875133629800337381297673599691741917795195147861183776551"
+            "76776676721469202407467")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "447714141898244150493161111809514324738350151348126850098912397643"
+            "390568060042007562581960")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "238638135911515406381414061745482008453819018230832260317780584778"
+            "773269525348784187522555")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "506861853264945499418648496765853427616358279235509550622966825340"
+            "02278947033613393550283")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "272776189573833968630258855197367591844334633576926884279783401189"
+            "470820082298880095426506")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "204986329834188400228560505957471012186008146863918078144093849019"
+            "172633913117639106216480")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "256939975542812032560710054868288139039102831633628728420855698523"
+            "490224220514412636783092")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "736253048930389397812168286934690367061535426473429736916089586197"
+            "03341525675509794764734")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "386393874802265221765251236876828191913642130979211910861342693292"
+            "106847775185705420053796")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "404843952016994219532537687536964978842753160463698182640782868313"
+            "496621957897573821027030")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "154593898050525695267368165186758888595770370485039334252432950512"
+            "539214020416502858201681")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "163302457833779378079658667659535938829219434166382870599494267413"
+            "745557146705471272956248")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "347190488971686154815242976272425410312447461290726411723787509133"
+            "285313818517982440589593")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "218152968189526050624942022007872257606037233758885640199830456173"
+            "327306053477837970919804")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "399224330132670237822828924091697614808625339370970250365657554067"
+            "631858327373716912192974")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "259736875203599330808810038811522066976595037229858751321187406614"
+            "225363641446236705665054")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "443325426552441086682828453078642307581687861689110163743550007454"
+            "724728615257349177268801")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "280357760042926499030345342800085536456306455611914293779070701432"
+            "401828784857206326239378")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "978819652578955421079565115240316781132294957121287546638528096612"
+            "34810660641750115624294")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "194452305530842002592490560937951861304333208777798900757051009170"
+            "658657489400519262452497")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "187629699413793503724542095377541690011419735227983710114404694561"
+            "407724754160207439194973")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "296365473339679098096543156055694648225554199347486943953132953567"
+            "468413168637612157333552")}};
+// D constants for L = 1 columns
+const std::vector<std::vector<anemoi_parameters<libff::mnt6_pp>::BignumT>>
+    anemoi_parameters<libff::mnt6_pp>::D_constants_col_one = {
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "335945143178302112296481823284504789325970502994843335573333031936"
+            "148420812674682694419534")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "118722330634477876665053425772012613470959572621533473679168030968"
+            "738293940415493272021980")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "589854874851349354615999512629098121750697584562888737755885180103"
+            "008150139953544118503")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "146548068122234209067838031922094161467959091744480377797850082857"
+            "578636345515876913735961")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "390495465334536756293457246345331448387513729270602454884083321058"
+            "860236955988000978846965")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "342774213838259877789219118006019059325578765488438889116534273431"
+            "535791959364446437204202")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "403770605909532298610096933745790984319674731200173823486071546742"
+            "811688730311840614800219")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "236558133497381889899663759843876854819558111847470323710948682705"
+            "194218316197680625699848")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "257131908329841878276277209289939781823923278799964835554456378594"
+            "938969171527585549335980")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "403891710845407321539227389013126490836124407717041423176496505124"
+            "170607414770863991365689")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "101432107575820850342775993724416545958628627660588876249439902357"
+            "889340009499066844234386")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "469727026258265750959826292183812778093739140698747000354525078842"
+            "281580853872980843990650")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "731573366861749168467775702269678435694522586321476699053585306640"
+            "21521218457742439638455")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "928156440981977269762912369324841239642250911418262172084370738738"
+            "38303333157228689524881")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "193549400884957151257172407769050797232176476764930183367089275308"
+            "45294948294659131967528")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "287713095317997619045305465881368943777403760007026440849720770737"
+            "507262727503807011525073")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "383083146236877355797860620670077851125610498101230716366305631150"
+            "907047656002005155299512")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "223427204437650702081090322828125027945420970796778728366356231549"
+            "750381685360768469025987")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "181048531610420612057460971975728625082511489328529833755419509382"
+            "142504452488946972783932")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "357559366893466461152522432997494037240045441926425945423171023779"
+            "627109217862540786561886")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "855238313565252660160997091267524280822489333568595154172501252784"
+            "56911613499523853040161")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "130791543355981342734680066914311743064489854816887870788582112788"
+            "575043933768912345655558")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "114531994310567395156559998191419371885935228702895719946489705014"
+            "6006483690872082047137")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "183130296659720127681536455851331729691098733629796184872442440804"
+            "267204784756834708828902")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "938180162740570089137423322515641408575843116282566268121515916910"
+            "87172102964068167659581")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "458878399730274850642349586802920714655680301265482607967962847098"
+            "908715185811674444062270")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "319162420968279889142902376646469239798934216475533895685251875673"
+            "436328209781490810235248")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "377252628404989268458872334012843452021661651846281695119514575511"
+            "775863295744538172273327")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "188051159447605870386972532978744942893998275196456864223773044123"
+            "650882744026909885827891")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "863187454102443766346608006110250569640530069073855136846066140229"
+            "35943461888280705793157")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "190884414748194909591066105016279023065460198511563885990106705192"
+            "62479988735863237511501")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "204465372957184908842932518080465346070805593233960495006172378991"
+            "382741156880577560316173")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "439520939226244204636020579312420592243899635431729233296689157091"
+            "807749517046039198162706")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+            "290309444294038419495503770663412933738486793610920678809195848398"
+            "622016357992693064797798")}};
+// C constants for L = 2 columns
+const std::vector<std::vector<anemoi_parameters<libff::mnt6_pp>::BignumT>>
+    anemoi_parameters<libff::mnt6_pp>::C_constants_col_two = {
+        {anemoi_parameters<libff::mnt6_pp>::BignumT("2065"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "40690961394805264810227456780515394418181539387075331158067419839"
+             "9056400453439047620496572")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "59695268178931252250876738481195690944110910873027489602046291136"
+             "640154717480990313187079"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "42175317706429866815237772172791184057779592772529416251077895807"
+             "8297313459030922995315119")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "15217088457169338348329534703898200537796117857566742450858309009"
+             "4286972164970903413321783"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "82348019934387293108902422030577057134214171386437464753263812743"
+             "313863963306888174696581")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "17724885478940543500629710890419894417464938513891259079099745401"
+             "5011485148993855228349187"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "13816371698524717215188613329517058067615521895253185375444211979"
+             "5546157683508663404761653")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "43220765226524170914436646340696388824668521490569420426033881256"
+             "0534857342069237250273609"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "12044659824130964222892130934156516770500120323989291191819771913"
+             "9566239392278374767728869")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "42011827865608022398213597372036053707152970208118175067165894080"
+             "634295525082735544880753"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "41249829407450175371599062326155899853719636188705792145603802538"
+             "7798167840266987522698369")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "33137260370018079318113371897271673512136429638538321732594726481"
+             "2117168509919702603902192"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "20369181887852262042481146238545616230891929668977662531695890555"
+             "5072155272781143792327573")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "75761958954163241851580490432232164703827620784857359486888111505"
+             "27557209868296322753488"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "68978295645713434845245694269721417179537929873664493839976378718"
+             "88499334406019043778273")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "27757677764751626549132103063127575406947540324027351411715076225"
+             "3837373317526415388798328"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "41230393216817234282813212164520274631969248481721520847350346779"
+             "9268368807980001803388355")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "18895122413604090261277111735324918077468438138380743322379573823"
+             "8112621909618547579921585"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "44272626445528610743291880195934352349920972822358659805046000476"
+             "1856206970061912889461178")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "33260834768631192046094150092538793680455762319240717044463899613"
+             "8403013992690855245357440"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "84008234499322554202444125535218919727519378573434421764831964371"
+             "840210096950042931906854")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "36811020440849785719700471191692200272879544447231171394282848671"
+             "4116155906814501640909498"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "73449115698145498442721308831256852230207367896371628574107466060"
+             "557444575341632103752658")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "60116611687513362980033738129767359969174191779519514786118377655"
+             "176776676721469202407467"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "32924811679353939215676636332634969657462138663091626115751725435"
+             "288149007673595236319213")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "44771414189824415049316111180951432473835015134812685009891239764"
+             "3390568060042007562581960"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "19014981855703870664194918638745554843399535883239017213615450801"
+             "849650721605169845896214")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "23863813591151540638141406174548200845381901823083226031778058477"
+             "8773269525348784187522555"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "13066426230877705801771552346564664448198447328206692757302387580"
+             "0189504456686481487391569")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "50686185326494549941864849676585342761635827923550955062296682534"
+             "002278947033613393550283"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "34269812452161163216144526240003212041350151610539148654874205263"
+             "4875824989877178333251450")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "27277618957383396863025885519736759184433463357692688427978340118"
+             "9470820082298880095426506"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "35920213156353662856008822196922770637404758501757412794222527216"
+             "069472614871309759020773")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "20498632983418840022856050595747101218600814686391807814409384901"
+             "9172633913117639106216480"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "70066991680410223833881113837783420016882071224633711109896737854"
+             "343606268383046483041703")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "25693997554281203256071005486828813903910283163362872842085569852"
+             "3490224220514412636783092"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "29875510027767484275363997106879023294020635276430741070611502604"
+             "8562338298856437711522691")}};
+// D constants for L = 2 columns
+const std::vector<std::vector<anemoi_parameters<libff::mnt6_pp>::BignumT>>
+    anemoi_parameters<libff::mnt6_pp>::D_constants_col_two = {
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "33594514317830211229648182328450478932597050299484333557333303193"
+             "6148420812674682694419534"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "11220773970646471172608716083609041748344580211968978593274175586"
+             "9414286709683053703831849")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "11872233063447787666505342577201261347095957262153347367916803096"
+             "8738293940415493272021980"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "32605550826921656964723442841820889862542937397058801076219035202"
+             "0815180943490549826825909")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "58985487485134935461599951262909812175069758456288873775588518010"
+             "3008150139953544118503"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "25196454515617786181425234355675273694391335413481551855228139051"
+             "5759891027956862661927271")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "14654806812223420906783803192209416146795909174448037779785008285"
+             "7578636345515876913735961"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "42866048523670854904745632536559438503537458929758223033113953132"
+             "4743299959511609446582397")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "39049546533453675629345724634533144838751372927060245488408332105"
+             "8860236955988000978846965"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "39993196622923729221204136133246131491173938134428375211178701032"
+             "4521610085678062852736195")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "34277421383825987778921911800601905932557876548843888911653427343"
+             "1535791959364446437204202"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "82613662627263560434326913641973688131282062421471774284140930272"
+             "909129718118021803939626")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "40377060590953229861009693374579098431967473120017382348607154674"
+             "2811688730311840614800219"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "12136508983724540293445469655801054702801451600135509565137284159"
+             "6186403754698405675901489")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "23655813349738188989966375984387685481955811184747032371094868270"
+             "5194218316197680625699848"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "81155035915908186279710299627105915587913927253138901320547163536"
+             "974888702260527219400522")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "25713190832984187827627720928993978182392327879996483555445637859"
+             "4938969171527585549335980"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "23713433159986923269376831970334690959492514487369439408509873825"
+             "0789692923506295836601896")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "40389171084540732153922738901312649083612440771704142317649650512"
+             "4170607414770863991365689"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "27019733744762477686705843365652517536309659810913726781895297182"
+             "123657918783552689823090")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "10143210757582085034277599372441654595862862766058887624943990235"
+             "7889340009499066844234386"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "17402954930746408691830788738677611594750004678109871713947765327"
+             "7956527193239178887217770")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "46972702625826575095982629218381277809373914069874700035452507884"
+             "2281580853872980843990650"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "20341206297284669286222908497627763115935848619594779160093712299"
+             "142597783925235179509699")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "73157336686174916846777570226967843569452258632147669905358530664"
+             "021521218457742439638455"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "36716309159664809591644973748236404032364986925520237080483666113"
+             "0762884628890792829984171")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "92815644098197726976291236932484123964225091141826217208437073873"
+             "838303333157228689524881"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "46123632514355137573470356246729239268030901865911569928854003829"
+             "5137639892157115813031186")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "19354940088495715125717240776905079723217647676493018336708927530"
+             "845294948294659131967528"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "23257862140438996959604797154959830281729276646721027516179700123"
+             "8891520959113280788270512")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "28771309531799761904530546588136894377740376000702644084972077073"
+             "7507262727503807011525073"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "42500030326248597834556589800429585695005423268565483651045579494"
+             "8800537031872495823902129")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "38308314623687735579786062067007785112561049810123071636630563115"
+             "0907047656002005155299512"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "46742472473802965285763985672216161698459028676554383445058953986"
+             "4135691268055359175327749")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "22342720443765070208109032282812502794542097079677872836635623154"
+             "9750381685360768469025987"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "40970542120250512852044019976096602284220455889697695090200390307"
+             "1551345120107100202285180")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "18104853161042061205746097197572862508251148932852983375541950938"
+             "2142504452488946972783932"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "68138925094654699331070907575710854504399794955996380214968491017"
+             "634346792356095920199420")}};
+// C constants for L = 3 columns
+const std::vector<std::vector<anemoi_parameters<libff::mnt6_pp>::BignumT>>
+    anemoi_parameters<libff::mnt6_pp>::C_constants_col_three = {
+        {anemoi_parameters<libff::mnt6_pp>::BignumT("2065"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "40690961394805264810227456780515394418181539387075331158067419839"
+             "9056400453439047620496572"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "43230584408248209282274391363248360901057249074482087518128780134"
+             "8250509294834711643828212")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "59695268178931252250876738481195690944110910873027489602046291136"
+             "640154717480990313187079"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "42175317706429866815237772172791184057779592772529416251077895807"
+             "8297313459030922995315119"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "32093015215712914994204891835223979396948561215857729885018660106"
+             "6869487561654696804391624")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "15217088457169338348329534703898200537796117857566742450858309009"
+             "4286972164970903413321783"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "82348019934387293108902422030577057134214171386437464753263812743"
+             "313863963306888174696581"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "38540311108067286940589469870174268238372210083016408301306713660"
+             "2178060617535214691063747")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "17724885478940543500629710890419894417464938513891259079099745401"
+             "5011485148993855228349187"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "13816371698524717215188613329517058067615521895253185375444211979"
+             "5546157683508663404761653"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "37141459889625246546690611623686093797373940324239040774819052261"
+             "1238655346680072352746241")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "43220765226524170914436646340696388824668521490569420426033881256"
+             "0534857342069237250273609"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "12044659824130964222892130934156516770500120323989291191819771913"
+             "9566239392278374767728869"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "13414831558497792731546168961776343836863759393417354684486167703"
+             "7294398351632368967612583")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "42011827865608022398213597372036053707152970208118175067165894080"
+             "634295525082735544880753"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "41249829407450175371599062326155899853719636188705792145603802538"
+             "7798167840266987522698369"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "70603766411478882684638826754756038954156750815755173434524526085"
+             "291662055977139978668530")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "33137260370018079318113371897271673512136429638538321732594726481"
+             "2117168509919702603902192"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "20369181887852262042481146238545616230891929668977662531695890555"
+             "5072155272781143792327573"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "75695599153725801279042394104462551782545358535655748592576203345"
+             "151419371116916653214039")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "75761958954163241851580490432232164703827620784857359486888111505"
+             "27557209868296322753488"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "68978295645713434845245694269721417179537929873664493839976378718"
+             "88499334406019043778273"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "23228545859631715671142784011810204916544773966330974819652921587"
+             "2056392759953628422277284")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "27757677764751626549132103063127575406947540324027351411715076225"
+             "3837373317526415388798328"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "41230393216817234282813212164520274631969248481721520847350346779"
+             "9268368807980001803388355"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "21090756257386836053522473986712324348530085535901482634810096252"
+             "8667268551016624868649951")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "18895122413604090261277111735324918077468438138380743322379573823"
+             "8112621909618547579921585"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "44272626445528610743291880195934352349920972822358659805046000476"
+             "1856206970061912889461178"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "29302439491750129577097384736088210643074780239369764101371282124"
+             "6703159424841406807599690")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "33260834768631192046094150092538793680455762319240717044463899613"
+             "8403013992690855245357440"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "84008234499322554202444125535218919727519378573434421764831964371"
+             "840210096950042931906854"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "57392967386107385564979383440648315803079457233008752545639636730"
+             "876952057230598934160338")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "36811020440849785719700471191692200272879544447231171394282848671"
+             "4116155906814501640909498"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "73449115698145498442721308831256852230207367896371628574107466060"
+             "557444575341632103752658"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "25429379662885946000679853990199326920137433922054587190684348141"
+             "8753230651273894377970883")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "60116611687513362980033738129767359969174191779519514786118377655"
+             "176776676721469202407467"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "32924811679353939215676636332634969657462138663091626115751725435"
+             "288149007673595236319213"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "57335290971982122893626274471700437616163933183200829211891735866"
+             "082294944454303037582837")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "44771414189824415049316111180951432473835015134812685009891239764"
+             "3390568060042007562581960"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "19014981855703870664194918638745554843399535883239017213615450801"
+             "849650721605169845896214"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "31753971562925052955042494979681208627514135826619690264006118325"
+             "2163305426641497578371452")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "23863813591151540638141406174548200845381901823083226031778058477"
+             "8773269525348784187522555"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "13066426230877705801771552346564664448198447328206692757302387580"
+             "0189504456686481487391569"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "41916729174405524169702083152883668805439835809756727997980965028"
+             "5824862965375296267402670")}};
+// D constants for L = 3 columns
+const std::vector<std::vector<anemoi_parameters<libff::mnt6_pp>::BignumT>>
+    anemoi_parameters<libff::mnt6_pp>::D_constants_col_three = {
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "33594514317830211229648182328450478932597050299484333557333303193"
+             "6148420812674682694419534"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "11220773970646471172608716083609041748344580211968978593274175586"
+             "9414286709683053703831849"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "21494880635058739411118958390222070571961666048580728870596422931"
+             "1577637382896846440667026")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "11872233063447787666505342577201261347095957262153347367916803096"
+             "8738293940415493272021980"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "32605550826921656964723442841820889862542937397058801076219035202"
+             "0815180943490549826825909"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "30257731987174028910153870228133747542453281989592108627420686550"
+             "2356596877932452349405951")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "58985487485134935461599951262909812175069758456288873775588518010"
+             "3008150139953544118503"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "25196454515617786181425234355675273694391335413481551855228139051"
+             "5759891027956862661927271"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "15644218664289535002252844781367053405571016582789735058913845629"
+             "1383066696047517408039893")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "14654806812223420906783803192209416146795909174448037779785008285"
+             "7578636345515876913735961"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "42866048523670854904745632536559438503537458929758223033113953132"
+             "4743299959511609446582397"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "26333391748814575427376013589303691419524765583679599810194167605"
+             "7194776636545346624312441")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "39049546533453675629345724634533144838751372927060245488408332105"
+             "8860236955988000978846965"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "39993196622923729221204136133246131491173938134428375211178701032"
+             "4521610085678062852736195"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "15056233913337489209865569194411757437664654287919600815504710139"
+             "008748058894385282365365")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "34277421383825987778921911800601905932557876548843888911653427343"
+             "1535791959364446437204202"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "82613662627263560434326913641973688131282062421471774284140930272"
+             "909129718118021803939626"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "29398625764319525282095744402701980350078109208491369083079143003"
+             "9582128583602103457171405")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "40377060590953229861009693374579098431967473120017382348607154674"
+             "2811688730311840614800219"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "12136508983724540293445469655801054702801451600135509565137284159"
+             "6186403754698405675901489"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "70713706622141821453318705515817559909054339339284158099599009879"
+             "234909684852307250291492")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "23655813349738188989966375984387685481955811184747032371094868270"
+             "5194218316197680625699848"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "81155035915908186279710299627105915587913927253138901320547163536"
+             "974888702260527219400522"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "38388750145734723717124664755703644644282163542113213930568761203"
+             "0112023959626265311403070")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "25713190832984187827627720928993978182392327879996483555445637859"
+             "4938969171527585549335980"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "23713433159986923269376831970334690959492514487369439408509873825"
+             "0789692923506295836601896"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "11308279851525848806549401516406803016794727690754395113230510347"
+             "3157834498361047615367029")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "40389171084540732153922738901312649083612440771704142317649650512"
+             "4170607414770863991365689"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "27019733744762477686705843365652517536309659810913726781895297182"
+             "123657918783552689823090"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "43058498688593222944274321565904017542038637471576943431331211273"
+             "6150115023336975805223220")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "10143210757582085034277599372441654595862862766058887624943990235"
+             "7889340009499066844234386"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "17402954930746408691830788738677611594750004678109871713947765327"
+             "7956527193239178887217770"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "22475911870394215594547622253100613543047388693272298709289419612"
+             "9962510985337863602974791")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "46972702625826575095982629218381277809373914069874700035452507884"
+             "2281580853872980843990650"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "20341206297284669286222908497627763115935848619594779160093712299"
+             "142597783925235179509699"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "27853072373769186851493321680716480349451658143581896166543859815"
+             "0307625691675626167231461")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "73157336686174916846777570226967843569452258632147669905358530664"
+             "021521218457742439638455"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "36716309159664809591644973748236404032364986925520237080483666113"
+             "0762884628890792829984171"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "46891840739896951725903245286023013168976542526736151307358554205"
+             "4526272397489629344751332")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "92815644098197726976291236932484123964225091141826217208437073873"
+             "838303333157228689524881"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "46123632514355137573470356246729239268030901865911569928854003829"
+             "5137639892157115813031186"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "36118360925752994653221742121111109597433972329142879849203951266"
+             "2210273611055771775251880")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "19354940088495715125717240776905079723217647676493018336708927530"
+             "845294948294659131967528"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "23257862140438996959604797154959830281729276646721027516179700123"
+             "8891520959113280788270512"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "12250420118010006518663710719854051825199553353206584134563651764"
+             "1285858481664423798027069")}};
+// C constants for L = 4 columns
+const std::vector<std::vector<anemoi_parameters<libff::mnt6_pp>::BignumT>>
+    anemoi_parameters<libff::mnt6_pp>::C_constants_col_four = {
+        {anemoi_parameters<libff::mnt6_pp>::BignumT("2065"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "40690961394805264810227456780515394418181539387075331158067419839"
+             "9056400453439047620496572"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "43230584408248209282274391363248360901057249074482087518128780134"
+             "8250509294834711643828212"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "87323560644936964010765378790803860740795043357346955466254117966"
+             "090639557286148067242043")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "59695268178931252250876738481195690944110910873027489602046291136"
+             "640154717480990313187079"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "42175317706429866815237772172791184057779592772529416251077895807"
+             "8297313459030922995315119"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "32093015215712914994204891835223979396948561215857729885018660106"
+             "6869487561654696804391624"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "98286582084307828135339487737824682378428710555227049509387711218"
+             "722354219402041693336257")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "15217088457169338348329534703898200537796117857566742450858309009"
+             "4286972164970903413321783"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "82348019934387293108902422030577057134214171386437464753263812743"
+             "313863963306888174696581"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "38540311108067286940589469870174268238372210083016408301306713660"
+             "2178060617535214691063747"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "32001468500956132438633650149983072892937648455636262939984030064"
+             "2818986610918412546139846")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "17724885478940543500629710890419894417464938513891259079099745401"
+             "5011485148993855228349187"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "13816371698524717215188613329517058067615521895253185375444211979"
+             "5546157683508663404761653"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "37141459889625246546690611623686093797373940324239040774819052261"
+             "1238655346680072352746241"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "61298889651638115795920953339491409483098647216429602001207273281"
+             "77032130806730485651427")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "43220765226524170914436646340696388824668521490569420426033881256"
+             "0534857342069237250273609"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "12044659824130964222892130934156516770500120323989291191819771913"
+             "9566239392278374767728869"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "13414831558497792731546168961776343836863759393417354684486167703"
+             "7294398351632368967612583"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "14128848027891622751259129366360057212025928026819679012178936133"
+             "5395514005677634147444511")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "42011827865608022398213597372036053707152970208118175067165894080"
+             "634295525082735544880753"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "41249829407450175371599062326155899853719636188705792145603802538"
+             "7798167840266987522698369"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "70603766411478882684638826754756038954156750815755173434524526085"
+             "291662055977139978668530"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "32417014344292844619030319427718818392587977102167157942069355354"
+             "9519142499678024600143693")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "33137260370018079318113371897271673512136429638538321732594726481"
+             "2117168509919702603902192"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "20369181887852262042481146238545616230891929668977662531695890555"
+             "5072155272781143792327573"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "75695599153725801279042394104462551782545358535655748592576203345"
+             "151419371116916653214039"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "42235842832536697073875481920627368322616008586461421425150172433"
+             "9291075540591745950065490")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "75761958954163241851580490432232164703827620784857359486888111505"
+             "27557209868296322753488"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "68978295645713434845245694269721417179537929873664493839976378718"
+             "88499334406019043778273"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "23228545859631715671142784011810204916544773966330974819652921587"
+             "2056392759953628422277284"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "22225357492503549589784157115039042364635950412485035451105209897"
+             "8132977991120805513324386")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "27757677764751626549132103063127575406947540324027351411715076225"
+             "3837373317526415388798328"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "41230393216817234282813212164520274631969248481721520847350346779"
+             "9268368807980001803388355"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "21090756257386836053522473986712324348530085535901482634810096252"
+             "8667268551016624868649951"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "70734447786714222223868292874342750697634996086590133773529641722"
+             "064765089266729980266321")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "18895122413604090261277111735324918077468438138380743322379573823"
+             "8112621909618547579921585"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "44272626445528610743291880195934352349920972822358659805046000476"
+             "1856206970061912889461178"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "29302439491750129577097384736088210643074780239369764101371282124"
+             "6703159424841406807599690"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "26937157413496592987894191524320475961769563904324315104647395382"
+             "0654083941596810176762694")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "33260834768631192046094150092538793680455762319240717044463899613"
+             "8403013992690855245357440"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "84008234499322554202444125535218919727519378573434421764831964371"
+             "840210096950042931906854"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "57392967386107385564979383440648315803079457233008752545639636730"
+             "876952057230598934160338"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "42368222415727463405131443258512278262705608787060591131900016438"
+             "3419159601530122263781180")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "36811020440849785719700471191692200272879544447231171394282848671"
+             "4116155906814501640909498"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "73449115698145498442721308831256852230207367896371628574107466060"
+             "557444575341632103752658"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "25429379662885946000679853990199326920137433922054587190684348141"
+             "8753230651273894377970883"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "35948853684822071362360915719002364138907960890537370183292831477"
+             "4127273148520496257053514")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "60116611687513362980033738129767359969174191779519514786118377655"
+             "176776676721469202407467"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "32924811679353939215676636332634969657462138663091626115751725435"
+             "288149007673595236319213"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "57335290971982122893626274471700437616163933183200829211891735866"
+             "082294944454303037582837"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "32233173367496147681311525078618133387926286693830897696434479551"
+             "5789992540714745693213562")}};
+// D constants for L = 4 columns
+const std::vector<std::vector<anemoi_parameters<libff::mnt6_pp>::BignumT>>
+    anemoi_parameters<libff::mnt6_pp>::D_constants_col_four = {
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "33594514317830211229648182328450478932597050299484333557333303193"
+             "6148420812674682694419534"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "11220773970646471172608716083609041748344580211968978593274175586"
+             "9414286709683053703831849"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "21494880635058739411118958390222070571961666048580728870596422931"
+             "1577637382896846440667026"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "22779994838566372962995768268371467442837427767322360261864917394"
+             "0071920922419833444899550")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "11872233063447787666505342577201261347095957262153347367916803096"
+             "8738293940415493272021980"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "32605550826921656964723442841820889862542937397058801076219035202"
+             "0815180943490549826825909"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "30257731987174028910153870228133747542453281989592108627420686550"
+             "2356596877932452349405951"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "43776717527154043162557590529009608081201098286746107056112660366"
+             "4863616812751347819169277")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "58985487485134935461599951262909812175069758456288873775588518010"
+             "3008150139953544118503"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "25196454515617786181425234355675273694391335413481551855228139051"
+             "5759891027956862661927271"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "15644218664289535002252844781367053405571016582789735058913845629"
+             "1383066696047517408039893"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "44888718604440526933371688423493229757989961412898613060363024834"
+             "2678145966502265843934685")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "14654806812223420906783803192209416146795909174448037779785008285"
+             "7578636345515876913735961"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "42866048523670854904745632536559438503537458929758223033113953132"
+             "4743299959511609446582397"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "26333391748814575427376013589303691419524765583679599810194167605"
+             "7194776636545346624312441"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "25588263302967856471719274861329883414835318189093878418159050878"
+             "4787306697743555338036320")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "39049546533453675629345724634533144838751372927060245488408332105"
+             "8860236955988000978846965"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "39993196622923729221204136133246131491173938134428375211178701032"
+             "4521610085678062852736195"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "15056233913337489209865569194411757437664654287919600815504710139"
+             "008748058894385282365365"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "38002982407989725373774180686342260816782140519683307772015102244"
+             "7764016990011201043015986")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "34277421383825987778921911800601905932557876548843888911653427343"
+             "1535791959364446437204202"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "82613662627263560434326913641973688131282062421471774284140930272"
+             "909129718118021803939626"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "29398625764319525282095744402701980350078109208491369083079143003"
+             "9582128583602103457171405"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "42946377397800495490401919551957721390591429762302560504912395693"
+             "8253499486418738175707180")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "40377060590953229861009693374579098431967473120017382348607154674"
+             "2811688730311840614800219"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "12136508983724540293445469655801054702801451600135509565137284159"
+             "6186403754698405675901489"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "70713706622141821453318705515817559909054339339284158099599009879"
+             "234909684852307250291492"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "29928767509714312949042851458775395678607925200043813199068803030"
+             "7818456313442886644203555")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "23655813349738188989966375984387685481955811184747032371094868270"
+             "5194218316197680625699848"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "81155035915908186279710299627105915587913927253138901320547163536"
+             "974888702260527219400522"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "38388750145734723717124664755703644644282163542113213930568761203"
+             "0112023959626265311403070"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "25576675708942571493505776255945008635714358521486825385237399457"
+             "0632499649909192499510784")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "25713190832984187827627720928993978182392327879996483555445637859"
+             "4938969171527585549335980"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "23713433159986923269376831970334690959492514487369439408509873825"
+             "0789692923506295836601896"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "11308279851525848806549401516406803016794727690754395113230510347"
+             "3157834498361047615367029"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "33074310920072581408488420179446125435881648221000949218545241067"
+             "7209484313682703307802092")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "40389171084540732153922738901312649083612440771704142317649650512"
+             "4170607414770863991365689"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "27019733744762477686705843365652517536309659810913726781895297182"
+             "123657918783552689823090"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "43058498688593222944274321565904017542038637471576943431331211273"
+             "6150115023336975805223220"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "28884330540675700212810866751148809404074439669751045257823674474"
+             "4544929999208129271446836")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "10143210757582085034277599372441654595862862766058887624943990235"
+             "7889340009499066844234386"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "17402954930746408691830788738677611594750004678109871713947765327"
+             "7956527193239178887217770"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "22475911870394215594547622253100613543047388693272298709289419612"
+             "9962510985337863602974791"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "47295951477846954300920865564560586768786070290251565409841822321"
+             "6948608988753137029656245")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "46972702625826575095982629218381277809373914069874700035452507884"
+             "2281580853872980843990650"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "20341206297284669286222908497627763115935848619594779160093712299"
+             "142597783925235179509699"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "27853072373769186851493321680716480349451658143581896166543859815"
+             "0307625691675626167231461"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "26563660326041326070914121806532044111563203645284229982368693094"
+             "0125558648037978143374704")},
+        {anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "73157336686174916846777570226967843569452258632147669905358530664"
+             "021521218457742439638455"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "36716309159664809591644973748236404032364986925520237080483666113"
+             "0762884628890792829984171"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "46891840739896951725903245286023013168976542526736151307358554205"
+             "4526272397489629344751332"),
+         anemoi_parameters<libff::mnt6_pp>::BignumT(
+             "13990370323604768400256956349178784184114966511197044366264697256"
+             "2467597634910021613684588")}};
+
+} // namespace libsnark
+
+#endif // LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_PARAMETERS_MNT6_TCC_
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
index 5bae89888..6b8e91f74 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
@@ -10,8 +10,14 @@
 
 #include <array>
 #include <gtest/gtest.h>
+#include <libff/algebra/curves/alt_bn128/alt_bn128_pp.hpp>
+#include <libff/algebra/curves/bls12_377/bls12_377_pp.hpp>
 #include <libff/algebra/curves/bls12_381/bls12_381_init.hpp>
 #include <libff/algebra/curves/bls12_381/bls12_381_pp.hpp>
+#include <libff/algebra/curves/bn128/bn128_pp.hpp>
+#include <libff/algebra/curves/bw6_761/bw6_761_pp.hpp>
+#include <libff/algebra/curves/mnt/mnt4/mnt4_pp.hpp>
+#include <libff/algebra/curves/mnt/mnt6/mnt6_pp.hpp>
 #include <libff/common/default_types/ec_pp.hpp>
 #include <libff/common/profiling.hpp>
 #include <libff/common/utils.hpp>
@@ -360,10 +366,72 @@ template<typename ppT> void test_for_curve()
     test_anemoi_permutation_mds<ppT, parameters>();
 }
 
+template<typename ppT, class parameters = anemoi_parameters<libff::Fr<ppT>>>
+void test_curve_parameters()
+{
+    printf("g = %zd\n", parameters::multiplicative_generator_g);
+    printf("alpha = %zd\n", parameters::alpha);
+    printf("beta = %zd\n", parameters::beta);
+    printf("gamma = %zd\n", parameters::gamma);
+    printf("quad_exponent = %zd\n", parameters::quad_exponent);
+    printf("alpha_inv = ");
+    parameters::alpha_inv.print();
+    printf("delta = ");
+    parameters::delta.print();
+}
+
 TEST(TestAnemoiGadget, BLS12_381) { test_for_curve<libff::bls12_381_pp>(); }
 
+TEST(TestCurveParameters, BLS12_381)
+{
+    using parameters = anemoi_parameters<libff::bls12_381_pp>;
+    test_curve_parameters<libff::bls12_381_pp, parameters>();
+}
+
+TEST(TestCurveParameters, BLS12_377)
+{
+    using parameters = anemoi_parameters<libff::bls12_377_pp>;
+    test_curve_parameters<libff::bls12_377_pp, parameters>();
+}
+
+TEST(TestCurveParameters, MNT4)
+{
+    using parameters = anemoi_parameters<libff::mnt4_pp>;
+    test_curve_parameters<libff::mnt4_pp, parameters>();
+}
+
+TEST(TestCurveParameters, MNT6)
+{
+    using parameters = anemoi_parameters<libff::mnt6_pp>;
+    test_curve_parameters<libff::mnt6_pp, parameters>();
+}
+
+TEST(TestCurveParameters, BW6_761)
+{
+    using parameters = anemoi_parameters<libff::bw6_761_pp>;
+    test_curve_parameters<libff::bw6_761_pp, parameters>();
+}
+
+TEST(TestCurveParameters, BN128)
+{
+    using parameters = anemoi_parameters<libff::bn128_pp>;
+    test_curve_parameters<libff::bn128_pp, parameters>();
+}
+
+TEST(TestCurveParameters, ALT_BN128)
+{
+    using parameters = anemoi_parameters<libff::alt_bn128_pp>;
+    test_curve_parameters<libff::alt_bn128_pp, parameters>();
+}
+
 int main(int argc, char **argv)
 {
+    libff::mnt4_pp::init_public_params();
+    libff::mnt6_pp::init_public_params();
+    libff::bw6_761_pp::init_public_params();
+    libff::bn128_pp::init_public_params();
+    libff::alt_bn128_pp::init_public_params();
+    libff::bls12_377_pp::init_public_params();
     libff::bls12_381_pp::init_public_params();
     ::testing::InitGoogleTest(&argc, argv);
     return RUN_ALL_TESTS();
diff --git a/scripts/anemoi-hash/parameters.sage b/scripts/anemoi-hash/parameters.sage
index 38bb97630..411b2b488 100644
--- a/scripts/anemoi-hash/parameters.sage
+++ b/scripts/anemoi-hash/parameters.sage
@@ -10,11 +10,8 @@ from constants import *
 
 load('anemoi.sage')
 
-def anemoi_selected_instances():
+def anemoi_instances_bls12_381(A):
 
-    # accumulating selected Anemoi instances
-    A = []
-    
     # - 256-bit security level instantiations
     # -- BLS12_381_SCALRFIELD
     # --- 1 col
@@ -53,10 +50,254 @@ def anemoi_selected_instances():
     A.append(
         ("A_BLS_12_381_SCALARFIELD_4_COL_256_BITS",
          A_BLS_12_381_SCALARFIELD_4_COL_256_BITS))
-    return A
     
-def output_parameters():
-    instances = anemoi_selected_instances()
+def anemoi_instances_bls12_377(A):
+
+    # - 256-bit security level instantiations
+    # -- BLS12_377_SCALRFIELD
+    # --- 1 col
+    A_BLS_12_377_SCALARFIELD_1_COL_256_BITS = AnemoiPermutation(
+        q=BLS12_377_SCALARFIELD,
+        n_cols=1,
+        security_level=256
+    )
+    A.append(
+        ("A_BLS_12_377_SCALARFIELD_1_COL_256_BITS",
+         A_BLS_12_377_SCALARFIELD_1_COL_256_BITS))
+    # --- 2 col    
+    A_BLS_12_377_SCALARFIELD_2_COL_256_BITS = AnemoiPermutation(
+        q=BLS12_377_SCALARFIELD,
+        n_cols=2,
+        security_level=256
+    )
+    A.append(
+        ("A_BLS_12_377_SCALARFIELD_2_COL_256_BITS",
+         A_BLS_12_377_SCALARFIELD_2_COL_256_BITS))    
+    # --- 3 col    
+    A_BLS_12_377_SCALARFIELD_3_COL_256_BITS = AnemoiPermutation(
+        q=BLS12_377_SCALARFIELD,
+        n_cols=3,
+        security_level=256
+    )
+    A.append(
+        ("A_BLS_12_377_SCALARFIELD_3_COL_256_BITS",
+         A_BLS_12_377_SCALARFIELD_3_COL_256_BITS))    
+    # ---4 col    
+    A_BLS_12_377_SCALARFIELD_4_COL_256_BITS = AnemoiPermutation(
+        q=BLS12_377_SCALARFIELD,
+        n_cols=4,
+        security_level=256
+    )
+    A.append(
+        ("A_BLS_12_377_SCALARFIELD_4_COL_256_BITS",
+         A_BLS_12_377_SCALARFIELD_4_COL_256_BITS))
+    
+def anemoi_instances_mnt4(A):
+
+    # - 256-bit security level instantiations
+    # -- MNT4_SCALRFIELD
+    # --- 1 col
+    A_MNT4_SCALARFIELD_1_COL_256_BITS = AnemoiPermutation(
+        q=MNT4_SCALARFIELD,
+        n_cols=1,
+        security_level=256
+    )
+    A.append(
+        ("A_MNT4_SCALARFIELD_1_COL_256_BITS",
+         A_MNT4_SCALARFIELD_1_COL_256_BITS))
+    # --- 2 col    
+    A_MNT4_SCALARFIELD_2_COL_256_BITS = AnemoiPermutation(
+        q=MNT4_SCALARFIELD,
+        n_cols=2,
+        security_level=256
+    )
+    A.append(
+        ("A_MNT4_SCALARFIELD_2_COL_256_BITS",
+         A_MNT4_SCALARFIELD_2_COL_256_BITS))    
+    # --- 3 col    
+    A_MNT4_SCALARFIELD_3_COL_256_BITS = AnemoiPermutation(
+        q=MNT4_SCALARFIELD,
+        n_cols=3,
+        security_level=256
+    )
+    A.append(
+        ("A_MNT4_SCALARFIELD_3_COL_256_BITS",
+         A_MNT4_SCALARFIELD_3_COL_256_BITS))    
+    # ---4 col    
+    A_MNT4_SCALARFIELD_4_COL_256_BITS = AnemoiPermutation(
+        q=MNT4_SCALARFIELD,
+        n_cols=4,
+        security_level=256
+    )
+    A.append(
+        ("A_MNT4_SCALARFIELD_4_COL_256_BITS",
+         A_MNT4_SCALARFIELD_4_COL_256_BITS))
+    
+def anemoi_instances_mnt6(A):
+
+    # - 256-bit security level instantiations
+    # -- MNT6_SCALRFIELD
+    # --- 1 col
+    A_MNT6_SCALARFIELD_1_COL_256_BITS = AnemoiPermutation(
+        q=MNT6_SCALARFIELD,
+        n_cols=1,
+        security_level=256
+    )
+    A.append(
+        ("A_MNT6_SCALARFIELD_1_COL_256_BITS",
+         A_MNT6_SCALARFIELD_1_COL_256_BITS))
+    # --- 2 col    
+    A_MNT6_SCALARFIELD_2_COL_256_BITS = AnemoiPermutation(
+        q=MNT6_SCALARFIELD,
+        n_cols=2,
+        security_level=256
+    )
+    A.append(
+        ("A_MNT6_SCALARFIELD_2_COL_256_BITS",
+         A_MNT6_SCALARFIELD_2_COL_256_BITS))    
+    # --- 3 col    
+    A_MNT6_SCALARFIELD_3_COL_256_BITS = AnemoiPermutation(
+        q=MNT6_SCALARFIELD,
+        n_cols=3,
+        security_level=256
+    )
+    A.append(
+        ("A_MNT6_SCALARFIELD_3_COL_256_BITS",
+         A_MNT6_SCALARFIELD_3_COL_256_BITS))    
+    # ---4 col    
+    A_MNT6_SCALARFIELD_4_COL_256_BITS = AnemoiPermutation(
+        q=MNT6_SCALARFIELD,
+        n_cols=4,
+        security_level=256
+    )
+    A.append(
+        ("A_MNT6_SCALARFIELD_4_COL_256_BITS",
+         A_MNT6_SCALARFIELD_4_COL_256_BITS))
+    
+def anemoi_instances_bw6_761(A):
+
+    # - 256-bit security level instantiations
+    # -- BW6_761_SCALRFIELD
+    # --- 1 col
+    A_BW6_761_SCALARFIELD_1_COL_256_BITS = AnemoiPermutation(
+        q=BW6_761_SCALARFIELD,
+        n_cols=1,
+        security_level=256
+    )
+    A.append(
+        ("A_BW6_761_SCALARFIELD_1_COL_256_BITS",
+         A_BW6_761_SCALARFIELD_1_COL_256_BITS))
+    # --- 2 col    
+    A_BW6_761_SCALARFIELD_2_COL_256_BITS = AnemoiPermutation(
+        q=BW6_761_SCALARFIELD,
+        n_cols=2,
+        security_level=256
+    )
+    A.append(
+        ("A_BW6_761_SCALARFIELD_2_COL_256_BITS",
+         A_BW6_761_SCALARFIELD_2_COL_256_BITS))    
+    # --- 3 col    
+    A_BW6_761_SCALARFIELD_3_COL_256_BITS = AnemoiPermutation(
+        q=BW6_761_SCALARFIELD,
+        n_cols=3,
+        security_level=256
+    )
+    A.append(
+        ("A_BW6_761_SCALARFIELD_3_COL_256_BITS",
+         A_BW6_761_SCALARFIELD_3_COL_256_BITS))    
+    # ---4 col    
+    A_BW6_761_SCALARFIELD_4_COL_256_BITS = AnemoiPermutation(
+        q=BW6_761_SCALARFIELD,
+        n_cols=4,
+        security_level=256
+    )
+    A.append(
+        ("A_BW6_761_SCALARFIELD_4_COL_256_BITS",
+         A_BW6_761_SCALARFIELD_4_COL_256_BITS))
+    
+def anemoi_instances_bn128(A):
+
+    # - 256-bit security level instantiations
+    # -- BN128_SCALRFIELD
+    # --- 1 col
+    A_BN128_SCALARFIELD_1_COL_256_BITS = AnemoiPermutation(
+        q=BN128_SCALARFIELD,
+        n_cols=1,
+        security_level=256
+    )
+    A.append(
+        ("A_BN128_SCALARFIELD_1_COL_256_BITS",
+         A_BN128_SCALARFIELD_1_COL_256_BITS))
+    # --- 2 col    
+    A_BN128_SCALARFIELD_2_COL_256_BITS = AnemoiPermutation(
+        q=BN128_SCALARFIELD,
+        n_cols=2,
+        security_level=256
+    )
+    A.append(
+        ("A_BN128_SCALARFIELD_2_COL_256_BITS",
+         A_BN128_SCALARFIELD_2_COL_256_BITS))    
+    # --- 3 col    
+    A_BN128_SCALARFIELD_3_COL_256_BITS = AnemoiPermutation(
+        q=BN128_SCALARFIELD,
+        n_cols=3,
+        security_level=256
+    )
+    A.append(
+        ("A_BN128_SCALARFIELD_3_COL_256_BITS",
+         A_BN128_SCALARFIELD_3_COL_256_BITS))    
+    # ---4 col    
+    A_BN128_SCALARFIELD_4_COL_256_BITS = AnemoiPermutation(
+        q=BN128_SCALARFIELD,
+        n_cols=4,
+        security_level=256
+    )
+    A.append(
+        ("A_BN128_SCALARFIELD_4_COL_256_BITS",
+         A_BN128_SCALARFIELD_4_COL_256_BITS))
+    
+def anemoi_instances_alt_bn128(A):
+
+    # - 256-bit security level instantiations
+    # -- ALT_BN128_SCALRFIELD
+    # --- 1 col
+    A_ALT_BN128_SCALARFIELD_1_COL_256_BITS = AnemoiPermutation(
+        q=ALT_BN128_SCALARFIELD,
+        n_cols=1,
+        security_level=256
+    )
+    A.append(
+        ("A_ALT_BN128_SCALARFIELD_1_COL_256_BITS",
+         A_ALT_BN128_SCALARFIELD_1_COL_256_BITS))
+    # --- 2 col    
+    A_ALT_BN128_SCALARFIELD_2_COL_256_BITS = AnemoiPermutation(
+        q=ALT_BN128_SCALARFIELD,
+        n_cols=2,
+        security_level=256
+    )
+    A.append(
+        ("A_ALT_BN128_SCALARFIELD_2_COL_256_BITS",
+         A_ALT_BN128_SCALARFIELD_2_COL_256_BITS))    
+    # --- 3 col    
+    A_ALT_BN128_SCALARFIELD_3_COL_256_BITS = AnemoiPermutation(
+        q=ALT_BN128_SCALARFIELD,
+        n_cols=3,
+        security_level=256
+    )
+    A.append(
+        ("A_ALT_BN128_SCALARFIELD_3_COL_256_BITS",
+         A_ALT_BN128_SCALARFIELD_3_COL_256_BITS))    
+    # ---4 col    
+    A_ALT_BN128_SCALARFIELD_4_COL_256_BITS = AnemoiPermutation(
+        q=ALT_BN128_SCALARFIELD,
+        n_cols=4,
+        security_level=256
+    )
+    A.append(
+        ("A_ALT_BN128_SCALARFIELD_4_COL_256_BITS",
+         A_ALT_BN128_SCALARFIELD_4_COL_256_BITS))
+    
+def anemoi_instances_stdout(instances):
     for i in range(len(instances)):
         # string name
         A_str = instances[i][0]
@@ -81,12 +322,10 @@ def output_parameters():
         print("matrix M         :\n{}".format(A.mat))
         print("constants C      :\n{}".format(A.C))
         print("constants D      :\n{}".format(A.D))
-        return instances
 
 # same as output_parameters() but stores parameters to file
-def output_parameters_to_file():
-    instances = anemoi_selected_instances()
-    f = open("parameters.txt", "w")
+def anemoi_instances_to_file(instances):
+    f = open("instances.txt", "w")
     e = datetime.datetime.now()
     f.write("This file was automatically generated with SAGE script parameters.sage on %s/%s/%s at %s:%s:%s\n" % (e.day, e.month, e.year, e.hour, e.minute, e.second))
     for i in range(len(instances)):
@@ -112,21 +351,62 @@ def output_parameters_to_file():
         f.write("constants C      :\n{}\n".format(A.C))
         f.write("constants D      :\n{}\n".format(A.D))
 
-def output_constants_in_libsnark_format_to_file(instances):
-    f = open("constants.txt", "w")
+def anemoi_parameters_in_cpp_format_to_file(instances, filename, curve_ppT):
+    f = open(filename, "w")
     e = datetime.datetime.now()
-    f.write("// Automatically generated with SAGE script parameters.sage on %s/%s/%s at %s:%s:%s\n" % (e.day, e.month, e.year, e.hour, e.minute, e.second))
+    f.write("// This file was automatically generated with SAGE script parameters.sage on %s/%s/%s at %s:%s:%s\n\n" % (e.day, e.month, e.year, e.hour, e.minute, e.second))
+
+    f.write("// Anemoi parameters for curve {}\n".format(curve_ppT))
+    # get just the first instance -- all instances from a given curve
+    # share the same parameters
+    A = instances[0][1]
+
+    f.write("template<> class anemoi_parameters<libff::{}>\n".format(curve_ppT))
+    f.write("{\npublic:\n")    
+    f.write("using ppT = libff::{};\n".format(curve_ppT))
+    f.write("using FieldT = libff::Fr<ppT>;\n")
+    f.write("using BignumT = libff::bigint<FieldT::num_limbs>;\n")
+    f.write("static const bool b_prime_field = false;\n")
+    f.write("static constexpr size_t multiplicative_generator_g = {};\n".format(A.g))
+    f.write("static constexpr size_t alpha = {};\n".format(A.alpha))
+    f.write("static constexpr size_t beta = multiplicative_generator_g;\n")
+    f.write("static constexpr size_t gamma = 0;\n")
+    f.write("static constexpr size_t quad_exponent = {};\n".format(A.QUAD))
+    f.write("static const BignumT alpha_inv;\n")
+    f.write("static const BignumT delta;\n")
+    f.write("static const std::vector<std::vector<BignumT>> C_constants_col_one;\n")
+    f.write("static const std::vector<std::vector<BignumT>> D_constants_col_one;\n")
+    f.write("static const std::vector<std::vector<BignumT>> C_constants_col_two;\n")
+    f.write("static const std::vector<std::vector<BignumT>> D_constants_col_two;\n")
+    f.write("static const std::vector<std::vector<BignumT>> C_constants_col_three;\n")
+    f.write("static const std::vector<std::vector<BignumT>> D_constants_col_three;\n")
+    f.write("static const std::vector<std::vector<BignumT>> C_constants_col_four;\n")
+    f.write("static const std::vector<std::vector<BignumT>> D_constants_col_four;\n")
+    f.write("};\n")
+    
+    f.write("\n")    
+    f.write("const anemoi_parameters<libff::{}>::BignumT anemoi_parameters<libff::{}>::alpha_inv = anemoi_parameters<libff::{}>::BignumT(\"{}\");\n".format(curve_ppT, curve_ppT, curve_ppT, A.alpha_inv))
+    
+    f.write("\n")    
+    f.write("const anemoi_parameters<libff::{}>::BignumT anemoi_parameters<libff::{}>::delta = anemoi_parameters<libff::{}>::BignumT(\"{}\");\n".format(curve_ppT, curve_ppT, curve_ppT, A.delta))
+    
+#    f.write("namespace libsnark \n{\n")
+#    f.write("} // namespace libsnark")
+    
+def anemoi_constants_in_cpp_format_to_file(instances, filename, curve_ppT):
+    f = open(filename, "a")
+    f.write("\n")    
     i_str = ["one", "two", "three", "four", "five", "six"]
     for i in range(len(instances)):
         A_str = instances[i][0]
         A = instances[i][1]
         f.write("// C constants for L = {} columns\n".format(i+1))
-        f.write("const std::vector<std::vector<BignumT>> anemoi_parameters<ppT>::C_constants_col_{} = ".format(i_str[i]))
+        f.write("const std::vector<std::vector<anemoi_parameters<libff::{}>::BignumT>> anemoi_parameters<libff::{}>::C_constants_col_{} = ".format(curve_ppT, curve_ppT, i_str[i]))
         f.write("{\n")
         for iround in range(len(A.C)):
             f.write("{")
             for icol in range(len(A.C[iround])):
-                f.write("BignumT(\"{}\")".format(A.C[iround][icol]))
+                f.write("anemoi_parameters<libff::{}>::BignumT(\"{}\")".format(curve_ppT, A.C[iround][icol]))
                 if icol < (len(A.C[iround]) - 1):
                     f.write(", ")
             f.write("}")
@@ -134,12 +414,12 @@ def output_constants_in_libsnark_format_to_file(instances):
                 f.write(",\n")
         f.write("\n};\n")
         f.write("// D constants for L = {} columns\n".format(i+1))
-        f.write("const std::vector<std::vector<BignumT>> anemoi_parameters<ppT>::D_constants_col_{} = ".format(i_str[i]))
+        f.write("const std::vector<std::vector<anemoi_parameters<libff::{}>::BignumT>> anemoi_parameters<libff::{}>::D_constants_col_{} = ".format(curve_ppT, curve_ppT, i_str[i]))
         f.write("{\n")
         for iround in range(len(A.D)):
             f.write("{")
             for icol in range(len(A.D[iround])):
-                f.write("BignumT(\"{}\")".format(A.D[iround][icol]))
+                f.write("anemoi_parameters<libff::{}>::BignumT(\"{}\")".format(curve_ppT, A.D[iround][icol]))
                 if icol < (len(A.D[iround]) - 1):
                     f.write(", ")
             f.write("}")
@@ -149,6 +429,59 @@ def output_constants_in_libsnark_format_to_file(instances):
         
                   
 if __name__ == "__main__":
-    A = output_parameters()
-    output_parameters_to_file()
-    output_constants_in_libsnark_format_to_file(A)
+    # bls12_381
+    if 0:
+        A = []
+        anemoi_instances_bls12_381(A)
+        filename = "parameters_bls12_381.txt"
+        curve_ppT = "bls12_381_pp"
+        anemoi_parameters_in_cpp_format_to_file(A, filename, curve_ppT)
+        anemoi_constants_in_cpp_format_to_file(A, filename, curve_ppT)
+    # bls12_377
+    if 0:
+        A = []
+        anemoi_instances_bls12_377(A)
+        filename = "parameters_bls12_377.txt"
+        curve_ppT = "bls12_377_pp"
+        anemoi_parameters_in_cpp_format_to_file(A, filename, curve_ppT)
+        anemoi_constants_in_cpp_format_to_file(A, filename, curve_ppT)
+    # mnt4
+    if 0:
+        A = []
+        anemoi_instances_mnt4(A)
+        filename = "parameters_mnt4.txt"
+        curve_ppT = "mnt4_pp"
+        anemoi_parameters_in_cpp_format_to_file(A, filename, curve_ppT)
+        anemoi_constants_in_cpp_format_to_file(A, filename, curve_ppT)
+    # mnt6
+    if 0:
+        A = []
+        anemoi_instances_mnt6(A)
+        filename = "parameters_mnt6.txt"
+        curve_ppT = "mnt6_pp"
+        anemoi_parameters_in_cpp_format_to_file(A, filename, curve_ppT)
+        anemoi_constants_in_cpp_format_to_file(A, filename, curve_ppT)
+    # bw6_761 (WARNING! slow ~10 min.)
+    if 0:
+        A = []
+        anemoi_instances_bw6_761(A)
+        filename = "parameters_bw6_761.txt"
+        curve_ppT = "bw6_761_pp"
+        anemoi_parameters_in_cpp_format_to_file(A, filename, curve_ppT)
+        anemoi_constants_in_cpp_format_to_file(A, filename, curve_ppT)
+    # bn128
+    if 1:
+        A = []
+        anemoi_instances_bn128(A)
+        filename = "parameters_bn128.txt"
+        curve_ppT = "bn128_pp"
+        anemoi_parameters_in_cpp_format_to_file(A, filename, curve_ppT)
+        anemoi_constants_in_cpp_format_to_file(A, filename, curve_ppT)
+    # alt_bn128
+    if 1:
+        A = []
+        anemoi_instances_alt_bn128(A)
+        filename = "parameters_alt_bn128.txt"
+        curve_ppT = "alt_bn128_pp"
+        anemoi_parameters_in_cpp_format_to_file(A, filename, curve_ppT)
+        anemoi_constants_in_cpp_format_to_file(A, filename, curve_ppT)

From 5bb5dec3c31cdfd00f7654fce08ee82eea7600fc Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Thu, 19 Jan 2023 01:04:58 +0000
Subject: [PATCH 102/112] anemoi: added description of the C,D round constants
 in comments

---
 .../gadgets/hashes/anemoi/anemoi_parameters.hpp           | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.hpp
index 5df3dea50..2b97adde8 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.hpp
@@ -36,6 +36,14 @@ namespace libsnark
 /// - quad_exponent    : quadratic exponent applied in the mappings Q_gamma,
 ///                      Q_delta. Note that quad_exponent=2 for prime fields and
 ///                      quad_exponent=3 for binary fields
+/// - C_constants_col_"num_cols", D_constants_col_"num_cols" : the C
+///                      and D round constants of the Anemoi
+///                      permutation for a state with 1,2,3 or 4
+///                      columns with the string placeholder
+///                      "num_cols" taking the values resp. "one",
+///                      "two", "three" or "four". See [BBCPSVW22],
+///                      Sect. 5.1 for more details on the C,D
+///                      constants.
 ///
 /// The values for the above parameters for each supported curve were generated
 /// with the following Sage script scripts/anemoi-hash/parameters.sage .

From 3e3fb66b28b719ee3311625d40656d8a919b30c0 Mon Sep 17 00:00:00 2001
From: Duncan Tebbs <duncan.tebbs@gmail.com>
Date: Wed, 25 Jan 2023 11:45:09 +0000
Subject: [PATCH 103/112] WIP: anemoi test tweaks

---
 .../anemoi/tests/test_anemoi_gadget.cpp       | 60 ++++++++++++-------
 1 file changed, 40 insertions(+), 20 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
index 6b8e91f74..8ebd61a70 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
@@ -237,7 +237,9 @@ template<
     typename ppT,
     size_t NumStateColumns_L,
     class parameters = anemoi_parameters<libff::Fr<ppT>>>
-void test_anemoi_permutation_round_prime_field_gadget()
+void test_anemoi_permutation_round_prime_field_gadget(
+    expected_round_values_fn_t *expected_round_values_fn)
+
 {
     using FieldT = libff::Fr<ppT>;
 
@@ -293,12 +295,12 @@ void test_anemoi_permutation_round_prime_field_gadget()
     // generate witness for the given input
     d.generate_r1cs_witness();
 
-    std::vector<FieldT> Y_expect =
-        anemoi_expected_output_one_round(NumStateColumns_L);
-
-    for (size_t i = 0; i < NumStateColumns_L; i++) {
-        ASSERT_EQ(Y_expect[i], pb.val(Y_left[i]));
-        ASSERT_EQ(Y_expect[NumStateColumns_L + i], pb.val(Y_right[i]));
+    if (expected_round_values_fn) {
+        Y_expect = expected_round_values_fn(NumStateColumns_L);
+        for (size_t i = 0; i < NumStateColumns_L; i++) {
+            ASSERT_EQ(Y_expect[i], pb.val(Y_left[i]));
+            ASSERT_EQ(Y_expect[NumStateColumns_L + i], pb.val(Y_right[i]));
+        }
     }
 
     ASSERT_TRUE(pb.is_satisfied());
@@ -345,11 +347,8 @@ void test_anemoi_permutation_mds()
     libff::print_time("anemoi_permutation_mds tests successful");
 }
 
-template<typename ppT> void test_for_curve()
+void test_intermediate_gadgetss_bls12_381()
 {
-    // Execute all tests for the given curve.
-
-    ppT::init_public_params();
     // Use debug parameters with small values for the small gadgets
     using parameters_debug = parameters_debug_bls12_381;
     test_flystel_Q_gamma_prime_field_gadget<ppT, parameters_debug>();
@@ -357,18 +356,35 @@ template<typename ppT> void test_for_curve()
     test_flystel_E_power_five_gadget<ppT>();
     test_flystel_E_root_five_gadget<ppT, parameters_debug>();
     test_flystel_prime_field_gadget<ppT, parameters_debug>();
+}
+
+template<typename ppT>
+using expected_round_values_fn_t = std::function < size_t,
+      std::vector<libff::Fr<ppT>>;
+
+template<typename ppT>
+void test_for_curve(
+    expected_round_values_fn_t<ppT> *expected_round_values_fn = 0)
+{
+    // Execute all tests for the given curve.
+
     // Use the original parameters for the full permutation
+
     using parameters = anemoi_parameters<ppT>;
-    test_anemoi_permutation_round_prime_field_gadget<ppT, 1, parameters>();
-    test_anemoi_permutation_round_prime_field_gadget<ppT, 2, parameters>();
-    test_anemoi_permutation_round_prime_field_gadget<ppT, 3, parameters>();
-    test_anemoi_permutation_round_prime_field_gadget<ppT, 4, parameters>();
+    test_anemoi_permutation_round_prime_field_gadget<ppT, 1, parameters>(
+        expected_round_values_fn);
+    test_anemoi_permutation_round_prime_field_gadget<ppT, 2, parameters>(
+        expected_round_values_fn);
+    test_anemoi_permutation_round_prime_field_gadget<ppT, 3, parameters>(
+        expected_round_values_fn);
+    test_anemoi_permutation_round_prime_field_gadget<ppT, 4, parameters>(
+        expected_round_values_fn);
     test_anemoi_permutation_mds<ppT, parameters>();
 }
 
-template<typename ppT, class parameters = anemoi_parameters<libff::Fr<ppT>>>
-void test_curve_parameters()
+template<typename ppT> void test_curve_parameters()
 {
+    using parameters = anemoi_parameters<ppT>;
     printf("g = %zd\n", parameters::multiplicative_generator_g);
     printf("alpha = %zd\n", parameters::alpha);
     printf("beta = %zd\n", parameters::beta);
@@ -380,12 +396,14 @@ void test_curve_parameters()
     parameters::delta.print();
 }
 
-TEST(TestAnemoiGadget, BLS12_381) { test_for_curve<libff::bls12_381_pp>(); }
+TEST(TestAnemoiGadget, BLS12_381)
+{
+    test_for_curve<libff::bls12_381_pp>(&anemoi_expected_output_one_round);
+}
 
 TEST(TestCurveParameters, BLS12_381)
 {
-    using parameters = anemoi_parameters<libff::bls12_381_pp>;
-    test_curve_parameters<libff::bls12_381_pp, parameters>();
+    test_curve_parameters<libff::bls12_381_pp>();
 }
 
 TEST(TestCurveParameters, BLS12_377)
@@ -415,12 +433,14 @@ TEST(TestCurveParameters, BW6_761)
 TEST(TestCurveParameters, BN128)
 {
     using parameters = anemoi_parameters<libff::bn128_pp>;
+    test_for_curve<libff : bn128_pp>();
     test_curve_parameters<libff::bn128_pp, parameters>();
 }
 
 TEST(TestCurveParameters, ALT_BN128)
 {
     using parameters = anemoi_parameters<libff::alt_bn128_pp>;
+    test_for_curve<libff::bn128_pp>();
     test_curve_parameters<libff::alt_bn128_pp, parameters>();
 }
 

From bb7fee59b5652a76d808671d7b10f7c5fc68800c Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Thu, 26 Jan 2023 10:08:58 +0000
Subject: [PATCH 104/112] anemoi: added tests for gadget instatiations for all
 curves
 (https://github.com/clearmatics/libsnark/pull/106#discussion_r1085118089)

---
 .../hashes/anemoi/tests/anemoi_outputs.hpp    |  5 ++
 .../anemoi/tests/test_anemoi_gadget.cpp       | 69 ++++++++++---------
 2 files changed, 43 insertions(+), 31 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/anemoi_outputs.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/anemoi_outputs.hpp
index d539d3fab..e97861566 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/anemoi_outputs.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/anemoi_outputs.hpp
@@ -8,6 +8,7 @@
 #ifndef LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_TESTS_ANEMOI_OUTPUTS_HPP_
 #define LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_TESTS_ANEMOI_OUTPUTS_HPP_
 
+#include <functional>
 #include <libff/algebra/curves/bls12_381/bls12_381_init.hpp>
 #include <libff/algebra/curves/bls12_381/bls12_381_pp.hpp>
 #include <vector>
@@ -24,6 +25,10 @@ namespace libsnark
 std::vector<libff::Fr<libff::bls12_381_pp>> anemoi_expected_output_one_round(
     const size_t &NumStateColumns_L);
 
+template<typename ppT>
+using expected_round_values_fn_t =
+    std::function<std::vector<libff::Fr<ppT>>(const size_t)>;
+
 } // namespace libsnark
 
 #endif // LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_TESTS_ANEMOI_OUTPUTS_HPP_
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
index 8ebd61a70..5b89052d1 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
@@ -238,7 +238,7 @@ template<
     size_t NumStateColumns_L,
     class parameters = anemoi_parameters<libff::Fr<ppT>>>
 void test_anemoi_permutation_round_prime_field_gadget(
-    expected_round_values_fn_t *expected_round_values_fn)
+    expected_round_values_fn_t<ppT> expected_round_values_fn)
 
 {
     using FieldT = libff::Fr<ppT>;
@@ -296,7 +296,8 @@ void test_anemoi_permutation_round_prime_field_gadget(
     d.generate_r1cs_witness();
 
     if (expected_round_values_fn) {
-        Y_expect = expected_round_values_fn(NumStateColumns_L);
+        std::vector<FieldT> Y_expect =
+            expected_round_values_fn(NumStateColumns_L);
         for (size_t i = 0; i < NumStateColumns_L; i++) {
             ASSERT_EQ(Y_expect[i], pb.val(Y_left[i]));
             ASSERT_EQ(Y_expect[NumStateColumns_L + i], pb.val(Y_right[i]));
@@ -310,9 +311,11 @@ void test_anemoi_permutation_round_prime_field_gadget(
         "anemoi_permutation_round_prime_field_gadget tests successful");
 }
 
-template<typename ppT, class parameters = anemoi_parameters<libff::Fr<ppT>>>
-void test_anemoi_permutation_mds()
+void test_anemoi_permutation_mds_bls12_381()
 {
+    using ppT = libff::bls12_381_pp;
+    using FieldT = libff::Fr<ppT>;
+
     // anemoi_permutation_mds<ppT, NumStateColumnsL>::permutation_mds()
     using FieldT = libff::Fr<ppT>;
     const FieldT g = anemoi_parameters<ppT>::multiplicative_generator_g;
@@ -347,7 +350,7 @@ void test_anemoi_permutation_mds()
     libff::print_time("anemoi_permutation_mds tests successful");
 }
 
-void test_intermediate_gadgetss_bls12_381()
+template<typename ppT> void test_intermediate_gadgets_bls12_381()
 {
     // Use debug parameters with small values for the small gadgets
     using parameters_debug = parameters_debug_bls12_381;
@@ -356,20 +359,14 @@ void test_intermediate_gadgetss_bls12_381()
     test_flystel_E_power_five_gadget<ppT>();
     test_flystel_E_root_five_gadget<ppT, parameters_debug>();
     test_flystel_prime_field_gadget<ppT, parameters_debug>();
+    test_anemoi_permutation_mds_bls12_381();
 }
 
-template<typename ppT>
-using expected_round_values_fn_t = std::function < size_t,
-      std::vector<libff::Fr<ppT>>;
-
 template<typename ppT>
 void test_for_curve(
-    expected_round_values_fn_t<ppT> *expected_round_values_fn = 0)
+    expected_round_values_fn_t<ppT> expected_round_values_fn = 0)
 {
-    // Execute all tests for the given curve.
-
     // Use the original parameters for the full permutation
-
     using parameters = anemoi_parameters<ppT>;
     test_anemoi_permutation_round_prime_field_gadget<ppT, 1, parameters>(
         expected_round_values_fn);
@@ -379,7 +376,6 @@ void test_for_curve(
         expected_round_values_fn);
     test_anemoi_permutation_round_prime_field_gadget<ppT, 4, parameters>(
         expected_round_values_fn);
-    test_anemoi_permutation_mds<ppT, parameters>();
 }
 
 template<typename ppT> void test_curve_parameters()
@@ -398,50 +394,61 @@ template<typename ppT> void test_curve_parameters()
 
 TEST(TestAnemoiGadget, BLS12_381)
 {
-    test_for_curve<libff::bls12_381_pp>(&anemoi_expected_output_one_round);
+    test_intermediate_gadgets_bls12_381<libff::bls12_381_pp>();
 }
 
 TEST(TestCurveParameters, BLS12_381)
 {
     test_curve_parameters<libff::bls12_381_pp>();
+    test_for_curve<libff::bls12_381_pp>(&anemoi_expected_output_one_round);
 }
 
 TEST(TestCurveParameters, BLS12_377)
 {
-    using parameters = anemoi_parameters<libff::bls12_377_pp>;
-    test_curve_parameters<libff::bls12_377_pp, parameters>();
+    test_curve_parameters<libff::bls12_377_pp>();
+    // TODO For BLS12_377 alpha = 11, which is the first value for
+    // which alpha is co-prime to r-1, required for the inverse
+    // alpha^-1 to exist (r is the modulus of Fr). ATM we have a gadget
+    // only for alpha = 5 (flystel_E_power_five_gadget), but not for
+    // alpha = 11. For this reason test_for_curve does not run on
+    // BLS12_377.
+    // test_for_curve<libff::bls12_377_pp>();
 }
 
-TEST(TestCurveParameters, MNT4)
+TEST(TestCurveParameters, MNT6)
 {
-    using parameters = anemoi_parameters<libff::mnt4_pp>;
-    test_curve_parameters<libff::mnt4_pp, parameters>();
+    test_curve_parameters<libff::mnt6_pp>();
+    // TODO For MNT6 alpha = 11, which is the first value for
+    // which alpha is co-prime to r-1, required for the inverse
+    // alpha^-1 to exist (r is the modulus of Fr). ATM we have a gadget
+    // only for alpha = 5 (flystel_E_power_five_gadget), but not for
+    // alpha = 11. For this reason test_for_curve does not run on
+    // MNT6.
+    // test_for_curve<libff::mnt6_pp>();
 }
 
-TEST(TestCurveParameters, MNT6)
+TEST(TestCurveParameters, MNT4)
 {
-    using parameters = anemoi_parameters<libff::mnt6_pp>;
-    test_curve_parameters<libff::mnt6_pp, parameters>();
+    test_curve_parameters<libff::mnt4_pp>();
+    test_for_curve<libff::mnt4_pp>();
 }
 
 TEST(TestCurveParameters, BW6_761)
 {
-    using parameters = anemoi_parameters<libff::bw6_761_pp>;
-    test_curve_parameters<libff::bw6_761_pp, parameters>();
+    test_curve_parameters<libff::bw6_761_pp>();
+    test_for_curve<libff::bw6_761_pp>();
 }
 
 TEST(TestCurveParameters, BN128)
 {
-    using parameters = anemoi_parameters<libff::bn128_pp>;
-    test_for_curve<libff : bn128_pp>();
-    test_curve_parameters<libff::bn128_pp, parameters>();
+    test_curve_parameters<libff::bn128_pp>();
+    test_for_curve<libff::bn128_pp>();
 }
 
 TEST(TestCurveParameters, ALT_BN128)
 {
-    using parameters = anemoi_parameters<libff::alt_bn128_pp>;
-    test_for_curve<libff::bn128_pp>();
-    test_curve_parameters<libff::alt_bn128_pp, parameters>();
+    test_curve_parameters<libff::alt_bn128_pp>();
+    test_for_curve<libff::alt_bn128_pp>();
 }
 
 int main(int argc, char **argv)

From bbafbdd8800db0d9196efd7f1dd387bd8e3b503a Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Fri, 3 Feb 2023 12:26:28 +0000
Subject: [PATCH 105/112] anemoi: removed test_curve_parameters as obsolete now
 that we have test_for_curve
 (https://github.com/clearmatics/libsnark/pull/106#discussion_r1095600595);
 removed template specialization for test_intermediate_gadgets_bls12_381
 (https://github.com/clearmatics/libsnark/pull/106#discussion_r1095589629).

---
 .../anemoi/tests/test_anemoi_gadget.cpp       | 55 ++++---------------
 1 file changed, 10 insertions(+), 45 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
index 5b89052d1..4af878acd 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
@@ -350,8 +350,9 @@ void test_anemoi_permutation_mds_bls12_381()
     libff::print_time("anemoi_permutation_mds tests successful");
 }
 
-template<typename ppT> void test_intermediate_gadgets_bls12_381()
+void test_intermediate_gadgets_bls12_381()
 {
+    using ppT = libff::bls12_381_pp;
     // Use debug parameters with small values for the small gadgets
     using parameters_debug = parameters_debug_bls12_381;
     test_flystel_Q_gamma_prime_field_gadget<ppT, parameters_debug>();
@@ -378,34 +379,15 @@ void test_for_curve(
         expected_round_values_fn);
 }
 
-template<typename ppT> void test_curve_parameters()
-{
-    using parameters = anemoi_parameters<ppT>;
-    printf("g = %zd\n", parameters::multiplicative_generator_g);
-    printf("alpha = %zd\n", parameters::alpha);
-    printf("beta = %zd\n", parameters::beta);
-    printf("gamma = %zd\n", parameters::gamma);
-    printf("quad_exponent = %zd\n", parameters::quad_exponent);
-    printf("alpha_inv = ");
-    parameters::alpha_inv.print();
-    printf("delta = ");
-    parameters::delta.print();
-}
-
-TEST(TestAnemoiGadget, BLS12_381)
-{
-    test_intermediate_gadgets_bls12_381<libff::bls12_381_pp>();
-}
+TEST(TestAnemoiGadget, BLS12_381) { test_intermediate_gadgets_bls12_381(); }
 
-TEST(TestCurveParameters, BLS12_381)
+TEST(TestForCurve, BLS12_381)
 {
-    test_curve_parameters<libff::bls12_381_pp>();
     test_for_curve<libff::bls12_381_pp>(&anemoi_expected_output_one_round);
 }
 
-TEST(TestCurveParameters, BLS12_377)
+TEST(TestForCurve, BLS12_377)
 {
-    test_curve_parameters<libff::bls12_377_pp>();
     // TODO For BLS12_377 alpha = 11, which is the first value for
     // which alpha is co-prime to r-1, required for the inverse
     // alpha^-1 to exist (r is the modulus of Fr). ATM we have a gadget
@@ -415,9 +397,8 @@ TEST(TestCurveParameters, BLS12_377)
     // test_for_curve<libff::bls12_377_pp>();
 }
 
-TEST(TestCurveParameters, MNT6)
+TEST(TestForCurve, MNT6)
 {
-    test_curve_parameters<libff::mnt6_pp>();
     // TODO For MNT6 alpha = 11, which is the first value for
     // which alpha is co-prime to r-1, required for the inverse
     // alpha^-1 to exist (r is the modulus of Fr). ATM we have a gadget
@@ -427,29 +408,13 @@ TEST(TestCurveParameters, MNT6)
     // test_for_curve<libff::mnt6_pp>();
 }
 
-TEST(TestCurveParameters, MNT4)
-{
-    test_curve_parameters<libff::mnt4_pp>();
-    test_for_curve<libff::mnt4_pp>();
-}
+TEST(TestForCurve, MNT4) { test_for_curve<libff::mnt4_pp>(); }
 
-TEST(TestCurveParameters, BW6_761)
-{
-    test_curve_parameters<libff::bw6_761_pp>();
-    test_for_curve<libff::bw6_761_pp>();
-}
+TEST(TestForCurve, BW6_761) { test_for_curve<libff::bw6_761_pp>(); }
 
-TEST(TestCurveParameters, BN128)
-{
-    test_curve_parameters<libff::bn128_pp>();
-    test_for_curve<libff::bn128_pp>();
-}
+TEST(TestForCurve, BN128) { test_for_curve<libff::bn128_pp>(); }
 
-TEST(TestCurveParameters, ALT_BN128)
-{
-    test_curve_parameters<libff::alt_bn128_pp>();
-    test_for_curve<libff::alt_bn128_pp>();
-}
+TEST(TestForCurve, ALT_BN128) { test_for_curve<libff::alt_bn128_pp>(); }
 
 int main(int argc, char **argv)
 {

From 644dde8db0544ea3ad08ad0c403d26353a1128d6 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Fri, 27 Jan 2023 13:20:50 +0000
Subject: [PATCH 106/112] anemoi: added the number of rounds for each instance
 and for each curve inside the parameters class; modified the SAGE script
 accordingly

---
 .../hashes/anemoi/anemoi_parameters.hpp       |   6 +
 .../anemoi/anemoi_parameters_alt_bn128.tcc    |   7 +
 .../anemoi/anemoi_parameters_bls12_377.tcc    |   7 +
 .../anemoi/anemoi_parameters_bls12_381.tcc    |   7 +
 .../hashes/anemoi/anemoi_parameters_bn128.tcc |   7 +
 .../anemoi/anemoi_parameters_bw6_761.tcc      |   7 +
 .../hashes/anemoi/anemoi_parameters_mnt4.tcc  |   7 +
 .../hashes/anemoi/anemoi_parameters_mnt6.tcc  |   7 +
 scripts/anemoi-hash/parameters.sage           | 487 ++++++++++++++++--
 9 files changed, 510 insertions(+), 32 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.hpp
index 2b97adde8..95b52a56b 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters.hpp
@@ -36,6 +36,12 @@ namespace libsnark
 /// - quad_exponent    : quadratic exponent applied in the mappings Q_gamma,
 ///                      Q_delta. Note that quad_exponent=2 for prime fields and
 ///                      quad_exponent=3 for binary fields
+/// - nrounds128       : array of total number of rounds for instances with
+///                      different number of columns e.g. 1,2,3,4 and 128-bit
+///                      security
+/// - nrounds256       : array of total number of rounds for instances with
+///                      different number of columns e.g. 1,2,3,4 and 256-bit
+///                      security
 /// - C_constants_col_"num_cols", D_constants_col_"num_cols" : the C
 ///                      and D round constants of the Anemoi
 ///                      permutation for a state with 1,2,3 or 4
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_alt_bn128.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_alt_bn128.tcc
index 8c0b2dd52..aebf5d721 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_alt_bn128.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_alt_bn128.tcc
@@ -29,6 +29,8 @@ public:
     static constexpr size_t quad_exponent = 2;
     static const BignumT alpha_inv;
     static const BignumT delta;
+    static const std::vector<size_t> nrounds128;
+    static const std::vector<size_t> nrounds256;
     static const std::vector<std::vector<BignumT>> C_constants_col_one;
     static const std::vector<std::vector<BignumT>> D_constants_col_one;
     static const std::vector<std::vector<BignumT>> C_constants_col_two;
@@ -39,6 +41,11 @@ public:
     static const std::vector<std::vector<BignumT>> D_constants_col_four;
 };
 
+const std::vector<size_t> anemoi_parameters<libff::alt_bn128_pp>::nrounds128 = {
+    19, 12, 10, 10};
+const std::vector<size_t> anemoi_parameters<libff::alt_bn128_pp>::nrounds256 = {
+    35, 20, 15, 14};
+
 const anemoi_parameters<libff::alt_bn128_pp>::BignumT
     anemoi_parameters<libff::alt_bn128_pp>::alpha_inv =
         anemoi_parameters<libff::alt_bn128_pp>::BignumT(
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_bls12_377.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_bls12_377.tcc
index 31517433e..2547b7958 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_bls12_377.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_bls12_377.tcc
@@ -29,6 +29,8 @@ public:
     static constexpr size_t quad_exponent = 2;
     static const BignumT alpha_inv;
     static const BignumT delta;
+    static const std::vector<size_t> nrounds128;
+    static const std::vector<size_t> nrounds256;
     static const std::vector<std::vector<BignumT>> C_constants_col_one;
     static const std::vector<std::vector<BignumT>> D_constants_col_one;
     static const std::vector<std::vector<BignumT>> C_constants_col_two;
@@ -39,6 +41,11 @@ public:
     static const std::vector<std::vector<BignumT>> D_constants_col_four;
 };
 
+const std::vector<size_t> anemoi_parameters<libff::bls12_377_pp>::nrounds128 = {
+    18, 11, 10, 10};
+const std::vector<size_t> anemoi_parameters<libff::bls12_377_pp>::nrounds256 = {
+    34, 19, 15, 13};
+
 const anemoi_parameters<libff::bls12_377_pp>::BignumT
     anemoi_parameters<libff::bls12_377_pp>::alpha_inv =
         anemoi_parameters<libff::bls12_377_pp>::BignumT(
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_bls12_381.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_bls12_381.tcc
index 44030fab7..b1c5aafd5 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_bls12_381.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_bls12_381.tcc
@@ -30,6 +30,8 @@ public:
     static constexpr size_t quad_exponent = 2;
     static const BignumT alpha_inv;
     static const BignumT delta;
+    static const std::vector<size_t> nrounds128;
+    static const std::vector<size_t> nrounds256;
     static const std::vector<std::vector<BignumT>> C_constants_col_one;
     static const std::vector<std::vector<BignumT>> D_constants_col_one;
     static const std::vector<std::vector<BignumT>> C_constants_col_two;
@@ -40,6 +42,11 @@ public:
     static const std::vector<std::vector<BignumT>> D_constants_col_four;
 };
 
+const std::vector<size_t> anemoi_parameters<libff::bls12_381_pp>::nrounds128 = {
+    19, 12, 10, 10};
+const std::vector<size_t> anemoi_parameters<libff::bls12_381_pp>::nrounds256 = {
+    35, 20, 15, 14};
+
 const anemoi_parameters<libff::bls12_381_pp>::BignumT
     anemoi_parameters<libff::bls12_381_pp>::alpha_inv =
         anemoi_parameters<libff::bls12_381_pp>::BignumT(
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_bn128.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_bn128.tcc
index cd5ed523a..c1d81f353 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_bn128.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_bn128.tcc
@@ -29,6 +29,8 @@ public:
     static constexpr size_t quad_exponent = 2;
     static const BignumT alpha_inv;
     static const BignumT delta;
+    static const std::vector<size_t> nrounds128;
+    static const std::vector<size_t> nrounds256;
     static const std::vector<std::vector<BignumT>> C_constants_col_one;
     static const std::vector<std::vector<BignumT>> D_constants_col_one;
     static const std::vector<std::vector<BignumT>> C_constants_col_two;
@@ -39,6 +41,11 @@ public:
     static const std::vector<std::vector<BignumT>> D_constants_col_four;
 };
 
+const std::vector<size_t> anemoi_parameters<libff::bn128_pp>::nrounds128 = {
+    19, 12, 10, 10};
+const std::vector<size_t> anemoi_parameters<libff::bn128_pp>::nrounds256 = {
+    35, 20, 15, 14};
+
 const anemoi_parameters<libff::bn128_pp>::BignumT
     anemoi_parameters<libff::bn128_pp>::alpha_inv =
         anemoi_parameters<libff::bn128_pp>::BignumT(
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_bw6_761.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_bw6_761.tcc
index 604cd333f..0e1297240 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_bw6_761.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_bw6_761.tcc
@@ -29,6 +29,8 @@ public:
     static constexpr size_t quad_exponent = 2;
     static const BignumT alpha_inv;
     static const BignumT delta;
+    static const std::vector<size_t> nrounds128;
+    static const std::vector<size_t> nrounds256;
     static const std::vector<std::vector<BignumT>> C_constants_col_one;
     static const std::vector<std::vector<BignumT>> D_constants_col_one;
     static const std::vector<std::vector<BignumT>> C_constants_col_two;
@@ -39,6 +41,11 @@ public:
     static const std::vector<std::vector<BignumT>> D_constants_col_four;
 };
 
+const std::vector<size_t> anemoi_parameters<libff::bw6_761_pp>::nrounds128 = {
+    19, 12, 10, 10};
+const std::vector<size_t> anemoi_parameters<libff::bw6_761_pp>::nrounds256 = {
+    35, 20, 15, 14};
+
 const anemoi_parameters<libff::bw6_761_pp>::BignumT
     anemoi_parameters<libff::bw6_761_pp>::alpha_inv =
         anemoi_parameters<libff::bw6_761_pp>::BignumT(
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_mnt4.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_mnt4.tcc
index 1f0176acb..6ced47463 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_mnt4.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_mnt4.tcc
@@ -29,6 +29,8 @@ public:
     static constexpr size_t quad_exponent = 2;
     static const BignumT alpha_inv;
     static const BignumT delta;
+    static const std::vector<size_t> nrounds128;
+    static const std::vector<size_t> nrounds256;
     static const std::vector<std::vector<BignumT>> C_constants_col_one;
     static const std::vector<std::vector<BignumT>> D_constants_col_one;
     static const std::vector<std::vector<BignumT>> C_constants_col_two;
@@ -39,6 +41,11 @@ public:
     static const std::vector<std::vector<BignumT>> D_constants_col_four;
 };
 
+const std::vector<size_t> anemoi_parameters<libff::mnt4_pp>::nrounds128 = {
+    19, 12, 10, 10};
+const std::vector<size_t> anemoi_parameters<libff::mnt4_pp>::nrounds256 = {
+    35, 20, 15, 14};
+
 const anemoi_parameters<libff::mnt4_pp>::BignumT
     anemoi_parameters<libff::mnt4_pp>::alpha_inv =
         anemoi_parameters<libff::mnt4_pp>::BignumT(
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_mnt6.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_mnt6.tcc
index 09a2a00a2..264b8185e 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_mnt6.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_parameters_mnt6.tcc
@@ -29,6 +29,8 @@ public:
     static constexpr size_t quad_exponent = 2;
     static const BignumT alpha_inv;
     static const BignumT delta;
+    static const std::vector<size_t> nrounds128;
+    static const std::vector<size_t> nrounds256;
     static const std::vector<std::vector<BignumT>> C_constants_col_one;
     static const std::vector<std::vector<BignumT>> D_constants_col_one;
     static const std::vector<std::vector<BignumT>> C_constants_col_two;
@@ -39,6 +41,11 @@ public:
     static const std::vector<std::vector<BignumT>> D_constants_col_four;
 };
 
+const std::vector<size_t> anemoi_parameters<libff::mnt6_pp>::nrounds128 = {
+    18, 11, 10, 10};
+const std::vector<size_t> anemoi_parameters<libff::mnt6_pp>::nrounds256 = {
+    34, 19, 15, 13};
+
 const anemoi_parameters<libff::mnt6_pp>::BignumT
     anemoi_parameters<libff::mnt6_pp>::alpha_inv =
         anemoi_parameters<libff::mnt6_pp>::BignumT(
diff --git a/scripts/anemoi-hash/parameters.sage b/scripts/anemoi-hash/parameters.sage
index 411b2b488..6f782ed41 100644
--- a/scripts/anemoi-hash/parameters.sage
+++ b/scripts/anemoi-hash/parameters.sage
@@ -10,7 +10,54 @@ from constants import *
 
 load('anemoi.sage')
 
-def anemoi_instances_bls12_381(A):
+def anemoi_get_nrounds(A):
+    nrounds = []
+    for i in range(len(A)):
+        nrounds.append(A[i][1].n_rounds)
+    return nrounds
+    
+def anemoi128_instances_bls12_381(A):
+
+    # - 128-bit security level instantiations
+    # -- BLS12_381_SCALRFIELD
+    # --- 1 col
+    A_BLS_12_381_SCALARFIELD_1_COL_128_BITS = AnemoiPermutation(
+        q=BLS12_381_SCALARFIELD,
+        n_cols=1,
+        security_level=128
+    )
+    A.append(
+        ("A_BLS_12_381_SCALARFIELD_1_COL_128_BITS",
+         A_BLS_12_381_SCALARFIELD_1_COL_128_BITS))
+    # --- 2 col    
+    A_BLS_12_381_SCALARFIELD_2_COL_128_BITS = AnemoiPermutation(
+        q=BLS12_381_SCALARFIELD,
+        n_cols=2,
+        security_level=128
+    )
+    A.append(
+        ("A_BLS_12_381_SCALARFIELD_2_COL_128_BITS",
+         A_BLS_12_381_SCALARFIELD_2_COL_128_BITS))    
+    # --- 3 col    
+    A_BLS_12_381_SCALARFIELD_3_COL_128_BITS = AnemoiPermutation(
+        q=BLS12_381_SCALARFIELD,
+        n_cols=3,
+        security_level=128
+    )
+    A.append(
+        ("A_BLS_12_381_SCALARFIELD_3_COL_128_BITS",
+         A_BLS_12_381_SCALARFIELD_3_COL_128_BITS))    
+    # ---4 col    
+    A_BLS_12_381_SCALARFIELD_4_COL_128_BITS = AnemoiPermutation(
+        q=BLS12_381_SCALARFIELD,
+        n_cols=4,
+        security_level=128
+    )
+    A.append(
+        ("A_BLS_12_381_SCALARFIELD_4_COL_128_BITS",
+         A_BLS_12_381_SCALARFIELD_4_COL_128_BITS))
+    
+def anemoi256_instances_bls12_381(A):
 
     # - 256-bit security level instantiations
     # -- BLS12_381_SCALRFIELD
@@ -51,7 +98,57 @@ def anemoi_instances_bls12_381(A):
         ("A_BLS_12_381_SCALARFIELD_4_COL_256_BITS",
          A_BLS_12_381_SCALARFIELD_4_COL_256_BITS))
     
-def anemoi_instances_bls12_377(A):
+def anemoi_bls12_381_nrounds():
+    A = []
+    anemoi128_instances_bls12_381(A)
+    nrounds128 = anemoi_get_nrounds(A)
+    A = []
+    anemoi256_instances_bls12_381(A)
+    nrounds256 = anemoi_get_nrounds(A)
+    return nrounds128, nrounds256
+    
+def anemoi128_instances_bls12_377(A):
+
+    # - 128-bit security level instantiations
+    # -- BLS12_377_SCALRFIELD
+    # --- 1 col
+    A_BLS_12_377_SCALARFIELD_1_COL_128_BITS = AnemoiPermutation(
+        q=BLS12_377_SCALARFIELD,
+        n_cols=1,
+        security_level=128
+    )
+    A.append(
+        ("A_BLS_12_377_SCALARFIELD_1_COL_128_BITS",
+         A_BLS_12_377_SCALARFIELD_1_COL_128_BITS))
+    # --- 2 col    
+    A_BLS_12_377_SCALARFIELD_2_COL_128_BITS = AnemoiPermutation(
+        q=BLS12_377_SCALARFIELD,
+        n_cols=2,
+        security_level=128
+    )
+    A.append(
+        ("A_BLS_12_377_SCALARFIELD_2_COL_128_BITS",
+         A_BLS_12_377_SCALARFIELD_2_COL_128_BITS))    
+    # --- 3 col    
+    A_BLS_12_377_SCALARFIELD_3_COL_128_BITS = AnemoiPermutation(
+        q=BLS12_377_SCALARFIELD,
+        n_cols=3,
+        security_level=128
+    )
+    A.append(
+        ("A_BLS_12_377_SCALARFIELD_3_COL_128_BITS",
+         A_BLS_12_377_SCALARFIELD_3_COL_128_BITS))    
+    # ---4 col    
+    A_BLS_12_377_SCALARFIELD_4_COL_128_BITS = AnemoiPermutation(
+        q=BLS12_377_SCALARFIELD,
+        n_cols=4,
+        security_level=128
+    )
+    A.append(
+        ("A_BLS_12_377_SCALARFIELD_4_COL_128_BITS",
+         A_BLS_12_377_SCALARFIELD_4_COL_128_BITS))
+    
+def anemoi256_instances_bls12_377(A):
 
     # - 256-bit security level instantiations
     # -- BLS12_377_SCALRFIELD
@@ -91,8 +188,58 @@ def anemoi_instances_bls12_377(A):
     A.append(
         ("A_BLS_12_377_SCALARFIELD_4_COL_256_BITS",
          A_BLS_12_377_SCALARFIELD_4_COL_256_BITS))
+
+def anemoi_bls12_377_nrounds():
+    A = []
+    anemoi128_instances_bls12_377(A)
+    nrounds128 = anemoi_get_nrounds(A)
+    A = []
+    anemoi256_instances_bls12_377(A)
+    nrounds256 = anemoi_get_nrounds(A)
+    return nrounds128, nrounds256
+        
+def anemoi128_instances_mnt4(A):
+
+    # - 128-bit security level instantiations
+    # -- MNT4_SCALRFIELD
+    # --- 1 col
+    A_MNT4_SCALARFIELD_1_COL_128_BITS = AnemoiPermutation(
+        q=MNT4_SCALARFIELD,
+        n_cols=1,
+        security_level=128
+    )
+    A.append(
+        ("A_MNT4_SCALARFIELD_1_COL_128_BITS",
+         A_MNT4_SCALARFIELD_1_COL_128_BITS))
+    # --- 2 col    
+    A_MNT4_SCALARFIELD_2_COL_128_BITS = AnemoiPermutation(
+        q=MNT4_SCALARFIELD,
+        n_cols=2,
+        security_level=128
+    )
+    A.append(
+        ("A_MNT4_SCALARFIELD_2_COL_128_BITS",
+         A_MNT4_SCALARFIELD_2_COL_128_BITS))    
+    # --- 3 col    
+    A_MNT4_SCALARFIELD_3_COL_128_BITS = AnemoiPermutation(
+        q=MNT4_SCALARFIELD,
+        n_cols=3,
+        security_level=128
+    )
+    A.append(
+        ("A_MNT4_SCALARFIELD_3_COL_128_BITS",
+         A_MNT4_SCALARFIELD_3_COL_128_BITS))    
+    # ---4 col    
+    A_MNT4_SCALARFIELD_4_COL_128_BITS = AnemoiPermutation(
+        q=MNT4_SCALARFIELD,
+        n_cols=4,
+        security_level=128
+    )
+    A.append(
+        ("A_MNT4_SCALARFIELD_4_COL_128_BITS",
+         A_MNT4_SCALARFIELD_4_COL_128_BITS))
     
-def anemoi_instances_mnt4(A):
+def anemoi256_instances_mnt4(A):
 
     # - 256-bit security level instantiations
     # -- MNT4_SCALRFIELD
@@ -133,7 +280,57 @@ def anemoi_instances_mnt4(A):
         ("A_MNT4_SCALARFIELD_4_COL_256_BITS",
          A_MNT4_SCALARFIELD_4_COL_256_BITS))
     
-def anemoi_instances_mnt6(A):
+def anemoi_mnt4_nrounds():
+    A = []
+    anemoi128_instances_mnt4(A)
+    nrounds128 = anemoi_get_nrounds(A)
+    A = []
+    anemoi256_instances_mnt4(A)
+    nrounds256 = anemoi_get_nrounds(A)
+    return nrounds128, nrounds256
+        
+def anemoi128_instances_mnt6(A):
+
+    # - 128-bit security level instantiations
+    # -- MNT6_SCALRFIELD
+    # --- 1 col
+    A_MNT6_SCALARFIELD_1_COL_128_BITS = AnemoiPermutation(
+        q=MNT6_SCALARFIELD,
+        n_cols=1,
+        security_level=128
+    )
+    A.append(
+        ("A_MNT6_SCALARFIELD_1_COL_128_BITS",
+         A_MNT6_SCALARFIELD_1_COL_128_BITS))
+    # --- 2 col    
+    A_MNT6_SCALARFIELD_2_COL_128_BITS = AnemoiPermutation(
+        q=MNT6_SCALARFIELD,
+        n_cols=2,
+        security_level=128
+    )
+    A.append(
+        ("A_MNT6_SCALARFIELD_2_COL_128_BITS",
+         A_MNT6_SCALARFIELD_2_COL_128_BITS))    
+    # --- 3 col    
+    A_MNT6_SCALARFIELD_3_COL_128_BITS = AnemoiPermutation(
+        q=MNT6_SCALARFIELD,
+        n_cols=3,
+        security_level=128
+    )
+    A.append(
+        ("A_MNT6_SCALARFIELD_3_COL_128_BITS",
+         A_MNT6_SCALARFIELD_3_COL_128_BITS))    
+    # ---4 col    
+    A_MNT6_SCALARFIELD_4_COL_128_BITS = AnemoiPermutation(
+        q=MNT6_SCALARFIELD,
+        n_cols=4,
+        security_level=128
+    )
+    A.append(
+        ("A_MNT6_SCALARFIELD_4_COL_128_BITS",
+         A_MNT6_SCALARFIELD_4_COL_128_BITS))
+    
+def anemoi256_instances_mnt6(A):
 
     # - 256-bit security level instantiations
     # -- MNT6_SCALRFIELD
@@ -174,7 +371,57 @@ def anemoi_instances_mnt6(A):
         ("A_MNT6_SCALARFIELD_4_COL_256_BITS",
          A_MNT6_SCALARFIELD_4_COL_256_BITS))
     
-def anemoi_instances_bw6_761(A):
+def anemoi_mnt6_nrounds():
+    A = []
+    anemoi128_instances_mnt6(A)
+    nrounds128 = anemoi_get_nrounds(A)
+    A = []
+    anemoi256_instances_mnt6(A)
+    nrounds256 = anemoi_get_nrounds(A)
+    return nrounds128, nrounds256
+        
+def anemoi128_instances_bw6_761(A):
+
+    # - 128-bit security level instantiations
+    # -- BW6_761_SCALRFIELD
+    # --- 1 col
+    A_BW6_761_SCALARFIELD_1_COL_128_BITS = AnemoiPermutation(
+        q=BW6_761_SCALARFIELD,
+        n_cols=1,
+        security_level=128
+    )
+    A.append(
+        ("A_BW6_761_SCALARFIELD_1_COL_128_BITS",
+         A_BW6_761_SCALARFIELD_1_COL_128_BITS))
+    # --- 2 col    
+    A_BW6_761_SCALARFIELD_2_COL_128_BITS = AnemoiPermutation(
+        q=BW6_761_SCALARFIELD,
+        n_cols=2,
+        security_level=128
+    )
+    A.append(
+        ("A_BW6_761_SCALARFIELD_2_COL_128_BITS",
+         A_BW6_761_SCALARFIELD_2_COL_128_BITS))    
+    # --- 3 col    
+    A_BW6_761_SCALARFIELD_3_COL_128_BITS = AnemoiPermutation(
+        q=BW6_761_SCALARFIELD,
+        n_cols=3,
+        security_level=128
+    )
+    A.append(
+        ("A_BW6_761_SCALARFIELD_3_COL_128_BITS",
+         A_BW6_761_SCALARFIELD_3_COL_128_BITS))    
+    # ---4 col    
+    A_BW6_761_SCALARFIELD_4_COL_128_BITS = AnemoiPermutation(
+        q=BW6_761_SCALARFIELD,
+        n_cols=4,
+        security_level=128
+    )
+    A.append(
+        ("A_BW6_761_SCALARFIELD_4_COL_128_BITS",
+         A_BW6_761_SCALARFIELD_4_COL_128_BITS))
+    
+def anemoi256_instances_bw6_761(A):
 
     # - 256-bit security level instantiations
     # -- BW6_761_SCALRFIELD
@@ -215,7 +462,57 @@ def anemoi_instances_bw6_761(A):
         ("A_BW6_761_SCALARFIELD_4_COL_256_BITS",
          A_BW6_761_SCALARFIELD_4_COL_256_BITS))
     
-def anemoi_instances_bn128(A):
+def anemoi_bw6_761_nrounds():
+    A = []
+    anemoi128_instances_bw6_761(A)
+    nrounds128 = anemoi_get_nrounds(A)
+    A = []
+    anemoi256_instances_bw6_761(A)
+    nrounds256 = anemoi_get_nrounds(A)
+    return nrounds128, nrounds256
+        
+def anemoi128_instances_bn128(A):
+
+    # - 128-bit security level instantiations
+    # -- BN128_SCALRFIELD
+    # --- 1 col
+    A_BN128_SCALARFIELD_1_COL_128_BITS = AnemoiPermutation(
+        q=BN128_SCALARFIELD,
+        n_cols=1,
+        security_level=128
+    )
+    A.append(
+        ("A_BN128_SCALARFIELD_1_COL_128_BITS",
+         A_BN128_SCALARFIELD_1_COL_128_BITS))
+    # --- 2 col    
+    A_BN128_SCALARFIELD_2_COL_128_BITS = AnemoiPermutation(
+        q=BN128_SCALARFIELD,
+        n_cols=2,
+        security_level=128
+    )
+    A.append(
+        ("A_BN128_SCALARFIELD_2_COL_128_BITS",
+         A_BN128_SCALARFIELD_2_COL_128_BITS))    
+    # --- 3 col    
+    A_BN128_SCALARFIELD_3_COL_128_BITS = AnemoiPermutation(
+        q=BN128_SCALARFIELD,
+        n_cols=3,
+        security_level=128
+    )
+    A.append(
+        ("A_BN128_SCALARFIELD_3_COL_128_BITS",
+         A_BN128_SCALARFIELD_3_COL_128_BITS))    
+    # ---4 col    
+    A_BN128_SCALARFIELD_4_COL_128_BITS = AnemoiPermutation(
+        q=BN128_SCALARFIELD,
+        n_cols=4,
+        security_level=128
+    )
+    A.append(
+        ("A_BN128_SCALARFIELD_4_COL_128_BITS",
+         A_BN128_SCALARFIELD_4_COL_128_BITS))
+    
+def anemoi256_instances_bn128(A):
 
     # - 256-bit security level instantiations
     # -- BN128_SCALRFIELD
@@ -256,7 +553,57 @@ def anemoi_instances_bn128(A):
         ("A_BN128_SCALARFIELD_4_COL_256_BITS",
          A_BN128_SCALARFIELD_4_COL_256_BITS))
     
-def anemoi_instances_alt_bn128(A):
+def anemoi_bn128_nrounds():
+    A = []
+    anemoi128_instances_bn128(A)
+    nrounds128 = anemoi_get_nrounds(A)
+    A = []
+    anemoi256_instances_bn128(A)
+    nrounds256 = anemoi_get_nrounds(A)
+    return nrounds128, nrounds256
+        
+def anemoi128_instances_alt_bn128(A):
+
+    # - 128-bit security level instantiations
+    # -- ALT_BN128_SCALRFIELD
+    # --- 1 col
+    A_ALT_BN128_SCALARFIELD_1_COL_128_BITS = AnemoiPermutation(
+        q=ALT_BN128_SCALARFIELD,
+        n_cols=1,
+        security_level=128
+    )
+    A.append(
+        ("A_ALT_BN128_SCALARFIELD_1_COL_128_BITS",
+         A_ALT_BN128_SCALARFIELD_1_COL_128_BITS))
+    # --- 2 col    
+    A_ALT_BN128_SCALARFIELD_2_COL_128_BITS = AnemoiPermutation(
+        q=ALT_BN128_SCALARFIELD,
+        n_cols=2,
+        security_level=128
+    )
+    A.append(
+        ("A_ALT_BN128_SCALARFIELD_2_COL_128_BITS",
+         A_ALT_BN128_SCALARFIELD_2_COL_128_BITS))    
+    # --- 3 col    
+    A_ALT_BN128_SCALARFIELD_3_COL_128_BITS = AnemoiPermutation(
+        q=ALT_BN128_SCALARFIELD,
+        n_cols=3,
+        security_level=128
+    )
+    A.append(
+        ("A_ALT_BN128_SCALARFIELD_3_COL_128_BITS",
+         A_ALT_BN128_SCALARFIELD_3_COL_128_BITS))    
+    # ---4 col    
+    A_ALT_BN128_SCALARFIELD_4_COL_128_BITS = AnemoiPermutation(
+        q=ALT_BN128_SCALARFIELD,
+        n_cols=4,
+        security_level=128
+    )
+    A.append(
+        ("A_ALT_BN128_SCALARFIELD_4_COL_128_BITS",
+         A_ALT_BN128_SCALARFIELD_4_COL_128_BITS))
+    
+def anemoi256_instances_alt_bn128(A):
 
     # - 256-bit security level instantiations
     # -- ALT_BN128_SCALRFIELD
@@ -297,6 +644,15 @@ def anemoi_instances_alt_bn128(A):
         ("A_ALT_BN128_SCALARFIELD_4_COL_256_BITS",
          A_ALT_BN128_SCALARFIELD_4_COL_256_BITS))
     
+def anemoi_alt_bn128_nrounds():
+    A = []
+    anemoi128_instances_alt_bn128(A)
+    nrounds128 = anemoi_get_nrounds(A)
+    A = []
+    anemoi256_instances_alt_bn128(A)
+    nrounds256 = anemoi_get_nrounds(A)
+    return nrounds128, nrounds256
+        
 def anemoi_instances_stdout(instances):
     for i in range(len(instances)):
         # string name
@@ -320,8 +676,8 @@ def anemoi_instances_stdout(instances):
         print("gamma            : {}".format(zero))
         print("delta            : {}".format(A.delta))
         print("matrix M         :\n{}".format(A.mat))
-        print("constants C      :\n{}".format(A.C))
-        print("constants D      :\n{}".format(A.D))
+        #print("constants C      :\n{}".format(A.C))
+        #print("constants D      :\n{}".format(A.D))
 
 # same as output_parameters() but stores parameters to file
 def anemoi_instances_to_file(instances):
@@ -351,7 +707,7 @@ def anemoi_instances_to_file(instances):
         f.write("constants C      :\n{}\n".format(A.C))
         f.write("constants D      :\n{}\n".format(A.D))
 
-def anemoi_parameters_in_cpp_format_to_file(instances, filename, curve_ppT):
+def anemoi_parameters_in_cpp_format_to_file(instances, filename, curve_ppT, nrounds128, nrounds256):
     f = open(filename, "w")
     e = datetime.datetime.now()
     f.write("// This file was automatically generated with SAGE script parameters.sage on %s/%s/%s at %s:%s:%s\n\n" % (e.day, e.month, e.year, e.hour, e.minute, e.second))
@@ -374,6 +730,8 @@ def anemoi_parameters_in_cpp_format_to_file(instances, filename, curve_ppT):
     f.write("static constexpr size_t quad_exponent = {};\n".format(A.QUAD))
     f.write("static const BignumT alpha_inv;\n")
     f.write("static const BignumT delta;\n")
+    f.write("static const std::vector<size_t> nrounds128;\n")
+    f.write("static const std::vector<size_t> nrounds256;\n")
     f.write("static const std::vector<std::vector<BignumT>> C_constants_col_one;\n")
     f.write("static const std::vector<std::vector<BignumT>> D_constants_col_one;\n")
     f.write("static const std::vector<std::vector<BignumT>> C_constants_col_two;\n")
@@ -384,7 +742,25 @@ def anemoi_parameters_in_cpp_format_to_file(instances, filename, curve_ppT):
     f.write("static const std::vector<std::vector<BignumT>> D_constants_col_four;\n")
     f.write("};\n")
     
-    f.write("\n")    
+    f.write("\n")
+    f.write("const std::vector<size_t> anemoi_parameters<libff::{}>::nrounds128 = ".format(curve_ppT))
+    f.write("{")
+    for i in range(len(nrounds128)):
+        f.write("{}".format(nrounds128[i]))
+        if(i < (len(nrounds128)-1)):
+            f.write(", ")
+    f.write("};")
+    
+    f.write("\n")
+    f.write("const std::vector<size_t> anemoi_parameters<libff::{}>::nrounds256 = ".format(curve_ppT))
+    f.write("{")
+    for i in range(len(nrounds256)):
+        f.write("{}".format(nrounds256[i]))
+        if(i < (len(nrounds256)-1)):
+            f.write(", ")
+    f.write("};")    
+    
+    f.write("\n\n")    
     f.write("const anemoi_parameters<libff::{}>::BignumT anemoi_parameters<libff::{}>::alpha_inv = anemoi_parameters<libff::{}>::BignumT(\"{}\");\n".format(curve_ppT, curve_ppT, curve_ppT, A.alpha_inv))
     
     f.write("\n")    
@@ -426,62 +802,109 @@ def anemoi_constants_in_cpp_format_to_file(instances, filename, curve_ppT):
             if iround < (len(A.D) - 1):
                 f.write(",\n")
         f.write("\n};\n")
-        
-                  
+
+def test_anemoi_nrounds():
+    print("bls12_381")
+    nrounds128, nrounds256 = anemoi_bls12_381_nrounds()
+    print("nrounds128 {}".format(nrounds128))
+    print("nrounds256 {}".format(nrounds256))
+    
+    print("bls12_377")
+    nrounds128, nrounds256 = anemoi_bls12_377_nrounds()
+    print("nrounds128 {}".format(nrounds128))
+    print("nrounds256 {}".format(nrounds256))
+    
+    print("mnt4")
+    nrounds128, nrounds256 = anemoi_mnt4_nrounds()
+    print("nrounds128 {}".format(nrounds128))
+    print("nrounds256 {}".format(nrounds256))
+    
+    print("mnt6")
+    nrounds128, nrounds256 = anemoi_mnt6_nrounds()
+    print("nrounds128 {}".format(nrounds128))
+    print("nrounds256 {}".format(nrounds256))
+    
+    print("bw6_761")
+    nrounds128, nrounds256 = anemoi_bw6_761_nrounds()
+    print("nrounds128 {}".format(nrounds128))
+    print("nrounds256 {}".format(nrounds256))
+
+    print("bn128")
+    nrounds128, nrounds256 = anemoi_bn128_nrounds()
+    print("nrounds128 {}".format(nrounds128))
+    print("nrounds256 {}".format(nrounds256))
+
+    print("alt_bn128")
+    nrounds128, nrounds256 = anemoi_alt_bn128_nrounds()
+    print("nrounds128 {}".format(nrounds128))
+    print("nrounds256 {}".format(nrounds256))
+
 if __name__ == "__main__":
-    # bls12_381
+    # extract number of rounds
     if 0:
+        test_anemoi_nrounds()
+        
+    # bls12_381
+    if 1:
         A = []
-        anemoi_instances_bls12_381(A)
+        anemoi256_instances_bls12_381(A)
         filename = "parameters_bls12_381.txt"
         curve_ppT = "bls12_381_pp"
-        anemoi_parameters_in_cpp_format_to_file(A, filename, curve_ppT)
+        nrounds128, nrounds256 = anemoi_bls12_381_nrounds()
+        anemoi_parameters_in_cpp_format_to_file(A, filename, curve_ppT, nrounds128, nrounds256)
         anemoi_constants_in_cpp_format_to_file(A, filename, curve_ppT)
+        #anemoi_instances_stdout(A)
     # bls12_377
-    if 0:
+    if 1:
         A = []
-        anemoi_instances_bls12_377(A)
+        anemoi256_instances_bls12_377(A)
         filename = "parameters_bls12_377.txt"
         curve_ppT = "bls12_377_pp"
-        anemoi_parameters_in_cpp_format_to_file(A, filename, curve_ppT)
+        nrounds128, nrounds256 = anemoi_bls12_377_nrounds()
+        anemoi_parameters_in_cpp_format_to_file(A, filename, curve_ppT, nrounds128, nrounds256)
         anemoi_constants_in_cpp_format_to_file(A, filename, curve_ppT)
     # mnt4
-    if 0:
+    if 1:
         A = []
-        anemoi_instances_mnt4(A)
+        anemoi256_instances_mnt4(A)
         filename = "parameters_mnt4.txt"
         curve_ppT = "mnt4_pp"
-        anemoi_parameters_in_cpp_format_to_file(A, filename, curve_ppT)
+        nrounds128, nrounds256 = anemoi_mnt4_nrounds()
+        anemoi_parameters_in_cpp_format_to_file(A, filename, curve_ppT, nrounds128, nrounds256)
         anemoi_constants_in_cpp_format_to_file(A, filename, curve_ppT)
     # mnt6
-    if 0:
+    if 1:
         A = []
-        anemoi_instances_mnt6(A)
+        anemoi256_instances_mnt6(A)
         filename = "parameters_mnt6.txt"
         curve_ppT = "mnt6_pp"
-        anemoi_parameters_in_cpp_format_to_file(A, filename, curve_ppT)
+        nrounds128, nrounds256 = anemoi_mnt6_nrounds()
+        anemoi_parameters_in_cpp_format_to_file(A, filename, curve_ppT, nrounds128, nrounds256)
         anemoi_constants_in_cpp_format_to_file(A, filename, curve_ppT)
     # bw6_761 (WARNING! slow ~10 min.)
-    if 0:
+    if 1:
         A = []
-        anemoi_instances_bw6_761(A)
+        anemoi256_instances_bw6_761(A)
         filename = "parameters_bw6_761.txt"
         curve_ppT = "bw6_761_pp"
-        anemoi_parameters_in_cpp_format_to_file(A, filename, curve_ppT)
+        nrounds128, nrounds256 = anemoi_bw6_761_nrounds()
+        anemoi_parameters_in_cpp_format_to_file(A, filename, curve_ppT, nrounds128, nrounds256)
         anemoi_constants_in_cpp_format_to_file(A, filename, curve_ppT)
     # bn128
     if 1:
         A = []
-        anemoi_instances_bn128(A)
+        anemoi256_instances_bn128(A)
         filename = "parameters_bn128.txt"
         curve_ppT = "bn128_pp"
-        anemoi_parameters_in_cpp_format_to_file(A, filename, curve_ppT)
+        nrounds128, nrounds256 = anemoi_bn128_nrounds()
+        anemoi_parameters_in_cpp_format_to_file(A, filename, curve_ppT, nrounds128, nrounds256)
         anemoi_constants_in_cpp_format_to_file(A, filename, curve_ppT)
     # alt_bn128
     if 1:
         A = []
-        anemoi_instances_alt_bn128(A)
+        anemoi256_instances_alt_bn128(A)
         filename = "parameters_alt_bn128.txt"
         curve_ppT = "alt_bn128_pp"
-        anemoi_parameters_in_cpp_format_to_file(A, filename, curve_ppT)
+        nrounds128, nrounds256 = anemoi_alt_bn128_nrounds()
+        anemoi_parameters_in_cpp_format_to_file(A, filename, curve_ppT, nrounds128, nrounds256)
         anemoi_constants_in_cpp_format_to_file(A, filename, curve_ppT)

From f2e9f87a083bc8a5b1efc6286a2f90a4367c7f79 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Fri, 27 Jan 2023 13:24:02 +0000
Subject: [PATCH 107/112] anemoi: implemented gadget for the full anemoi
 permutation (https://github.com/clearmatics/libsnark/issues/104)

---
 .../hashes/anemoi/anemoi_components.hpp       |  48 +++-
 .../hashes/anemoi/anemoi_components.tcc       | 143 +++++++++-
 .../hashes/anemoi/anemoi_constants.hpp        | 264 ------------------
 .../hashes/anemoi/tests/anemoi_outputs.cpp    | 111 ++++++++
 .../hashes/anemoi/tests/anemoi_outputs.hpp    |   9 +
 .../anemoi/tests/test_anemoi_gadget.cpp       | 119 +++++++-
 scripts/anemoi-hash/parameters.sage           |  76 ++++-
 7 files changed, 484 insertions(+), 286 deletions(-)
 delete mode 100644 libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_constants.hpp

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
index ce9bf36b1..84ecdca8d 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
@@ -218,8 +218,9 @@ class anemoi_permutation_round_prime_field_gadget
 
     anemoi_permutation_round_prime_field_gadget(
         protoboard<FieldT> &pb,
-        const std::vector<FieldT> &C_const,
-        const std::vector<FieldT> &D_const,
+        // TODO: add round index
+        const std::vector<FieldT> &C_const, // remove
+        const std::vector<FieldT> &D_const, // remove
         const pb_linear_combination_array<FieldT> &X_left_input,
         const pb_linear_combination_array<FieldT> &X_right_input,
         const pb_variable_array<FieldT> &Y_left_output,
@@ -263,6 +264,49 @@ template<typename ppT> class anemoi_permutation_mds<ppT, 4>
     static anemoi_mds_matrix_t permutation_mds(const libff::Fr<ppT> g);
 };
 
+/// Full Anemoi permutation mapping (Fr)^{2L} -> (Fr)^{2L}
+/// see anemoi_permutation_round_prime_field_gadget
+template<
+    typename ppT,
+    size_t NumStateColumns_L,
+    class parameters = anemoi_parameters<libff::Fr<ppT>>>
+class anemoi_permutation_prime_field_gadget : public gadget<libff::Fr<ppT>>
+{
+    using FieldT = libff::Fr<ppT>;
+
+private:
+    // C round constants for all rounds
+    std::vector<std::vector<FieldT>> C_const_vec;
+    // D round constants for all rounds
+    std::vector<std::vector<FieldT>> D_const_vec;
+    // vector of round gadgets
+    std::vector<anemoi_permutation_round_prime_field_gadget<
+        ppT,
+        NumStateColumns_L,
+        parameters>>
+        Round;
+
+public:
+    const pb_linear_combination_array<FieldT> X_left_input;
+    const pb_linear_combination_array<FieldT> X_right_input;
+    const pb_variable_array<FieldT> Y_left_output;
+    const pb_variable_array<FieldT> Y_right_output;
+
+    anemoi_permutation_prime_field_gadget(
+        protoboard<FieldT> &pb,
+        // TODO: remove constants
+        const std::vector<std::vector<FieldT>> &C_const,
+        const std::vector<std::vector<FieldT>> &D_const,
+        const pb_linear_combination_array<FieldT> &X_left_input,
+        const pb_linear_combination_array<FieldT> &X_right_input,
+        const pb_variable_array<FieldT> &Y_left_output,
+        const pb_variable_array<FieldT> &Y_right_output,
+        const std::string &annotation_prefix);
+
+    void generate_r1cs_constraints();
+    void generate_r1cs_witness();
+};
+
 } // namespace libsnark
 
 #include "libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc"
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
index a317134cf..19a787c39 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
@@ -620,11 +620,6 @@ void anemoi_permutation_round_prime_field_gadget<
     for (size_t i = 0; i < NumStateColumns_L; i++) {
         Flystel[i].generate_r1cs_witness();
     }
-
-    for (size_t i = 0; i < NumStateColumns_L; i++) {
-        this->pb.val(Y_left_output[i]) = this->pb.val(Flystel[i].output_y0);
-        this->pb.val(Y_right_output[i]) = this->pb.val(Flystel[i].output_y1);
-    }
 }
 
 // TODO: consdier applying the following changes to all
@@ -673,6 +668,144 @@ std::array<std::array<libff::Fr<ppT>, 4>, 4> anemoi_permutation_mds<ppT, 4>::
     return M;
 }
 
+template<typename ppT, size_t NumStateColumns_L, class parameters>
+anemoi_permutation_prime_field_gadget<ppT, NumStateColumns_L, parameters>::
+    anemoi_permutation_prime_field_gadget(
+        protoboard<libff::Fr<ppT>> &pb,
+        const std::vector<std::vector<FieldT>> &C,
+        const std::vector<std::vector<FieldT>> &D,
+        const pb_linear_combination_array<FieldT> &X_left,
+        const pb_linear_combination_array<FieldT> &X_right,
+        const pb_variable_array<FieldT> &Y_left,
+        const pb_variable_array<FieldT> &Y_right,
+        const std::string &annotation_prefix)
+    : gadget<libff::Fr<ppT>>(pb, annotation_prefix)
+    , C_const_vec(C)
+    , D_const_vec(D)
+    , X_left_input(X_left)
+    , X_right_input(X_right)
+    , Y_left_output(Y_left)
+    , Y_right_output(Y_right)
+{
+    // Number of columns can not be larger than rounds128 size
+    assert(NumStateColumns_L <= parameters::nrounds128.size());
+    // Number of columns can not be larger than rounds256 size
+    assert(NumStateColumns_L <= parameters::nrounds256.size());
+
+    // Get the number of rounds for the given Anemoi instance
+    // (i.e. given number of columns in the state). Note: currently
+    // using 256-bit security instance by default. TODO add support
+    // for 128-bit security e.g. by adding a Boolean flag b_sec_128 in
+    // the tamplate parameters.
+    const size_t nrounds = parameters::nrounds256[NumStateColumns_L - 1];
+
+    // Left and right input to round i, outputs from round i-1
+    std::vector<pb_variable_array<FieldT>> round_results_left;
+    round_results_left.resize(nrounds);
+    std::vector<pb_variable_array<FieldT>> round_results_right;
+    round_results_right.resize(nrounds);
+
+    // Initialize Round[0] with input X_left_input, X_right_input and
+    // output round_results_left[0], round_results_right[0]
+    round_results_left[0].allocate(
+        pb,
+        NumStateColumns_L,
+        FMT(this->annotation_prefix, " round_results_left[0]"));
+    round_results_right[0].allocate(
+        pb,
+        NumStateColumns_L,
+        FMT(this->annotation_prefix, " round_results_right[0]"));
+
+    Round.emplace_back(anemoi_permutation_round_prime_field_gadget<
+                       ppT,
+                       NumStateColumns_L,
+                       parameters>(
+        pb,
+        C[0],
+        D[0],
+        X_left_input,
+        X_right_input,
+        round_results_left[0],
+        round_results_right[0],
+        FMT(this->annotation_prefix, " Round[0]")));
+
+    // Initialize Round[i>0] gadget with input round_results_left[i -
+    // 1], round_results_right[i - 1] and output
+    // round_results_left[i], round_results_right[i]
+    for (size_t i = 1; i < nrounds - 1; i++) {
+
+        round_results_left[i].allocate(
+            pb,
+            NumStateColumns_L,
+            FMT(this->annotation_prefix, " round_results_left[%zu]", i));
+        round_results_right[i].allocate(
+            pb,
+            NumStateColumns_L,
+            FMT(this->annotation_prefix, " round_results_right[%zu]", i));
+
+        Round.emplace_back(anemoi_permutation_round_prime_field_gadget<
+                           ppT,
+                           NumStateColumns_L,
+                           parameters>(
+            pb,
+            C[i],
+            D[i],
+            round_results_left[i - 1],
+            round_results_right[i - 1],
+            round_results_left[i],
+            round_results_right[i],
+            FMT(this->annotation_prefix, " Round[%zu]", i)));
+    }
+
+    round_results_left[nrounds - 1].allocate(
+        pb,
+        NumStateColumns_L,
+        FMT(this->annotation_prefix, " round_results_left[%zu]", nrounds - 1));
+    round_results_right[nrounds - 1].allocate(
+        pb,
+        NumStateColumns_L,
+        FMT(this->annotation_prefix, " round_results_right[%zu]", nrounds - 1));
+
+    // For last round, copy the output as given by the caller
+    // Y_left_output, Y_right_output
+    round_results_left[nrounds - 1] = Y_left_output;
+    round_results_right[nrounds - 1] = Y_right_output;
+
+    // Initialize the last round gadget
+    Round.emplace_back(anemoi_permutation_round_prime_field_gadget<
+                       ppT,
+                       NumStateColumns_L,
+                       parameters>(
+        pb,
+        C[nrounds - 1],
+        D[nrounds - 1],
+        round_results_left[nrounds - 2],
+        round_results_right[nrounds - 2],
+        round_results_left[nrounds - 1],
+        round_results_right[nrounds - 1],
+        FMT(this->annotation_prefix, " Round[%zu]", nrounds - 1)));
+}
+
+template<typename ppT, size_t NumStateColumns_L, class parameters>
+void anemoi_permutation_prime_field_gadget<ppT, NumStateColumns_L, parameters>::
+    generate_r1cs_constraints()
+{
+    size_t nrounds = parameters::nrounds256[NumStateColumns_L - 1];
+    for (size_t i = 0; i < nrounds; i++) {
+        Round[i].generate_r1cs_constraints();
+    }
+}
+
+template<typename ppT, size_t NumStateColumns_L, class parameters>
+void anemoi_permutation_prime_field_gadget<ppT, NumStateColumns_L, parameters>::
+    generate_r1cs_witness()
+{
+    size_t nrounds = parameters::nrounds256[NumStateColumns_L - 1];
+    for (size_t i = 0; i < nrounds; i++) {
+        Round[i].generate_r1cs_witness();
+    }
+}
+
 } // namespace libsnark
 
 #endif // LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_COMPONENTS_TCC_
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_constants.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_constants.hpp
deleted file mode 100644
index d1ece832b..000000000
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_constants.hpp
+++ /dev/null
@@ -1,264 +0,0 @@
-/** @file
- *****************************************************************************
- * @author     This file is part of libsnark, developed by Clearmatics Ltd
- *             (originally developed by SCIPR Lab) and contributors
- *             (see AUTHORS).
- * @copyright  MIT license (see LICENSE file)
- *****************************************************************************/
-
-#ifndef LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_CONSTANTS_HPP_
-#define LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_CONSTANTS_HPP_
-
-namespace libsnark
-{
-// TODO: specialize by the field type + cast to the field
-// see     setup_sha3_constants();
-#if 0
-// l = 1
-FieldT C1[1][19] = {
-    {39},
-    {41362478282768062297187132445775312675360473883834860695283235286481594490621},
-    {9548818195234740988996233204400874453525674173109474205108603996010297049928},
-    {25365440569177822667580105183435418073995888230868180942004497015015045856900},
-    {34023498397393406644117994167986720327178154686105264833093891093045919619309},
-    {38816051319719761886041858113129205506758421478656182868737326994635468402951},
-    {35167418087531820804128377095512663922179887277669504047069913414630376083753},
-    {25885868839756469722325652387535232478219821850603640827385444642154834700231},
-    {8867588811641202981080659274007552529205713737251862066053445622305818871963},
-    {36439756010140137556111047750162544185710881404522379792044818039722752946048},
-    {7788624504122357216765350546787885309160020166693449889975992574536033007374},
-    {3134147137704626983201116226440762775442116005053282329971088789984415999550},
-    {50252287380741824818995733304361249016282047978221591906573165442023106203143},
-    {48434698978712278012409706205559577163572452744833134361195687109159129985373},
-    {32960510617530186159512413633821386297955642598241661044178889571655571939473},
-    {12850897859166761094422335671106280470381427571695744605265713866647560628356},
-    {14578036872634298798382048587794204613583128573535557156943783762854124345644},
-    {21588109842058901916690548710649523388049643745013696896704903154857389904594},
-    {35731638686520516424752846654442973203189295883541072759390882351699754104989}};
-FieldT D1[1][19] = {
-    {14981678621464625851270783002338847382197300714436467949315331057125308909900},
-    {28253420209785428420233456008091632509255652343634529984400816700490470131093},
-    {51511939407083344002778208487678590135577660247075600880835916725469990319313},
-    {46291121544435738125248657675097664742296276807186696922340332893747842754587},
-    {3650460179273129580093806058710273018999560093475503119057680216309578390988},
-    {45802223370746268123059159806400152299867771061127345631244786118574025749328},
-    {11798621276624967315721748990709309216351696098813162382053396097866233042733},
-    {42372918959432199162670834641599336326433006968669415662488070504036922966492},
-    {52181371244193189669553521955614617990714056725501643636576377752669773323445},
-    {23791984554824031672195249524658580601428376029501889159059009332107176394097},
-    {33342520831620303764059548442834699069640109058400548818586964467754352720368},
-    {16791548253207744974576845515705461794133799104808996134617754018912057476556},
-    {11087343419860825311828133337767238110556416596687749174422888171911517001265},
-    {11931207770538477937808955037363240956790374856666237106403111503668796872571},
-    {3296943608590459582451043049934874894049468383833500962645016062634514172805},
-    {7080580976521357573320018355401935489220216583936865937104131954142364033647},
-    {25990144965911478244481527888046366474489820502460615136523859419965697796405},
-    {33907313384235729375566529911940467295099705980234607934575786561097199483218},
-    {25996950265608465541351207283024962044374873682152889814392533334239395044136}};
-
-// l=2
-FieldT C2[2][12] = {
-    {39,
-     17756515227822460609684409997111995494590448775258437999344446424780281143353},
-    {41362478282768062297187132445775312675360473883834860695283235286481594490621,
-     3384073892082712848969991795331397937188893616190315628722966662742467187281},
-    {9548818195234740988996233204400874453525674173109474205108603996010297049928,
-     51311880822158488881090781617710146800056386303122657365679608608648067582435},
-    {25365440569177822667580105183435418073995888230868180942004497015015045856900,
-     29347609441914902330741511702270026847909178228078752565372729158237774700914},
-    {34023498397393406644117994167986720327178154686105264833093891093045919619309,
-     2339620320400167830454536231899316133967303509954474267430948538955691907104},
-    {38816051319719761886041858113129205506758421478656182868737326994635468402951,
-     27338042530319738113354246208426108832239651080023276643867223794985578055610},
-    {35167418087531820804128377095512663922179887277669504047069913414630376083753,
-     42192983528513372869128514327443204912824559545179630597589572656156258515752},
-    {25885868839756469722325652387535232478219821850603640827385444642154834700231,
-     42721818980548514490325424436763032046927347769153393863616095871384405840432},
-    {8867588811641202981080659274007552529205713737251862066053445622305818871963,
-     23473499332437056484066006746048591864129988909190267521144125882222313735740},
-    {36439756010140137556111047750162544185710881404522379792044818039722752946048,
-     16497366583607480604161417644040292299204496829635795525393416854929276060989},
-    {7788624504122357216765350546787885309160020166693449889975992574536033007374,
-     16727395967350522643500778393489915391834352737211416857240725807058479128000},
-    {3134147137704626983201116226440762775442116005053282329971088789984415999550,
-     46525506418681456193255596516104416743523037046982280449529426136392814992763}};
-
-FieldT D2[2][12] = {
-    {14981678621464625851270783002338847382197300714436467949315331057125308909900,
-     48720959343719104324739338388885839802998711550637402773896395605948383052052},
-    {28253420209785428420233456008091632509255652343634529984400816700490470131093,
-     6257781313532096835800460747082714697295034136932481743077166200794135826591},
-    {51511939407083344002778208487678590135577660247075600880835916725469990319313,
-     4386017178186728799761421274050927732938229436976005221436222062273391481632},
-    {46291121544435738125248657675097664742296276807186696922340332893747842754587,
-     13820180736478645172746469075181304604729976364812127548341524461074783412926},
-    {3650460179273129580093806058710273018999560093475503119057680216309578390988,
-     40385222771838099109662234020243831589690223478794847201235014486200724862134},
-    {45802223370746268123059159806400152299867771061127345631244786118574025749328,
-     50306980075778262214155693291132052551559962723436936231611301042966928400825},
-    {11798621276624967315721748990709309216351696098813162382053396097866233042733,
-     34806952212038537244506031612074847133207330427265785757809673463434908473570},
-    {42372918959432199162670834641599336326433006968669415662488070504036922966492,
-     22755759419530071315007011572076166983660942447634027701351681157370705921018},
-    {52181371244193189669553521955614617990714056725501643636576377752669773323445,
-     30334172084294870556875274308904688414158741457854908094300017436690480001547},
-    {23791984554824031672195249524658580601428376029501889159059009332107176394097,
-     19832360622723392584029764807971325641132953515557801717644226271356492507876},
-    {33342520831620303764059548442834699069640109058400548818586964467754352720368,
-     5828182614154296575131381170785760240834851189333374788484657124381010655319},
-    {16791548253207744974576845515705461794133799104808996134617754018912057476556,
-     23729797853490401568967730686618146850735129707152853256809050789424668284094}};
-
-// l=3
-FieldT C3[3][10] = {
-    {39,
-     17756515227822460609684409997111995494590448775258437999344446424780281143353,
-     10188916128123599964772546147951904500865009616764646948187915341627970346879},
-    {41362478282768062297187132445775312675360473883834860695283235286481594490621,
-     3384073892082712848969991795331397937188893616190315628722966662742467187281,
-     38536464596998108028197905645250196649287447208374169339784649587982292038621},
-    {9548818195234740988996233204400874453525674173109474205108603996010297049928,
-     51311880822158488881090781617710146800056386303122657365679608608648067582435,
-     24596965950552905296088269899880882549715354660832391374009234980535928382152},
-    {25365440569177822667580105183435418073995888230868180942004497015015045856900,
-     29347609441914902330741511702270026847909178228078752565372729158237774700914,
-     14356478667385969079309349540394948109414829921001045845599553435706989367858},
-    {34023498397393406644117994167986720327178154686105264833093891093045919619309,
-     2339620320400167830454536231899316133967303509954474267430948538955691907104,
-     12136748919666286297989154404429099226154686992028401568133058190732008277996},
-    {38816051319719761886041858113129205506758421478656182868737326994635468402951,
-     27338042530319738113354246208426108832239651080023276643867223794985578055610,
-     15580674179713644540398409523441814073810768449493940562136422009899312699155},
-    {35167418087531820804128377095512663922179887277669504047069913414630376083753,
-     42192983528513372869128514327443204912824559545179630597589572656156258515752,
-     47389212411441573266379092392931599970417884729397156841216318364858334633325},
-    {25885868839756469722325652387535232478219821850603640827385444642154834700231,
-     42721818980548514490325424436763032046927347769153393863616095871384405840432,
-     5855288403637341107158034195599277569854359593529752399086836976954392351035},
-    {8867588811641202981080659274007552529205713737251862066053445622305818871963,
-     23473499332437056484066006746048591864129988909190267521144125882222313735740,
-     5696063807157149622355481994320806474692190935543821893362808351446578125354},
-    {36439756010140137556111047750162544185710881404522379792044818039722752946048,
-     16497366583607480604161417644040292299204496829635795525393416854929276060989,
-     31479323495970113713816467604460499675889579912370034974841212556442942086146}};
-
-FiledT D3[3][10] = {
-    {14981678621464625851270783002338847382197300714436467949315331057125308909900,
-     48720959343719104324739338388885839802998711550637402773896395605948383052052,
-     11709610427641952476226704950218052763560489079301307464225164120801969364960},
-    {28253420209785428420233456008091632509255652343634529984400816700490470131093,
-     6257781313532096835800460747082714697295034136932481743077166200794135826591,
-     11966422202069200811427605007493817363680804416274031195624148724039857787313},
-    {51511939407083344002778208487678590135577660247075600880835916725469990319313,
-     4386017178186728799761421274050927732938229436976005221436222062273391481632,
-     663227665329044490605880474899933274574966982371072793854806732105730575244},
-    {46291121544435738125248657675097664742296276807186696922340332893747842754587,
-     13820180736478645172746469075181304604729976364812127548341524461074783412926,
-     21821175320697611197161277831984495658213397245419754392657307036488476373765},
-    {3650460179273129580093806058710273018999560093475503119057680216309578390988,
-     40385222771838099109662234020243831589690223478794847201235014486200724862134,
-     20738601554725926373596082603265918636164823648026470243422423735982938342408},
-    {45802223370746268123059159806400152299867771061127345631244786118574025749328,
-     50306980075778262214155693291132052551559962723436936231611301042966928400825,
-     9105861908793877437599087016640061747418296780065295891365798855886560153752},
-    {11798621276624967315721748990709309216351696098813162382053396097866233042733,
-     34806952212038537244506031612074847133207330427265785757809673463434908473570,
-     10559431278588446438155840088055546145087872298641007742921718770142881700525},
-    {42372918959432199162670834641599336326433006968669415662488070504036922966492,
-     22755759419530071315007011572076166983660942447634027701351681157370705921018,
-     8881354201366797207686592249590682298565723459695719800911380560885170725516},
-    {52181371244193189669553521955614617990714056725501643636576377752669773323445,
-     30334172084294870556875274308904688414158741457854908094300017436690480001547,
-     35548861917762862971011720475855172816698712671893796030607658203859222685056},
-    {23791984554824031672195249524658580601428376029501889159059009332107176394097,
-     19832360622723392584029764807971325641132953515557801717644226271356492507876,
-     5370567718707734490084045178883836972105253285449736908577321570876055642415}};
-
-// l=4
-FieldT C4[4][10] = {
-    {39,
-     17756515227822460609684409997111995494590448775258437999344446424780281143353,
-     10188916128123599964772546147951904500865009616764646948187915341627970346879,
-     3814237141406755457246679946340702245820791055503616462386588886553626328449},
-    {41362478282768062297187132445775312675360473883834860695283235286481594490621,
-     3384073892082712848969991795331397937188893616190315628722966662742467187281,
-     38536464596998108028197905645250196649287447208374169339784649587982292038621,
-     37592197675289757358471908199906415982484124338112374453435292524131427342810},
-    {9548818195234740988996233204400874453525674173109474205108603996010297049928,
-     51311880822158488881090781617710146800056386303122657365679608608648067582435,
-     24596965950552905296088269899880882549715354660832391374009234980535928382152,
-     34036826250287807194659359129722586818079652442547178531030410684351456041117},
-    {25365440569177822667580105183435418073995888230868180942004497015015045856900,
-     29347609441914902330741511702270026847909178228078752565372729158237774700914,
-     14356478667385969079309349540394948109414829921001045845599553435706989367858,
-     9488013611624811735432450930006811652991761655550510302915118428283918068143},
-    {34023498397393406644117994167986720327178154686105264833093891093045919619309,
-     2339620320400167830454536231899316133967303509954474267430948538955691907104,
-     12136748919666286297989154404429099226154686992028401568133058190732008277996,
-     19442569822772655270268482835742480365499256802520510905846953360427433130058},
-    {38816051319719761886041858113129205506758421478656182868737326994635468402951,
-     27338042530319738113354246208426108832239651080023276643867223794985578055610,
-     15580674179713644540398409523441814073810768449493940562136422009899312699155,
-     4362660876979205605782410963041525734654031488177761934879852229226211686053},
-    {35167418087531820804128377095512663922179887277669504047069913414630376083753,
-     42192983528513372869128514327443204912824559545179630597589572656156258515752,
-     47389212411441573266379092392931599970417884729397156841216318364858334633325,
-     41487656259632727393098274178738763934249662924287956242704596746920012242443},
-    {25885868839756469722325652387535232478219821850603640827385444642154834700231,
-     42721818980548514490325424436763032046927347769153393863616095871384405840432,
-     5855288403637341107158034195599277569854359593529752399086836976954392351035,
-     18845851722124019325834426094831743068408557621685658713002749358354699910772},
-    {8867588811641202981080659274007552529205713737251862066053445622305818871963,
-     23473499332437056484066006746048591864129988909190267521144125882222313735740,
-     5696063807157149622355481994320806474692190935543821893362808351446578125354,
-     48558031599255072862103809681060565464555437399403822458902024251997890071747},
-    {36439756010140137556111047750162544185710881404522379792044818039722752946048,
-     16497366583607480604161417644040292299204496829635795525393416854929276060989,
-     31479323495970113713816467604460499675889579912370034974841212556442942086146,
-     52327065242455117582590188333899352706031813782154293138553490341266149456684}};
-
-FieldT D4[4][10] = {
-    {14981678621464625851270783002338847382197300714436467949315331057125308909900,
-     48720959343719104324739338388885839802998711550637402773896395605948383052052,
-     11709610427641952476226704950218052763560489079301307464225164120801969364960,
-     3188799073106888901912065951229864304299742047220134499402570163601813730969},
-    {28253420209785428420233456008091632509255652343634529984400816700490470131093,
-     6257781313532096835800460747082714697295034136932481743077166200794135826591,
-     11966422202069200811427605007493817363680804416274031195624148724039857787313,
-     8876022912542631074912834764773050492660953075192093830253524158063181475941},
-    {51511939407083344002778208487678590135577660247075600880835916725469990319313,
-     4386017178186728799761421274050927732938229436976005221436222062273391481632,
-     663227665329044490605880474899933274574966982371072793854806732105730575244,
-     7956955597245727322388196907364651338722736293265717471854714933795446618648},
-    {46291121544435738125248657675097664742296276807186696922340332893747842754587,
-     13820180736478645172746469075181304604729976364812127548341524461074783412926,
-     21821175320697611197161277831984495658213397245419754392657307036488476373765,
-     14806577897118234786495606424219372997573800509149076370951604526939593458489},
-    {3650460179273129580093806058710273018999560093475503119057680216309578390988,
-     40385222771838099109662234020243831589690223478794847201235014486200724862134,
-     20738601554725926373596082603265918636164823648026470243422423735982938342408,
-     25898290090014076279086638237202313571292864987698437102115051403552551578909},
-    {45802223370746268123059159806400152299867771061127345631244786118574025749328,
-     50306980075778262214155693291132052551559962723436936231611301042966928400825,
-     9105861908793877437599087016640061747418296780065295891365798855886560153752,
-     48177591413367409915642056167048753041735583848456612607691620273026228709602},
-    {11798621276624967315721748990709309216351696098813162382053396097866233042733,
-     34806952212038537244506031612074847133207330427265785757809673463434908473570,
-     10559431278588446438155840088055546145087872298641007742921718770142881700525,
-     2511742758961381498086249076485723904703122022711664665388729650078747694082},
-    {42372918959432199162670834641599336326433006968669415662488070504036922966492,
-     22755759419530071315007011572076166983660942447634027701351681157370705921018,
-     8881354201366797207686592249590682298565723459695719800911380560885170725516,
-     19725785152035256359574211351446161592903393017031483635806025440159666669692},
-    {52181371244193189669553521955614617990714056725501643636576377752669773323445,
-     30334172084294870556875274308904688414158741457854908094300017436690480001547,
-     35548861917762862971011720475855172816698712671893796030607658203859222685056,
-     23828822166916376664523534857031979764654878164406016294521947902346141831375},
-    {23791984554824031672195249524658580601428376029501889159059009332107176394097,
-     19832360622723392584029764807971325641132953515557801717644226271356492507876,
-     5370567718707734490084045178883836972105253285449736908577321570876055642415,
-     24072177097374519292068993110945703798030958684413852593268331853573451397392}};
-#endif
-} // namespace libsnark
-
-#endif // LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_CONSTANTS_HPP_
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/anemoi_outputs.cpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/anemoi_outputs.cpp
index afcf49d06..01738d987 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/anemoi_outputs.cpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/anemoi_outputs.cpp
@@ -107,4 +107,115 @@ std::vector<libff::Fr<libff::bls12_381_pp>> anemoi_expected_output_one_round(
     return Y_expect_one_round;
 }
 
+// Output values automatically generated with SAGE script
+// parameters.sage on 8/2/2023 at 12:38:6
+
+std::vector<libff::Fr<libff::bls12_381_pp>> anemoi_expected_output(
+    const size_t &NumStateColumns_L)
+{
+    std::vector<libff::Fr<libff::bls12_381_pp>> Y_expect;
+
+    assert(
+        ((NumStateColumns_L == 1) || (NumStateColumns_L == 2) ||
+         (NumStateColumns_L == 3) || (NumStateColumns_L == 4)));
+
+    // Expected output for X rounds, L=1: Y_left || Y_right
+    if (NumStateColumns_L == 1) {
+        Y_expect = {
+            // A_BLS_12_381_SCALARFIELD_1_COL_256_BITS
+            // Left outputs
+            libff::Fr<libff::bls12_381_pp>(
+                "23592301003500664995929917733266743854375415916040326652210568"
+                "078795386647097"),
+            // Right outputs
+            libff::Fr<libff::bls12_381_pp>(
+                "46415751505026927687934363401060779170128061056083999362978931"
+                "09307338071265"),
+        };
+    }
+
+    // Expected output for X rounds, L=2: Y_left || Y_right
+    if (NumStateColumns_L == 2) {
+        Y_expect = {
+            // A_BLS_12_381_SCALARFIELD_2_COL_256_BITS
+            // Left outputs
+            libff::Fr<libff::bls12_381_pp>(
+                "14658224666697525543665581557177920897018725487885393770688961"
+                "291142066565838"),
+            libff::Fr<libff::bls12_381_pp>(
+                "22696721298764611334499842832788494984317317977616725617062055"
+                "973718288462083"),
+            // Right outputs
+            libff::Fr<libff::bls12_381_pp>(
+                "41254164318270696844698147640474784924833116221680739817900833"
+                "75015002260367"),
+            libff::Fr<libff::bls12_381_pp>(
+                "85516268014959707663369712918470356171127697856604948332123300"
+                "88434570655220"),
+        };
+    }
+
+    // Expected output for X rounds, L=3: Y_left || Y_right
+    if (NumStateColumns_L == 3) {
+        Y_expect = {
+            // A_BLS_12_381_SCALARFIELD_3_COL_256_BITS
+            // Left outputs
+            libff::Fr<libff::bls12_381_pp>(
+                "39354654009222930922076215480960296260844083612260032711385075"
+                "821419598992495"),
+            libff::Fr<libff::bls12_381_pp>(
+                "35857978005837223530941291838645726295300924278186042951565477"
+                "753001911648704"),
+            libff::Fr<libff::bls12_381_pp>(
+                "73133080760004009022948041840133483135280922655558522590705858"
+                "39828489100756"),
+            // Right outputs
+            libff::Fr<libff::bls12_381_pp>(
+                "27964702120041308262791208736057137783851503845042628202338953"
+                "806313118894432"),
+            libff::Fr<libff::bls12_381_pp>(
+                "32605073953207604732414082895795832873262647917998760850707996"
+                "197372829415078"),
+            libff::Fr<libff::bls12_381_pp>(
+                "26789211140092257781038997601682984740469870292740801416378551"
+                "890114989182776"),
+        };
+    }
+
+    // Expected output for X rounds, L=4: Y_left || Y_right
+    if (NumStateColumns_L == 4) {
+        Y_expect = {
+            // A_BLS_12_381_SCALARFIELD_4_COL_256_BITS
+            // Left outputs
+            libff::Fr<libff::bls12_381_pp>(
+                "37935275437371366775666670594948501766272500250774338143461366"
+                "789714115968944"),
+            libff::Fr<libff::bls12_381_pp>(
+                "46013056163891430736716124133522777555340005169288884686271429"
+                "476146703061386"),
+            libff::Fr<libff::bls12_381_pp>(
+                "34292192884279029656147093024511389074726243647468508480039887"
+                "915986427463842"),
+            libff::Fr<libff::bls12_381_pp>(
+                "19361591618166593449330002683801850115916835743219702190183265"
+                "100898653128350"),
+            // Right outputs
+            libff::Fr<libff::bls12_381_pp>(
+                "50276857710105470204512033208185084240001478327548370600191258"
+                "668539356034348"),
+            libff::Fr<libff::bls12_381_pp>(
+                "30612042191114496995886018278834216278786456996263573491525930"
+                "890999097880377"),
+            libff::Fr<libff::bls12_381_pp>(
+                "44865148646864607507025476306280271506300928383843934665366106"
+                "390302816945546"),
+            libff::Fr<libff::bls12_381_pp>(
+                "12299595100938587761671298225363168979705772605172431805112941"
+                "997639442458604"),
+        };
+    }
+
+    return Y_expect;
+}
+
 } // namespace libsnark
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/anemoi_outputs.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/anemoi_outputs.hpp
index e97861566..e87f5ba73 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/anemoi_outputs.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/anemoi_outputs.hpp
@@ -29,6 +29,15 @@ template<typename ppT>
 using expected_round_values_fn_t =
     std::function<std::vector<libff::Fr<ppT>>(const size_t)>;
 
+// Returns the expected outputs from the full Anemoi permutation for
+// BLS12_381
+std::vector<libff::Fr<libff::bls12_381_pp>> anemoi_expected_output(
+    const size_t &NumStateColumns_L);
+
+template<typename ppT>
+using expected_values_fn_t =
+    std::function<std::vector<libff::Fr<ppT>>(const size_t)>;
+
 } // namespace libsnark
 
 #endif // LIBSNARK_GADGETLIB1_GADGETS_HASHES_ANEMOI_TESTS_ANEMOI_OUTPUTS_HPP_
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
index 4af878acd..7dd19f015 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
@@ -23,7 +23,6 @@
 #include <libff/common/utils.hpp>
 #include <libsnark/common/default_types/r1cs_ppzksnark_pp.hpp>
 #include <libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp>
-#include <libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_constants.hpp>
 #include <libsnark/zk_proof_systems/ppzksnark/r1cs_gg_ppzksnark/r1cs_gg_ppzksnark.hpp>
 
 using namespace libsnark;
@@ -249,6 +248,7 @@ void test_anemoi_permutation_round_prime_field_gadget(
 
     pb_variable_array<FieldT> X_left;
     pb_variable_array<FieldT> X_right;
+
     pb_variable_array<FieldT> Y_left;
     pb_variable_array<FieldT> Y_right;
 
@@ -311,6 +311,102 @@ void test_anemoi_permutation_round_prime_field_gadget(
         "anemoi_permutation_round_prime_field_gadget tests successful");
 }
 
+template<
+    typename ppT,
+    size_t NumStateColumns_L,
+    class parameters = anemoi_parameters<libff::Fr<ppT>>>
+void test_anemoi_permutation_prime_field_gadget(
+    expected_values_fn_t<ppT> expected_values_fn)
+
+{
+    using FieldT = libff::Fr<ppT>;
+
+    protoboard<FieldT> pb;
+    std::vector<std::vector<FieldT>> C;
+    std::vector<std::vector<FieldT>> D;
+
+    pb_variable_array<FieldT> X_left;
+    pb_variable_array<FieldT> X_right;
+    pb_variable_array<FieldT> Y_left;
+    pb_variable_array<FieldT> Y_right;
+
+    X_left.allocate(pb, NumStateColumns_L, "left inputs");
+    X_right.allocate(pb, NumStateColumns_L, "right inputs");
+
+    Y_left.allocate(pb, NumStateColumns_L, "left outputs");
+    Y_right.allocate(pb, NumStateColumns_L, "right outputs");
+
+    assert(NumStateColumns_L <= parameters::nrounds256.size());
+    assert(NumStateColumns_L <= parameters::nrounds128.size());
+
+    // the number of rounds depends on the number of columns in the
+    // state
+    size_t nrounds = parameters::nrounds256[NumStateColumns_L - 1];
+
+    // Store C,D round constants from parameters class
+    for (size_t iround = 0; iround < nrounds; iround++) {
+        // C,D constants for one round
+        std::vector<FieldT> C_iround;
+        std::vector<FieldT> D_iround;
+        for (size_t icol = 0; icol < NumStateColumns_L; icol++) {
+            if (NumStateColumns_L == 1) {
+                C_iround.push_back(
+                    parameters::C_constants_col_one[iround][icol]);
+                D_iround.push_back(
+                    parameters::D_constants_col_one[iround][icol]);
+            }
+            if (NumStateColumns_L == 2) {
+                C_iround.push_back(
+                    parameters::C_constants_col_two[iround][icol]);
+                D_iround.push_back(
+                    parameters::D_constants_col_two[iround][icol]);
+            }
+            if (NumStateColumns_L == 3) {
+                C_iround.push_back(
+                    parameters::C_constants_col_three[iround][icol]);
+                D_iround.push_back(
+                    parameters::D_constants_col_three[iround][icol]);
+            }
+            if (NumStateColumns_L == 4) {
+                C_iround.push_back(
+                    parameters::C_constants_col_four[iround][icol]);
+                D_iround.push_back(
+                    parameters::D_constants_col_four[iround][icol]);
+            }
+        }
+        C.push_back(C_iround);
+        D.push_back(D_iround);
+    }
+
+    anemoi_permutation_prime_field_gadget<ppT, NumStateColumns_L, parameters> d(
+        pb, C, D, X_left, X_right, Y_left, Y_right, "anemoi permutation");
+
+    // generate constraints
+    d.generate_r1cs_constraints();
+
+    // Input values: X_left = 0,1,2...L-1 ; X_right = L, L+1, 2L-1
+    for (size_t i = 0; i < NumStateColumns_L; i++) {
+        pb.val(X_left[i]) = FieldT(i);
+        pb.val(X_right[i]) = FieldT(NumStateColumns_L + i);
+    }
+
+    // generate witness for the given input
+    d.generate_r1cs_witness();
+
+    if (expected_values_fn) {
+        std::vector<FieldT> Y_expect = expected_values_fn(NumStateColumns_L);
+        for (size_t i = 0; i < NumStateColumns_L; i++) {
+            ASSERT_EQ(Y_expect[i], pb.val(Y_left[i]));
+            ASSERT_EQ(Y_expect[NumStateColumns_L + i], pb.val(Y_right[i]));
+        }
+    }
+
+    ASSERT_TRUE(pb.is_satisfied());
+    test_pb_verify_circuit<ppT>(pb);
+
+    libff::print_time("anemoi_permutation_prime_field_gadget tests successful");
+}
+
 void test_anemoi_permutation_mds_bls12_381()
 {
     using ppT = libff::bls12_381_pp;
@@ -365,10 +461,13 @@ void test_intermediate_gadgets_bls12_381()
 
 template<typename ppT>
 void test_for_curve(
-    expected_round_values_fn_t<ppT> expected_round_values_fn = 0)
+    expected_round_values_fn_t<ppT> expected_round_values_fn = 0,
+    expected_values_fn_t<ppT> expected_values_fn = 0)
 {
     // Use the original parameters for the full permutation
     using parameters = anemoi_parameters<ppT>;
+
+    // Test single round
     test_anemoi_permutation_round_prime_field_gadget<ppT, 1, parameters>(
         expected_round_values_fn);
     test_anemoi_permutation_round_prime_field_gadget<ppT, 2, parameters>(
@@ -377,15 +476,25 @@ void test_for_curve(
         expected_round_values_fn);
     test_anemoi_permutation_round_prime_field_gadget<ppT, 4, parameters>(
         expected_round_values_fn);
+    // Test full permutation
+    test_anemoi_permutation_prime_field_gadget<ppT, 1, parameters>(
+        expected_values_fn);
+    test_anemoi_permutation_prime_field_gadget<ppT, 2, parameters>(
+        expected_values_fn);
+    test_anemoi_permutation_prime_field_gadget<ppT, 3, parameters>(
+        expected_values_fn);
+    test_anemoi_permutation_prime_field_gadget<ppT, 4, parameters>(
+        expected_values_fn);
 }
 
-TEST(TestAnemoiGadget, BLS12_381) { test_intermediate_gadgets_bls12_381(); }
-
 TEST(TestForCurve, BLS12_381)
 {
-    test_for_curve<libff::bls12_381_pp>(&anemoi_expected_output_one_round);
+    test_for_curve<libff::bls12_381_pp>(
+        &anemoi_expected_output_one_round, &anemoi_expected_output);
 }
 
+TEST(TestAnemoiGadget, BLS12_381) { test_intermediate_gadgets_bls12_381(); }
+
 TEST(TestForCurve, BLS12_377)
 {
     // TODO For BLS12_377 alpha = 11, which is the first value for
diff --git a/scripts/anemoi-hash/parameters.sage b/scripts/anemoi-hash/parameters.sage
index 6f782ed41..be2da9fe4 100644
--- a/scripts/anemoi-hash/parameters.sage
+++ b/scripts/anemoi-hash/parameters.sage
@@ -5,7 +5,6 @@ from sage.all import *
 import hashlib
 import itertools
 import datetime
-
 from constants import *
 
 load('anemoi.sage')
@@ -839,13 +838,70 @@ def test_anemoi_nrounds():
     print("nrounds128 {}".format(nrounds128))
     print("nrounds256 {}".format(nrounds256))
 
+def test_anemoi_internal_values_bls12_381():
+    A = []
+    anemoi256_instances_bls12_381(A)
+    # Same q for all A[0,1,2,3][1]
+    q = A[0][1].q
+    print("q {}".format(hex(q)))
+    outputs = []
+    instance_names = []
+    for i in range(len(A)):
+    #for i in range(1):
+        Anemoi = A[i][1]
+        name = A[i][0]
+        ncols = Anemoi.n_cols
+        nrounds = Anemoi.n_rounds
+        print("Anemoi {}".format(name))
+        print("ncols {}".format(ncols))
+        print("nrounds {}".format(nrounds))
+        # Hard-code left and right input equal to sequence
+        # 0,1,2,3,4...
+        X_left_input = []
+        X_right_input = []
+        for j in range(ncols):
+            X_left_input.append(j)
+            X_right_input.append(ncols+j)
+        print("X_left_input  {}".format(X_left_input))
+        print("X_right_input {}".format(X_right_input))
+        res = Anemoi.eval_round_with_intermediate_values(X_left_input, X_right_input)
+        #print(res[len(res)-1])
+        outputs.append(res[len(res)-1])
+        instance_names.append(name)
+    #for i in range(len(A)):
+    #    print("{} \n{} \n".format(instance_names[i], outputs[i]))
+    return instance_names, outputs
+
+def anemoi_outputs_in_cpp_format_to_file(instance_names, outputs, filename, curve_ppT):
+    f = open(filename, "w")
+    e = datetime.datetime.now()
+    f.write("// Output values automatically generated with SAGE script parameters.sage on %s/%s/%s at %s:%s:%s\n\n" % (e.day, e.month, e.year, e.hour, e.minute, e.second))
+    for i in range(len(outputs)):
+        #print("{} \n{} \n".format(instance_names[i], outputs[i]))
+        LEFT = 0
+        RIGHT = 1
+        f.write("// {}\n".format(instance_names[i]))
+        f.write("// Left outputs\n")
+        for j in range(len(outputs[i][LEFT])):
+            f.write("libff::Fr<libff::{}>(\"{}\"),\n".format(curve_ppT, outputs[i][LEFT][j]))
+        f.write("// Right outputs\n")
+        for j in range(len(outputs[i][RIGHT])):
+            f.write("libff::Fr<libff::{}>(\"{}\"),\n".format(curve_ppT, outputs[i][RIGHT][j]))
+        f.write("\n")
+    
 if __name__ == "__main__":
+    # print Anemoi internal values BLS12_381
+    if 1:
+        instance_names, outputs = test_anemoi_internal_values_bls12_381()
+        filename = "outputs_bls12_381.txt"
+        curve_ppT = "bls12_381_pp"
+        anemoi_outputs_in_cpp_format_to_file(instance_names, outputs, filename, curve_ppT)
+        
     # extract number of rounds
     if 0:
-        test_anemoi_nrounds()
-        
+        test_anemoi_nrounds()        
     # bls12_381
-    if 1:
+    if 0:
         A = []
         anemoi256_instances_bls12_381(A)
         filename = "parameters_bls12_381.txt"
@@ -855,7 +911,7 @@ if __name__ == "__main__":
         anemoi_constants_in_cpp_format_to_file(A, filename, curve_ppT)
         #anemoi_instances_stdout(A)
     # bls12_377
-    if 1:
+    if 0:
         A = []
         anemoi256_instances_bls12_377(A)
         filename = "parameters_bls12_377.txt"
@@ -864,7 +920,7 @@ if __name__ == "__main__":
         anemoi_parameters_in_cpp_format_to_file(A, filename, curve_ppT, nrounds128, nrounds256)
         anemoi_constants_in_cpp_format_to_file(A, filename, curve_ppT)
     # mnt4
-    if 1:
+    if 0:
         A = []
         anemoi256_instances_mnt4(A)
         filename = "parameters_mnt4.txt"
@@ -873,7 +929,7 @@ if __name__ == "__main__":
         anemoi_parameters_in_cpp_format_to_file(A, filename, curve_ppT, nrounds128, nrounds256)
         anemoi_constants_in_cpp_format_to_file(A, filename, curve_ppT)
     # mnt6
-    if 1:
+    if 0:
         A = []
         anemoi256_instances_mnt6(A)
         filename = "parameters_mnt6.txt"
@@ -882,7 +938,7 @@ if __name__ == "__main__":
         anemoi_parameters_in_cpp_format_to_file(A, filename, curve_ppT, nrounds128, nrounds256)
         anemoi_constants_in_cpp_format_to_file(A, filename, curve_ppT)
     # bw6_761 (WARNING! slow ~10 min.)
-    if 1:
+    if 0:
         A = []
         anemoi256_instances_bw6_761(A)
         filename = "parameters_bw6_761.txt"
@@ -891,7 +947,7 @@ if __name__ == "__main__":
         anemoi_parameters_in_cpp_format_to_file(A, filename, curve_ppT, nrounds128, nrounds256)
         anemoi_constants_in_cpp_format_to_file(A, filename, curve_ppT)
     # bn128
-    if 1:
+    if 0:
         A = []
         anemoi256_instances_bn128(A)
         filename = "parameters_bn128.txt"
@@ -900,7 +956,7 @@ if __name__ == "__main__":
         anemoi_parameters_in_cpp_format_to_file(A, filename, curve_ppT, nrounds128, nrounds256)
         anemoi_constants_in_cpp_format_to_file(A, filename, curve_ppT)
     # alt_bn128
-    if 1:
+    if 0:
         A = []
         anemoi256_instances_alt_bn128(A)
         filename = "parameters_alt_bn128.txt"

From 5ebc5b3c891f93203afce7abd5cc85d4ff672dc1 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Wed, 8 Feb 2023 13:14:13 +0000
Subject: [PATCH 108/112] anemoi: renamed NumStateColumns_L to NumStateColumns

---
 .../hashes/anemoi/anemoi_components.hpp       |  10 +-
 .../hashes/anemoi/anemoi_components.tcc       | 103 +++++++++---------
 .../hashes/anemoi/tests/anemoi_outputs.cpp    |  28 ++---
 .../hashes/anemoi/tests/anemoi_outputs.hpp    |   4 +-
 .../anemoi/tests/test_anemoi_gadget.cpp       |  70 ++++++------
 5 files changed, 106 insertions(+), 109 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
index 84ecdca8d..709dc2759 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
@@ -185,7 +185,7 @@ class flystel_prime_field_gadget : public gadget<libff::Fr<ppT>>
 
 /// One round of the Anemoi permutation mapping (Fr)^{2L} -> (Fr)^{2L}
 ///
-/// NumStateColumns_L : L parameter - number of columns in the
+/// NumStateColumns : L parameter - number of columns in the
 ///                     state. can be 1,2,3,4. Each column is composed
 ///                     of 2 elements in Fr. One Flystel Sbox accepts
 ///                     1 column as input. There are L Flystel-s in 1
@@ -193,7 +193,7 @@ class flystel_prime_field_gadget : public gadget<libff::Fr<ppT>>
 ///                     parallel.
 template<
     typename ppT,
-    size_t NumStateColumns_L,
+    size_t NumStateColumns,
     class parameters = anemoi_parameters<libff::Fr<ppT>>>
 class anemoi_permutation_round_prime_field_gadget
     : public gadget<libff::Fr<ppT>>
@@ -238,7 +238,7 @@ class anemoi_permutation_round_prime_field_gadget
 };
 
 // MDS matrix for each allowed dimension: 2,3 or 4
-template<typename ppT, size_t NumStateColumns_L> class anemoi_permutation_mds;
+template<typename ppT, size_t NumStateColumns> class anemoi_permutation_mds;
 
 template<typename ppT> class anemoi_permutation_mds<ppT, 2>
 {
@@ -268,7 +268,7 @@ template<typename ppT> class anemoi_permutation_mds<ppT, 4>
 /// see anemoi_permutation_round_prime_field_gadget
 template<
     typename ppT,
-    size_t NumStateColumns_L,
+    size_t NumStateColumns,
     class parameters = anemoi_parameters<libff::Fr<ppT>>>
 class anemoi_permutation_prime_field_gadget : public gadget<libff::Fr<ppT>>
 {
@@ -282,7 +282,7 @@ class anemoi_permutation_prime_field_gadget : public gadget<libff::Fr<ppT>>
     // vector of round gadgets
     std::vector<anemoi_permutation_round_prime_field_gadget<
         ppT,
-        NumStateColumns_L,
+        NumStateColumns,
         parameters>>
         Round;
 
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
index 19a787c39..50808253d 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
@@ -381,27 +381,27 @@ std::vector<linear_combination<libff::Fr<ppT>>> anemoi_fast_multiply_mds_4x4(
 
 // multiply matrix by a vector of elements of type "linear combination of FieldT
 // elements"
-template<typename ppT, size_t NumStateColumns_L>
+template<typename ppT, size_t NumStateColumns>
 std::vector<linear_combination<libff::Fr<ppT>>> anemoi_fast_multiply_mds(
     const std::vector<linear_combination<libff::Fr<ppT>>> X,
     const libff::Fr<ppT> g)
 {
     static_assert(
-        (NumStateColumns_L == 1) || (NumStateColumns_L == 2) ||
-            (NumStateColumns_L == 3) || (NumStateColumns_L == 4),
-        "NumStateColumns_L must be 2,3 or 4");
-    if (!(X.size() == NumStateColumns_L)) {
+        (NumStateColumns == 1) || (NumStateColumns == 2) ||
+            (NumStateColumns == 3) || (NumStateColumns == 4),
+        "NumStateColumns must be 2,3 or 4");
+    if (!(X.size() == NumStateColumns)) {
         throw std::invalid_argument("invalid length of input vector");
     }
 
     std::vector<linear_combination<libff::Fr<ppT>>> Y;
-    if (NumStateColumns_L == 2) {
+    if (NumStateColumns == 2) {
         Y = anemoi_fast_multiply_mds_2x2<ppT>(X, g);
     }
-    if (NumStateColumns_L == 3) {
+    if (NumStateColumns == 3) {
         Y = anemoi_fast_multiply_mds_3x3<ppT>(X, g);
     }
-    if (NumStateColumns_L == 4) {
+    if (NumStateColumns == 4) {
         Y = anemoi_fast_multiply_mds_4x4<ppT>(X, g);
     }
     return Y;
@@ -409,26 +409,26 @@ std::vector<linear_combination<libff::Fr<ppT>>> anemoi_fast_multiply_mds(
 
 // multiply matrix by a vector of elements of type "linear combination of FieldT
 // elements"
-template<typename ppT, size_t NumStateColumns_L>
+template<typename ppT, size_t NumStateColumns>
 std::vector<linear_combination<libff::Fr<ppT>>> anemoi_fast_multiply_mds(
     const pb_linear_combination_array<libff::Fr<ppT>> X, const libff::Fr<ppT> g)
 {
     static_assert(
-        (NumStateColumns_L == 2) || (NumStateColumns_L == 3) ||
-            (NumStateColumns_L == 4),
-        "NumStateColumns_L must be 2,3 or 4");
-    if (!(X.size() == NumStateColumns_L)) {
+        (NumStateColumns == 2) || (NumStateColumns == 3) ||
+            (NumStateColumns == 4),
+        "NumStateColumns must be 2,3 or 4");
+    if (!(X.size() == NumStateColumns)) {
         throw std::invalid_argument("invalid length of input vector");
     }
 
     std::vector<linear_combination<libff::Fr<ppT>>> Y;
-    if (NumStateColumns_L == 2) {
+    if (NumStateColumns == 2) {
         Y = anemoi_fast_multiply_mds_2x2<ppT>(X, g);
     }
-    if (NumStateColumns_L == 3) {
+    if (NumStateColumns == 3) {
         Y = anemoi_fast_multiply_mds_3x3<ppT>(X, g);
     }
-    if (NumStateColumns_L == 4) {
+    if (NumStateColumns == 4) {
         Y = anemoi_fast_multiply_mds_4x4<ppT>(X, g);
     }
     return Y;
@@ -464,11 +464,8 @@ pb_linear_combination_array<libff::Fr<ppT>> anemoi_vector_left_rotate_by_one(
     return X;
 }
 
-template<typename ppT, size_t NumStateColumns_L, class parameters>
-anemoi_permutation_round_prime_field_gadget<
-    ppT,
-    NumStateColumns_L,
-    parameters>::
+template<typename ppT, size_t NumStateColumns, class parameters>
+anemoi_permutation_round_prime_field_gadget<ppT, NumStateColumns, parameters>::
     anemoi_permutation_round_prime_field_gadget(
         protoboard<libff::Fr<ppT>> &pb,
         const std::vector<FieldT> &C,
@@ -487,7 +484,7 @@ anemoi_permutation_round_prime_field_gadget<
     , Y_right_output(Y_right)
 {
     const libff::Fr<ppT> g = parameters::multiplicative_generator_g;
-    const size_t ncols = NumStateColumns_L;
+    const size_t ncols = NumStateColumns;
 
     // temporary variables (Z_left, Z_right) modified in-place during
     // the computation from (X_left, X_right) to (Y_left, Y_right)
@@ -504,7 +501,7 @@ anemoi_permutation_round_prime_field_gadget<
     // follows is due to the fact that the specialized class
     // anemoi_permutation_mds<ppT, n> only accepts const size_t n =
     // <value>, but it would not accept const size_t =
-    // NumStateColumns_L. TODO: fix using a more efficient approach.
+    // NumStateColumns. TODO: fix using a more efficient approach.
 
     // Note 2: the for-loop within each if(ncols == <value>), copies
     // the 2d array returned by anemoi_permutation_mds<ppT,
@@ -514,12 +511,12 @@ anemoi_permutation_round_prime_field_gadget<
     // of type 2d array.
 
     // Note 3: for matrix-vector multiplication we currently provide
-    // fast routines for dimensions NumStateColumns_L \in {2,3,4} that
+    // fast routines for dimensions NumStateColumns \in {2,3,4} that
     // only accept g and a vector as input (the
     // anemoi_fast_multiply_mds_* functions). Therefore the class
     // member M_matrix is not used at the moment. It is included for
     // future use for 2 foreseeable scenarios: 1) an instance of
-    // Anemoi with NumStateColumns_L > 4 for which we do not have a
+    // Anemoi with NumStateColumns > 4 for which we do not have a
     // fast multiplication routine and 2) keep the possibility to
     // still use normal matrix-vector multiplication if one wants to
 
@@ -561,11 +558,11 @@ anemoi_permutation_round_prime_field_gadget<
         // Z_left = M Z_left
         // Z_right = M (Z_right <<< 1)
         // where (Z_right <<< 1) = (zR_1 ... zR_{l-1} zR_0)
-        Z_left = anemoi_fast_multiply_mds<ppT, NumStateColumns_L>(Z_left, g);
+        Z_left = anemoi_fast_multiply_mds<ppT, NumStateColumns>(Z_left, g);
         std::vector<linear_combination<libff::Fr<ppT>>> Z_right_lrot =
             anemoi_vector_left_rotate_by_one<ppT>(Z_right);
         Z_right =
-            anemoi_fast_multiply_mds<ppT, NumStateColumns_L>(Z_right_lrot, g);
+            anemoi_fast_multiply_mds<ppT, NumStateColumns>(Z_right_lrot, g);
     } else { // ncols == 1
         // l = 1:
         // Z_left = zL_0
@@ -600,24 +597,24 @@ anemoi_permutation_round_prime_field_gadget<
     }
 }
 
-template<typename ppT, size_t NumStateColumns_L, class parameters>
+template<typename ppT, size_t NumStateColumns, class parameters>
 void anemoi_permutation_round_prime_field_gadget<
     ppT,
-    NumStateColumns_L,
+    NumStateColumns,
     parameters>::generate_r1cs_constraints()
 {
-    for (size_t i = 0; i < NumStateColumns_L; i++) {
+    for (size_t i = 0; i < NumStateColumns; i++) {
         Flystel[i].generate_r1cs_constraints();
     }
 }
 
-template<typename ppT, size_t NumStateColumns_L, class parameters>
+template<typename ppT, size_t NumStateColumns, class parameters>
 void anemoi_permutation_round_prime_field_gadget<
     ppT,
-    NumStateColumns_L,
+    NumStateColumns,
     parameters>::generate_r1cs_witness()
 {
-    for (size_t i = 0; i < NumStateColumns_L; i++) {
+    for (size_t i = 0; i < NumStateColumns; i++) {
         Flystel[i].generate_r1cs_witness();
     }
 }
@@ -668,8 +665,8 @@ std::array<std::array<libff::Fr<ppT>, 4>, 4> anemoi_permutation_mds<ppT, 4>::
     return M;
 }
 
-template<typename ppT, size_t NumStateColumns_L, class parameters>
-anemoi_permutation_prime_field_gadget<ppT, NumStateColumns_L, parameters>::
+template<typename ppT, size_t NumStateColumns, class parameters>
+anemoi_permutation_prime_field_gadget<ppT, NumStateColumns, parameters>::
     anemoi_permutation_prime_field_gadget(
         protoboard<libff::Fr<ppT>> &pb,
         const std::vector<std::vector<FieldT>> &C,
@@ -688,16 +685,16 @@ anemoi_permutation_prime_field_gadget<ppT, NumStateColumns_L, parameters>::
     , Y_right_output(Y_right)
 {
     // Number of columns can not be larger than rounds128 size
-    assert(NumStateColumns_L <= parameters::nrounds128.size());
+    assert(NumStateColumns <= parameters::nrounds128.size());
     // Number of columns can not be larger than rounds256 size
-    assert(NumStateColumns_L <= parameters::nrounds256.size());
+    assert(NumStateColumns <= parameters::nrounds256.size());
 
     // Get the number of rounds for the given Anemoi instance
     // (i.e. given number of columns in the state). Note: currently
     // using 256-bit security instance by default. TODO add support
     // for 128-bit security e.g. by adding a Boolean flag b_sec_128 in
     // the tamplate parameters.
-    const size_t nrounds = parameters::nrounds256[NumStateColumns_L - 1];
+    const size_t nrounds = parameters::nrounds256[NumStateColumns - 1];
 
     // Left and right input to round i, outputs from round i-1
     std::vector<pb_variable_array<FieldT>> round_results_left;
@@ -709,16 +706,16 @@ anemoi_permutation_prime_field_gadget<ppT, NumStateColumns_L, parameters>::
     // output round_results_left[0], round_results_right[0]
     round_results_left[0].allocate(
         pb,
-        NumStateColumns_L,
+        NumStateColumns,
         FMT(this->annotation_prefix, " round_results_left[0]"));
     round_results_right[0].allocate(
         pb,
-        NumStateColumns_L,
+        NumStateColumns,
         FMT(this->annotation_prefix, " round_results_right[0]"));
 
     Round.emplace_back(anemoi_permutation_round_prime_field_gadget<
                        ppT,
-                       NumStateColumns_L,
+                       NumStateColumns,
                        parameters>(
         pb,
         C[0],
@@ -736,16 +733,16 @@ anemoi_permutation_prime_field_gadget<ppT, NumStateColumns_L, parameters>::
 
         round_results_left[i].allocate(
             pb,
-            NumStateColumns_L,
+            NumStateColumns,
             FMT(this->annotation_prefix, " round_results_left[%zu]", i));
         round_results_right[i].allocate(
             pb,
-            NumStateColumns_L,
+            NumStateColumns,
             FMT(this->annotation_prefix, " round_results_right[%zu]", i));
 
         Round.emplace_back(anemoi_permutation_round_prime_field_gadget<
                            ppT,
-                           NumStateColumns_L,
+                           NumStateColumns,
                            parameters>(
             pb,
             C[i],
@@ -759,11 +756,11 @@ anemoi_permutation_prime_field_gadget<ppT, NumStateColumns_L, parameters>::
 
     round_results_left[nrounds - 1].allocate(
         pb,
-        NumStateColumns_L,
+        NumStateColumns,
         FMT(this->annotation_prefix, " round_results_left[%zu]", nrounds - 1));
     round_results_right[nrounds - 1].allocate(
         pb,
-        NumStateColumns_L,
+        NumStateColumns,
         FMT(this->annotation_prefix, " round_results_right[%zu]", nrounds - 1));
 
     // For last round, copy the output as given by the caller
@@ -774,7 +771,7 @@ anemoi_permutation_prime_field_gadget<ppT, NumStateColumns_L, parameters>::
     // Initialize the last round gadget
     Round.emplace_back(anemoi_permutation_round_prime_field_gadget<
                        ppT,
-                       NumStateColumns_L,
+                       NumStateColumns,
                        parameters>(
         pb,
         C[nrounds - 1],
@@ -786,21 +783,21 @@ anemoi_permutation_prime_field_gadget<ppT, NumStateColumns_L, parameters>::
         FMT(this->annotation_prefix, " Round[%zu]", nrounds - 1)));
 }
 
-template<typename ppT, size_t NumStateColumns_L, class parameters>
-void anemoi_permutation_prime_field_gadget<ppT, NumStateColumns_L, parameters>::
+template<typename ppT, size_t NumStateColumns, class parameters>
+void anemoi_permutation_prime_field_gadget<ppT, NumStateColumns, parameters>::
     generate_r1cs_constraints()
 {
-    size_t nrounds = parameters::nrounds256[NumStateColumns_L - 1];
+    size_t nrounds = parameters::nrounds256[NumStateColumns - 1];
     for (size_t i = 0; i < nrounds; i++) {
         Round[i].generate_r1cs_constraints();
     }
 }
 
-template<typename ppT, size_t NumStateColumns_L, class parameters>
-void anemoi_permutation_prime_field_gadget<ppT, NumStateColumns_L, parameters>::
+template<typename ppT, size_t NumStateColumns, class parameters>
+void anemoi_permutation_prime_field_gadget<ppT, NumStateColumns, parameters>::
     generate_r1cs_witness()
 {
-    size_t nrounds = parameters::nrounds256[NumStateColumns_L - 1];
+    size_t nrounds = parameters::nrounds256[NumStateColumns - 1];
     for (size_t i = 0; i < nrounds; i++) {
         Round[i].generate_r1cs_witness();
     }
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/anemoi_outputs.cpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/anemoi_outputs.cpp
index 01738d987..6900eb403 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/anemoi_outputs.cpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/anemoi_outputs.cpp
@@ -12,16 +12,16 @@ namespace libsnark
 {
 
 std::vector<libff::Fr<libff::bls12_381_pp>> anemoi_expected_output_one_round(
-    const size_t &NumStateColumns_L)
+    const size_t &NumStateColumns)
 {
     std::vector<libff::Fr<libff::bls12_381_pp>> Y_expect_one_round;
 
     assert(
-        ((NumStateColumns_L == 1) || (NumStateColumns_L == 2) ||
-         (NumStateColumns_L == 3) || (NumStateColumns_L == 4)));
+        ((NumStateColumns == 1) || (NumStateColumns == 2) ||
+         (NumStateColumns == 3) || (NumStateColumns == 4)));
 
     // Expected output for 1 round, L=1: Y_left || Y_right
-    if (NumStateColumns_L == 1) {
+    if (NumStateColumns == 1) {
         Y_expect_one_round = {
             libff::Fr<libff::bls12_381_pp>(
                 "38051718563229095456356396838757622428877349000988080406936"
@@ -33,7 +33,7 @@ std::vector<libff::Fr<libff::bls12_381_pp>> anemoi_expected_output_one_round(
     }
 
     // Expected output for 1 round, L=2: Y_left || Y_right
-    if (NumStateColumns_L == 2) {
+    if (NumStateColumns == 2) {
         Y_expect_one_round = {
             libff::Fr<libff::bls12_381_pp>(
                 "15150541060175709103777475248496599766370694616692747879011"
@@ -51,7 +51,7 @@ std::vector<libff::Fr<libff::bls12_381_pp>> anemoi_expected_output_one_round(
     }
 
     // Expected output for 1 round, L=3: Y_left || Y_right
-    if (NumStateColumns_L == 3) {
+    if (NumStateColumns == 3) {
         Y_expect_one_round = {
             libff::Fr<libff::bls12_381_pp>(
                 "10213223669833360114287009308428395240580814943870872556412"
@@ -75,7 +75,7 @@ std::vector<libff::Fr<libff::bls12_381_pp>> anemoi_expected_output_one_round(
     }
 
     // Expected output for 1 round, L=4: Y_left || Y_right
-    if (NumStateColumns_L == 4) {
+    if (NumStateColumns == 4) {
         Y_expect_one_round = {
             libff::Fr<libff::bls12_381_pp>(
                 "32728029339990442022355611963591129142873176406157617761037"
@@ -111,16 +111,16 @@ std::vector<libff::Fr<libff::bls12_381_pp>> anemoi_expected_output_one_round(
 // parameters.sage on 8/2/2023 at 12:38:6
 
 std::vector<libff::Fr<libff::bls12_381_pp>> anemoi_expected_output(
-    const size_t &NumStateColumns_L)
+    const size_t &NumStateColumns)
 {
     std::vector<libff::Fr<libff::bls12_381_pp>> Y_expect;
 
     assert(
-        ((NumStateColumns_L == 1) || (NumStateColumns_L == 2) ||
-         (NumStateColumns_L == 3) || (NumStateColumns_L == 4)));
+        ((NumStateColumns == 1) || (NumStateColumns == 2) ||
+         (NumStateColumns == 3) || (NumStateColumns == 4)));
 
     // Expected output for X rounds, L=1: Y_left || Y_right
-    if (NumStateColumns_L == 1) {
+    if (NumStateColumns == 1) {
         Y_expect = {
             // A_BLS_12_381_SCALARFIELD_1_COL_256_BITS
             // Left outputs
@@ -135,7 +135,7 @@ std::vector<libff::Fr<libff::bls12_381_pp>> anemoi_expected_output(
     }
 
     // Expected output for X rounds, L=2: Y_left || Y_right
-    if (NumStateColumns_L == 2) {
+    if (NumStateColumns == 2) {
         Y_expect = {
             // A_BLS_12_381_SCALARFIELD_2_COL_256_BITS
             // Left outputs
@@ -156,7 +156,7 @@ std::vector<libff::Fr<libff::bls12_381_pp>> anemoi_expected_output(
     }
 
     // Expected output for X rounds, L=3: Y_left || Y_right
-    if (NumStateColumns_L == 3) {
+    if (NumStateColumns == 3) {
         Y_expect = {
             // A_BLS_12_381_SCALARFIELD_3_COL_256_BITS
             // Left outputs
@@ -183,7 +183,7 @@ std::vector<libff::Fr<libff::bls12_381_pp>> anemoi_expected_output(
     }
 
     // Expected output for X rounds, L=4: Y_left || Y_right
-    if (NumStateColumns_L == 4) {
+    if (NumStateColumns == 4) {
         Y_expect = {
             // A_BLS_12_381_SCALARFIELD_4_COL_256_BITS
             // Left outputs
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/anemoi_outputs.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/anemoi_outputs.hpp
index e87f5ba73..26a68eff8 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/anemoi_outputs.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/anemoi_outputs.hpp
@@ -23,7 +23,7 @@ namespace libsnark
 // Returns the expected outputs from 1 round of the Anemoi permutation for
 // BLS12_381
 std::vector<libff::Fr<libff::bls12_381_pp>> anemoi_expected_output_one_round(
-    const size_t &NumStateColumns_L);
+    const size_t &NumStateColumns);
 
 template<typename ppT>
 using expected_round_values_fn_t =
@@ -32,7 +32,7 @@ using expected_round_values_fn_t =
 // Returns the expected outputs from the full Anemoi permutation for
 // BLS12_381
 std::vector<libff::Fr<libff::bls12_381_pp>> anemoi_expected_output(
-    const size_t &NumStateColumns_L);
+    const size_t &NumStateColumns);
 
 template<typename ppT>
 using expected_values_fn_t =
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
index 7dd19f015..4457062db 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
@@ -234,7 +234,7 @@ void test_flystel_prime_field_gadget()
 
 template<
     typename ppT,
-    size_t NumStateColumns_L,
+    size_t NumStateColumns,
     class parameters = anemoi_parameters<libff::Fr<ppT>>>
 void test_anemoi_permutation_round_prime_field_gadget(
     expected_round_values_fn_t<ppT> expected_round_values_fn)
@@ -252,26 +252,26 @@ void test_anemoi_permutation_round_prime_field_gadget(
     pb_variable_array<FieldT> Y_left;
     pb_variable_array<FieldT> Y_right;
 
-    X_left.allocate(pb, NumStateColumns_L, "left inputs");
-    X_right.allocate(pb, NumStateColumns_L, "right inputs");
+    X_left.allocate(pb, NumStateColumns, "left inputs");
+    X_right.allocate(pb, NumStateColumns, "right inputs");
 
-    Y_left.allocate(pb, NumStateColumns_L, "left outputs");
-    Y_right.allocate(pb, NumStateColumns_L, "right outputs");
+    Y_left.allocate(pb, NumStateColumns, "left outputs");
+    Y_right.allocate(pb, NumStateColumns, "right outputs");
 
-    for (size_t i = 0; i < NumStateColumns_L; i++) {
-        if (NumStateColumns_L == 1) {
+    for (size_t i = 0; i < NumStateColumns; i++) {
+        if (NumStateColumns == 1) {
             C.push_back(parameters::C_constants_col_one[0][i]);
             D.push_back(parameters::D_constants_col_one[0][i]);
         }
-        if (NumStateColumns_L == 2) {
+        if (NumStateColumns == 2) {
             C.push_back(parameters::C_constants_col_two[0][i]);
             D.push_back(parameters::D_constants_col_two[0][i]);
         }
-        if (NumStateColumns_L == 3) {
+        if (NumStateColumns == 3) {
             C.push_back(parameters::C_constants_col_three[0][i]);
             D.push_back(parameters::D_constants_col_three[0][i]);
         }
-        if (NumStateColumns_L == 4) {
+        if (NumStateColumns == 4) {
             C.push_back(parameters::C_constants_col_four[0][i]);
             D.push_back(parameters::D_constants_col_four[0][i]);
         }
@@ -279,7 +279,7 @@ void test_anemoi_permutation_round_prime_field_gadget(
 
     anemoi_permutation_round_prime_field_gadget<
         ppT,
-        NumStateColumns_L,
+        NumStateColumns,
         parameters>
         d(pb, C, D, X_left, X_right, Y_left, Y_right, "anemoi permutation");
 
@@ -287,9 +287,9 @@ void test_anemoi_permutation_round_prime_field_gadget(
     d.generate_r1cs_constraints();
 
     // Input values: X_left = 0,1,2...L-1 ; X_right = L, L+1, 2L-1
-    for (size_t i = 0; i < NumStateColumns_L; i++) {
+    for (size_t i = 0; i < NumStateColumns; i++) {
         pb.val(X_left[i]) = FieldT(i);
-        pb.val(X_right[i]) = FieldT(NumStateColumns_L + i);
+        pb.val(X_right[i]) = FieldT(NumStateColumns + i);
     }
 
     // generate witness for the given input
@@ -297,10 +297,10 @@ void test_anemoi_permutation_round_prime_field_gadget(
 
     if (expected_round_values_fn) {
         std::vector<FieldT> Y_expect =
-            expected_round_values_fn(NumStateColumns_L);
-        for (size_t i = 0; i < NumStateColumns_L; i++) {
+            expected_round_values_fn(NumStateColumns);
+        for (size_t i = 0; i < NumStateColumns; i++) {
             ASSERT_EQ(Y_expect[i], pb.val(Y_left[i]));
-            ASSERT_EQ(Y_expect[NumStateColumns_L + i], pb.val(Y_right[i]));
+            ASSERT_EQ(Y_expect[NumStateColumns + i], pb.val(Y_right[i]));
         }
     }
 
@@ -313,7 +313,7 @@ void test_anemoi_permutation_round_prime_field_gadget(
 
 template<
     typename ppT,
-    size_t NumStateColumns_L,
+    size_t NumStateColumns,
     class parameters = anemoi_parameters<libff::Fr<ppT>>>
 void test_anemoi_permutation_prime_field_gadget(
     expected_values_fn_t<ppT> expected_values_fn)
@@ -330,44 +330,44 @@ void test_anemoi_permutation_prime_field_gadget(
     pb_variable_array<FieldT> Y_left;
     pb_variable_array<FieldT> Y_right;
 
-    X_left.allocate(pb, NumStateColumns_L, "left inputs");
-    X_right.allocate(pb, NumStateColumns_L, "right inputs");
+    X_left.allocate(pb, NumStateColumns, "left inputs");
+    X_right.allocate(pb, NumStateColumns, "right inputs");
 
-    Y_left.allocate(pb, NumStateColumns_L, "left outputs");
-    Y_right.allocate(pb, NumStateColumns_L, "right outputs");
+    Y_left.allocate(pb, NumStateColumns, "left outputs");
+    Y_right.allocate(pb, NumStateColumns, "right outputs");
 
-    assert(NumStateColumns_L <= parameters::nrounds256.size());
-    assert(NumStateColumns_L <= parameters::nrounds128.size());
+    assert(NumStateColumns <= parameters::nrounds256.size());
+    assert(NumStateColumns <= parameters::nrounds128.size());
 
     // the number of rounds depends on the number of columns in the
     // state
-    size_t nrounds = parameters::nrounds256[NumStateColumns_L - 1];
+    size_t nrounds = parameters::nrounds256[NumStateColumns - 1];
 
     // Store C,D round constants from parameters class
     for (size_t iround = 0; iround < nrounds; iround++) {
         // C,D constants for one round
         std::vector<FieldT> C_iround;
         std::vector<FieldT> D_iround;
-        for (size_t icol = 0; icol < NumStateColumns_L; icol++) {
-            if (NumStateColumns_L == 1) {
+        for (size_t icol = 0; icol < NumStateColumns; icol++) {
+            if (NumStateColumns == 1) {
                 C_iround.push_back(
                     parameters::C_constants_col_one[iround][icol]);
                 D_iround.push_back(
                     parameters::D_constants_col_one[iround][icol]);
             }
-            if (NumStateColumns_L == 2) {
+            if (NumStateColumns == 2) {
                 C_iround.push_back(
                     parameters::C_constants_col_two[iround][icol]);
                 D_iround.push_back(
                     parameters::D_constants_col_two[iround][icol]);
             }
-            if (NumStateColumns_L == 3) {
+            if (NumStateColumns == 3) {
                 C_iround.push_back(
                     parameters::C_constants_col_three[iround][icol]);
                 D_iround.push_back(
                     parameters::D_constants_col_three[iround][icol]);
             }
-            if (NumStateColumns_L == 4) {
+            if (NumStateColumns == 4) {
                 C_iround.push_back(
                     parameters::C_constants_col_four[iround][icol]);
                 D_iround.push_back(
@@ -378,26 +378,26 @@ void test_anemoi_permutation_prime_field_gadget(
         D.push_back(D_iround);
     }
 
-    anemoi_permutation_prime_field_gadget<ppT, NumStateColumns_L, parameters> d(
+    anemoi_permutation_prime_field_gadget<ppT, NumStateColumns, parameters> d(
         pb, C, D, X_left, X_right, Y_left, Y_right, "anemoi permutation");
 
     // generate constraints
     d.generate_r1cs_constraints();
 
     // Input values: X_left = 0,1,2...L-1 ; X_right = L, L+1, 2L-1
-    for (size_t i = 0; i < NumStateColumns_L; i++) {
+    for (size_t i = 0; i < NumStateColumns; i++) {
         pb.val(X_left[i]) = FieldT(i);
-        pb.val(X_right[i]) = FieldT(NumStateColumns_L + i);
+        pb.val(X_right[i]) = FieldT(NumStateColumns + i);
     }
 
     // generate witness for the given input
     d.generate_r1cs_witness();
 
     if (expected_values_fn) {
-        std::vector<FieldT> Y_expect = expected_values_fn(NumStateColumns_L);
-        for (size_t i = 0; i < NumStateColumns_L; i++) {
+        std::vector<FieldT> Y_expect = expected_values_fn(NumStateColumns);
+        for (size_t i = 0; i < NumStateColumns; i++) {
             ASSERT_EQ(Y_expect[i], pb.val(Y_left[i]));
-            ASSERT_EQ(Y_expect[NumStateColumns_L + i], pb.val(Y_right[i]));
+            ASSERT_EQ(Y_expect[NumStateColumns + i], pb.val(Y_right[i]));
         }
     }
 

From 20996551ef477ade3e63ca2cdca63f003aafc617 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Wed, 8 Feb 2023 13:18:50 +0000
Subject: [PATCH 109/112] anemoi: renamed
 test_anemoi_permutation_round_prime_field_gadget to
 test_anemoi_round_prime_field_gadget

---
 .../hashes/anemoi/anemoi_components.hpp       |  9 +-
 .../hashes/anemoi/anemoi_components.tcc       | 82 ++++++++-----------
 .../anemoi/tests/test_anemoi_gadget.cpp       | 20 ++---
 3 files changed, 48 insertions(+), 63 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
index 709dc2759..ef174eaef 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
@@ -195,8 +195,7 @@ template<
     typename ppT,
     size_t NumStateColumns,
     class parameters = anemoi_parameters<libff::Fr<ppT>>>
-class anemoi_permutation_round_prime_field_gadget
-    : public gadget<libff::Fr<ppT>>
+class anemoi_round_prime_field_gadget : public gadget<libff::Fr<ppT>>
 {
     using FieldT = libff::Fr<ppT>;
 
@@ -216,7 +215,7 @@ class anemoi_permutation_round_prime_field_gadget
     const pb_variable_array<FieldT> Y_left_output;
     const pb_variable_array<FieldT> Y_right_output;
 
-    anemoi_permutation_round_prime_field_gadget(
+    anemoi_round_prime_field_gadget(
         protoboard<FieldT> &pb,
         // TODO: add round index
         const std::vector<FieldT> &C_const, // remove
@@ -265,7 +264,7 @@ template<typename ppT> class anemoi_permutation_mds<ppT, 4>
 };
 
 /// Full Anemoi permutation mapping (Fr)^{2L} -> (Fr)^{2L}
-/// see anemoi_permutation_round_prime_field_gadget
+/// see anemoi_round_prime_field_gadget
 template<
     typename ppT,
     size_t NumStateColumns,
@@ -280,7 +279,7 @@ class anemoi_permutation_prime_field_gadget : public gadget<libff::Fr<ppT>>
     // D round constants for all rounds
     std::vector<std::vector<FieldT>> D_const_vec;
     // vector of round gadgets
-    std::vector<anemoi_permutation_round_prime_field_gadget<
+    std::vector<anemoi_round_prime_field_gadget<
         ppT,
         NumStateColumns,
         parameters>>
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
index 50808253d..121244ab2 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
@@ -465,8 +465,8 @@ pb_linear_combination_array<libff::Fr<ppT>> anemoi_vector_left_rotate_by_one(
 }
 
 template<typename ppT, size_t NumStateColumns, class parameters>
-anemoi_permutation_round_prime_field_gadget<ppT, NumStateColumns, parameters>::
-    anemoi_permutation_round_prime_field_gadget(
+anemoi_round_prime_field_gadget<ppT, NumStateColumns, parameters>::
+    anemoi_round_prime_field_gadget(
         protoboard<libff::Fr<ppT>> &pb,
         const std::vector<FieldT> &C,
         const std::vector<FieldT> &D,
@@ -598,10 +598,8 @@ anemoi_permutation_round_prime_field_gadget<ppT, NumStateColumns, parameters>::
 }
 
 template<typename ppT, size_t NumStateColumns, class parameters>
-void anemoi_permutation_round_prime_field_gadget<
-    ppT,
-    NumStateColumns,
-    parameters>::generate_r1cs_constraints()
+void anemoi_round_prime_field_gadget<ppT, NumStateColumns, parameters>::
+    generate_r1cs_constraints()
 {
     for (size_t i = 0; i < NumStateColumns; i++) {
         Flystel[i].generate_r1cs_constraints();
@@ -609,10 +607,8 @@ void anemoi_permutation_round_prime_field_gadget<
 }
 
 template<typename ppT, size_t NumStateColumns, class parameters>
-void anemoi_permutation_round_prime_field_gadget<
-    ppT,
-    NumStateColumns,
-    parameters>::generate_r1cs_witness()
+void anemoi_round_prime_field_gadget<ppT, NumStateColumns, parameters>::
+    generate_r1cs_witness()
 {
     for (size_t i = 0; i < NumStateColumns; i++) {
         Flystel[i].generate_r1cs_witness();
@@ -713,18 +709,16 @@ anemoi_permutation_prime_field_gadget<ppT, NumStateColumns, parameters>::
         NumStateColumns,
         FMT(this->annotation_prefix, " round_results_right[0]"));
 
-    Round.emplace_back(anemoi_permutation_round_prime_field_gadget<
-                       ppT,
-                       NumStateColumns,
-                       parameters>(
-        pb,
-        C[0],
-        D[0],
-        X_left_input,
-        X_right_input,
-        round_results_left[0],
-        round_results_right[0],
-        FMT(this->annotation_prefix, " Round[0]")));
+    Round.emplace_back(
+        anemoi_round_prime_field_gadget<ppT, NumStateColumns, parameters>(
+            pb,
+            C[0],
+            D[0],
+            X_left_input,
+            X_right_input,
+            round_results_left[0],
+            round_results_right[0],
+            FMT(this->annotation_prefix, " Round[0]")));
 
     // Initialize Round[i>0] gadget with input round_results_left[i -
     // 1], round_results_right[i - 1] and output
@@ -740,18 +734,16 @@ anemoi_permutation_prime_field_gadget<ppT, NumStateColumns, parameters>::
             NumStateColumns,
             FMT(this->annotation_prefix, " round_results_right[%zu]", i));
 
-        Round.emplace_back(anemoi_permutation_round_prime_field_gadget<
-                           ppT,
-                           NumStateColumns,
-                           parameters>(
-            pb,
-            C[i],
-            D[i],
-            round_results_left[i - 1],
-            round_results_right[i - 1],
-            round_results_left[i],
-            round_results_right[i],
-            FMT(this->annotation_prefix, " Round[%zu]", i)));
+        Round.emplace_back(
+            anemoi_round_prime_field_gadget<ppT, NumStateColumns, parameters>(
+                pb,
+                C[i],
+                D[i],
+                round_results_left[i - 1],
+                round_results_right[i - 1],
+                round_results_left[i],
+                round_results_right[i],
+                FMT(this->annotation_prefix, " Round[%zu]", i)));
     }
 
     round_results_left[nrounds - 1].allocate(
@@ -769,18 +761,16 @@ anemoi_permutation_prime_field_gadget<ppT, NumStateColumns, parameters>::
     round_results_right[nrounds - 1] = Y_right_output;
 
     // Initialize the last round gadget
-    Round.emplace_back(anemoi_permutation_round_prime_field_gadget<
-                       ppT,
-                       NumStateColumns,
-                       parameters>(
-        pb,
-        C[nrounds - 1],
-        D[nrounds - 1],
-        round_results_left[nrounds - 2],
-        round_results_right[nrounds - 2],
-        round_results_left[nrounds - 1],
-        round_results_right[nrounds - 1],
-        FMT(this->annotation_prefix, " Round[%zu]", nrounds - 1)));
+    Round.emplace_back(
+        anemoi_round_prime_field_gadget<ppT, NumStateColumns, parameters>(
+            pb,
+            C[nrounds - 1],
+            D[nrounds - 1],
+            round_results_left[nrounds - 2],
+            round_results_right[nrounds - 2],
+            round_results_left[nrounds - 1],
+            round_results_right[nrounds - 1],
+            FMT(this->annotation_prefix, " Round[%zu]", nrounds - 1)));
 }
 
 template<typename ppT, size_t NumStateColumns, class parameters>
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
index 4457062db..f036bddcf 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
@@ -236,7 +236,7 @@ template<
     typename ppT,
     size_t NumStateColumns,
     class parameters = anemoi_parameters<libff::Fr<ppT>>>
-void test_anemoi_permutation_round_prime_field_gadget(
+void test_anemoi_round_prime_field_gadget(
     expected_round_values_fn_t<ppT> expected_round_values_fn)
 
 {
@@ -277,11 +277,8 @@ void test_anemoi_permutation_round_prime_field_gadget(
         }
     }
 
-    anemoi_permutation_round_prime_field_gadget<
-        ppT,
-        NumStateColumns,
-        parameters>
-        d(pb, C, D, X_left, X_right, Y_left, Y_right, "anemoi permutation");
+    anemoi_round_prime_field_gadget<ppT, NumStateColumns, parameters> d(
+        pb, C, D, X_left, X_right, Y_left, Y_right, "anemoi permutation");
 
     // generate constraints
     d.generate_r1cs_constraints();
@@ -307,8 +304,7 @@ void test_anemoi_permutation_round_prime_field_gadget(
     ASSERT_TRUE(pb.is_satisfied());
     test_pb_verify_circuit<ppT>(pb);
 
-    libff::print_time(
-        "anemoi_permutation_round_prime_field_gadget tests successful");
+    libff::print_time("anemoi_round_prime_field_gadget tests successful");
 }
 
 template<
@@ -468,13 +464,13 @@ void test_for_curve(
     using parameters = anemoi_parameters<ppT>;
 
     // Test single round
-    test_anemoi_permutation_round_prime_field_gadget<ppT, 1, parameters>(
+    test_anemoi_round_prime_field_gadget<ppT, 1, parameters>(
         expected_round_values_fn);
-    test_anemoi_permutation_round_prime_field_gadget<ppT, 2, parameters>(
+    test_anemoi_round_prime_field_gadget<ppT, 2, parameters>(
         expected_round_values_fn);
-    test_anemoi_permutation_round_prime_field_gadget<ppT, 3, parameters>(
+    test_anemoi_round_prime_field_gadget<ppT, 3, parameters>(
         expected_round_values_fn);
-    test_anemoi_permutation_round_prime_field_gadget<ppT, 4, parameters>(
+    test_anemoi_round_prime_field_gadget<ppT, 4, parameters>(
         expected_round_values_fn);
     // Test full permutation
     test_anemoi_permutation_prime_field_gadget<ppT, 1, parameters>(

From e7630b27774b590fd4db1970059f2fd88204f8d7 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Wed, 8 Feb 2023 14:36:44 +0000
Subject: [PATCH 110/112] anemoi: added the round index as a member of the
 anemoi_round_prime_field_gadget class. it is used to extract the round
 constants C,D, which arenow removed from the class. removed two unused
 functions from the same class.

---
 .../hashes/anemoi/anemoi_components.hpp       | 25 ++---
 .../hashes/anemoi/anemoi_components.tcc       | 92 +++++++++++++++----
 .../anemoi/tests/test_anemoi_gadget.cpp       | 24 +----
 3 files changed, 86 insertions(+), 55 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
index ef174eaef..654dbbc28 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
@@ -200,10 +200,10 @@ class anemoi_round_prime_field_gadget : public gadget<libff::Fr<ppT>>
     using FieldT = libff::Fr<ppT>;
 
 private:
-    // vector of C round constants
-    std::vector<FieldT> C_const;
-    // vector of D round constants
-    std::vector<FieldT> D_const;
+    // The index of the round within the full Anemoi permutation
+    // (composed of multiple rounds iterated in a sequence). It is
+    // used to derive the round constants C,D.
+    size_t round_index;
     // matrix M
     std::vector<std::vector<FieldT>> M_matrix;
     // vector of Flystel S-boxes
@@ -217,20 +217,15 @@ class anemoi_round_prime_field_gadget : public gadget<libff::Fr<ppT>>
 
     anemoi_round_prime_field_gadget(
         protoboard<FieldT> &pb,
-        // TODO: add round index
-        const std::vector<FieldT> &C_const, // remove
-        const std::vector<FieldT> &D_const, // remove
+        const size_t &round_index,
         const pb_linear_combination_array<FieldT> &X_left_input,
         const pb_linear_combination_array<FieldT> &X_right_input,
         const pb_variable_array<FieldT> &Y_left_output,
         const pb_variable_array<FieldT> &Y_right_output,
         const std::string &annotation_prefix);
 
-    const std::vector<linear_combination<FieldT>> anemoi_permutation_add_constants(
-        const std::vector<linear_combination<FieldT>> &input);
-
-    const std::vector<linear_combination<FieldT>> anemoi_permutation_mulitply_matrix(
-        const std::vector<linear_combination<FieldT>> &input);
+    void anemoi_get_round_constants(
+        const size_t &iround, std::vector<FieldT> &C, std::vector<FieldT> &D);
 
     void generate_r1cs_constraints();
     void generate_r1cs_witness();
@@ -279,10 +274,8 @@ class anemoi_permutation_prime_field_gadget : public gadget<libff::Fr<ppT>>
     // D round constants for all rounds
     std::vector<std::vector<FieldT>> D_const_vec;
     // vector of round gadgets
-    std::vector<anemoi_round_prime_field_gadget<
-        ppT,
-        NumStateColumns,
-        parameters>>
+    std::vector<
+        anemoi_round_prime_field_gadget<ppT, NumStateColumns, parameters>>
         Round;
 
 public:
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
index 121244ab2..9b7fd62a0 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
@@ -464,46 +464,101 @@ pb_linear_combination_array<libff::Fr<ppT>> anemoi_vector_left_rotate_by_one(
     return X;
 }
 
+template<typename ppT, size_t NumStateColumns, class parameters>
+void anemoi_round_prime_field_gadget<ppT, NumStateColumns, parameters>::
+    anemoi_get_round_constants(
+        const size_t &iround, std::vector<FieldT> &C, std::vector<FieldT> &D)
+{
+    assert(iround < parameters::nrounds256[NumStateColumns - 1]);
+    assert(C.size() == 0);
+    assert(D.size() == 0);
+
+    if (NumStateColumns == 1) {
+        copy(
+            parameters::C_constants_col_one[iround].begin(),
+            parameters::C_constants_col_one[iround].end(),
+            back_inserter(C));
+        copy(
+            parameters::D_constants_col_one[iround].begin(),
+            parameters::D_constants_col_one[iround].end(),
+            back_inserter(D));
+    }
+    if (NumStateColumns == 2) {
+        copy(
+            parameters::C_constants_col_two[iround].begin(),
+            parameters::C_constants_col_two[iround].end(),
+            back_inserter(C));
+        copy(
+            parameters::D_constants_col_two[iround].begin(),
+            parameters::D_constants_col_two[iround].end(),
+            back_inserter(D));
+    }
+    if (NumStateColumns == 3) {
+        copy(
+            parameters::C_constants_col_three[iround].begin(),
+            parameters::C_constants_col_three[iround].end(),
+            back_inserter(C));
+        copy(
+            parameters::D_constants_col_three[iround].begin(),
+            parameters::D_constants_col_three[iround].end(),
+            back_inserter(D));
+    }
+    if (NumStateColumns == 4) {
+        copy(
+            parameters::C_constants_col_four[iround].begin(),
+            parameters::C_constants_col_four[iround].end(),
+            back_inserter(C));
+        copy(
+            parameters::D_constants_col_four[iround].begin(),
+            parameters::D_constants_col_four[iround].end(),
+            back_inserter(D));
+    }
+}
+
 template<typename ppT, size_t NumStateColumns, class parameters>
 anemoi_round_prime_field_gadget<ppT, NumStateColumns, parameters>::
     anemoi_round_prime_field_gadget(
         protoboard<libff::Fr<ppT>> &pb,
-        const std::vector<FieldT> &C,
-        const std::vector<FieldT> &D,
+        const size_t &iround,
         const pb_linear_combination_array<FieldT> &X_left,
         const pb_linear_combination_array<FieldT> &X_right,
         const pb_variable_array<FieldT> &Y_left,
         const pb_variable_array<FieldT> &Y_right,
         const std::string &annotation_prefix)
     : gadget<libff::Fr<ppT>>(pb, annotation_prefix)
-    , C_const(C)
-    , D_const(D)
+    , round_index(iround)
     , X_left_input(X_left)
     , X_right_input(X_right)
     , Y_left_output(Y_left)
     , Y_right_output(Y_right)
 {
     const libff::Fr<ppT> g = parameters::multiplicative_generator_g;
-    const size_t ncols = NumStateColumns;
 
     // temporary variables (Z_left, Z_right) modified in-place during
     // the computation from (X_left, X_right) to (Y_left, Y_right)
     std::vector<linear_combination<libff::Fr<ppT>>> Z_left;
     std::vector<linear_combination<libff::Fr<ppT>>> Z_right;
 
+    // round constants, distinct for every round
+    std::vector<FieldT> C;
+    std::vector<FieldT> D;
+    anemoi_get_round_constants(iround, C, D);
+    assert(C.size() == NumStateColumns);
+    assert(D.size() == NumStateColumns);
+
     // add constants Z_left[i]+=C[i], Z_right[i]+=D[i]
-    for (size_t i = 0; i < ncols; i++) {
+    for (size_t i = 0; i < NumStateColumns; i++) {
         Z_left.push_back(X_left[i] + C[i]);
         Z_right.push_back(X_right[i] + D[i]);
     }
 
-    // Note 1: the sequence of if-s over ncols \in {1,2,3,4} that
+    // Note 1: the sequence of if-s over NumStateColumns \in {1,2,3,4} that
     // follows is due to the fact that the specialized class
     // anemoi_permutation_mds<ppT, n> only accepts const size_t n =
     // <value>, but it would not accept const size_t =
     // NumStateColumns. TODO: fix using a more efficient approach.
 
-    // Note 2: the for-loop within each if(ncols == <value>), copies
+    // Note 2: the for-loop within each if(NumStateColumns == <value>), copies
     // the 2d array returned by anemoi_permutation_mds<ppT,
     // n>::permutation_mds(g) into a 2d vector which is the type of
     // the class member M_matrix. TODO: fix this by either using a
@@ -522,7 +577,7 @@ anemoi_round_prime_field_gadget<ppT, NumStateColumns, parameters>::
 
     // the MDS matrix for a state with 1 column (L=1) is the same as
     // for a state with 2 columns (L=2)
-    if ((ncols == 1) || (ncols == 2)) {
+    if ((NumStateColumns == 1) || (NumStateColumns == 2)) {
         const size_t n = 2;
         std::array<std::array<FieldT, n>, n> M =
             anemoi_permutation_mds<ppT, n>::permutation_mds(g);
@@ -531,7 +586,7 @@ anemoi_round_prime_field_gadget<ppT, NumStateColumns, parameters>::
             M_matrix.push_back(v);
         }
     }
-    if (ncols == 3) {
+    if (NumStateColumns == 3) {
         const size_t n = 3;
         std::array<std::array<FieldT, n>, n> M =
             anemoi_permutation_mds<ppT, n>::permutation_mds(g);
@@ -540,7 +595,7 @@ anemoi_round_prime_field_gadget<ppT, NumStateColumns, parameters>::
             M_matrix.push_back(v);
         }
     }
-    if (ncols == 4) {
+    if (NumStateColumns == 4) {
         const size_t n = 4;
         std::array<std::array<FieldT, n>, n> M =
             anemoi_permutation_mds<ppT, n>::permutation_mds(g);
@@ -551,7 +606,7 @@ anemoi_round_prime_field_gadget<ppT, NumStateColumns, parameters>::
     }
 
     // multiply by matrix M
-    if (ncols > 1) {
+    if (NumStateColumns > 1) {
         // l > 1:
         // Z_left  = (zL_0 zL_1 ... zL_{l-1})
         // Z_right = (zR_0 zR_1 ... zR_{l-1})
@@ -563,7 +618,7 @@ anemoi_round_prime_field_gadget<ppT, NumStateColumns, parameters>::
             anemoi_vector_left_rotate_by_one<ppT>(Z_right);
         Z_right =
             anemoi_fast_multiply_mds<ppT, NumStateColumns>(Z_right_lrot, g);
-    } else { // ncols == 1
+    } else { // NumStateColumns == 1
         // l = 1:
         // Z_left = zL_0
         // Z_right = zR_0
@@ -586,7 +641,7 @@ anemoi_round_prime_field_gadget<ppT, NumStateColumns, parameters>::
     }
 
     // apply layer of L Flystel S-boxes
-    for (size_t i = 0; i < ncols; i++) {
+    for (size_t i = 0; i < NumStateColumns; i++) {
         Flystel.emplace_back(flystel_prime_field_gadget<ppT, parameters>(
             pb,
             Z_left[i],
@@ -712,8 +767,7 @@ anemoi_permutation_prime_field_gadget<ppT, NumStateColumns, parameters>::
     Round.emplace_back(
         anemoi_round_prime_field_gadget<ppT, NumStateColumns, parameters>(
             pb,
-            C[0],
-            D[0],
+            0,
             X_left_input,
             X_right_input,
             round_results_left[0],
@@ -737,8 +791,7 @@ anemoi_permutation_prime_field_gadget<ppT, NumStateColumns, parameters>::
         Round.emplace_back(
             anemoi_round_prime_field_gadget<ppT, NumStateColumns, parameters>(
                 pb,
-                C[i],
-                D[i],
+                i,
                 round_results_left[i - 1],
                 round_results_right[i - 1],
                 round_results_left[i],
@@ -764,8 +817,7 @@ anemoi_permutation_prime_field_gadget<ppT, NumStateColumns, parameters>::
     Round.emplace_back(
         anemoi_round_prime_field_gadget<ppT, NumStateColumns, parameters>(
             pb,
-            C[nrounds - 1],
-            D[nrounds - 1],
+            nrounds - 1,
             round_results_left[nrounds - 2],
             round_results_right[nrounds - 2],
             round_results_left[nrounds - 1],
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
index f036bddcf..f77bccfcf 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
@@ -258,27 +258,13 @@ void test_anemoi_round_prime_field_gadget(
     Y_left.allocate(pb, NumStateColumns, "left outputs");
     Y_right.allocate(pb, NumStateColumns, "right outputs");
 
-    for (size_t i = 0; i < NumStateColumns; i++) {
-        if (NumStateColumns == 1) {
-            C.push_back(parameters::C_constants_col_one[0][i]);
-            D.push_back(parameters::D_constants_col_one[0][i]);
-        }
-        if (NumStateColumns == 2) {
-            C.push_back(parameters::C_constants_col_two[0][i]);
-            D.push_back(parameters::D_constants_col_two[0][i]);
-        }
-        if (NumStateColumns == 3) {
-            C.push_back(parameters::C_constants_col_three[0][i]);
-            D.push_back(parameters::D_constants_col_three[0][i]);
-        }
-        if (NumStateColumns == 4) {
-            C.push_back(parameters::C_constants_col_four[0][i]);
-            D.push_back(parameters::D_constants_col_four[0][i]);
-        }
-    }
+    // Testing the 0-th round. Note that all rounds are identical,
+    // except for the round constants which are distinct for each
+    // round.
+    size_t iround = 0;
 
     anemoi_round_prime_field_gadget<ppT, NumStateColumns, parameters> d(
-        pb, C, D, X_left, X_right, Y_left, Y_right, "anemoi permutation");
+        pb, iround, X_left, X_right, Y_left, Y_right, "anemoi permutation");
 
     // generate constraints
     d.generate_r1cs_constraints();

From bb2eff32d0ca9e686b4a5b641f6e886dbba52c21 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Wed, 22 Feb 2023 16:48:15 +0000
Subject: [PATCH 111/112] anemoi: added output test values for anemoi with
 128-bit security; output number of r1cs constraints and variables

---
 .../hashes/anemoi/anemoi_components.hpp       |   1 +
 .../hashes/anemoi/anemoi_components.tcc       |  52 +++++---
 .../hashes/anemoi/tests/anemoi_outputs.cpp    | 114 +++++++++++++++++-
 .../hashes/anemoi/tests/anemoi_outputs.hpp    |   9 +-
 .../anemoi/tests/test_anemoi_gadget.cpp       |  71 ++++++++---
 scripts/anemoi-hash/parameters.sage           |   1 +
 6 files changed, 213 insertions(+), 35 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
index 654dbbc28..5093ef6e3 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
@@ -263,6 +263,7 @@ template<typename ppT> class anemoi_permutation_mds<ppT, 4>
 template<
     typename ppT,
     size_t NumStateColumns,
+    bool b_sec128,
     class parameters = anemoi_parameters<libff::Fr<ppT>>>
 class anemoi_permutation_prime_field_gadget : public gadget<libff::Fr<ppT>>
 {
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
index 9b7fd62a0..9d558d99f 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
@@ -716,8 +716,12 @@ std::array<std::array<libff::Fr<ppT>, 4>, 4> anemoi_permutation_mds<ppT, 4>::
     return M;
 }
 
-template<typename ppT, size_t NumStateColumns, class parameters>
-anemoi_permutation_prime_field_gadget<ppT, NumStateColumns, parameters>::
+template<typename ppT, size_t NumStateColumns, bool b_sec128, class parameters>
+anemoi_permutation_prime_field_gadget<
+    ppT,
+    NumStateColumns,
+    b_sec128,
+    parameters>::
     anemoi_permutation_prime_field_gadget(
         protoboard<libff::Fr<ppT>> &pb,
         const std::vector<std::vector<FieldT>> &C,
@@ -741,11 +745,13 @@ anemoi_permutation_prime_field_gadget<ppT, NumStateColumns, parameters>::
     assert(NumStateColumns <= parameters::nrounds256.size());
 
     // Get the number of rounds for the given Anemoi instance
-    // (i.e. given number of columns in the state). Note: currently
-    // using 256-bit security instance by default. TODO add support
-    // for 128-bit security e.g. by adding a Boolean flag b_sec_128 in
-    // the tamplate parameters.
-    const size_t nrounds = parameters::nrounds256[NumStateColumns - 1];
+    // (i.e. given number of columns in the state and security level)
+    size_t nrounds = 0;
+    if (b_sec128) {
+        nrounds = parameters::nrounds128[NumStateColumns - 1];
+    } else {
+        nrounds = parameters::nrounds256[NumStateColumns - 1];
+    }
 
     // Left and right input to round i, outputs from round i-1
     std::vector<pb_variable_array<FieldT>> round_results_left;
@@ -825,21 +831,37 @@ anemoi_permutation_prime_field_gadget<ppT, NumStateColumns, parameters>::
             FMT(this->annotation_prefix, " Round[%zu]", nrounds - 1)));
 }
 
-template<typename ppT, size_t NumStateColumns, class parameters>
-void anemoi_permutation_prime_field_gadget<ppT, NumStateColumns, parameters>::
-    generate_r1cs_constraints()
+template<typename ppT, size_t NumStateColumns, bool b_sec128, class parameters>
+void anemoi_permutation_prime_field_gadget<
+    ppT,
+    NumStateColumns,
+    b_sec128,
+    parameters>::generate_r1cs_constraints()
 {
-    size_t nrounds = parameters::nrounds256[NumStateColumns - 1];
+    size_t nrounds = 0;
+    if (b_sec128) {
+        nrounds = parameters::nrounds128[NumStateColumns - 1];
+    } else {
+        nrounds = parameters::nrounds256[NumStateColumns - 1];
+    }
     for (size_t i = 0; i < nrounds; i++) {
         Round[i].generate_r1cs_constraints();
     }
 }
 
-template<typename ppT, size_t NumStateColumns, class parameters>
-void anemoi_permutation_prime_field_gadget<ppT, NumStateColumns, parameters>::
-    generate_r1cs_witness()
+template<typename ppT, size_t NumStateColumns, bool b_sec128, class parameters>
+void anemoi_permutation_prime_field_gadget<
+    ppT,
+    NumStateColumns,
+    b_sec128,
+    parameters>::generate_r1cs_witness()
 {
-    size_t nrounds = parameters::nrounds256[NumStateColumns - 1];
+    size_t nrounds = 0;
+    if (b_sec128) {
+        nrounds = parameters::nrounds128[NumStateColumns - 1];
+    } else {
+        nrounds = parameters::nrounds256[NumStateColumns - 1];
+    }
     for (size_t i = 0; i < nrounds; i++) {
         Round[i].generate_r1cs_witness();
     }
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/anemoi_outputs.cpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/anemoi_outputs.cpp
index 6900eb403..c73aeeefb 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/anemoi_outputs.cpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/anemoi_outputs.cpp
@@ -107,10 +107,118 @@ std::vector<libff::Fr<libff::bls12_381_pp>> anemoi_expected_output_one_round(
     return Y_expect_one_round;
 }
 
-// Output values automatically generated with SAGE script
-// parameters.sage on 8/2/2023 at 12:38:6
+// Output values automatically generated with SAGE script parameters.sage on
+// 22/2/2023 at 15:42:52
 
-std::vector<libff::Fr<libff::bls12_381_pp>> anemoi_expected_output(
+std::vector<libff::Fr<libff::bls12_381_pp>> anemoi_expected_output_sec128(
+    const size_t &NumStateColumns)
+{
+    std::vector<libff::Fr<libff::bls12_381_pp>> Y_expect;
+
+    assert(
+        ((NumStateColumns == 1) || (NumStateColumns == 2) ||
+         (NumStateColumns == 3) || (NumStateColumns == 4)));
+
+    // Expected output for X rounds, L=1: Y_left || Y_right
+    if (NumStateColumns == 1) {
+        Y_expect = {
+            // A_BLS_12_381_SCALARFIELD_1_COL_128_BITS
+            // Left outputs
+            libff::Fr<libff::bls12_381_pp>(
+                "19463313543534248726432829720355949992115481142527733903500993"
+                "416436681359462"),
+            // Right outputs
+            libff::Fr<libff::bls12_381_pp>(
+                "24097836352777748145579459445766630401317354855690625231253784"
+                "292194604293571"),
+        };
+    }
+
+    // Expected output for X rounds, L=2: Y_left || Y_right
+    if (NumStateColumns == 2) {
+        Y_expect = {
+            // A_BLS_12_381_SCALARFIELD_2_COL_128_BITS
+            // Left outputs
+            libff::Fr<libff::bls12_381_pp>(
+                "20636196687232276298438196241398690677938366239053904563010834"
+                "541309527854991"),
+            libff::Fr<libff::bls12_381_pp>(
+                "39253916165022249533082065477479430579750918696028787690371014"
+                "52687525354031"),
+            // Right outputs
+            libff::Fr<libff::bls12_381_pp>(
+                "47061893317231315260263422053135889963204648975511761903522774"
+                "86385893809395"),
+            libff::Fr<libff::bls12_381_pp>(
+                "45793334370241758458544071272207820701498478315901461355994185"
+                "085013035430493"),
+        };
+    }
+
+    // Expected output for X rounds, L=3: Y_left || Y_right
+    if (NumStateColumns == 3) {
+        Y_expect = {
+            // A_BLS_12_381_SCALARFIELD_3_COL_128_BITS
+            // Left outputs
+            libff::Fr<libff::bls12_381_pp>(
+                "28715769826978654676588546137117600748550476950408785857193565"
+                "153875705420975"),
+            libff::Fr<libff::bls12_381_pp>(
+                "30425229241496163422803804141580461486929064146611232216062976"
+                "254737479882403"),
+            libff::Fr<libff::bls12_381_pp>(
+                "22789248741438984532214659536852322247722236081022972364883893"
+                "282168923848450"),
+            // Right outputs
+            libff::Fr<libff::bls12_381_pp>(
+                "83340274330612138707941626621488069857370856538793932637490252"
+                "41344734749219"),
+            libff::Fr<libff::bls12_381_pp>(
+                "38341449265920577314536214955239005955863226132621074752657782"
+                "328514346130364"),
+            libff::Fr<libff::bls12_381_pp>(
+                "28073280982375140090919520522401329658310313884355685437076001"
+                "811914604043364"),
+        };
+    }
+
+    // Expected output for X rounds, L=4: Y_left || Y_right
+    if (NumStateColumns == 4) {
+        Y_expect = {
+            // A_BLS_12_381_SCALARFIELD_4_COL_128_BITS
+            // Left outputs
+            libff::Fr<libff::bls12_381_pp>(
+                "19356149758649626294450657712280508522363341709284507844575489"
+                "610192191514962"),
+            libff::Fr<libff::bls12_381_pp>(
+                "43155080790752903177252471274668523810674926564664489782972593"
+                "085074051296840"),
+            libff::Fr<libff::bls12_381_pp>(
+                "41787658699965881793824486198005321620242003410745831867294329"
+                "180279986418075"),
+            libff::Fr<libff::bls12_381_pp>(
+                "45207360550431743775255889352626333429066098966478431547522957"
+                "807501170661928"),
+            // Right outputs
+            libff::Fr<libff::bls12_381_pp>(
+                "37717615359665988354289045467804278397912413188575884030395250"
+                "092911699801716"),
+            libff::Fr<libff::bls12_381_pp>(
+                "36147903245738985095503661861599596609184057062914456862066826"
+                "887006062632577"),
+            libff::Fr<libff::bls12_381_pp>(
+                "41936718433766085193462460233543805461189771221168643535359299"
+                "387832399336324"),
+            libff::Fr<libff::bls12_381_pp>(
+                "35115766378970860468260290086983943422955413756722324468203198"
+                "670156540279242"),
+        };
+    }
+
+    return Y_expect;
+}
+
+std::vector<libff::Fr<libff::bls12_381_pp>> anemoi_expected_output_sec256(
     const size_t &NumStateColumns)
 {
     std::vector<libff::Fr<libff::bls12_381_pp>> Y_expect;
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/anemoi_outputs.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/anemoi_outputs.hpp
index 26a68eff8..02c8e1597 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/anemoi_outputs.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/anemoi_outputs.hpp
@@ -30,8 +30,13 @@ using expected_round_values_fn_t =
     std::function<std::vector<libff::Fr<ppT>>(const size_t)>;
 
 // Returns the expected outputs from the full Anemoi permutation for
-// BLS12_381
-std::vector<libff::Fr<libff::bls12_381_pp>> anemoi_expected_output(
+// BLS12_381 with 128-bit security
+std::vector<libff::Fr<libff::bls12_381_pp>> anemoi_expected_output_sec128(
+    const size_t &NumStateColumns);
+
+// Returns the expected outputs from the full Anemoi permutation for
+// BLS12_381 with 256-bit security
+std::vector<libff::Fr<libff::bls12_381_pp>> anemoi_expected_output_sec256(
     const size_t &NumStateColumns);
 
 template<typename ppT>
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
index f77bccfcf..c25c2a935 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/tests/test_anemoi_gadget.cpp
@@ -296,6 +296,7 @@ void test_anemoi_round_prime_field_gadget(
 template<
     typename ppT,
     size_t NumStateColumns,
+    bool b_sec128,
     class parameters = anemoi_parameters<libff::Fr<ppT>>>
 void test_anemoi_permutation_prime_field_gadget(
     expected_values_fn_t<ppT> expected_values_fn)
@@ -322,8 +323,13 @@ void test_anemoi_permutation_prime_field_gadget(
     assert(NumStateColumns <= parameters::nrounds128.size());
 
     // the number of rounds depends on the number of columns in the
-    // state
-    size_t nrounds = parameters::nrounds256[NumStateColumns - 1];
+    // state and on the security level (128-bit or 256-bit)
+    size_t nrounds = 0;
+    if (b_sec128) {
+        nrounds = parameters::nrounds128[NumStateColumns - 1];
+    } else {
+        nrounds = parameters::nrounds256[NumStateColumns - 1];
+    }
 
     // Store C,D round constants from parameters class
     for (size_t iround = 0; iround < nrounds; iround++) {
@@ -360,12 +366,33 @@ void test_anemoi_permutation_prime_field_gadget(
         D.push_back(D_iround);
     }
 
-    anemoi_permutation_prime_field_gadget<ppT, NumStateColumns, parameters> d(
-        pb, C, D, X_left, X_right, Y_left, Y_right, "anemoi permutation");
+    anemoi_permutation_prime_field_gadget<
+        ppT,
+        NumStateColumns,
+        b_sec128,
+        parameters>
+        d(pb, C, D, X_left, X_right, Y_left, Y_right, "anemoi permutation");
 
     // generate constraints
     d.generate_r1cs_constraints();
 
+    printf(
+        "Number of constraints for Anemoi permutation b_sec128=%d, L=%zd, "
+        "nrounds=%zd: "
+        "%zu\n",
+        b_sec128,
+        NumStateColumns,
+        nrounds,
+        pb.num_constraints());
+
+    printf(
+        "Number of variables for Anemoi permutation b_sec128=%d, L=%zd, "
+        "nrounds=%zd: %zu\n",
+        b_sec128,
+        NumStateColumns,
+        nrounds,
+        pb.num_variables());
+
     // Input values: X_left = 0,1,2...L-1 ; X_right = L, L+1, 2L-1
     for (size_t i = 0; i < NumStateColumns; i++) {
         pb.val(X_left[i]) = FieldT(i);
@@ -444,7 +471,8 @@ void test_intermediate_gadgets_bls12_381()
 template<typename ppT>
 void test_for_curve(
     expected_round_values_fn_t<ppT> expected_round_values_fn = 0,
-    expected_values_fn_t<ppT> expected_values_fn = 0)
+    expected_values_fn_t<ppT> expected_values_sec128_fn = 0,
+    expected_values_fn_t<ppT> expected_values_sec256_fn = 0)
 {
     // Use the original parameters for the full permutation
     using parameters = anemoi_parameters<ppT>;
@@ -458,21 +486,34 @@ void test_for_curve(
         expected_round_values_fn);
     test_anemoi_round_prime_field_gadget<ppT, 4, parameters>(
         expected_round_values_fn);
-    // Test full permutation
-    test_anemoi_permutation_prime_field_gadget<ppT, 1, parameters>(
-        expected_values_fn);
-    test_anemoi_permutation_prime_field_gadget<ppT, 2, parameters>(
-        expected_values_fn);
-    test_anemoi_permutation_prime_field_gadget<ppT, 3, parameters>(
-        expected_values_fn);
-    test_anemoi_permutation_prime_field_gadget<ppT, 4, parameters>(
-        expected_values_fn);
+
+    // Test full Anemoi permutation with 128-bit security
+    test_anemoi_permutation_prime_field_gadget<ppT, 1, true, parameters>(
+        expected_values_sec128_fn);
+    test_anemoi_permutation_prime_field_gadget<ppT, 2, true, parameters>(
+        expected_values_sec128_fn);
+    test_anemoi_permutation_prime_field_gadget<ppT, 3, true, parameters>(
+        expected_values_sec128_fn);
+    test_anemoi_permutation_prime_field_gadget<ppT, 4, true, parameters>(
+        expected_values_sec128_fn);
+
+    // Test full Anemoi permutation with 256-bit security
+    test_anemoi_permutation_prime_field_gadget<ppT, 1, false, parameters>(
+        expected_values_sec256_fn);
+    test_anemoi_permutation_prime_field_gadget<ppT, 2, false, parameters>(
+        expected_values_sec256_fn);
+    test_anemoi_permutation_prime_field_gadget<ppT, 3, false, parameters>(
+        expected_values_sec256_fn);
+    test_anemoi_permutation_prime_field_gadget<ppT, 4, false, parameters>(
+        expected_values_sec256_fn);
 }
 
 TEST(TestForCurve, BLS12_381)
 {
     test_for_curve<libff::bls12_381_pp>(
-        &anemoi_expected_output_one_round, &anemoi_expected_output);
+        &anemoi_expected_output_one_round,
+        &anemoi_expected_output_sec128,
+        &anemoi_expected_output_sec256);
 }
 
 TEST(TestAnemoiGadget, BLS12_381) { test_intermediate_gadgets_bls12_381(); }
diff --git a/scripts/anemoi-hash/parameters.sage b/scripts/anemoi-hash/parameters.sage
index be2da9fe4..d53249b59 100644
--- a/scripts/anemoi-hash/parameters.sage
+++ b/scripts/anemoi-hash/parameters.sage
@@ -840,6 +840,7 @@ def test_anemoi_nrounds():
 
 def test_anemoi_internal_values_bls12_381():
     A = []
+    anemoi128_instances_bls12_381(A)
     anemoi256_instances_bls12_381(A)
     # Same q for all A[0,1,2,3][1]
     q = A[0][1].q

From af1afbbbd32710335a93f79429ae131da67d20a5 Mon Sep 17 00:00:00 2001
From: Vesselin Velichkov <vesselin@lancre>
Date: Mon, 6 Mar 2023 12:27:19 +0000
Subject: [PATCH 112/112] anemoi: added minor variable renaming Round -> Rounds
 (https://github.com/clearmatics/libsnark/pull/110#discussion_r1104828966)

---
 .../gadgets/hashes/anemoi/anemoi_components.hpp        |  2 +-
 .../gadgets/hashes/anemoi/anemoi_components.tcc        | 10 +++++-----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
index 5093ef6e3..d109a083d 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.hpp
@@ -277,7 +277,7 @@ class anemoi_permutation_prime_field_gadget : public gadget<libff::Fr<ppT>>
     // vector of round gadgets
     std::vector<
         anemoi_round_prime_field_gadget<ppT, NumStateColumns, parameters>>
-        Round;
+        Rounds;
 
 public:
     const pb_linear_combination_array<FieldT> X_left_input;
diff --git a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
index 9d558d99f..e7e44484e 100644
--- a/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
+++ b/libsnark/gadgetlib1/gadgets/hashes/anemoi/anemoi_components.tcc
@@ -770,7 +770,7 @@ anemoi_permutation_prime_field_gadget<
         NumStateColumns,
         FMT(this->annotation_prefix, " round_results_right[0]"));
 
-    Round.emplace_back(
+    Rounds.emplace_back(
         anemoi_round_prime_field_gadget<ppT, NumStateColumns, parameters>(
             pb,
             0,
@@ -794,7 +794,7 @@ anemoi_permutation_prime_field_gadget<
             NumStateColumns,
             FMT(this->annotation_prefix, " round_results_right[%zu]", i));
 
-        Round.emplace_back(
+        Rounds.emplace_back(
             anemoi_round_prime_field_gadget<ppT, NumStateColumns, parameters>(
                 pb,
                 i,
@@ -820,7 +820,7 @@ anemoi_permutation_prime_field_gadget<
     round_results_right[nrounds - 1] = Y_right_output;
 
     // Initialize the last round gadget
-    Round.emplace_back(
+    Rounds.emplace_back(
         anemoi_round_prime_field_gadget<ppT, NumStateColumns, parameters>(
             pb,
             nrounds - 1,
@@ -845,7 +845,7 @@ void anemoi_permutation_prime_field_gadget<
         nrounds = parameters::nrounds256[NumStateColumns - 1];
     }
     for (size_t i = 0; i < nrounds; i++) {
-        Round[i].generate_r1cs_constraints();
+        Rounds[i].generate_r1cs_constraints();
     }
 }
 
@@ -863,7 +863,7 @@ void anemoi_permutation_prime_field_gadget<
         nrounds = parameters::nrounds256[NumStateColumns - 1];
     }
     for (size_t i = 0; i < nrounds; i++) {
-        Round[i].generate_r1cs_witness();
+        Rounds[i].generate_r1cs_witness();
     }
 }